In order to access mobile radio networks and the mobile radio services provided therein, subscribers are registered with a mobile radio operator in a home. After the registration, the subscriber can log on to the home network and can make use of the mobile radio services of the home network at the mobile radio rates agreed upon with the service provider. Access to mobile radio networks of other service providers is likewise possible making use of the registration in the home network. Such access, which is also referred to as roaming, however, is usually associated with higher costs for the use of services and a limited selection of mobile radio services. Therefore, as a rule, mobile radio subscribers carefully customize their home network to their usage pattern of mobile radio services and select, for example, a home network that can be accessed in the geographic region in which the subscriber uses mobile radio services without roaming and/or in which the mobile radio services they use most often are offered at favorable rates.
As a result of the registration in a home network, the subscriber receives subscription data from the mobile radio service provider, and this data is used for the identification and for the authentication when the subscriber logs on with a mobile radio device to the home network or to another mobile radio network. As a rule, the subscription data comprises at least one identifier associated with the subscriber, such as, an International Mobile Subscriber Identity (IMSI) and a secret key that is used in the authentication procedure. The subscription data is stored in a secured chip that is connected to the mobile radio device of the subscriber and that is also referred to here as the identification module. The identification module can be contained in a card that is placed into the mobile radio device and that can be configured, for instance, as a Subscriber Identity Module (SIM) card. Such a chip card is generally used in mobile phones, smartphones, notebook computers or similar mobile radio devices. Likewise, the identification module can be integrated into the mobile radio device as is sometimes done with simpler telematic devices, such as machine-to-machine (M2M) or telematic devices.
Linking an identification module to a home network in which subscription data is installed is carried out with conventional identification modules within the scope of the configuration of the SIM card by the provider of the home network or by the supplier of the identification module before the identification module is issued to the subscriber. After the identification module has been issued, it can then no longer be linked to another home network. If the subscriber would like to change the home network, such a conventional identification module is typically replaced. However, such a change is at the very least associated with a great deal of logistical effort that arises when a new identification module is to be provided. In the case of an identification module that is integrated into a mobile radio device, the effort is even greater since the identification module cannot simply be replaced by another one, so that a replacement of the entire mobile radio device is often even more economical when the home network is changed.
In order to simplify the changing of the home network or the mobile radio service provider, GB 2 378 064 A proposes a method in which, after an identification module has been issued from a remote location by an over the air (OTA) mechanism, which allows a secure message transmission, the identification module can be linked to a new home network via a mobile radio network—i.e. via the air interface. In this process, some of the subscription data for different service providers is already stored in the identification module in advance, and a central management center can activate the subscription data by an OTA message sent to the identification module, if the identification module is to be registered in the home network of a given service provider. Thus, the mobile radio service provider may be changed without issuing a new identification module.
In the known method, however, the problem arises that for a secure change of the active subscription data, a reliable management center is set up which can control the change and also authorize it. Otherwise, an identification module could be made to carry out an unauthorized change of the active subscription data. The operation of a reliable management center, however, is associated with considerable organizational and technical effort.