Communicating by means of a mobile terminal, such as a mobile phone, via a public land mobile network (PLMN; also referred to as a mobile or cellular network herein) operated by a mobile network operator (MNO) generally requires the mobile terminal to be equipped with a secure element for securely storing data uniquely identifying the user of the mobile terminal (also called subscriber). For instance, in the context of a mobile terminal configured to communicate according to the Global System for Mobile Communications (GSM), currently the world's most popular standard for mobile communications systems, the secure element is called a subscriber identity module (SIM) and is usually provided in the form of a smart card. According to the GSM standard, the technical features of which are defined by a large number of interrelated and mutually dependent specifications published by the ETSI standardization organization, the SIM contains subscription credentials for authenticating and identifying the user of the mobile terminal, including in particular an International Mobile Subscriber Identity (IMSI) and an authentication key Ki. These subscription credentials are generally stored on the SIM by the SIM manufacturer/vendor or the MNO during a SIM personalization process prior to providing the user of the mobile terminal with his SIM. A non-personalized SIM is generally not suited for use in a mobile terminal, i.e. the use of the services provided by a PLMN with a non-personalized SIM without the necessary subscription credentials is not possible.
One particular field of application of secure elements, such as SIMs, eUICCs, UICCs and the like, which is expected to grow rapidly in the near future is M2M (machine-to-machine) communication, i.e. the communication between machines over a mobile network without human intervention, also called the Internet of things. In M2M communication data is automatically transmitted between many different types of machines equipped with a secure element in the form of a M2M module, such as TV systems, set top boxes, vending machines, vehicles, traffic lights, surveillance cameras, sensor devices, metering devices, and the like. It is foreseeable that at least for some of these devices it will not be possible or at least very difficult to provide the secure element beforehand with the necessary subscription credentials, including for instance an IMSI. This is because in a lot of M2M devices the secure element will most likely be implemented in the form of a surface mounted chip or an embedded chip module without the possibility of providing the secure element with the necessary subscription credentials beforehand. Consequently, once in the field, these M2M devices and their non-personalized secure elements require the secure provisioning of subscription credentials over-the-air.
When using the services provided by a MNO, in particular communicating via the PLMN provided by the MNO, the user of a mobile terminal is usually charged a certain monthly fee by the MNO. If the mobile user wants, for instance due to a lower monthly charge and/or superior services, to change to a different MNO, he generally has to manually replace the SIM provided by the current MNO and containing, in particular, the subscription credentials necessary for attaching to the PLMN of the current MNO by the SIM provided by the new MNO and containing the subscription credentials necessary for attaching to the PLMN of the new MNO. Certainly, it would be more convenient for the user, if instead of this process of switching to a new MNO by manually replacing the SIM it would be possible to use one and the same secure element in the form of a SIM that can be “reprogrammed” over-the-air by downloading a corresponding subscription profile including subscription credentials and automatically implementing the same on the SIM.
Such methods for downloading a subscription profile and implementing the same on a secure element are known. However, in practice, it will often be the case that a subscription profile is provided by an entity, for instance, a mobile network operator (MNO), different to the entity that originally manufactured the secure element, i.e. the secure element manufacturer. As usually only the secure element manufacturer has knowledge about the specific details of the secure element, such as its operating system as well as any subscription management interfaces for implementing a new subscription profile on the secure element, for instance in the form of a suitably configured application programming interface (API), which, in particular, for security reasons, the secure element manufacturer wants to keep secret, the problem can arise that the subscription profile provided by an MNO is in a format that is not compatible with the subscription management interface implemented on the secure elements.
There is, therefore, a need for improved methods and devices for providing a secure element, such as a subscriber identity module (SIM), an eUICC/UICC or the like, of a mobile terminal with a subscription profile for communicating via a mobile network, wherein these methods and devices address the issues described above.