Method for managing profile of Embedded UICC, and Embedded UICC, Embedded UICC-equipped terminal, provision method, and method for changing MNO using same

摘要

The present invention provides a method wherein an MNO receives a secret key allocated to a corresponding embedded UICC (eUICC) through SM-SR (secure routing) in an environment where SM is divided and implemented as SM-SR and SM-DP (data preparation), that is, provided is a method wherein the MNO dynamically acquires the secret key (public key or the like) from the corresponding eUICC through the SM-SR and uses the acquired secret key. In addition, the present invention allows the eUICC to receive an encrypted profile from the MNO or the SM and decrypts the encrypted profile using profile access credential information (a secret key corresponding to an eUICC public key) stored in the eUICC to use the decrypted profile, thereby securely transmitting important data such as operation profiles, and blocking external entities such as a device or terminal from accessing the important data.

主权项

1. A method of protecting operating profiles transmitted to an embedded universal integrated circuit card (eUICC) from a mobile network operator (MNO) system and a subscription manager (SM), the method comprising: receiving, by the eUICC, an encrypted profile from an external entity; and decrypting the encrypted profile by using a private key stored in and generated by the eUICC or a terminal equipped with the wherein the encrypted profile is encrypted by using a public key of the eUICC, and the private key is profile access credentials or a secret key corresponding to the public key of the eUICC, wherein the SM includes a subscription manager-data preparation (SM-DP) and a subscription manager-secure routing (SM-SR), the SM-DP encrypts the profile by using the public key of the eUICC, and the SM-SR successively encrypts the profile, which has been encrypted using the public key, by using a separate management key so that the encrypted profile becomes a double ciphered profile, and wherein the encrypted profile is the double ciphered profile, and the eUICC successively decrypts the encrypted profile by using the separate management key and then decrypts the profile, which has been decrypted using the separate management key, by using the private key of the eUICC wherein the private key is dynamically generated at every issuance time.