[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN205283827U - Sim module - Google Patents

Sim module Download PDF

Info

Publication number
CN205283827U
CN205283827U CN201520975816.6U CN201520975816U CN205283827U CN 205283827 U CN205283827 U CN 205283827U CN 201520975816 U CN201520975816 U CN 201520975816U CN 205283827 U CN205283827 U CN 205283827U
Authority
CN
China
Prior art keywords
profile
sim
sim module
application
file
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201520975816.6U
Other languages
Chinese (zh)
Inventor
M·齐齐尔齐亚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
STMicroelectronics SRL
Original Assignee
STMicroelectronics SRL
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by STMicroelectronics SRL filed Critical STMicroelectronics SRL
Application granted granted Critical
Publication of CN205283827U publication Critical patent/CN205283827U/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Telephone Function (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The utility model relates to a SIM module (108). SIM module (108a) includes at least one treater (1082) and at least one memory (1084), wherein at least one memory (1084) include that (SIM_APP) is used in the 2G authentication, (USIM_APP) and file system are used in the 3G authentication, wherein file system includes: first file (EFDIR) storage in the first file (EFDIR) the applied tag of (USIM_APP) is used in the 3G authentication, (PMa) is used including a plurality of letter shelves (P1a, P2a) and simple shelves manager in at least one memory (1084), and wherein the 2G authentication is only supported and the 3G authentication is supported at least to at least second letter shelves to at least first letter shelves, and wherein letter shelves manager is used (PMa) and is configured as a plurality of letter shelves of realizing being arranged in managing SIM module (108).

Description

Sim module
Technical field
The embodiment of present disclosure relates to sim module.
Background technology
Fig. 1 shows user's device or the possible framework of running gear 10 (such as mobile equipment, such as smart phone or panel computer) or the usual mobile communication module used in embedded systems.
Usually, equipment 10 comprises the one or more treaters 102 being connected to one or more storer 104. Equipment 10 comprises at least one the mobile communication interface 106 for wireless communication over a radio channel in addition.
Such as, mobile communication interface 106 can comprise GSM (global system for mobile communications), CDMA (code division multple access) transceiver, W-CDMA (the many locations of wideband code division), UMTS (universal mobile telecommunications system), HSPA (high-speed packet access) and/or LTE (long-term evolution) transceiver.
Mobile equipment also comprises user interface 110 usually, such as touch-screen or keypad. Otherwise, the communication module used in such as embedded system (remote monitoring of such as warning, gasometer flask or other types and/or Controlling System) does not comprise user interface 110 usually, but comprises communication interface 112 so that the other processing unit with embedded system exchanges data. Such as, in this case, interface 112 can be Interface for digital communication, such as UART (Universal Asynchronous Receive device projector), SPI (the peripheral bus of serial) and/or USB (general serial bus) communication interface. Usually, processing unit 102 can also be directly the main treater of embedded system. In this case, interface 112 may be used for exchanging data with one or more sensor and/or actuator. Such as, in this case, it is possible to realize interface 112 by one or more simulation interface of processing unit 102 and/or numeral input/output end port.
Storer 104 can store operating system OS, this operating system OS is performed by treater 102 and the general utility functions of management equipment 10, such as to the management of user interface 110 and/or communication interface 112 and the foundation of the connection of the base station BS with service network that realizes via interface 106. Storer 104 can also comprise the application performed by operating system OS. Such as, in the case of mobile devices, storer 104 generally includes web browser application WB.
In order to connect with base station BS, equipment 10 is coupled to the processing unit 108 being configured to leading subscriber identification. Such as, mobile equipment generally includes the card retainer of the card (it is commonly referred to SIM card) comprising subscriber identity module (SIM) for holding. Such as, nowadays usually using universal integrated circuit card (UICC) 108, it is the smart card being usually used in but being not limited in this GSM, UMTS, LTE, W-CDMA network to use. UICC guarantees the integrity of various personal data and security and usually keeps several hundred kilobyte.
Such as, UICC108 can comprise SIM application, USIM application, ISIM application, CSIM application to provide more services such as the storage such as telephone book and other application to card retainer.
Therefore, in the following content of this specification sheets for sim module quote be intended to comprise 2G and/or 3G two kinds of modules and be also applied to such sim module is set wherein on the sim card in the case of. In addition, this specification sheets is also applied to so-called machine to machine (M2M) sim module.
Master/slave principle is followed in the communication that it will be understood and appreciated by those or skill in the art that between equipment 10 and sim module 108, and in master/slave principle, equipment 10 represents main frame and sim module 108 represents from machine. For this reason, equipment 10 sends given order to sim module 108 and sim module confirms this order.
As shown in Figure 2, sim module 108 generally includes such as with one or more treaters 1082 of coprocessor form and the one or more storeies 1084 of application for storing in the storer 1084 of execution module 108.
Such as, except subscriber identity module applies (the reference marker SIM in Fig. 2), sim module 108 can comprise at least one other application APP. Such as, this application APP can be configured to (usually via treater 102 and may via operating system OS) and communicates with mobile communication interface 106 to represent long-range main frame 30 and send data to equipment 10 and/or receive data from equipment 10.
For this purpose, main frame 30 can be connected to base station BS via network 20. Therefore, it is possible to set up the connection between main frame 30 and UICC108 by network 20, base station BS and communication interface 106.
Usually, it is possible to by main frame 30 or by UICC108, ask communication.
Such as, application APP can be web server application, and the application of this web server receives request from the web browser WB of mobile equipment 10 and corresponding content of living to obtain from long-range main frame 30 (such as web server).
Application APP can also be authentication application. In this case, main frame 30 can send authentication request via equipment to UICC108, and UICC108 sends authentication response via identical equipment to main frame 30.
Fig. 3 illustrates the typical architecture of the software layer of UICC card in this respect.
Substantially, UICC108 comprises the hardware layer UICC_HW that (at least) is represented by treater 1082 and storer 1084. That run on hardware layer UICC_HW is the operating system UICC_OS of UICC card.
Usually, operating system UICC_OS can manage multiple application.
Such as, in the example considered, JavaCard is performed by operating system UICC_OSTM(Java card) system JCS, operating system UICC_OS management and operation applet, namely, it may also be useful to the application of the API (API) provided by JavaCard system JCS.
Such as, JavaCard system JCS can comprise (utilizing reference marker (U) SIMAPI to identify) SIM and/or USIMAPI, SIM and/or USIMAPI and manage basic subscriber identity module order and provide function to (utilizing reference marker (U) SIM_APP to identify) more high-rise SIM and/or USIM applet.
JavaCardTMPlatform (when comprising virtual machine, operation environment and API) provide JAVATMEnvironment during operation, JAVATMDuring operation, environment is optimized for smart card especially. This technology is known to those skilled in the art, and therefore herein, more detailed description is unnecessary.
Usually, except JavaCard system JCS, also comprise the GlobalPlatform module GP of " GlobalPlatformCardspecification " according to such as version 2.2.1. In addition, this standard is known to those skilled in the art, and therefore herein, more detailed description is unnecessary. GP module provides the feature such as installation and telemanagement of user authentication or the applet such as realized by safe lane substantially. Such as, by GP module management possible encryption mechanism one of can be the technical specifications ETSIIS102225 " SmartCards at such as version 9.0.0; SecuredpacketstructureforUICCbasedapplications " the middle SCP (safe lane agreement) 80 specified.
Therefore the above api function mentioned can be used by such as SIM or USIM applet (U) SIM_APP, the basic applet such as applet B_APP and/or safe applet S_APP.
Usually, UICC108 is possible not only to comprise self-defined applet, it is also possible to comprise the primary low level application N_APP directly performed by operating system UICC_OS.
Fig. 4 illustrates the embodiment subscribing to sim module 108 more.
In the embodiment considered, sim module 108 at least supports two profile P1 and P2 of two mobile network operators.
Such as, it is possible to represent each profile P1/P2 with in SIM card for storing the memory area of applet APP (such as corresponding (U) SIM_APP applet of each profile P1/P2). In memory area, it is also possible to store the corresponding verify data AUTH of the SIM card of the access for obtaining the mobile network to mobile network operator. In various embodiments, each profile P1/P2 can also be associated with corresponding aerial download (OTA) key, and OTA key is generally used for the telemanagement order to sending to given SIM card by mobile network operator and is encrypted (such as according to SCP80 agreement).
Such as, each profile P1/P2 can be associated with corresponding file system area FS, such as, to store new applet APP data and/or for storing user data (the contact list of such as user or preferred roaming affiliate's list).
Usually, although profile data is shown in applet/applied layer, but each profile can also comprise the application in JavaCard system JCS and/or API. In addition, profile data can also comprise the configuration data directly affecting api layer.
In the example considered, sim module 108 comprises profile manager application PM in addition. Such as, in the embodiment considered, api layer arranges this profile manager PM. But, profile manager PM at applet layer, or can also be distributed between API and applet layer.
Fig. 5 illustrates that (in advance) is provided with such as example with described above equipment 10 subscribing to sim modules 108 of embedded SIM module (such as eUICC (embedded UICC)) form more in this respect, such as mobile equipment or mobile communication module.
In the example considered, storer 104 is configured for communicating with the profile manager PM of sim module 108 to manage the application CFG of the profile installed in sim module 108 present also comprising. Such as, apply CFG to communicate with profile manager PM to select or enable in SIM card 108 in the profile P1/P2 installed one.
Such as, sim module 108 can be provided with the profile of multiple mobile network operator in advance, and when first time is by (or usually during the configuration stage) during beginning equipment 10, user can activate in profile P1/P2 by application CFG.
Application CFG can also be configured to the profile installed and/or upgrade in sim module 108. Such as, apply CFG and can access long-range main frame to download the list of mobile network operator. Then, application CFG can also be used for subscribing to one of mobile network operator and obtain corresponding profile data, and then profile data can be loaded on sim module 108 by application CFG and profile manager PM.
Usually, identical sim module 108 also may exist multiple profile simultaneously.
Such as, given user can activate a profile in the multiple profiles belonging on sim module the different mobile network operators existed. In this case, apply CFG can also be used for selecting should enable which available profiles in operation. In this case, therefore, only can enable single profile and other profiles will be forbidden.
Usually, profile manager PM can also be communicated with long-range main frame (such as the main frame 30 shown in Fig. 2) to be installed by telemanagement order, upgrade and/or enable profile P1/P2.
In this case, profile manager application PM can be configured to communicate with communication interface 106 to send data to long-range main frame 30 and/or to receive data from long-range main frame 30.
In this case, sim module 108 is at least provided with the first profile P1, and the first profile P1 allows equipment 10 to be connected to base station BS with the use of profile data P1 (such as with the use of the verify data AUTH of profile P1). Then, main frame 30 can send one or more telemanagement order to profile manager PM to install or to upgrade new profile P2. Once install or having have updated new profile P2, main frame 30 can send telemanagement order to enable profile P2 to profile manager PM.
Such as, such management can be suitable for automation system, the remote monitoring of such as gasometer flask or any other type and/or Controlling System. In this case, it is also possible to do not need application CFG. But, the method can also be used for mobile equipment, such as smart phone or panel computer. Usually, in fact, the method can also combine and can configure sim module 108 so that by the application installed in equipment 10 and/or can be installed by the telemanagement order received from long-range main frame 30, upgrades and/or enable profile.
Therefore, independent of the method for installing, upgrade and/or enable profile, sim module 108 of subscribing to can comprise multiple profile more, and wherein each profile can comprise corresponding content.
Practical novel content
Contriver it has been observed that in solution described above, mobile equipment or long-range main frame all must communicate with sim module, particularly communicate with profile manager, to enable the given profile in sim module.
On the contrary, for some application, in SIM card, directly perform profile select and enable to be favourable, such as to automatically switch to the 2nd profile, and SIM external event need not be depended on. Therefore, mobile equipment can also not know that sim module comprises multiple profile, and according to by the given event of the mobile equipment signaling being associated, can directly performing the selection of profile in sim module and enable.
But, profile can not also use identical certification mechanism. Such as, the first profile can support 3G certification scheme, such as UMTS, W-CDMA or LTE, and the 2nd profile can only support 2G certification scheme, such as GSM. Therefore, when sim module is switched to the 2nd profile, 3G certification no longer can be used. Contriver is it has been observed that in this case, it may occur that mistake and communicate and may be interrupted, this is because the mobile equipment being associated does not know that current service network no longer can be used by 3G certification.
Therefore, when sim module is switched to the 2nd profile, sim module should must only use 2G certification by signaling mobile equipment now.
According to one or more embodiment, the one or more targets in above target realize by having the method for the concrete feature set forth in the appended claims. In addition, embodiment relates to the relevant computer program of relevant sim module and correspondence, and computer program can load in the storer of at least one computer and comprise when running product on computers the software code partition of the step for manner of execution. As used herein, it is intended to be equal to comprising for controlling computer system to coordinate quoting of the computer-readable medium of the instruction of the performance of method to quoting of such computer program. Quoting of " at least one computer " is in fact intended to emphasize that present disclosure can the possibility that realizes of in a distributed manner/modular manner.
Claim is the integral part of the technology teaching of the disclosure provided herein.
As mentioned above, present disclosure is provided for managing and the solution of the multiple profiles in the sim module of multiple network interaction.
In various embodiments, sim module (such as UICC, eUICC (embedded UICC) or M2MSIM) comprise 2G authentication application (such as SIM apply) for GSM network and 3G authentication application (such as the USIM application of UMTS or LTE network). Similarly, 3G certification is also applied to ISIM (IP multimedia service identity module) and CSIM (CDMA subscriber identity module) application, and it can also be provided by UICC.
In various embodiments, sim module comprises multiple profile, and wherein at least the first profile only supports that 2G subscribes to and at least the 2nd profile at least supports that 3G subscribes to. As below will disclosed in, these profiles are characterised in that corresponding international mobile subscriber identity (IMSI) and the corresponding safety to be used or certification key by 2G and 3G authentication application.
In various embodiments, sim module can detect given event and select one of profile according to the event detected. Such as, event can be the predetermined command that the connection to the base station being associated with given profile or mobile network or long-range main frame or the mobile equipment from insertion sim module receive.
As mentioned above, at least the first profile only supports 2G certification and at least the 2nd profile at least supports 3G certification. Therefore, in order to guarantee correct operation, sim module should be forbidden 3G function when 2G profile selects.
Such as, in various embodiments, sim module comprises file system, and wherein file system is included in the file of the application identities symbol wherein storing 3G application. In this case, when selected profile only supports 2G certification, sim module can forbid the access that the application identities to the 3G authentication application in this file accords with. On the contrary, when selected profile at least supports 3G certification, sim module should enable the access that the application identities to the 3G authentication application in this file accords with. Such as, it is possible to by deleting/produce or the part of application identities symbol that Rename file or amendment comprise 3G authentication application controls the access to this information.
In various embodiments, file system also comprises the first catalogue and application specific file, first catalogue is included in the file wherein storing the IMSI being associated with 2G authentication application, and application specific file is included in the file wherein storing the IMSI being associated with 3G authentication application.
In this case, the IMSI that IMSI can be different from 3G authentication application is associated being associated with 2G authentication application, namely can be different with the content of files. By this mode, when only supporting single 2G profile and single 3G profile when sim module, the switching between profile directly can obtain with the degradation described above of sim module or upgrading, namely not to any amendment of above IMSI configuration file. But, usually, each profile can be associated with corresponding IMSI, and based on the attribute of selected profile, the corresponding IMSI of selected profile can be written to 2G and/or 3G configuration file.
In various embodiments, 2G authentication application and 3G authentication application can perform certification by least one safe key. In this case, the safe key that each profile can also be corresponding at least one is associated, and uses by 2G and 3G authentication application and can be replaced with the safe key of selected profile to perform the safe key of certification.
In various embodiments, once have selected profile, sim module is just restarted, thus to be inserted with wherein sim module mobile equipment signaling should the content of initialize sim module again so that mutual with the profile just now selected.
The utility model has following technique effect: the most sim modules that may be used for having JavaCard system, this is because profile manager PMa can utilize applet to realize and can not need any change of operating system UICC_OS or api layer; Can directly to manage the switching between profile in sim module 108a based on given trigger event, given trigger event can also comprise from long-range main frame 30 or the predetermined command of equipment 10 reception that is associated in principle; This solution can work together with 2G and/or the 3G equipment of standard.
Accompanying drawing explanation
Describe the embodiment of present disclosure referring now to accompanying drawing, accompanying drawing is only provided in the way of non-limiting example, and in the accompanying drawings:
Fig. 1 has been described above to 5;
Fig. 6 shows the embodiment of the software framework of the sim module comprising multiple profile according to present disclosure;
Fig. 7 and 8 respectively illustrates the certification mechanism realized in the sim module supporting GSM and UMST;
Fig. 9 shows file and the catalogue framework of 2G/3GSIM module;
Figure 10 a shows the embodiment of the sim module with two 2G profiles;
Figure 10 b shows the embodiment of the sim module with two 3G profiles;
Figure 11 shows the embodiment of the sim module that can use together with 2G and/or 3G mobile equipment;
Figure 12 shows the embodiment of sim module that comprise multiple profile, that can use together with 2G and/or 3G mobile equipment;
Figure 13 a shows the embodiment of sim module that be connected to 2G mobile equipment, that have 2G and 3G profile;
Figure 13 b shows the embodiment of sim module that be connected to 3G mobile equipment, that have 2G and 3G profile;
Figure 14 a shows the embodiment of sim module that be connected to 2G/3G mobile equipment, that have 2G and 3G profile, and wherein mobile equipment uses 3G profile;
Figure 14 b shows the embodiment of sim module that be connected to 2G/3G mobile equipment, that have 2G and 3G profile, and wherein mobile equipment is forced to use 2G profile;
Figure 15 shows the embodiment of sim module that be connected to 2G/3G mobile equipment, that have 2G and 2G/3G profile; And
Figure 16 shows the embodiment of sim module that be connected to 2G/3G mobile equipment, that have 2G, 2G/3G and 3G profile.
Embodiment
In the following description, a large amount of detail is provided to provide the thorough to embodiment. Embodiment when not having one or several detail or can use additive method, parts, material etc. and be put into practice. In other situations, it does not have be shown specifically or describe well-known structure, material or the operation aspect to avoid fuzzy embodiment.
Run through this specification sheets and quoting of " embodiment " or " a kind of embodiment " is represented that the specific feature, structure or the characteristic that describe in conjunction with the present embodiment are included at least one embodiment. Therefore, the appearance of the phrase " in an embodiment " or " in one embodiment " that run through each place of this specification sheets not necessarily all refers to for identical embodiment. In addition, in one or more embodiments, it is possible to combine specific feature, structure or characteristic by the mode of any appropriate.
The title provided herein only object for convenience, and do not explain scope or the implication of embodiment.
In Fig. 6 below to 16, represent by with the identical reference marker previously used in such accompanying drawing to 5 parts described, element or parts by reference to Fig. 1; The description of such previously described element will not be repeated below, in order to avoid it is excessively tediously long to make this describe in detail.
As mentioned above, this disclosure provides the solution for the multiple profiles managing in sim module 108a.
Fig. 6 shows a kind of embodiment, and in this embodiment, sim module 108a at least supports two profile P1a and P2a of two mobile network operators, and software framework is based on the JavaCard system JCS described about Fig. 3 and 4. Such as, equally in this case, perform JavaCard system JCS by operating system UICC_OS, operating system UICC_OS management and operation applet, namely, it may also be useful to the application of the API (API) provided by JavaCard system JCS. Such as, JavaCard system JCS can comprise SIMAPI and/or USIMAPI, and it manages basic subscriber identity module order and provides function to more high-rise SIM and/or USIM applet. In addition, JavaCardTMPlatform can provide JAVATMEnvironment during operation. In one embodiment, except JavaCard system JCS, it is also possible to comprise the GlobalPlatform module GP of " GlobalPlatformCardspecification " according to such as version 2.2.1. Then the above api function mentioned can be used by applet (such as SIM and/or USIM applet).
In one embodiment, each profile P1a/P2a can be represented for storing the memory area of corresponding content (such as applet APP, such as, for corresponding (U) SIM applet of each profile P1a/P2a) by SIM card. In memory area, it is also possible to store the corresponding verify data AUTH of the SIM card of the mobile network for accessing mobile network operator. In various embodiments, each profile P1/P2 can also be associated with corresponding aerial download (OTA) key, and OTA key is generally used for telemanagement order encryption (such as according to SCP80 agreement) sent to given SIM card by mobile network operator. Usually, verify data AUTH is SIM specifically and is the OTA key used by given mobile network operator.
In various embodiments, each profile P1a/P2a can be associated with corresponding file system area FS, such as so as to store user data (the contact list of such as user, or the optimizing roaming affiliate's list mentioned above and by network operator to oneself subscriber provide other service).
Usually, although profile data is shown in applet/applied layer, but each profile can also comprise the application in JavaCard system JCS and/or API. In addition, profile data can also comprise the configuration data directly affecting api layer.
In the example considered, sim module 108a comprises profile manager application PMa in addition. Such as, in the embodiment considered, this profile manager PMa is arranged in applet layer. But, profile manager PMa at api layer, or can also be distributed between API and applet layer.
In various embodiments, profile manager PMa is configured to enable profile P1a or profile P2a. Such as, profile manager PMa can enable one of profile in response to telemanagement order or due to another event of detecting by profile manager PMa.
Such as, this goes for pseudo telecommunications operator, and in fact it depend on two different network operators of service different zones. In this case, profile manager PMa detect should use roaming for the first profile time, profile manager such as can be forbidden the first profile and enable the 2nd profile.
Similarly, profile manager PMa can select one of profile P1a/P2a to reduce possible domestic or international roaming cost. Such as, the first profile P1a can for first country and the 2nd profile P2a can for the 2nd country.
Usually, sim module 108a can also store more than two profiles, and profile manager can only enable one of these profiles according to one or more scheduled event in each moment. Such as, profile manager PMa can detect the mark of mobile network and it is determined that enable which profile P1a/P2a.
Therefore, in various embodiments, the mobile equipment that is associated it is even possible that do not know that sim module 108a comprises multiple profile, this is because whole management can directly be performed in sim module 108a. But, such as, by suitably configuration event, profile manager PMa can also switch between profile based on the order received from the mobile equipment being associated and/or long-range main frame.
Contriver observes, can be obtained the switching between the profile of identical technology version easily by the international mobile subscriber identity (IMSI) of such as change and certification key, namely profile P1a and P2a can at least comprise corresponding IMSI and certification key.
But, in profile with, when using the mobile network operator of different technologies (such as GSM and UMTS network) to be associated, this switching is inadequate.
Fig. 7 in this respect show the GSM certification scheme that can realize in SIMAPI and applet.
Usually, it is possible to reference technique specification " Digitalcellulartelecommunicationssystem (Phase2+); SpecificationoftheSubscriberIdentityModule MobileEquipment (SIM-ME) interface; ", (GSM11.11) it describes the structure of the sim module according to GSM standard.
In gsm networks, substantially, certification is based on shared verify data AUTH, and wherein each user has secret certification key (also referred to as Ki). Specifically, key K i is stored on sim module and authentication center (AuC) in the two, and is secret, and namely key K i never leaves one of these positions. User authentication is based on whether inspection sim module can access this thought of key K i. Such access is verified in the calculating being undertaken by requiring sim module only key K i to be used to complete.
Specifically, in order to verify sim module 108a, sending to equipment 10 and comprise the random key RAND of 16 bytes (128 bit) and equipment 10 performs function " RUNGSMALGORITHM " (8.16 parts see such as GSM11.11), it for carrying out calculated response SRES and password key K c respectively by A3 and A8 algorithm. Specifically, SRES (has symbol response) and comprises 4 bytes (32 bit), and it is sent back to the network of the exactness that can check response wherein. On the contrary, interim password key K c is for being encrypted telephone call on the radio interface.
But, in order to run mentioned order, equipment 10 is necessary:
A) catalogue DF is selectedGSMOr DFGSMUnder any sub-directory as current directory; And
B) perform CHV1 and verify process.
Specifically, the catalogue DF of sim module 108aGSMComprise all files specific to given GSM network, such as wherein store the file EF of IMSI numberingIMSI��
On the contrary, card retainer checking 1 (CHV1) (the part 11.3.1 see such as GSM11.11) is for checking card retainer proofing state, because each file can have its oneself the specific access condition for each order, so card retainer checking 1 is needs.
Such as, in order to service provider's network authentication mobile equipment 10, mobile equipment 10 is by determining that the IMSI of sim module 108a is (such as by file reading EFIMSIAnd IMSI is sent to given base station) identify its oneself to network. Base station is determined this net of sim module 108a and is forwarded IMSI to the AuC of this net of equipment. Based on IMSI, the AuC of this net determines corresponding key K i, and corresponding key K i uses to generate session key K c and the Expected Response SRES to challenge together with random challenge RAND. Then, the AuC of this net sends the challenge responses SRES and password key K c of challenge RAND, expectation to base station, and base station keeps the response SRES expected and password key K c and sends random key RAND to mobile equipment 10. Using shared secret key K i and random number RAND, mobile equipment 10 (particularly sim module 108a) calculates the response SRES and session key K c of oneself. Mobile equipment 10 uses response SRES to come in response to base station, and base station will respond SRES compared with the challenge responses SRES of the expectation received from AuC to confirm the identity of sim module 108a.
Fig. 8 shows the certification scheme of the UMTS network that can realize in USIMAPI and applet.
In UMTS or LTE network, there is mutual authentication process. Service network checks the identity of subscriber (be similar to and occur in gsm) via challenge responses technology, and terminal checks that service network can be operated like this by the certification of this net. The latter is for security reasons added to allow terminal can check whether it is connected to legal network.
In this case, also certification is based on the main key K i shared between AuC and sim module 108a, and key K i is kept to be in secret state and is 128 bit long. Also obtain recognizing each other card key for encrypting with the different of integrity checking. These are interim key and obtain from permanent key K i during each authentication event.
In addition, 3GSIM module also has the bibliographic structure that the structure with 2GSIM module can compare. Such as, at application catalogue file EFDIRMiddle comprised universal subscriber identity module ADFUSIMApplication specific file (APF) in, store for UMTSSIM module, comprise IMSI numbering file EFIMSI��
Therefore, the authentication protocol of UMTS network meets the much identical network step in the gsm protocol with some important changes.
Specifically, in order to service provider's network authentication mobile equipment 10, mobile equipment 10 identifies its oneself by IMSI from sim module 108a to given base station that send to network. Base station forwards IMSI to the AuC of this net of equipment. Based on IMSI, the AuC of this net determines corresponding key K i, and it is used from together with random challenge RAND mono-and generates password key CK and the Expected Response XRES for challenge. In addition, AuC also generates certification and makes board AUTN and integrity key IK. Then, the AuC of this net makes board AUTN and integrity key IK to base station transmission challenge RAND, the challenge responses XRES of expectation, password key CK, certification, and base station only forwards random key RAND to mobile equipment 10 and certification makes board AUTN.
Mobile equipment 10 receives certification conversely and makes board AUTN and random key RAND and forward these codes to sim module 108a. Sim module 108a processes random key RAND to verify that certification makes board AUTN by being called as the function of f1-f5. In addition, it may also be useful to the secret key K i shared and random number RAND, sim module 108a can calculate the response RES and password key CK and Ik of oneself. Mobile equipment 10 uses response RES to come in response to base station, and base station will respond RES compared with the challenge responses XRES of the expectation received from AuC to confirm the identity of sim module 108a.
Usually, GSM and UMTS standard allow can together with on single UICC, realize SIM application and USIM application.
Such as, as shown in Figure 9, sim module 108a (such as UICC or eUICC) can comprise master file MF. In order to support 2G mobile equipment, master file MF comprises the catalogue DF comprising the file that GSM is associatedGSM. Master file MF can also comprise other catalogue, such as comprises the catalogue DF of the relevant information of serviceTELECOM. In addition, in order to support 3G mobile equipment, master file MF can comprise the application catalogue file EF comprising one or more ADFDIR. Such as, in the context of UMTS, file EFDIRComprise for universal subscriber identity module ADFUSIMADF, universal subscriber identity module ADFUSIMComprise the file that UMTS is relevant. File ADFUSIMOther sub-directory can also be comprised, such as comprise the catalogue DF by the file required for USIM application access GSM networkGSM-ACCESS. Such as, catalogue DFGSM-ACCESSCorresponding file EF can be comprisedKc, file EFKcComprise the GSM password key K c calculated. In order to describe catalogue and the file structure of UICC more in detail, it is possible to see, for example webpage http://www.in2eps.com/fo-uicc/tk-fo-uicc-mf.html, it merges herein by reference. Such as, it is similar to ADFADFUSIM, sim module can also comprise the ADFADF for IP multimedia service identity moduleISIMAnd the ADFADF for CDMA subscriber identity moduleCSIM��
Therefore, sim module 108a can comprise the universal subscriber identity module ADF comprised in applicationUSIMThe relevant file of GSM and the catalogue DF of application specific fileGSMAnd comprise the catalogue EF of the relevant file of UMTSDIRThe two.
But, mobile equipment can activate SIM and USIM application simultaneously, or can be switched to another from one. The type of the running gear 10 being inserted with corresponding sim module 108a wherein is only depended in its activity, and namely catalogue DF selected usually by GSM (2G) running gear 10GSMAnd activate SIM application, and UMTS (3G) running gear 10 will select ADFADFUSIMAnd use USIM to apply, or need to use sub-directory DF when the access to GSM network in USIM applicationGSM-ACCESS. Therefore, there is not the interworking of direct mode.
Contriver is it has been observed that the switching between two 2G or two 3G profiles can be obtained easily.
Such as, in the embodiment shown in Figure 10 a, each GSM profile P1a/P2a can be associated to the corresponding verify data AUTH at least comprising single IMSI and corresponding certification key K i. In this case, profile manager PMa can by replacing file EFIMSIContent and recalculate password key K c to enable different profiles.
Similarly, in the embodiment shown in Figure 10 b, each GSM profile at least can comprise single IMSI and corresponding certification key K i. In this case, profile manager PMa can replace file EF by correspondingIMSIContent and recalculate output password key K c to enable different profiles.
On the contrary, this operates in sim module 108a must be switched to 2G profile from 3G profile is inadequate.
Figure 11 illustrates the communication between the mobile equipment 10 supporting 2G and 3G and the sim module 108a comprising both SIM applet and USIM applet in this respect, and SIM applet and USIM applet depend on identical profile P.
Specifically, after power-up, support that running gear or the equipment 10 of 3G pass through access file EFDIRAutomatically USIM applet is selected. Specifically, file EFDIRComprise application identities symbol (AID), namely only USIM can be selected to apply by AID. Therefore, mobile equipment 10 can by means of only file EFDIRAccess USIM application.
Therefore, in order to obtain network coverage, USIM needs certified, and certification function only can be performed when USIM application has selected and has been activated, and current directory is USIMADFADFUSIM(or any sub-directory under this ADF) and successfully PIN verify that process is performed.
Only do not finding file EFDIROr file EFDIRIn do not list any USIM apply when, such as defined in technical specifications TS51.011, also support 2G operation mobile equipment 10 can attempt select SIM application and catalogue DFGSM��
Specifically, mobile equipment 10 sends the APDU order that the APDU (application protocol data unit) with the class byte being set to the 0x00 for USIM application orders and has the class byte being set to the 0xA0 for SIM application.
On the contrary, Figure 12 illustrates that wherein sim module 108a comprises the scene of SIM and USIM application and at least two profile P1a and P2a.
Specifically, in the embodiment considered, profile manager PMa can enable profile P1a or profile P2a. As mentioned above, this can configure information (such as IMSI and safe key K i) accordingly realize by replacing.
But, in this case, each profile P1a/P2a must support both 2G and 3G operations.
But, situation is usually really not so. Such as, Figure 13 a and 13b illustrates a kind of embodiment, and wherein profile P1a only supports that 2G operates, and namely only can use together with SIM application, and profile P2a only supports that 3G operates, and namely only can use together with USIM application.
In this embodiment, catalogue DFGSMContent and use the SIM application of the key K i of profile P1a can direct representation profile P1a, and ADFADFUSIMContent and use profile P2a key K i USIM application can direct representation profile P2a. Specifically, profile P1a and P2a is at least for IMSI and preferably also for secret key K i and different from each other for the algorithm of calculated response.
Therefore, in the embodiment considered, 2G mobile equipment 10 automatically use profile P1a (see Figure 14 a), and 3G equipment 10 uses profile P2a (see Figure 13 b) automatically. But, support that the mobile equipment 10 of both 2G and 3G also uses USIM application and therefore uses profile P2a.
In an embodiment, therefore switching between profile P1 and P2 can be that 2G or 3GSIM module 108 obtains by virtual upgrading or degradation sim module 108a.
In various embodiments, it does not have in operating system grade or JavaCard system JCS but perform this switching in applet level. Specifically, as mentioned above, support that the equipment 10 of 3G attempts access file EFDIRTo obtain application identities symbol (AID) for USIM application. Therefore, profile manager PMa can by from file EFDIRMiddle removal USIMAID forces equipment 10 to use 2G profile.
Such as, Figure 14 a illustrates the exemplary cases that wherein profile P2a is activated. In this case, file EFDIRAvailable and can by support 3G equipment 10 read. Therefore, equipment 10 can run USIM applet so that the IMSI and safe key K i that use profile P2a come and 3G base station authentication sim module (see Fig. 8). Such as, in this case, the order exchanged between SIM card 108a and equipment 10 is 3G order (class byte=0x00).
Once application PMa detects the first given trigger event, application PMa is just switched to profile P1a and sim module 108a is demoted. Such as, in various embodiments, it is possible to realize such triggering with the use of the so-called STK applet started by given trigger event.
Therefore, once trigger event occurs, profile manager just recovers the safe key K i of profile P1a and deexcitation 3G subscribes to.
Usually, according to the specific implementation of sim module, it is also possible to do not need the change of safe key K i. Such as, SIM and USIM application can use independent safe key K i. In this case, profile manager can only be demoted (from 3G to 2G) or upgrade (from 2G to 3G) sim module, on the contrary, when SIM and USIM application uses public safety key K i, profile manager PMa can use the safe key of the profile that should be activated to replace this public key.
Specifically, in various embodiments, can delete in order to the sim module 108a that demotes, profile manager PMa or Rename file EFDIR, or from file EFDIRThe part that middle removal is relevant to USIM applet, namely profile manager PMa usually forbid to file EFDIRIn the access of the relevant part of USIM applet.
In various embodiments, by heavily opening, sim module 108a (such as power-off and the sim module 108a that powers on, this forces the content of equipment 10 initialize sim module 108a again) completes to subscribe to switching profile manager applet PMa. Such as, equipment 10 uses the copy of the content of sim module to operate usually. Therefore, the such heavy of sim module 108a opens the new copy that may be used for signaling equipment 10 and should obtain the content of sim module 108a. Therefore, 2G/3G equipment 10 is again accessed sim module 108a and is determined file EFDIRDo not exist, for empty or do not comprise the part for USIM applet. In this, it does not have way selects USIM applet and equipment 10 is forced to run GSM initialize. In order to obtain network coverage, equipment 10 calls SIM application and selects catalogue DFGSM(see Fig. 7 and 14b).
Similarly, once application PMa detects given the 2nd trigger event (such as arriving the connection of the base station of the mobile network operator being associated with profile P2a), application PMa is just switched to profile P2a and the sim module 108a that upgrades.
Specifically, in various embodiments, can create in order to the sim module 108a that upgrades, profile manager PMa or Rename file EFDIR, or introduce and file EFDIRIn the relevant part of USIM applet, namely profile manager PMa usually enable to file EFDIRIn the access of the relevant part of USIM applet.
In various embodiments, by heavily opening, sim module (such as power-off and the sim module 108a that powers on) completes to subscribe to switching profile manager applet PMa.
Then, 2G/3G equipment 10 is again accessed sim module 108a and is determined file EFDIRExist and read the part for USIM applet. In this, equipment 10 runs UMTS initialize. Specifically, in order to obtain network coverage, equipment 10 will select ADFADFUSIMAnd run USIM application (see Fig. 8 and 14a).
It will be understood and appreciated by those or skill in the art that and described above forbid/enable file EFDIRIn the mechanism of access of corresponding section can also be used for ISIM and CSIM application. In addition, above embodiment can also be combined.
Such as, Figure 15 illustrates a kind of embodiment, and wherein profile P1a only supports 2G, and profile P2a supports both 2G (such as GSM) and 3G (such as UMTS). Therefore, in this case:
A) when enabling profile P1a, profile manager PMa demotes sim module 108a, such as, remove file EFDIR, and the corresponding data utilizing profile P1a replace catalogue DFGSMIn IMSI and safe key K i; And
B) when enabling profile P2a, profile manager PMa upgrades sim module 108a, such as, create file EFDIR, and the corresponding data utilizing profile P2a replace catalogue DFGSMIn IMSI and safe key K i.
On the contrary, Figure 16 illustrates a kind of embodiment with three profiles, wherein the first profile P1a only supports 2G (such as GSM), and the 2nd profile P2a supports both 2G and 3G (such as GSM and UMTS), and the 3rd profile P3a only supports 3G (such as W-CDMA). Therefore, in this case:
A) when enabling profile P1a, profile manager PMa demotes sim module 108a, such as, remove file EFDIR, and the corresponding data utilizing profile P1a replace (at least catalogue DFGSMIn) IMSI and safe key K i; And
B) when enabling profile P2a, profile manager PMa guarantees that sim module 108a supports 3G, such as, create file EFDIR, and the corresponding data utilizing profile P2a replace (catalogue DFGSMAnd the ADFADF being associated is applied with USIMUSIMIn the two) IMSI and safe key K i; And
C) when enabling profile P3a, profile manager PMa guarantees that sim module 108a supports 3G, such as, create file EFDIR, and the corresponding data utilizing profile P2a replace the (ADFADF being at least associated with CSIM applicationCSIMIn) IMSI and safe key K i.
Usually, therefore, profile manager PMa be configured to detect given event and according to the given profile of EventSelect. Then, profile manager PMa activates selected profile in the following manner:
When profile is 2G profile, forbid to file EFDIRIn the access of the relevant part of 3G applet (such as USIM and CSIM applet), and if needing, then utilize the corresponding data of selected profile to replace catalogue DFGSMIn at least file EFIMSIIn IMSI and safe key K i, and
When profile is 3G profile, enable the access to the part relevant to the corresponding 3G applet (such as USIM or CSIM) in file, and if needing, then the corresponding data of selected profile are utilized to replace corresponding ADF (such as ADFUSIMOr ADFCSIM) at least file EFIMSIIn IMSI and safe key K i.
Finally, in order to force the content of the equipment that is associated initialize sim module again, profile manager PMa heavily opens sim module 108a by such as sending corresponding Restart Request to the operating system of sim module 108a.
Solution described above has a large amount of advantage, such as:
This solution may be used for having most sim modules of JavaCard system, this is because profile manager PMa can utilize applet to realize and can not need any change of operating system UICC_OS or api layer;
Can directly to manage the switching between profile in sim module 108a based on given trigger event, given trigger event can also comprise from long-range main frame 30 or the predetermined command of equipment 10 reception that is associated in principle;
This solution can work together with 2G and/or the 3G equipment of standard.
Certainly, when not deviateing principle of the present utility model, for only exemplarily describing herein and the content that illustrates, it is to construct details and embodiment can change on a large scale, and thus do not deviate scope of the present utility model as defined by the appended claims.

Claims (1)

1. a sim module (108a), it is characterized in that, described sim module (108a) comprises at least one treater (1082) and at least one storer (1084), wherein said at least one storer (1084) comprises 2G authentication application, 3G authentication application and file system, and wherein said file system comprises:
First file, stores the application identities symbol of described 3G authentication application in described first file;
Described at least one storer (1084) comprises multiple profile and profile manager application, wherein at least the first profile only supports 2G certification and at least the 2nd profile at least supports 3G certification, and the application of wherein said profile manager is configured to realize the multiple profiles for managing in sim module (108).
CN201520975816.6U 2015-05-27 2015-11-30 Sim module Active CN205283827U (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
ITUB20151246 2015-05-27
IT102015000018345 2015-05-27

Publications (1)

Publication Number Publication Date
CN205283827U true CN205283827U (en) 2016-06-01

Family

ID=56068349

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201520975816.6U Active CN205283827U (en) 2015-05-27 2015-11-30 Sim module

Country Status (1)

Country Link
CN (1) CN205283827U (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9820139B1 (en) 2016-07-04 2017-11-14 Stmicroelectronics S.R.L. Method for performing a remote management of a multi-subscription SIM module
CN108229213A (en) * 2016-12-15 2018-06-29 中国移动通信有限公司研究院 Access control method, system and electronic equipment

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9820139B1 (en) 2016-07-04 2017-11-14 Stmicroelectronics S.R.L. Method for performing a remote management of a multi-subscription SIM module
IT201600069354A1 (en) * 2016-07-04 2018-01-04 St Microelectronics Srl PROCEDURE FOR CARRYING OUT A REMOTE MANAGEMENT OF A SIM MODULE WITH MULTIPLE SUBSCRIPTION, AND CORRESPONDING SIM MODULE AND IT PRODUCT
EP3267699A1 (en) * 2016-07-04 2018-01-10 STMicroelectronics Srl Method for performing a remote management of a multi-subscription sim module and corresponding sim module and computer program product
US10003956B2 (en) 2016-07-04 2018-06-19 Stmicroelectronics S.R.L. Method for performing a remote management of a multi-subscription SIM module
US10231118B2 (en) 2016-07-04 2019-03-12 Stmicroelectronics S.R.L. Method for performing a remote management of a multi-subscription SIM module
CN108229213A (en) * 2016-12-15 2018-06-29 中国移动通信有限公司研究院 Access control method, system and electronic equipment
CN108229213B (en) * 2016-12-15 2020-07-07 中国移动通信有限公司研究院 Access control method and system and electronic equipment

Similar Documents

Publication Publication Date Title
EP3099045B1 (en) Method for managing a plurality of profiles in a sim module, and corresponding uicc or embedded uicc, and computer program product
US9451461B2 (en) Subscriber identity module for authenticating a subscriber on a communication network
EP2708069B1 (en) Sim lock for multi-sim environment
US11930558B2 (en) Method for providing subscription profiles, subscriber identity module and subscription server
EP3171566B1 (en) Method, device and system for security domain management
EP3023904B1 (en) Implicit File creation in APDU scripts
CN105009617A (en) Method and apparatus for multisim devices with embedded SIM functionality
EP2887702A1 (en) Method and device for providing a secure element with a subscription profile
CN104737566A (en) Method for incorporating subscriber identity data into a subscriber identity module
CN110945887B (en) Loading new subscription profiles into embedded subscriber identity modules
EP2911431A1 (en) Communications system, mobile communications device, transition control device, transition control method, and transition control program
CN113273233B (en) Flexible electronic subscriber identity module deployment
CN205283827U (en) Sim module
US9872167B2 (en) Method of managing several profiles in a secure element
US11490253B1 (en) System and methods for over-the-air SIM profile transfer
CN104718771A (en) Method to disable a network access application in a secure element
JP2022525370A (en) How to transparently patch a secure element operating system via the SM-SR platform
KR102128278B1 (en) Method for factory reset of subscriber certification module and apparatus using the method
KR20170097549A (en) system and method of joining mobile communication, system of authenticating user
CN102279741A (en) Service processing method of smart card and smart card
EP2799982B1 (en) Smart card applications for rendering digital text on a mobile equipment
US20240357354A1 (en) Postponed certificate credential installation to wireless devices
EP4175337A1 (en) Method for managing at least one euicc information set (eis) of a euicc and intermediate buffer proxy
EP3910898A1 (en) Esim profile policy management
CN118870337A (en) Equipment network filling method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
C14 Grant of patent or utility model
GR01 Patent grant