[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

WO2014000157A1 - Mtc device provisioning - Google Patents

Mtc device provisioning Download PDF

Info

Publication number
WO2014000157A1
WO2014000157A1 PCT/CN2012/077528 CN2012077528W WO2014000157A1 WO 2014000157 A1 WO2014000157 A1 WO 2014000157A1 CN 2012077528 W CN2012077528 W CN 2012077528W WO 2014000157 A1 WO2014000157 A1 WO 2014000157A1
Authority
WO
WIPO (PCT)
Prior art keywords
connection
network
provisioning
service
operator network
Prior art date
Application number
PCT/CN2012/077528
Other languages
French (fr)
Inventor
Fu Ding
Original Assignee
Nokia Siemens Networks Oy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nokia Siemens Networks Oy filed Critical Nokia Siemens Networks Oy
Priority to PCT/CN2012/077528 priority Critical patent/WO2014000157A1/en
Publication of WO2014000157A1 publication Critical patent/WO2014000157A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/35Protecting application or service provisioning, e.g. securing SIM application provisioning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/50Service provisioning or reconfiguring
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/70Services for machine-to-machine communication [M2M] or machine type communication [MTC]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/50Connection management for emergency connections

Definitions

  • the present invention relates to MTC (machine type communication) device provisioning. More particularly, the present invention relates to methods, apparatuses and a program relating to MTC device provisioning. Background of the invention
  • Fig. 1 shows an example of Machine Type Communication (MTC) architecture as defined by 3GPP (cf. document [5], Figure 4.2-1 : 3GPP Architecture for Machine- Type Communication).
  • MTC Machine Type Communication
  • MTC-IWF Machine Type Communication - Interworking function
  • CSP Communication service provider's
  • SCS can be inside or outside CSP's network.
  • MTC devices which are equipped with a wireless module and an identity (subscriber identification module, SIM), are normally owned by MTC application. However, in some cases like consumer electronics, MTC devices may be owned by end-users.
  • SIM card In 3GPP for traditional human handheld mobile phone, removable SIM card and card reader are used.
  • the SIM card is provisioned and distributed to the end subscriber at the purchase time. But this fashion of provisioning is no longer efficient for M2M devices and M2M applications for the following reasons.
  • An M2M device is normally owned by its M2M applications, e.g . a smart meter is owned by a power grid company.
  • An M2M device is not linked to a certain person as a mobile phone is linked to its owner who can care for it.
  • M2M devices are intangible from operation after they are installed for the first time. So operation and maintenance should be done remotely without human intervention.
  • M2M application providers increasingly see the needs for late provisioning of MNO profile (e.g. SIM/USIM/etc). This will simplify their process and lower the cost.
  • Document [2] relates to the GSMA (Global System for Mobile Communication Association) Embedded SIM project.
  • the GSMA Embedded SIM project was launched in November 2010 with similar motivation to deliver a technical solution as an evolution of the current SIM provisioning mechanisms.
  • the solution is based on eUICC, which is equivalent to 3GPP proposed TRE or UICC. From some draft documents of the project, it can be seen that the process for provisioning is quite similar to that of document [1] described above.
  • the initial provisioning requires complex offline involvement of all stakeholders on the value chain, including card vendor, device vendor, application provider, network operator, etc.
  • WiMAX defines over-the-air provisioning and activation mechanism, with which WiMAX devices with pre-provisioned device credentials can be provisioned with subscription credentials and be activated over the air using the hotlining technique.
  • WiMAX devices are pre-provisioned with device credentials at manufacturing time.
  • the device credentials are used for accessing the WiMAX network and can provide security for later subscription credentials provisioning.
  • 3GPP network the UE has no device credentials.
  • the UE has only subscription credentials which are contained in the SIM card.
  • This big difference makes the WiMAX hotlining device provisioning solution no longer fit for 3GPP network.
  • Document [4] discloses a SIM remote provisioning mechanism in US Patent Application 20110269423 "Wireless network authentication apparatus and methods". With the method in the patent, SIM can be provisioned remotely to cellular devices equipped with embedded secure element (SE).
  • SE embedded secure element
  • a method comprising; establishing, at a network entity, a connection to an operator network for provisioning of a service profile to the network entity,
  • connection is an emergency-like packet switched connection without authentication at network layer
  • connection is indicated by an access point name
  • the method further comprises authenticating the network entity to a service server outside the operator network, wherein the service server asserts to the operator network that the network entity is a valid one;
  • the method further comprises
  • the service profile is a subscriber identity module or machine communication identity module
  • an apparatus comprising:
  • an establishing unit configured to establish a connection to an operator network for provisioning of a service profile to the apparatus, a transmitter configured to send a provision request to the operator network,
  • a receiver configured to receive a service profile provisioned from the network over the established connection for provisioning.
  • connection is an emergency-like packet switched connection without authentication at network layer
  • connection is indicated by an access point name
  • the apparatus further comprises an authenticating unit configured to
  • the receiver is further configured to receive a response from the operator network including management credentials
  • the apparatus further comprises a releasing unit configured to release the connection for provisioning the service profile to the operator network after receiving the service profile, wherein the establishing unit is further configured to establish a service connection for providing services to the operator network;
  • the service profile is a subscriber identity module or machine communication identity module;
  • a computer program product comprising code means adapted to produce steps of any of the methods as described above when loaded into the memory of a computer.
  • the computer program product comprises a computer-readable medium on which the software code portions are stored.
  • the program is directly loadable into an internal memory of the processing device.
  • Fig. 1 is a diagram illustrating an example of Machine Type Communication (MTC) architecture to which embodiments of the present invention are applicable.
  • Fig. 2 is a signalling diagram illustrating an embodiment of the present invention.
  • MTC Machine Type Communication
  • Fig. 3 is a signalling diagram illustrating another embodiment of the present invention.
  • Fig. 4 is a block diagram showing an example of an apparatus according to certain embodiments of the present invention.
  • Fig. 5 is a flowchart illustrating processing of the apparatus according to certain embodiments of the present invention.
  • MNO mobile network
  • SCS is equipped with a certificate which is assigned by MNO trusted Certificate Authority (CA).
  • CA MNO trusted Certificate Authority
  • MTC device is only equipped with an empty UlCC/eUICC or other types of SE. There is no pre- configured MNO profile in it.
  • the MTC device first sets up a special PS (packet switched) connection to the MNO's network.
  • This PS connection is solely for provisioning of MNO profile for M2M services.
  • such a special PS connection can be indicated by a special APN (Access Point Name).
  • APN Access Point Name
  • the PS connection is special in the following ways:
  • the network will not authenticate the UE by itself in the connection setup procedure, nor will it negotiate other connection parameters (like Quality of Service, QoS) with the device. In the current state it will just grant basic access to any device using predefined profile (e.g. fixed QoS configuration).
  • QoS Quality of Service
  • IP - Connectivity Access Network IP - Connectivity Access Network
  • step 2) the MTC device sends Provision Request to MTC-IWF.
  • MTC-IWF address may be conveyed to device during the PS connection setup phase. As an alternative, it may be pre-configured in the device.
  • step 3 the MTC device authenticates to SCS. Then, SCS asserts to MTC-IWF that the device is a valid device of it. This is essentially a Single Sign- On (SSO) to MTC-IWF. By such SSO, the MNO need not pre-provision any profile beforehand into the device.
  • SSO Single Sign- On
  • MTC-IWF responds the device with a Provision Response in step 4).
  • management credentials for next step may be distributed to the device, if necessary.
  • the MNO profile is provisioned to the MTC device.
  • the MNO profile can be SIM or MCIM (Machine Communication Identity Module) or any other similar things. This can be done using some free defined web service interface. Alternatively, it may be done using OTA (Over the air) provisioning mechanisms. However, in view of the above, it is noted that the MNO profile is not limited to a subscriber identity module or machine communication identity module, and that any other supported form may be used.
  • provisioning of the MNO profile is not limited to using a web service interface or an over-the-air provisioning method, and that any other feasible means could be used instead.
  • the special PS connection is released in step 6), either initiated by the network or the device.
  • the device can start normal services with the network in step 7).
  • the described process can be used for initial provisioning of MNO profile to the MTC device. Also it can be used for later re-provisioning of MNO profile (e.g. change of operator).
  • the invention satisfies current requirements while providing the following novel features:
  • emergency-like connection without authentication at network layer is used.
  • MNO mobile network
  • M2M service or application provider mobile network
  • This invention can be used to provision any kind of MNO profile (and device profile), including SIM, MCIM or any others, to the network and device.
  • SIM profile there is no impact to the existing 3GPP standards and networks. 3GPP standards are already there to support the special (emergency-like) PS connection.
  • SAML Web Browser SSO profile For the authentication step 3 as shown in Fig. 1, any implementation fulfilling the requirement is acceptable.
  • SAML Web Browser SSO profile is used for the authentication step 3 as shown in Fig.
  • SIM provisioning is done with SAML SSO.
  • Such implementation can be based on HTTP(s).
  • Fig. 3 is a signalling diagram illustrating the procedure according to the certain embodiment using SAML SSO.
  • step 1) the MTC device sets up a special PS connection to the MNO's network.
  • This PS connection is solely for provisioning of MNO profile for M2M services. It is indicated by a special APN. It does no network level authentication to device.
  • MTC-IWF address in form of an FQDN (Full Qualified Domain Name) or an IP (Internet Protocol) address
  • PCO IE Protocol Configuration Option Information Element
  • the connection imposes strict access control over the device which will not be able to reach anywhere other than the MTC-IWF at current stage.
  • step 2) the device sends Provision Request to the MTC-IWF over HTTPS.
  • a SCS ID (identification) is contained as a parameter in the message.
  • MTC-IWF determines the address of SCS, and updates the PS connection with new policy rule that allows the device to reach SCS in the following steps.
  • step 3.1 the MTC-IWF sends HTTP redirect response to the device.
  • a SAML AuthenticationRequest is contained in the message. The message is then redirected to SCS.
  • step 3.2 the device provides valid credentials and authenticates to SCS.
  • step 3.3 SCS's Single Sign-On service builds a SAML assertion representing the user's logon context. Then the SAML assertion is redirected to MTC-IWF who is then made aware of the authentication status of the device. Then, upon successful SAML assertion of device, MTC-IWF sends Provision Response to the device in step 4). Since step 2 and 4 are based on HTTPS, it is possible to distribute necessary credentials that are to be used in step 5.
  • SIM is provisioned to the device.
  • This can be done in various ways.
  • One way is to reuse OTA provisioning (following the procedure in GlobalPlatform Card Specification v2.2 - Amendment B : Remote Application Management over HTTP).
  • OTA gateway address and related OTA security domain master key should be distributed to the device in step 4.
  • steps 6) and 7) correspond to steps 6) and 7) as described above with respect to Fig. 2.
  • Some important use cases include (but not limited to) the following :
  • certain embodiments of the present invention permit use of flexible device profile (e.g. use of MCIM, not using of SIM/IMSI). Further, the certain embodiments do not have impact to the existing 3GPP network.
  • Fig. 4 is a block diagram showing an example of an apparatus according to certain embodiments of the present invention.
  • the apparatus 40 i.e. the MTC device (also referred to as network entity), comprises a receiver/transmitter 41 and a processor 42.
  • the processor 42 and the receiver/transmitter 41 serve as an establishing unit configured to establish a connection to an operator network for provisioning of a service profile to the network entity, and as a sending unit configured to send a provision request to the operator network.
  • the processor 42 and the receiver/transmitter 41 serve as a receiving unit configured to receive a service profile provisioned from the network over the established connection for provisioning.
  • the connection is an emergency-like packet switched connection without authentication at network layer
  • the connection is indicated by an access point name
  • the service profile is a subscriber identity module or machine communication identity module, or in any other supported form
  • the service profile is provisioned using a web service interface or an over-the-air provisioning method, or any other feasible means.
  • the apparatus further comprises an authenticating unit configured to authenticate the apparatus to a service server outside the operator network, wherein the service server asserts to the operator network that the apparatus is a valid one
  • the receiver is further configured to receive a response from the operator network including management credentials.
  • the apparatus further comprises a releasing unit configured to release the connection for provisioning the service profile to the operator network after receiving the service profile, wherein the establishing unit is further configured to establish a service connection for providing services to the operator network.
  • Fig. 5 is a flowchart illustrating processing of the apparatus/network entity according to certain embodiments of the present invention.
  • the network entity i.e. the MTC device establishes a connection to a operator network for provisioning of a service profile into the network entity, and then, in a step S52, sends a provision request to the operator network. Further, in a step S53, the network entity receives a service profile provisioned from the network over the established connection for provisioning.
  • the apparatus i.e. the MTC device (or some other means) is configured to perform some function
  • this is to be construed to be equivalent to a description stating that a (i.e. at least one) processor or corresponding circuitry, potentially in cooperation with computer program code stored in the memory of the respective apparatus, is configured to cause the apparatus to perform at least the thus mentioned function.
  • a (i.e. at least one) processor or corresponding circuitry potentially in cooperation with computer program code stored in the memory of the respective apparatus, is configured to cause the apparatus to perform at least the thus mentioned function.
  • function is to be construed to be equivalently implementable by specifically configured circuitry or means for performing the respective function (i.e. the expression "unit configured to” is construed to be equivalent to an expression such as "means for").
  • any method step is suitable to be implemented as software or by hardware without changing the idea of the embodiments and its modification in terms of the functionality implemented;
  • CMOS Complementary MOS
  • BiMOS Bipolar MOS
  • BiCMOS Bipolar CMOS
  • ECL emitter Coupled Logic
  • TTL Transistor-Transistor Logic
  • ASIC Application Specific IC
  • FPGA Field-programmable Gate Arrays
  • CPLD Complex Programmable Logic Device
  • DSP Digital Signal Processor
  • - devices, units or means can be implemented as individual devices, units or means, but this does not exclude that they are implemented in a distributed fashion throughout the system, as long as the functionality of the device, unit or means is preserved;
  • an apparatus may be represented by a semiconductor chip, a chipset, or a (hardware) module comprising such chip or chipset; this, however, does not exclude the possibility that a functionality of an apparatus or module, instead of being hardware implemented, be implemented as software in a (software) module such as a computer program or a computer program product comprising executable software code portions for execution/being run on a processor; - a device may be regarded as an apparatus or as an assembly of more than one apparatus, whether functionally in cooperation with each other or functionally independently of each other but in a same device housing, for example.
  • respective functional blocks or elements according to above-described aspects can be implemented by any known means, either in hardware and/or software, respectively, if it is only adapted to perform the described functions of the respective parts.
  • the mentioned method steps can be realized in individual functional blocks or by individual devices, or one or more of the method steps can be realized in a single functional block or by a single device.
  • any method step is suitable to be implemented as software or by hardware without changing the idea of the present invention.
  • Devices and means can be implemented as individual devices, but this does not exclude that they are implemented in a distributed fashion throughout the system, as long as the functionality of the device is preserved. Such and similar principles are to be considered as known to a skilled person.
  • Software in the sense of the present description comprises software code as such comprising code means or portions or a computer program or a computer program product for performing the respective functions, as well as software (or a computer program or a computer program product) embodied on a tangible medium such as a computer-readable (storage) medium having stored thereon a respective data structure or code means/portions or embodied in a signal or in a chip, potentially during processing thereof.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present invention provides methods, apparatuses and a program relating to MTC device provisioning. The present invention includes establishing, at a network entity, a connection to an operator network for provisioning of a service profile to the network entity, sending a provision request to the operator network, receiving a service profile provisioned from the network over the established connection for provisioning.

Description

MTC DEVICE PROVISIONING
Field of the invention
The present invention relates to MTC (machine type communication) device provisioning. More particularly, the present invention relates to methods, apparatuses and a program relating to MTC device provisioning. Background of the invention
Recently, machine-to-machine (M2M) communication is being under study in many organizations including the 3rd Generation Partnership Project (3GPP). Fig. 1 shows an example of Machine Type Communication (MTC) architecture as defined by 3GPP (cf. document [5], Figure 4.2-1 : 3GPP Architecture for Machine- Type Communication).
In this architecture, the SCS (Services Capability Server) and AS (Application Server) are beyond 3GPP specification boundary. MTC-IWF (Machine Type Communication - Interworking function) is in communication service provider's (CSP's) network right inside the boundary to facilitate M2M service to SCS and AS. SCS can be inside or outside CSP's network. MTC devices, which are equipped with a wireless module and an identity (subscriber identification module, SIM), are normally owned by MTC application. However, in some cases like consumer electronics, MTC devices may be owned by end-users.
In 3GPP for traditional human handheld mobile phone, removable SIM card and card reader are used. The SIM card is provisioned and distributed to the end subscriber at the purchase time. But this fashion of provisioning is no longer efficient for M2M devices and M2M applications for the following reasons.
1) No one-on-one linkage to a person An M2M device is normally owned by its M2M applications, e.g . a smart meter is owned by a power grid company. An M2M device is not linked to a certain person as a mobile phone is linked to its owner who can care for it. 2) Large quantity
As expected by 3GPP, there would be 2 orders of magnitude much more MTC devices than mobile phones.
3) Remote operation, without direct contact to the device
Most of the M2M devices are intangible from operation after they are installed for the first time. So operation and maintenance should be done remotely without human intervention.
4) Late provisioning of mobile network operator (MNO) profile
With emergence of eUICC (embedded Universal Integrated Circuit Card), M2M application providers increasingly see the needs for late provisioning of MNO profile (e.g. SIM/USIM/etc). This will simplify their process and lower the cost.
5) Other scenarios
Other more useful scenarios are needed, including e.g. changing of subscription, network upgrade/swap out, change of device ownership, long term relocation. However, the existing 3GPP specification is not ready to support them.
According to document [1] there are proposed several solutions that define the remote provisioning or change of subscription for M2M equipment based either on a trusted environment (TRE) or UICC. For example, initial provision of MCIM (Machine Communication Identity Module) to TRE based M2M equipment is shown in Figure 5.1.3.6.3-1 of document [1]. It uses an initial PCID (Provisional Connectivity Identity) and related credentials to access the visiting network or the home network. After access is granted and connection is set up, the M2M equipment can start provisioning with the provisioning service provided by the network. Subscription change to different operator is shown in Figure 5.1.3.7.4.2-1 of document [1], which shows re-provisioning using connectivity provided by old SHO (Selected Home Operator) procedure, and re-use of existing procedure for operator change. It needs extra support of Home Operator.
Document [2] relates to the GSMA (Global System for Mobile Communication Association) Embedded SIM project. The GSMA Embedded SIM project was launched in November 2010 with similar motivation to deliver a technical solution as an evolution of the current SIM provisioning mechanisms. The solution is based on eUICC, which is equivalent to 3GPP proposed TRE or UICC. From some draft documents of the project, it can be seen that the process for provisioning is quite similar to that of document [1] described above.
In summary, these existing solutions of 3GPP and GSMA have the following disadvantages:
1) Initial provisioning
The initial provisioning requires complex offline involvement of all stakeholders on the value chain, including card vendor, device vendor, application provider, network operator, etc.
2) Later provisioning, e.g. change of operator
When there is need for later re-provisioning e.g., change of operator, the solutions require home MNO involvement, which is certainly reluctant to do so.
Document [3] is related with WiMAX hotline device provisioning. WiMAX defines over-the-air provisioning and activation mechanism, with which WiMAX devices with pre-provisioned device credentials can be provisioned with subscription credentials and be activated over the air using the hotlining technique.
But there is big difference between WiMAX and 3GPP network. WiMAX devices are pre-provisioned with device credentials at manufacturing time. The device credentials are used for accessing the WiMAX network and can provide security for later subscription credentials provisioning. For 3GPP network, the UE has no device credentials. The UE has only subscription credentials which are contained in the SIM card. This big difference makes the WiMAX hotlining device provisioning solution no longer fit for 3GPP network. Document [4] discloses a SIM remote provisioning mechanism in US Patent Application 20110269423 "Wireless network authentication apparatus and methods". With the method in the patent, SIM can be provisioned remotely to cellular devices equipped with embedded secure element (SE). But in this document it is assumed that an Issuer's Security Domain (ISD) is pre- provisioned in both the Trusted Services Manager (TSM) and the embedded SE. This means that device manufacturer has to contact with USIM vendor or MNO to pre-provision the ISD. This increases the complexity.
References :
Document [1] :
3GPP TR 33.812, V.9.2.0, "Feasibility Study on the Security Aspects of Remote Provisioning and Change of Subscription for M2M Equipment", 2010-06.
Document [2] :
GSMA Embedded SIM project draft document, "Embedded UICC - A High Level Remote Provisioning Architecture" by David Maxwell. Document [3] :
WiMAX Over-The-Air General Provisioning System Specification, WMF-T33-001- R010v05 - WiMAX Forum® Network Architecture - Stage 3 : Detailed Protocols and Procedures - Release 1.0, 2010-02-07. Document [4] :
US Patent Application 20110269423 "Wireless network authentication apparatus and methods".
Document [5] :
3GPP TS 23.682, Vll.0.0, "Architecture enhancements to facilitate communications with packet data networks and applications", 2012-03.
Summary of the Invention According to the present invention, there are provided methods, apparatuses and a program relating to MTC device provisioning.
According to an aspect of the invention there is provided a method comprising; establishing, at a network entity, a connection to an operator network for provisioning of a service profile to the network entity,
sending a provision request to the operator network,
receiving a service profile provisioned from the network over the
established connection for provisioning.
According to further refinements as defined under the above aspect,
- the connection is an emergency-like packet switched connection without authentication at network layer;
- the connection is indicated by an access point name;
- the method further comprises authenticating the network entity to a service server outside the operator network, wherein the service server asserts to the operator network that the network entity is a valid one;
- the method further comprises
receiving a response from the operator network including management
credentials;
releasing the connection for provisioning the service profile to the operator network after receiving the service profile, and
establishing a service connection for providing services to the operator network;
- the service profile is a subscriber identity module or machine communication identity module;
- the service profile is provisioned using a web service interface or an over-the- air provisioning method. According to another aspect of the present invention, there is provided an apparatus, comprising:
an establishing unit configured to establish a connection to an operator network for provisioning of a service profile to the apparatus, a transmitter configured to send a provision request to the operator network,
a receiver configured to receive a service profile provisioned from the network over the established connection for provisioning.
According to further refinements as defined under the above aspect
- the connection is an emergency-like packet switched connection without authentication at network layer;
- the connection is indicated by an access point name;
- the apparatus further comprises an authenticating unit configured to
authenticate the apparatus to a service server outside the operator network, wherein the service server asserts to the operator network that the apparatus is a valid one;
- the receiver is further configured to receive a response from the operator network including management credentials;
- the apparatus further comprises a releasing unit configured to release the connection for provisioning the service profile to the operator network after receiving the service profile, wherein the establishing unit is further configured to establish a service connection for providing services to the operator network; - the service profile is a subscriber identity module or machine communication identity module;
- the service profile is provisioned using a web service interface or an over-the- air provisioning method. According to another aspect of the present invention there is provided a computer program product comprising code means adapted to produce steps of any of the methods as described above when loaded into the memory of a computer. According to a still further aspect of the invention there is provided a computer program product as defined above, wherein the computer program product comprises a computer-readable medium on which the software code portions are stored. According to a still further aspect of the invention there is provided a computer program product as defined above, wherein the program is directly loadable into an internal memory of the processing device. Brief Description of the Drawings
These and other objects, features, details and advantages will become more fully apparent from the following detailed description of embodiments of the present invention which is to be taken in conjunction with the appended drawings, in which:
Fig. 1 is a diagram illustrating an example of Machine Type Communication (MTC) architecture to which embodiments of the present invention are applicable. Fig. 2 is a signalling diagram illustrating an embodiment of the present invention.
Fig. 3 is a signalling diagram illustrating another embodiment of the present invention. Fig. 4 is a block diagram showing an example of an apparatus according to certain embodiments of the present invention.
Fig. 5 is a flowchart illustrating processing of the apparatus according to certain embodiments of the present invention.
Detailed Description
In the following, embodiments of the present invention are described by referring to general and specific examples of the embodiments, wherein the features of the embodiments can be freely combined with each other unless otherwise described. It is to be understood, however, that the description is given by way of example only, and that the described embodiments are by no means to be understood as limiting the present invention thereto. To solve the problems of prior arts, as described above, the present invention makes use of a special data connection for provisioning. And since there is no device authentication mechanism available in 3GPP network, it introduces corresponding security mechanism to ensure the provisioning is secure over the special connection. The basic idea of the present invention is illustrated in the signaling diagram shown in Fig. 2.
First, some mutual trust is set up beforehand between MNO and SCS, which is not illustrated in Fig. 2. For example, SCS is equipped with a certificate which is assigned by MNO trusted Certificate Authority (CA). At this stage, MTC device is only equipped with an empty UlCC/eUICC or other types of SE. There is no pre- configured MNO profile in it.
According to Fig. 2, in step 1), the MTC device first sets up a special PS (packet switched) connection to the MNO's network. This PS connection is solely for provisioning of MNO profile for M2M services. In implementation, such a special PS connection can be indicated by a special APN (Access Point Name). Compared with normal PS connection, the PS connection is special in the following ways:
a. The network will not authenticate the UE by itself in the connection setup procedure, nor will it negotiate other connection parameters (like Quality of Service, QoS) with the device. In the current state it will just grant basic access to any device using predefined profile (e.g. fixed QoS configuration). Such special PS connection already exists in 3GPP IMS (IP Multimedia Subsystem) emergency service with "Insufficient Security Credentials" IP-CAN
(IP - Connectivity Access Network) type. No change to the standardization is needed.
b. Although there is no authentication for the device, GGSN/P-GW will have strict access control on the connection. With this connection the MTC device only has very limited access to the network. For example, only connection to MTC-IWF for provisioning service is allowed. In step 2), the MTC device sends Provision Request to MTC-IWF. MTC-IWF address may be conveyed to device during the PS connection setup phase. As an alternative, it may be pre-configured in the device.
Then, in step 3), the MTC device authenticates to SCS. Then, SCS asserts to MTC-IWF that the device is a valid device of it. This is essentially a Single Sign- On (SSO) to MTC-IWF. By such SSO, the MNO need not pre-provision any profile beforehand into the device.
With assertion from SCS that the device is a valid one, MTC-IWF responds the device with a Provision Response in step 4). In this response message, management credentials for next step may be distributed to the device, if necessary.
In this next step 5), the MNO profile is provisioned to the MTC device. The MNO profile can be SIM or MCIM (Machine Communication Identity Module) or any other similar things. This can be done using some free defined web service interface. Alternatively, it may be done using OTA (Over the air) provisioning mechanisms. However, in view of the above, it is noted that the MNO profile is not limited to a subscriber identity module or machine communication identity module, and that any other supported form may be used.
Further, it is noted that provisioning of the MNO profile is not limited to using a web service interface or an over-the-air provisioning method, and that any other feasible means could be used instead.
After the provisioning of MNO profile is complete, the special PS connection is released in step 6), either initiated by the network or the device.
With the newly provisioned MNO profile, the device can start normal services with the network in step 7). The described process can be used for initial provisioning of MNO profile to the MTC device. Also it can be used for later re-provisioning of MNO profile (e.g. change of operator). Compared with prior arts, the invention satisfies current requirements while providing the following novel features:
1) Using separate special PS connection for provisioning
According to certain embodiments of the present invention, emergency-like connection without authentication at network layer is used. Thus, there is no need for early involvement of MNO until the last minute of device deployment. Also there is no need of home MNO involvement for re-provisioning (change of operator). These advantages will greatly reduce the process complexity and cost of MNO and M2M service or application provider.
2) Authentication delegation to SCS or AS
Security is still ensured for the special PS connection with the device authentication delegated to SCS or AS. All parties, including MNO and M2M service or application provider, benefit from it by simplifying device development and deployment process.
3) Separate normal PS connection for later M2M service
With this flexibility, any variants of MNO profile are possible without a compromise of network layer security. For example, MCIM profile as defined in document [1] is supported.
This invention can be used to provision any kind of MNO profile (and device profile), including SIM, MCIM or any others, to the network and device. When used to provision SIM profile, there is no impact to the existing 3GPP standards and networks. 3GPP standards are already there to support the special (emergency-like) PS connection. For the authentication step 3 as shown in Fig. 1, any implementation fulfilling the requirement is acceptable. One possible example is to use SAML Web Browser SSO profile. In the following, a certain embodiment of the present invention is described in which SIM provisioning is done with SAML SSO. Such implementation can be based on HTTP(s). However, it is noted that this is merely an illustrating example and that the present invention is not limited to SAML SSO. Fig. 3 is a signalling diagram illustrating the procedure according to the certain embodiment using SAML SSO.
First, in step 1) the MTC device sets up a special PS connection to the MNO's network. This PS connection is solely for provisioning of MNO profile for M2M services. It is indicated by a special APN. It does no network level authentication to device. MTC-IWF address (in form of an FQDN (Full Qualified Domain Name) or an IP (Internet Protocol) address) may be delivered to the device in PCO IE (Protocol Configuration Option Information Element) of the create PDP (Packet Data Protocol) response message. And the connection imposes strict access control over the device which will not be able to reach anywhere other than the MTC-IWF at current stage.
In step 2), the device sends Provision Request to the MTC-IWF over HTTPS. A SCS ID (identification) is contained as a parameter in the message. In step 2a), MTC-IWF determines the address of SCS, and updates the PS connection with new policy rule that allows the device to reach SCS in the following steps.
Then, in step 3.1, the MTC-IWF sends HTTP redirect response to the device. A SAML AuthenticationRequest is contained in the message. The message is then redirected to SCS. In step 3.2, the device provides valid credentials and authenticates to SCS. In step 3.3, SCS's Single Sign-On service builds a SAML assertion representing the user's logon context. Then the SAML assertion is redirected to MTC-IWF who is then made aware of the authentication status of the device. Then, upon successful SAML assertion of device, MTC-IWF sends Provision Response to the device in step 4). Since step 2 and 4 are based on HTTPS, it is possible to distribute necessary credentials that are to be used in step 5.
In this step 5), SIM is provisioned to the device. This can be done in various ways. One way is to reuse OTA provisioning (following the procedure in GlobalPlatform Card Specification v2.2 - Amendment B : Remote Application Management over HTTP). OTA gateway address and related OTA security domain master key should be distributed to the device in step 4.
Subsequent steps 6) and 7) correspond to steps 6) and 7) as described above with respect to Fig. 2. Some important use cases include (but not limited to) the following :
1) Embedded SIM provisioning
2) bootstrapping of devices with MNO profile by SCS or AS
3) re-provisioning like changing operator However, these are merely example and the use cases are not limited to the above described examples.
Thus, in view of the above, according to certain embodiments of the present invention, the following improvements are achieved.
According to embodiments of the present invention, easy provisioning of MTC device with a simplified process is achieved.
Further, an easy change of operator without involvement of the home MNO is possible according to embodiments of the present invention.
Moreover, certain embodiments of the present invention permit use of flexible device profile (e.g. use of MCIM, not using of SIM/IMSI). Further, the certain embodiments do not have impact to the existing 3GPP network.
Fig. 4 is a block diagram showing an example of an apparatus according to certain embodiments of the present invention.
As shown in Fig. 4, according to an embodiment of the present invention, the apparatus 40, i.e. the MTC device (also referred to as network entity), comprises a receiver/transmitter 41 and a processor 42. The processor 42 and the receiver/transmitter 41 serve as an establishing unit configured to establish a connection to an operator network for provisioning of a service profile to the network entity, and as a sending unit configured to send a provision request to the operator network. Further, the processor 42 and the receiver/transmitter 41 serve as a receiving unit configured to receive a service profile provisioned from the network over the established connection for provisioning.
According to certain aspects of the present invention, the connection is an emergency-like packet switched connection without authentication at network layer, the connection is indicated by an access point name, the service profile is a subscriber identity module or machine communication identity module, or in any other supported form, and the service profile is provisioned using a web service interface or an over-the-air provisioning method, or any other feasible means. According to certain aspects of the present invention, the apparatus further comprises an authenticating unit configured to authenticate the apparatus to a service server outside the operator network, wherein the service server asserts to the operator network that the apparatus is a valid one, and the receiver is further configured to receive a response from the operator network including management credentials.
Moreover, according to certain aspects of the present invention, the apparatus further comprises a releasing unit configured to release the connection for provisioning the service profile to the operator network after receiving the service profile, wherein the establishing unit is further configured to establish a service connection for providing services to the operator network.
Fig. 5 is a flowchart illustrating processing of the apparatus/network entity according to certain embodiments of the present invention.
According to an embodiment of the present invention, first, in a step S51, the network entity, i.e. the MTC device establishes a connection to a operator network for provisioning of a service profile into the network entity, and then, in a step S52, sends a provision request to the operator network. Further, in a step S53, the network entity receives a service profile provisioned from the network over the established connection for provisioning.
In the foregoing exemplary description of the apparatus, only the units that are relevant for understanding the principles of the invention have been described using functional blocks. The apparatus may comprise further units that are necessary for its respective operation. However, a description of these units is omitted in this specification. The arrangement of the functional blocks of the apparatus is not construed to limit the invention, and the functions may be performed by one block or further split into sub-blocks.
When in the foregoing description it is stated that the apparatus, i.e. the MTC device (or some other means) is configured to perform some function, this is to be construed to be equivalent to a description stating that a (i.e. at least one) processor or corresponding circuitry, potentially in cooperation with computer program code stored in the memory of the respective apparatus, is configured to cause the apparatus to perform at least the thus mentioned function. Also, such function is to be construed to be equivalently implementable by specifically configured circuitry or means for performing the respective function (i.e. the expression "unit configured to" is construed to be equivalent to an expression such as "means for"). For the purpose of the present invention as described herein above, it should be noted that
- method steps likely to be implemented as software code portions and being run using a processor at a network control element or terminal (as examples of devices, apparatuses and/or modules thereof, or as examples of entities including apparatuses and/or modules therefore), are software code independent and can be specified using any known or future developed programming language as long as the functionality defined by the method steps is preserved;
- generally, any method step is suitable to be implemented as software or by hardware without changing the idea of the embodiments and its modification in terms of the functionality implemented;
- method steps and/or devices, units or means likely to be implemented as hardware components at the above-defined apparatuses, or any module(s) thereof, (e.g., devices carrying out the functions of the apparatuses according to the embodiments as described above) are hardware independent and can be implemented using any known or future developed hardware technology or any hybrids of these, such as MOS (Metal Oxide Semiconductor), CMOS (Complementary MOS), BiMOS (Bipolar MOS), BiCMOS (Bipolar CMOS), ECL (Emitter Coupled Logic), TTL (Transistor-Transistor Logic), etc., using for example ASIC (Application Specific IC (Integrated Circuit)) components, FPGA (Field-programmable Gate Arrays) components, CPLD (Complex Programmable Logic Device) components or DSP (Digital Signal Processor) components;
- devices, units or means (e.g. the above-defined apparatuses, or any one of their respective units/means) can be implemented as individual devices, units or means, but this does not exclude that they are implemented in a distributed fashion throughout the system, as long as the functionality of the device, unit or means is preserved;
- an apparatus may be represented by a semiconductor chip, a chipset, or a (hardware) module comprising such chip or chipset; this, however, does not exclude the possibility that a functionality of an apparatus or module, instead of being hardware implemented, be implemented as software in a (software) module such as a computer program or a computer program product comprising executable software code portions for execution/being run on a processor; - a device may be regarded as an apparatus or as an assembly of more than one apparatus, whether functionally in cooperation with each other or functionally independently of each other but in a same device housing, for example. In general, it is to be noted that respective functional blocks or elements according to above-described aspects can be implemented by any known means, either in hardware and/or software, respectively, if it is only adapted to perform the described functions of the respective parts. The mentioned method steps can be realized in individual functional blocks or by individual devices, or one or more of the method steps can be realized in a single functional block or by a single device.
Generally, any method step is suitable to be implemented as software or by hardware without changing the idea of the present invention. Devices and means can be implemented as individual devices, but this does not exclude that they are implemented in a distributed fashion throughout the system, as long as the functionality of the device is preserved. Such and similar principles are to be considered as known to a skilled person. Software in the sense of the present description comprises software code as such comprising code means or portions or a computer program or a computer program product for performing the respective functions, as well as software (or a computer program or a computer program product) embodied on a tangible medium such as a computer-readable (storage) medium having stored thereon a respective data structure or code means/portions or embodied in a signal or in a chip, potentially during processing thereof.
It is noted that the embodiments and general and specific examples described above are provided for illustrative purposes only and are in no way intended that the present invention is restricted thereto. Rather, it is the intention that all variations and modifications which fall within the scope of the appended claims are covered.
List of abbreviations: AS Application Server
CA Certificate Authority
CDF Charging Data Function
CGF Charging Gateway Function
eUICC Embedded UICC
FQDN Full Qualified Domain Name
GGSN Gateway GPRS Supporting Node
GPRS General Packet Radio System
GMSC Gateway Mobile Switching Center
HPLMN Home PLMN
HSS Home Subscriber Server
HTTPS HyperText Transfer Protocol Secure
IE Information Element
IP Internet Protocol
IP-SM-GW IP - Short Message Gateway
ISD Issuer's Security Domain
IWMSC Interworking MSC
LTE Long Term Evolution
MCIM Machine Communication Identity Module
MME Mobility Management Entity
MNO Mobile Network Operator
MSC Mobile Switching Center
MTC Machine Type Communication
MTC-IWF Machine Type Communication-InterWorking Function
OTA Over The Air
PCID Provisional Connectivity Identity
PCO Protocol Configuration Option
P-GW Packet Gateway
PLMN Public Land Mobile Network
QoS Quality of Service
RAN Radio Access Network
SAML Security Assertion Markup Language
SCS Service Capabilities Server SE Secure Element
SGSN Serving GPRS Supporting Node
S-GW Serving Gateway
SHO Selected Home Operator
SIM Subscriber Identity Module
SME Small and Medium Enterprise
SMS SC Short Message Service - Service Center
SSO Single Sign-On
TRE TRusted Environment
UE User Equipment
UICC Universal Integrated Circuit Card
VPLMN Visited PLMN

Claims

What is claimed is:
1. A method, comprising:
establishing, at a network entity, a connection to an operator network for provisioning of a service profile to the network entity,
sending a provision request to the operator network,
receiving a service profile provisioned from the network over the established connection for provisioning,
2. The method according to claim 1, wherein
the connection is an emergency-like packet switched connection without authentication at network layer.
3. The method according to claim 1 or 2, wherein the
the connection is indicated by an access point name.
4. The method according to any one of claims 1 to 3, further comprising
authenticating the network entity to a service server outside the operator network, wherein
the service server asserts to the operator network that the network entity is a valid one.
5. The method according to any one of claims 1 to 4, further comprising
receiving a response from the operator network including management credentials.
6. The method according to any one of claims 1 to 5, further comprising
releasing the connection for provisioning the service profile to the operator network after receiving the service profile, and
establishing a service connection for providing services to the operator network.
7. The method according to any one of claims 1 to 6, wherein the service profile is a subscriber identity module or machine communication identity module.
8. The method according to any one of claims 1 to 7, wherein
the service profile is provisioned using a web service interface or an over- the-air provisioning method.
9. An apparatus, comprising:
an establishing unit configured to establish a connection to an operator network for provisioning of a service profile to the apparatus,
a transmitter configured to send a provision request to the operator network,
a receiver configured to receive a service profile provisioned from the network over the established connection for provisioning.
10. The apparatus according to claim 9, wherein
the connection is an emergency-like packet switched connection without authentication at network layer.
11. The apparatus according to claim 9 or 10, wherein the
the connection is indicated by an access point name.
12. The apparatus according to any one of claims 9 to 11, further comprising an authenticating unit configured to authenticate the apparatus to a service server outside the operator network, wherein
the service server asserts to the operator network that the apparatus is a valid one.
13. The apparatus according to any one of claims 9 to 12, wherein
the receiver is further configured to receive a response from the operator network including management credentials.
14. The apparatus according to any one of claims 9 to 13, further comprising a releasing unit configured to release the connection for provisioning the service profile to the operator network after receiving the service profile, wherein the establishing unit is further configured to establish a service connection for providing services to the operator network.
15. The apparatus according to any one of claims 9 to 14, wherein
the service profile is a subscriber identity module or machine communication identity module.
16. The apparatus according to any one of claims 9 to 15, wherein
the service profile is provisioned using a web service interface or an over- the-air provisioning method.
17. A computer program product including a program for a processing device, comprising software code portions for performing the steps of any one of claims
1 to 8 when the program is run on the processing device.
18. The computer program product according to claim 17, wherein the computer program product comprises a computer-readable medium on which the software code portions are stored.
19. The computer program product according to claim 17, wherein the program is directly loadable into an internal memory of the processing device.
PCT/CN2012/077528 2012-06-26 2012-06-26 Mtc device provisioning WO2014000157A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2012/077528 WO2014000157A1 (en) 2012-06-26 2012-06-26 Mtc device provisioning

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2012/077528 WO2014000157A1 (en) 2012-06-26 2012-06-26 Mtc device provisioning

Publications (1)

Publication Number Publication Date
WO2014000157A1 true WO2014000157A1 (en) 2014-01-03

Family

ID=49782028

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2012/077528 WO2014000157A1 (en) 2012-06-26 2012-06-26 Mtc device provisioning

Country Status (1)

Country Link
WO (1) WO2014000157A1 (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016013827A1 (en) * 2014-07-19 2016-01-28 Samsung Electronics Co., Ltd. Method and device for embedded sim provisioning
US20160157169A1 (en) * 2014-11-28 2016-06-02 Sony Corporation System, method, and computer program product for enabling a machine type communication (mtc) coverage enhancement mode
WO2017101991A1 (en) * 2015-12-16 2017-06-22 Huawei Technologies Co., Ltd. Identity profile provisioning technique
JP2017528087A (en) * 2014-09-15 2017-09-21 ジェムアルト エム・ツー・エム ゲゼルシャフト ミット ベシュレンクテル ハフツングGemalto M2M GmbH How to download subscriber information to the identification unit
EP3253020A1 (en) * 2016-06-03 2017-12-06 Gemalto Sa A method and an apparatus for publishing assertions in a distributed database of a mobile telecommunication network
WO2018188739A1 (en) * 2017-04-12 2018-10-18 Telefonaktiebolaget Lm Ericsson (Publ) Methods for automatic bootstrapping of a device
WO2020071974A1 (en) * 2018-10-05 2020-04-09 Telefonaktiebolaget Lm Ericsson (Publ) Authorization of a device being equipped with an embedded universal integrated circuit card

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102076028A (en) * 2009-11-23 2011-05-25 中兴通讯股份有限公司 Public bearer establishment method, data transmission method and core network side equipment
CN102158911A (en) * 2010-02-11 2011-08-17 华为技术有限公司 Machine-to-machine service bearer establishment method and network transmission equipment
US20110199905A1 (en) * 2010-02-12 2011-08-18 Interdigital Patent Holdings, Inc. Access control and congestion control in machine-to-machine communication
WO2011138288A1 (en) * 2010-05-03 2011-11-10 Alcatel Lucent Overload control in a packet mobile communication system
US20110292893A1 (en) * 2010-05-26 2011-12-01 Lg Electronics Inc. Nas-based signaling protocol for overload protection of random access in massive machine type communication

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102076028A (en) * 2009-11-23 2011-05-25 中兴通讯股份有限公司 Public bearer establishment method, data transmission method and core network side equipment
CN102158911A (en) * 2010-02-11 2011-08-17 华为技术有限公司 Machine-to-machine service bearer establishment method and network transmission equipment
US20110199905A1 (en) * 2010-02-12 2011-08-18 Interdigital Patent Holdings, Inc. Access control and congestion control in machine-to-machine communication
WO2011138288A1 (en) * 2010-05-03 2011-11-10 Alcatel Lucent Overload control in a packet mobile communication system
US20110292893A1 (en) * 2010-05-26 2011-12-01 Lg Electronics Inc. Nas-based signaling protocol for overload protection of random access in massive machine type communication

Cited By (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016013827A1 (en) * 2014-07-19 2016-01-28 Samsung Electronics Co., Ltd. Method and device for embedded sim provisioning
US9705546B2 (en) 2014-07-19 2017-07-11 Samsung Electronics Co., Ltd Method and device for embedded SIM provisioning
JP2017528087A (en) * 2014-09-15 2017-09-21 ジェムアルト エム・ツー・エム ゲゼルシャフト ミット ベシュレンクテル ハフツングGemalto M2M GmbH How to download subscriber information to the identification unit
US20160157169A1 (en) * 2014-11-28 2016-06-02 Sony Corporation System, method, and computer program product for enabling a machine type communication (mtc) coverage enhancement mode
US11044666B2 (en) 2014-11-28 2021-06-22 Sony Corporation System, method, and computer program product for enabling a machine type communication (MTC) coverage enhancement mode
US10582447B2 (en) 2014-11-28 2020-03-03 Sony Corporation System, method, and computer program product for enabling a machine type communication (MTC) coverage enhancement mode
US10206165B2 (en) * 2014-11-28 2019-02-12 Sony Corporation System, method, and computer program product for enabling a machine type communication (MTC) coverage enhancement mode
WO2017101991A1 (en) * 2015-12-16 2017-06-22 Huawei Technologies Co., Ltd. Identity profile provisioning technique
KR20190002598A (en) * 2016-06-03 2019-01-08 제말토 에스에이 A method and apparatus for issuing assertions within a distributed database of a mobile communication network and personalizing object Internet devices
CN109196841A (en) * 2016-06-03 2019-01-11 格马尔托股份有限公司 For in the distributed data base of mobile telecom network publication assert and for personalized internet of things equipment method and apparatus
WO2017207314A1 (en) * 2016-06-03 2017-12-07 Gemalto Sa A method and an apparatus for publishing assertions in a distributed database of a mobile telecommunication network and for personalising internet of things devices
KR102093574B1 (en) 2016-06-03 2020-04-24 제말토 에스에이 Method and apparatus for issuing assertions in a distributed database of a mobile communication network and personalizing Internet of Things devices
US11012860B2 (en) 2016-06-03 2021-05-18 Thales Dis France Sa Method and an apparatus for publishing assertions in a distributed database of a mobile telecommunication network and for personalising internet-of-things devices
CN109196841B (en) * 2016-06-03 2021-06-04 格马尔托股份有限公司 Method and apparatus for issuing assertions in distributed databases of a mobile telecommunications network and for personalizing internet of things devices
EP3253020A1 (en) * 2016-06-03 2017-12-06 Gemalto Sa A method and an apparatus for publishing assertions in a distributed database of a mobile telecommunication network
WO2018188739A1 (en) * 2017-04-12 2018-10-18 Telefonaktiebolaget Lm Ericsson (Publ) Methods for automatic bootstrapping of a device
US10904743B2 (en) 2017-04-12 2021-01-26 Telefonaktiebolaget Lm Ericsson (Publ) Methods for automatic bootstrapping of a device
WO2020071974A1 (en) * 2018-10-05 2020-04-09 Telefonaktiebolaget Lm Ericsson (Publ) Authorization of a device being equipped with an embedded universal integrated circuit card
US11743712B2 (en) 2018-10-05 2023-08-29 Telefonaktiebolaget Lm Ericsson (Publ) Authorization of a device being equipped with an embedded universal integrated circuit card

Similar Documents

Publication Publication Date Title
KR102371357B1 (en) Method for sending an existing subscription profile from a mobile network operator to a secure element, corresponding servers and secure element
US11445435B2 (en) Managing network enrollment and redirection for internet-of-things and like devices
US8989806B2 (en) Network operator-neutral provisioning of mobile devices
US9253621B2 (en) Method and apparatus for associating service provider network identifiers with access network identifiers
US20220418038A1 (en) Selection of ip version
CN106161043B (en) Method and apparatus for providing sponsored services between user devices
EP3753299B1 (en) Enforcement of service exemption on a per access network technology type
US10721616B2 (en) Subscription information download method, related device, and system
WO2014000157A1 (en) Mtc device provisioning
US8406761B2 (en) Initializing and provisioning user equipment having multi-network connectivity
EP3720152B1 (en) Communication network components and methods for initiating a slice-specific authentication and authorization
US20140304323A1 (en) Flexible device management bootstrap
EP3643092A1 (en) Profile management for provisioning access to an alternative service provider
JP5930438B2 (en) Access method, mobility management device, and user equipment
CN111466109A (en) Method and subscriber identity module for providing network access
US20170150344A1 (en) Subscription Fall-Back in a Radio Communication Network
CN117616784A (en) Method and apparatus for establishing a session with a required quality of service
US9426721B2 (en) Temporary access to wireless networks
KR102216293B1 (en) Subscriber certification module using provisioning profile and method of accessing network using the same
EP3968666B1 (en) Provisioning of a terminal device for a mobile communication network
US11082821B2 (en) Method for provisioning an applet with credentials of a terminal application provided by an application server and corresponding OTA platform
WO2022012674A1 (en) Method and apparatus for event monitoring
EP3691315A1 (en) Network operator neutral provisioning of mobile devices
EP3984268A1 (en) Controlling provision of access to restricted local operator services by user equipment
US20230275936A1 (en) Ims support for non-imsi based supi when there is no isim

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12879613

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12879613

Country of ref document: EP

Kind code of ref document: A1