U.S. patent application number 13/991542 was filed with the patent office on 2014-05-22 for method for transmitting a sim application of a first terminal to a second terminal.
This patent application is currently assigned to Gemalto SA. The applicant listed for this patent is Xavier Berard, Denis Gachon, Lionel Merrien. Invention is credited to Xavier Berard, Denis Gachon, Lionel Merrien.
Application Number | 20140141747 13/991542 |
Document ID | / |
Family ID | 43902079 |
Filed Date | 2014-05-22 |
United States Patent
Application |
20140141747 |
Kind Code |
A1 |
Merrien; Lionel ; et
al. |
May 22, 2014 |
METHOD FOR TRANSMITTING A SIM APPLICATION OF A FIRST TERMINAL TO A
SECOND TERMINAL
Abstract
A method for transmitting a SIM application of a first terminal
to a second terminal, the SIM application being stored in a secure
element included in the first terminal, with access to the SIM
application being locked by a PIN code. The method includes
exporting the SIM application from the first terminal to a distant
site, by including the PIN code as well as a remote loading code. A
user of the second terminal is asked to enter the remote loading
code in the second terminal. In the event the remote loading code
entered by the user matches the remote loading code that has been
exported, the installation of the SIM application in a secure
element of the second terminal is authorized. Otherwise, the SIM
application is not installed in the secure element of the second
terminal.
Inventors: |
Merrien; Lionel; (Montreal,
CA) ; Berard; Xavier; (Cadolive, FR) ; Gachon;
Denis; (Saint-Zacharie, FR) |
|
Applicant: |
Name |
City |
State |
Country |
Type |
Merrien; Lionel
Berard; Xavier
Gachon; Denis |
Montreal
Cadolive
Saint-Zacharie |
|
CA
FR
FR |
|
|
Assignee: |
Gemalto SA
Meudon
FR
|
Family ID: |
43902079 |
Appl. No.: |
13/991542 |
Filed: |
December 2, 2011 |
PCT Filed: |
December 2, 2011 |
PCT NO: |
PCT/EP2011/071660 |
371 Date: |
December 18, 2013 |
Current U.S.
Class: |
455/411 |
Current CPC
Class: |
G06F 8/61 20130101; H04W
8/205 20130101; H04W 84/04 20130101; H04B 1/3816 20130101; H04L
9/0825 20130101; H04L 63/083 20130101; H04W 4/50 20180201; G06F
21/6218 20130101; H04L 63/08 20130101; H04W 4/70 20180201; H04W
12/04 20130101; H04W 8/22 20130101; H04W 12/06 20130101; H04W 12/08
20130101; H04L 67/34 20130101; H04W 12/00522 20190101; H04L 63/0428
20130101; H04W 8/18 20130101; H04W 8/245 20130101; H04W 12/10
20130101; H04W 12/0023 20190101; H04L 63/123 20130101; H04W 4/60
20180201; H04W 8/183 20130101 |
Class at
Publication: |
455/411 |
International
Class: |
H04W 12/08 20060101
H04W012/08; H04B 1/38 20060101 H04B001/38 |
Foreign Application Data
Date |
Code |
Application Number |
Dec 6, 2010 |
EP |
10306359.0 |
Claims
1. Method for transmitting a SIM application of a first terminal to
a second terminal, said SIM application being stored in a secure
element included in the first terminal, the access to said SIM
application being locked by a PIN code, comprising: i--exporting
said SIM application from said first terminal to a distant site, by
including said PIN code as well as a remote loading code; ii--ask
the user of said second terminal to enter said remote loading code
in said second terminal; iii--in the event the remote loading code
entered by said user matches the remote loading code that has been
exported, authorizing the installation of said SIM application in a
secure element of said second terminal, and otherwise, do not
install said SIM application in said secure element of said second
terminal.
2. Method according to claim 1, wherein the match of said remote
loading codes is checked at the level of said distant site and said
match launches the downloading of said SIM application to the
secure element of said second terminal and said installation.
3. Method according to claim 1, wherein the match of said remote
loading code is checked at the level of said second terminal, after
said SIM application has been downloaded to said secure element of
said second terminal, said match launching the installation of said
SIM application in the secure element of said second terminal.
4. Method according to claim 1, wherein said remote loading code is
ciphered.
5. Method according to claim 1, wherein said remote loading code is
a pass phrase.
6. Method according to claim 1, wherein said terminal is a machine.
Description
[0001] This disclosure is a national phase of PCT/EP2011/071660, a
continuation of U.S. application Ser. No. 13/312,309, filed Dec. 6,
2011, and claims priority of European Application No. 10306359.0,
filed Dec. 6, 2010, the disclosures of which are hereby
incorporated by reference.
[0002] The present invention concerns a method for transmitting a
Sim application of a first terminal to a second terminal.
[0003] A Sim application is typically installed in a secure element
like a UICC. The secure element is installed, fixedly or not, in a
terminal, like for example a mobile phone. In some cases, the
terminals are constituted by machines that communicate with other
machines for M2M (Machine to Machine) applications.
[0004] A UICC (Universal Integrated Circuit Card) can be in the
format of a smart card, or may be in any other format such as for
example but not limited to a packaged chip as described in
PCT/SE2008/050380, or any other format. It can be used in mobile
terminals in GSM and UMTS networks for instance. The UICC ensures
network authentication, integrity and security of all kinds of
personal data.
[0005] In a GSM network, the UICC contains mainly a SIM application
and in a UMTS network it is the USIM application. A UICC may
contain several other applications, making it possible for the same
smart card to give access to both GSM and UMTS networks, and also
provide storage of a phone book and other applications. It is also
possible to access a GSM network using an USIM application and it
is possible to access UMTS networks using a SIM application with
mobile terminals prepared for this. With the UMTS release 5 and
later stage network like LTE, a new application, the IP multimedia
Services Identity Module (ISIM) is required for services in the IMS
(IP Multimedia Subsystem). The telephone book is a separate
application and not part of either subscription information
module.
[0006] In a CDMA network, the UICC contains a CSIM application, in
addition to 3GPP USIM and SIM applications. A card with all three
features is called a removable user identity card, or R-UIM. Thus,
the R-UIM card can be inserted into CDMA, GSM, or UMTS handsets,
and will work in all three cases.
[0007] In 2G networks, the SIM card and SIM application were bound
together, so that "SIM card" could mean the physical card, or any
physical card with the SIM application.
[0008] The UICC smart card consists of a CPU, ROM, RAM, EEPROM and
I/O circuits. Early versions consisted of the whole full-size
(85.times.54 mm, ISO/IEC 7810 ID-1) smart card. Soon the race for
smaller telephones called for a smaller version of the card.
[0009] Since the card slot is standardized, a subscriber can easily
move their wireless account and phone number from one handset to
another. This will also transfer their phone book and text
messages. Similarly, usually a subscriber can change carriers by
inserting a new carrier's UICC card into their existing handset.
However, it is not always possible because some carriers (e.g. in
U.S.) SIM-LOCK the phones that they sell, thus preventing
competitor carriers' cards being used.
[0010] The integration of the ETSI framework and the Application
management framework of Global Platform is standardized in the UICC
configuration.
[0011] UICCs are standardized by 3GPP and ETSI.
[0012] A UICC can normally be removed from a mobile terminal, for
example when the user wants to change his mobile terminal. After
having inserted his UICC in his new terminal, the user will still
have access to his applications, contacts and credentials (network
operator).
[0013] It is also known to solder or weld the UICC in a terminal,
in order to get it dependent of this terminal. This is done in M2M
(Machine to Machine) applications. The same objective is reached
when a chip (a secure element) containing the SIM or USIM
applications and files is contained in the terminal. The chip is
for example soldered to the mother-board of the terminal or machine
and constitutes an e-UICC.
[0014] Soldered UICCs (e-UICCs) contain the same applications than
the chips comprised in UICCs. A parallel can be done for UICCs that
are not totally linked to devices but that are removable with
difficulty because they are not intended to be removed, located in
terminals that are distant or deeply integrated in machines. A
special form factor of the UICC (very small for example and
therefore not easy to handle) can also be a reason to consider it
as in fact integrated in a terminal. The same applies when a UICC
is integrated in a machine that is not intended to be opened.
[0015] In the next description, welded UICCs or chips containing or
designed to contain the same applications than UICCs will generally
be called embedded UICCs (e-UICCs) or embedded secure elements (in
contrast to removable UICCs or removable secure elements). This
will also apply to UICCs or secure elements that are removable with
difficulty.
[0016] The present invention concerns the authentication of the end
user of a terminal during SIM application transfer. In a given
context, an entire Sim application (meaning personal data, file
system, Java applications like bank applications for example, and
secrets) is stored in an embedded UICC comprised in a first
terminal (for example soldered in a first mobile phone) and a user
wishes to transfer this entire Sim application in another embedded
UICC comprised in a second terminal (for example constituted by a
second mobile terminal). This can happen when a user changes his
mobile phone but does not want to lose the applications, contacts
and personal data such as photographs, videos or songs stored in
the UICC of his first mobile phone.
[0017] Such a problem does not occur when the Sim application is
stored in a Sim card that can be removed from a mobile phone and
inserted in another one since when a secure element like a UICC is
soldered onto the mobile phone, it is not possible to physically
change the secure element, containing the SIM application, from a
mobile phone to another one.
[0018] The general process to achieve this operation of transfer of
the Sim application could normally be the following: [0019] The
secure element packages the installed SIM in a way it can be
reinstalled on another secure element. This packaging must be
secured, meaning, ciphered in order that only the targeted secure
element is able to read it, and signed in order to ensure that the
package comes from the initial secure element; [0020] The packaged
SIM is uploaded to a secure vault on the cloud (Internet). This
operation may be required in the case the targeted secure element
is not known at the packaging time; [0021] The packaged SIM is
downloaded to the targeted new secure element; [0022] The targeted
secure element performs security checking and then can install the
downloaded packaged SIM.
[0023] The result is that the initial complete Sim has been
transferred in another secure element, with the whole user
environment.
[0024] A similar method is disclosed in US2005/0266883 from Nokia
Corporation.
[0025] When initiating the initial transfer from initial secure
element up to the secure vault, we can imagine that the end user is
entering a PIN code to authenticate himself and confirm the
operation. But a problem occurs when it is desired to transfer the
packaged SIM again from secure vault to the targeted secure
element: How to be sure that the request is coming from the same
end user? There is no possibility to enter again the PIN code as it
is part of the SIM application and it is necessary to be sure of
the identity of the end user before installing the SIM in the
targeted new secure element. This problem could lead to the fact
that the subscription carried with the SIM could be installed and
reused by another user.
[0026] In order to avoid this problem, it could be possible to
first install the SIM in the targeted secure element and then to
request for PIN authentication. However, the drawback is that
installation of the Sim has been made and the authentication is not
strong since, for a PIN code on 4 digits, after maximum 10.000
trials, a dishonest person could find the correct PIN code and use
the Sim application of another user (and consequently his
subscription).
[0027] The present invention has the purpose to solve this
problem.
[0028] In this respect, the present invention proposes a method for
transmitting a Sim application of a first terminal to a second
terminal, the Sim application being stored in a secure element
included in the first terminal, the access to the Sim application
being locked by a Pin code. According to this invention, the method
consists in:
i--exporting the Sim application from the first terminal to a
distant site, by including the Pin code as well as a remote loading
code; ii--ask to the user of the second terminal to enter the
remote loading code in the second terminal; iii--in the event the
remote loading code entered by the user matches the remote loading
code that has been exported, authorizing the installation of the
Sim application in a secure element of the second terminal, and
otherwise, do not install the Sim application in the secure element
of the second terminal.
[0029] Advantageously, the match of the remote loading codes is
checked at the level of the distant site and the match launches the
downloading of the Sim application to the secure element of the
second terminal and the installation.
[0030] Alternatively, the match of the remote loading codes is
checked at the level of the second terminal, after the Sim
application has been downloaded to the secure element of the second
terminal, the match launching the installation of the Sim
application in the secure element of the second terminal.
[0031] The remote loading code is preferably ciphered.
[0032] In a preferred embodiment, the remote loading code is a pass
phrase.
[0033] Other features of the improvement will emerge from a reading
of the following description of a preferred embodiment given by way
of non-limiting illustrative example.
[0034] The present invention proposes to request the end-user to
enter a remote loading code in addition to the PIN code to confirm
the export of the SIM application to a distant site (the secure
vault). The remote loading code can for example be a pass
phrase.
[0035] This pass phrase is ciphered and included in the secure
packaged SIM that is uploaded to the secure vault on the cloud.
Thus, the secure vault stores the packaged Sim (the subscription
comprised in the secure element, the PIN code, the environment, the
authentication secrets, the applicative keys (Security Domain), the
different keys of the different applications, the PKI keys, the
different applications (NFC, bank, . . . ), the ISD (Issuer
Security Domain), the file system, . . . ) and the remote loading
code in a unique package that can be later downloaded to a new
secure element.
[0036] Before installing this package to the new secure element,
the user of the second terminal comprising the secure element is
asked to enter the remote loading code in the second terminal.
[0037] If the remote loading code entered by said user matches the
remote loading code that has been exported, the installation of the
Sim application in the secure element of the second terminal is
authorized. Otherwise, the installation is not done.
[0038] Two different ways of operating can be used: the first one
consists in checking the match of the remote loading codes at the
level of the secure vault. If the codes match, the Sim application
is downloaded to the secure element and then executed.
[0039] The second one consists in checking the match of the remote
loading codes at the level of the second terminal, after having
downloaded the Sim application in the secure element of the second
terminal. If the codes match, the Sim application is installed in
the secure element of the second terminal.
[0040] After having been installed, the Sim application can be
launched by the user by entering his PIN code.
[0041] In a preferred embodiment, the remote loading code is
enciphered. In the first embodiment, the secure vault un-ciphers
the pass phrase contained in the packaged SIM. In the second
embodiment, the secure element does this un-ciphering.
[0042] The invention permits to enhance the overall security of
transfer of the Sim application since it ensures that the SIM
application is exported and imported by the same end-user.
[0043] The end-user is typically the owner of a terminal, like for
example a mobile phone. In M2M applications, the end-user is the
installer, for example the electrical installer of an electrical
machine.
* * * * *