Patent Application
20240265152
The present disclosure claims priority to the disclosures of European patent application N° 23305166.3 filed on Feb. 8, 2023 and of French patent application N° 23/04326 filed on Apr. 28, 2023, the contents of both of which are hereby incorporated herein by reference.
The present disclosure generally concerns integrated circuits and, more particularly, secure circuits of universal integrated circuit card (UICC) type. The present disclosure particularly concerns circuits integrating a subscriber identity module (SIM).
UICC card and SIM cards are historically formed of electronic micro-cards supporting an integrated circuit chip and contacts of connection to elements of an electronic device, for example a telephone, into which the card is inserted. These cards guarantee the integrity and the security of data that they contain, generally personal data of the user. They are sometimes referred to as physical cards, pSIM or pUICC (p for physical).
Embedded universal integrated circuit cards (eUICC) tend to replace universal integrated circuit cards. An embedded universal integrated circuit card consists of an integrated circuit directly placed on an electronic card of a device or integrated in a system on chip (SoC). An eUICC circuit generally integrates a subscriber identification module.
The applications of subscriber identification modules and more generally of UICCs are often linked to telecommunication networks and more particularly to mobile telephony operators. These operators generally impose features which are specific thereto to certify, that is, authorize on their networks, a circuit integrating a universal integrated circuit card.
This dependency leads to dedicating production models to given markets, for example to countries or to groups of countries.
There exists a need to improve embedded universal integrated circuit cards (eUICC).
An embodiment overcomes all or part of the disadvantages of known eUICC circuits.
An embodiment provides a solution to make a same platform or system on chip compatible with different telecommunication networks.
More particularly, an embodiment provides an integrated circuit comprising at least two secure circuits having similar functions but respecting or complying with different security schemes.
According to an embodiment, each secure circuit is configured for a given certification authority.
According to an embodiment, each secure circuit is configured according to a geographical area.
According to an embodiment, the integrated circuit comprises one or a plurality of communication buses accessible to the secure circuits via a selector having a control terminal coupled to a terminal of the integrated circuit.
According to an embodiment, the integrated circuit comprises elements shared between the two secure circuits.
According to an embodiment, the integrated circuit comprises communication and input/output circuits accessible to the two secure circuits.
According to an embodiment, the integrated circuit comprises one or a plurality of power management units accessible to the two secure circuits.
According to an embodiment, the integrated circuit comprises one or a plurality of clock generation circuits accessible to the two secure circuits.
According to an embodiment, a selection between one or the other of the secure circuits is performed by a software control originating from the outside of the integrated circuit.
The foregoing features and advantages, as well as others, will be described in detail in the rest of the disclosure of specific embodiments given by way of illustration and not limitation with reference to the accompanying drawings, in which:
Like features have been designated by like references in the various figures. In particular, the structural and/or functional features that are common among the various embodiments may have the same references and may dispose identical structural, dimensional and material properties.
For the sake of clarity, only the steps and elements that are useful for the understanding of the described embodiments have been illustrated and described in detail. In particular, the exchanges between an eUICC and the other components of the device integrating this eUICC or the outside of the device have not been described in detail, the described embodiments being compatible with usual solutions.
Unless indicated otherwise, when reference is made to two elements connected together, this signifies a direct connection without any intermediate elements other than conductors, and when reference is made to two elements coupled together, this signifies that these two elements can be connected or they can be coupled via one or more other elements.
In the following description, when reference is made to terms qualifying absolute positions, such as terms “edge”, “back”, “top”, “bottom”, “left”, “right”, etc., or relative positions, such as terms “above”, “under”, “upper”, “lower”, etc., or to terms qualifying directions, such as terms “horizontal”, “vertical”, etc., it is referred, unless specified otherwise, to the orientation of the drawings.
Unless specified otherwise, the expressions “about”, “approximately”, “substantially”, and “in the order of” signify plus or minus 10%, preferably of plus or minus 5%.
The example of an embedded universal integrated circuit card (eUICC) will be taken hereafter but it should be noted that the described solution more generally applies to any secure circuit integrating security or identification elements such as an embedded secure element (eSE) in applications where similar problems are posed.
Conventionally, a secure circuit, typically an eUICC circuit, is dedicated to a given certification authority, that is, in the case of an eSIM, to a telephone network operator or a group of operators of a geographical area (a country or group of countries). This certification authority imposes functional and security features which are specific thereto and which are not necessarily the same as those of another certification authority.
To enable a same telecommunication device, typically a cell phone, to be compatible with a plurality of operators or a plurality of certification authorities, this phone has to comprise two universal integrated circuit cards (UICC), for example two physical subscriber identification modules (SIM cards). Indeed, operators refuse to share their secure functionalities with other operators. Now, telephone manufacturers desire for a given telephone model to be able to be used with any operator.
With physical SIM cards, it is sufficient to change the SIM card in the phone to pass from one compatibility to another. The development of embedded secure elements however makes this solution inapplicable.
It could be devised to provide, on the phone manufacturer side, two (or a plurality of) different platforms, that is, two complete electronic environments, respectively dedicated to different operators. On manufacturing, according to the operator for which the system is intended, the manufacturer selects the platform to be integrated in the phone. This complicates the manufacturing by imposing two stock keeping units (SKU) per phone model.
It could be devised to equip each phone with two embedded secure elements respectively dedicated to one or the other of the certification authorities (one or the other of the markets) welded on the electronic card of the phone. However, this increases the cost by imposing two complete secure elements.
A mixed solution could be envisaged, that is, manufacture the phones according to a platform corresponding to a certification authority and provide a location (slot) for a physical SIM card (a pUICC) enabling to make it compatible with another certification authority. This however imposes keeping a SIM card location in the phone while the current tendency is to suppress them.
According to the described embodiments, it is provided to form a single embedded security element, or embedded universal integrated circuit card, in the form of an integrated circuit, which is configurable according to the certification authority for which the phone is intended.
The electronic system 1 of
The system also comprises an integrated circuit 2, which forms an embedded security element or embedded universal integrated circuit card (eUICC). Circuit 2 communicates with all or part of the other circuits of system 1 via bus 17.
A system 1 such as illustrated in
According to the described embodiments, it is provided to equip system 1 with an embedded security element or integrated circuit 2 having a specific structure.
According to this embodiment, circuit 2 integrates two secure circuit systems having similar functions but respecting or complying with different security schemes.
By different security schemes, there is meant that the circuits 3 which are integrated in the same embedded security element (eSE) or the same embedded universal integrated circuit card (eUICC) 2 are designed to respect or comply with the features required by different certification authorities.
An integrated circuit 2 according to the described embodiments thus comprises elements or circuits 3 (eCIRCUIT1, eCIRCUIT2) dedicated to different secure environments (different certification authorities) and elements or circuits shared between these circuits 3.
More precisely, embedded security element 2 integrates, among others and usually:
According to the embodiment of
Each circuit 3 is coupled, by one or a plurality of buses 29 which are specific thereto, to buses 27 via a selector 27 assigning the connection with buses 26, and thus with the other components of circuit 2, to one or the other of circuits 3. Selector 27 is controlled by a selection signal SEL, originating from the outside of circuit 2, by a dedicated terminal or port 28.
According to an embodiment, signal SEL is delivered by the microcontroller 11 of system 1 according to the geographical region where the phone is located.
According to another embodiment, the state of the selection signal is stored in a non-volatile memory, read by microcontroller 11 at each starting of the phone.
Terminal 28 is preferably also directly connected to circuits 3. This enables, at the starting, the two circuits to be activated and then, according to the state of signal Sel, one of them to set to standby and/or to deactivate and the other one to remain active.
A circuit 3 comprises, according to this example:
Unit 31 is coupled by bus 29 to selector 27 (
Each circuit system 3 comprises the elements and functions required to address the security constraints which are specific thereto, independently from (without requiring) the other circuit system 3 of circuit 2, to implement the required functionalities.
Preferably, circuit 2 comprises two and only two dedicated circuit systems 3. This enables a simple selection via the selector by a two-state signal SEL.
It should be noted that the components of circuits 2 and 3, except for selector 27, are usual per se be it in terms of structure or of functionalities. Indeed, the described embodiments distribute, within embedded secure element 2, the shareable components between a plurality of certification authorities and the components which are dedicated to such or such certification authority, but remain compatible with a usual operation.
For the phone manufacturer, the described solutions enable to keep the same hardware and software platform for a given phone architecture (a given model), independently from the market (from the operator) for which this phone is intended.
For the operator, this respects or complies with the security constraints of the certification authority to which it belongs since, once the circuit 3 which is dedicated thereto has been selected, everything occurs as if circuit 2 formed an embedded security element dedicated to this authority.
A specific example of application of the described solution concerns the forming of an eUICC shared between certifications known under denominations OSCCA and CC. Typically, a telephony certification according to the CC (common Criteria) features cannot be obtained if the secure circuit system or the programs which are executed therein are shared with another certification authority. Further, an OSCCA certification requires the uploading of a specific cipher algorithm different from that used by a CC certification.
The above example may also correspond to geographical areas. Indeed, the OSCCA certification more particularly corresponds to the Chinese market while other countries or regions in the world share another certification.
Insulating in dedicated circuits 3 or circuit systems the elements corresponding to the dedicated certification features enables a same secure circuit 2 to be able to obtain the certifications of a plurality of environments, for example OSCCA and CC as mentioned hereabove. However, all the components of the embedded secure element which are shareable are common to the two environments, which is a gain in terms of bulk and of cost.
It should be noted that selector 27 is a hardware selector and not a software selector to guarantee an absence of operation of circuit 2 with the two secure circuits 3 simultaneously. The hardware selector may optionally, be software-controlled via port 28 but this software is then hosted by a circuit external to circuit 2 to preserve the areas certified by the certification authorities of secure circuits 3.
Various embodiments and variants have been described. Those skilled in the art will understand that certain features of these various embodiments and variants may be combined, and other variants will occur to those skilled in the art.
Finally, the practical implementation of the described embodiments and variants is within the abilities of those skilled in the art based on the functional indications given hereabove.
| Number | Date | Country | Kind |
|---|---|---|---|
| 23305166.3 | Feb 2023 | EP | regional |
| 2304326 | Apr 2023 | FR | national |
