Patent Application
20220132317
The invention relates to methods and devices of determining and controlling whether or not a user subscription profile hosted on an embedded Universal Integrated Circuit Card (eUICC) of a user device is allowed to be modified.
Autonomous vehicles such as autonomous cars and unmanned aerial vehicles (UAVs), also named drones, are cars/aircrafts without a human driver/pilot aboard. Further autonomous vehicles are for instance robotic vacuum cleaners and robotic lawn mowers.
In the future, it is expected that many self-driving cars and drones (and potentially other autonomous vehicles) will need to be connected to a mobile network (first 4G and then 5G) to carry out their task. This connectivity will be utilized for transporting control signalling required for controlling the vehicle as well as for transferring payload application data.
One major issue differentiating the autonomous vehicles with mobile connectivity from other “traditional” mobile communication terminals, such as e.g. smart phones, tablets and gaming terminals, is that in some cases connectivity will be a requirement for their safe operation (for instance for a remote-controlled UAV). Disrupting the connectivity—even for a limited time—might have severe consequences.
Utilizing embedded Universal Integrated Circuit Card (eUICC) technology in autonomous devices facilitates remote management of a user subscription profile hosted by the eUICC being used by the device. However, the use of eUICCs also increases the risk of unintentionally or deliberately disabling/disrupting the connectivity of the autonomous devices performing an assignment, thereby increasing the risk for accidents to happen.
An object of the present invention is to solve, or at least mitigate, this problem and thus to provide a method of safely modifying a user subscription profile hosted by an eUICC of an autonomous device.
This objective is attained in a first aspect of the invention by a method of a network node of determining whether or not a user subscription profile hosted on an eUICC of a user device is allowed to be modified. The method comprises receiving a request to modify said user subscription profile of the user device, acquiring, from a network node configured to store user subscription information, information indicating if the user device is an autonomous device, and if so acquiring information indicating operational status of the user device, and allowing the user subscription profile to be modified if the information indicating operational status of the user device indicates that the user device currently not is in operation.
This objective is attained in a second aspect of the invention by a network node configured to determine whether or not a user subscription profile hosted on an eUICC of a user device is allowed to be modified. The network node comprises a processing unit and a memory, said memory containing instructions executable by said processing unit, whereby the network node is operative to receive a request to modify said user subscription profile of the user device, acquire, from a network node configured to store user subscription information, information indicating if the user device is an autonomous device, and if so acquire information indicating operational status of the user device, and allow the user subscription profile to be modified if the information indicating operational status of the user device indicates that the user device currently not is in operation.
This objective is attained in a third aspect of the invention by a method of a subscription manager entity of controlling modification of a user subscription profile hosted on an eUICC of a user device (10). The method comprises receiving a request to modify the user subscription profile of the user device, acquiring, from a network node, information configured to indicate whether or not the user subscription profile of the user device is allowed to be modified, and if so modify the user subscription profile of the user device 10).
This objective is attained in a fourth aspect of the invention by a subscription manager entity configured to control modification of a user subscription profile hosted on an eUICC of a user device. The subscription manager entity comprises a processing unit and a memory, said memory containing instructions executable by said processing unit, whereby the subscription manager entity is operative to receive a request to modify the user subscription profile of the user device, acquire, from a network node, information configured to indicate whether or not the user subscription profile of the user device is allowed to be modified, and if so modify the user subscription profile of the user device.
Advantageously, by verifying that a user subscription profile hosted by a user device can be safely modified, any connectivity-disrupting eUICC management operation to be performed while the user device is in operation is prevented. Such verification increases the safety of eUICC integration in ecosystems hosting user devices in the form of autonomous devices.
In an embodiment, the network node being configured to determine whether or not a user subscription profile hosted on an eUICC of a user device is allowed to be modified acquires, from a network node configured to store information related to scheduled user device assignments, information indicating whether or not the user device is scheduled for operation; wherein the allowing of the user subscription profile to be modified further comprises allowing the user subscription profile (12) to be modified if the acquired scheduling information indicates that the user device (10) is not scheduled for operation within a predetermined time period.
In an embodiment, the predetermined time period varies depending on an extent of the user subscription profile modification to be performed.
In an embodiment, the request comprises an International Mobile Subscriber Identity (IMSI) associated with the user subscription profile and/or an identifier of the eUICC on which the user subscription profile is hosted and/or an identifier of the user device.
In an embodiment, the network node being configured to determine whether or not a user subscription profile hosted on an eUICC of a user device is allowed to be modified is configured to further acquire a current location of the user device, wherein the allowing of the user subscription profile to be modified further comprises allowing the user subscription profile to be modified if the acquired location information indicates that the user device is in a location where user subscription profile modification is allowed regardless of user device operational status.
In an embodiment, the acquiring of information indicating operational status of the user device comprises acquiring, from a network node configured to manage mobility of the user device, information indicating operational status of the user device.
In an embodiment, the acquiring of information indicating operational status of the user device comprises acquiring, from the user device, information indicating operational status of the user device.
In an embodiment, the network node being configured to determine whether or not a user subscription profile hosted on an eUICC of a user device is allowed to be modified acquires, from a network node configured to manage mobility of the user device, address information of the user device.
In an embodiment, the subscription manager entity configured to control modification of a user subscription profile hosted on an eUICC of a user device subscribing to a change in the information indicating either that the user subscription profile (12) of the user device (10) has changed to currently not be allowed to be modified, or that the user subscription profile (12) of the user device (10) has changed to currently being allowed to be modified.
Generally, all terms used in the claims are to be interpreted according to their ordinary meaning in the technical field, unless explicitly defined otherwise herein. All references to “a/an/the element, apparatus, component, means, step, etc.” are to be interpreted openly as referring to at least one instance of the element, apparatus, component, means, step, etc., unless explicitly stated otherwise. The steps of any method disclosed herein do not have to be performed in the exact order disclosed, unless explicitly stated.
The invention is now described, by way of example, with reference to the accompanying drawings, in which:
The invention will now be described more fully hereinafter with reference to the accompanying drawings, in which certain embodiments of the invention are shown. This invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein; rather, these embodiments are provided by way of example so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art. Like numbers refer to like elements throughout the description.
Historically, every cellular device, such as a mobile phone, smartphone, or any other mobile terminal which is configured for communicating over a cellular radio access network, such as Global System for Mobile Communications (GSM), Universal Mobile Telecommunications System (UMTS), or Long-Term Evolution (LTE), has been equipped with a removable Universal Integrated Circuit Card (UICC). The UICC is a smart card defined in ETSI TR 102 216. It typically contains a number of applications, in particular the Subscriber Identity Module (SIM) application for use in GSM networks and the Universal SIM (USIM) for use in UMTS and LTE networks. The SIM and USIM store the International Mobile Subscriber Identity (IMSI) and one or more keys, or shared secrets, for deriving keys used to identify and authenticate subscribers on mobile networks and for services provided by these networks.
Recently, the GSM Association (GSMA) has published specifications for a non-removable UICC, referred to as the embedded UICC or plainly eUICC. The eUICC contains an eSIM application, and the terms non-removable SIM, embedded SIM, and eSIM, are often used synonymously. The eUICC and its embedded SIM have the same functionality as the traditional UICC with its SIM and USIM, but the eUICC has a different form factor and is typically designed to be permanently soldered into a mobile terminal, rather than being removable. The eUICC is a smart card, similar to the UICC, i.e., an electronic device comprising embedded electronic circuits, such as a processor and memory.
By using eUICCs, the mobile terminal may be provisioned for the first time with its first commercial operator (“bootstrapping”), i.e. a Mobile Network Operator (MNO), in an Over The Air (OTA) manner; that is without physically accessing the mobile terminal, in contrast to today's manually procedure which involves physically swapping the UICC. Other use-cases are, e.g., a “change of operator profile”, i.e., when operator credentials on an eUICC are changed from a current commercial operator to a new commercial operator. As a further example, use-cases may also include “subscription transfer”, i.e., when the operator credentials residing on a current eUICC are transferred to a new eUICC.
To provide mobile connectivity for autonomous vehicles, the manufacturers of the vehicles are expected to use eUICC. This technology defines a chain of trust between several entities that is used to provision the UE with profiles allowing it to connect the mobile networks.
The UAV 10 is identified by an identifier referred to as UAVID, the eUICC 11 is identified by an identifier referred to as an eID, the SIM profile 12 is identified by an International Mobile Subscriber Identity (IMSI), and the modem 13 is identified by an International Mobile Equipment Identity (IMEI).
The provisioning of the SIM profile 12 to the eUICC 11 of the UAV 10 is performed by an MNO 14.
The MNO 14 typically cooperates with a Subscription Manager Data Preparation (SM-DP) entity 15 responsible for securely encrypting operator credentials ready for OTA installation. If the MNO 14 needs to create a new SIM profile 12, it orders one from the SM-DP entity 15. It is noted that the SIM profile 12 need not contain any indication that it is to be used by an autonomous device such as a UAV, even though the MNO 14 may include such an indication.
The MNO 14 further cooperates with a Subscription Manager Secure Routing (SM-SR) entity 16 which enables secure download, enablement, disablement and deletion of profiles on the eUICC 11.
Moreover, the MNO 14 hosts a Subscription Management entity 17 responsible for device-specific subscriptions. This enables the MNO 14 to provide differentiated services for different device categories.
In order to provision the eUICC 11 with the SIM profile 12, the owner 18 of the UAV 10 sends a provisioning request to the MNO 14 comprising the eID of the eUICC 11 embedded in the UAV 10 as well as an appropriate identifier—e.g. the IMSI—of the subscriber associated with the SIM profile 12 with which the eUICC 11 is to be provisioned. The owner 18 may be an individual or a company owning the UAV 10.
In response to receiving the request, the Subscription Management entity 17 provisions, via the SM-DP entity 15 and the SM-SR entity 16, the eUICC 11 identified by the eID with the SIM profile 12 associated with the IMSI previously received from the UAV owner 18.
The eUICC technology facilitates remote management of the SIM profile 12 being used by the UAV 10. It is thus technically possible to disable/disrupt the connectivity of the UAV 10 (be it by mistake or with mischievous intents) currently being an operation, e.g. performing an assignment, thereby increasing the risk for accidents to happen.
Beyond just the management of eUICC 11, the MNO 14 might also want to perform operations that may result in disturbance in the wireless connection of the UAV 10. Even if the MNO 14 knows that the subscription is used in a UAV 10, the MNO 14 has currently no way of acquiring information indicating whether or not it is safe at a given moment to perform maintenance operations on the subscription, such as for instance changing Access Point Name (APN) to have the UAV 10 switch from a current network to another.
Now, assuming that the UAV owner 18 would want to remotely modify the SIM profile 12, e.g. by performing a change of MNO from an existing MNO to a new MNO, the UAV owner 18 would simply send a request accordingly to the MNO 14 which would perform the action. In case the UAV 10 is in operation, this is a potentially hazardous action which could cause a disruption in the wireless connection of the UAV 10 and ultimately cause the UAV 10 to crash.
As will be described in the following, The USV 19 is configured to acquire information regarding operational status of the UAV 10, i.e. whether the UAV 10 is in operation or not. Thus, if any modification of the SIM profile 12 is to be performed, e.g. if the UAV owner 18 would want to remotely manage the SIM profile 12 of the eUICC 11, or if the MNO 14 would want to perform maintenance operations on the subscription included in the SIM profile 12, the SM-SR entity 16 will verify the status of the UAV 10 by checking with the USV 19.
Further, the MNO 14 hosts a Home Subscriber Server 21 (HSS) being a central database that contains user-related and subscription-related information. The functions of the HSS 21 include functionalities such as storing user subscription information, call and session establishment support, user authentication and access authorization.
Now, assuming that modification of the SIM profile 12 is to be performed either by the UAV owner 18 or the MNO 14; the SM-SR entity 16 thus sends a request accordingly to the USV 19 in step S101. The user subscription profile (i.e. the SIM profile 12) of the UAV 10 may for instance be identified by including the IMSI in the request.
Upon receiving the request, the USV 19 acquires in step S102, from the HSS 21, information indicating whether or not the user device 10 comprising the eUICC 11 hosting the SIM profile 12 identified with the IMSI is an autonomous device or not. Hence, the IMSI of the SIM profile 12 would typically be registered at the HSS 21 and associated with the UAVID and/or the eID of the eUICC 11 of the UAV 10. This may be performed when the UAV 10 initially is registered with the MNO 14. In particular, the HSS 21 is capable of providing information as to whether the user device 10 for which the information is requested by providing the IMSI is an autonomous device or—for instance—an ordinary mobile phone; unless the user device 10 is an autonomous device such as e.g. a UAV or an autonomous car, the modification of the SIM profile 12 is not considered a critical action.
In this particular exemplifying embodiment, the USV 19 acquires information from the HSS 21 in step S102 indicating that the user device 10 indeed is a UAV. Consequently, the USV 19 will acquire information indicating operational status of the UAV 10 from the MME 20 in step S103. That is; whether the UAV 10 is in operation—i.e. in the air—or not. Generally, the MME 20 is only aware of whether the UAV 10 is connected to the network or not. Hence, the USV 19 will conclude that the UAV 10 indeed is airborne if the MME 20 indicates that the UAV 10 is connected to the network.
If the MME 20 indicates to the USV 19 that the UAV 10 is airborne, the USV 19 will respond to the SM-SR entity 16 in step S104 that modification of the SIM profile 12 is denied due to the risk of causing critical disruption of the wireless communication of the airborne UAV 10 with a potentially hazardous result.
In contrast, should the MME 20 indicate that the UAV 10 is not airborne in step S103, the USV 19 will indicate to the SM-SR entity 16 in step S104 that modification of the SIM profile 12 is allowed, and the MNO 14 can proceed with performing the modification of the SIM profile 12 accordingly.
The information received from the MME 20 in step S103 may include information relating to Evolved Packet System (EPS) Mobility Management (EMM) and EPS Connection Management (ECM) states. For instance, these states may indicate whether or not the UAV 10 has one or more active Packet Data Network (PDN) connections.
In an embodiment, it is envisaged that the SM-SR entity 16 subscribes to a change in the operational status of the UAV 10. For instance, the SM-SR entity 16 may previously have been denied a SIM profile modification and thus wishes to be notified as soon as it is safe to perform the operation on the eUICC 11.
In this embodiment, after the USV 19 has acquired UAV operational status from the MME 20 in step S103, the USV 19 acquires information in step S103a from the DTM node 22 indicating if the UAV 10 is scheduled for operation.
Hence, even though the MME 20 indicates in step S103 that the UAV 10 currently not is in operation, the DTM node 22 may indicate in step 103a that the UAV 10 is scheduled for operation within a given time period, say within 10 minutes.
If so, the USV 19 may indicate to the SM-SR entity 16 in step S104—for precautionary reasons—that modification of the SIM profile 12 is not allowed even though the UAV 10 currently is not airborne. For instance, the duration of a modification of the SIM profile 12 may last longer than 10 minutes in which case the modification would be ongoing at the instant in time when the UAV 10 is scheduled to be airborne.
The UAV 10 can be identified by providing its UAVID, or the eID of its eUICC 12, with the request sent to the DTM node 22 in step S103a.
In an embodiment, the time period during which modification is allowed varies depending on the extent of the modification to be performed. For instance, if a minor modification is to be undertaken, the modification may be allowed if the UAV 10 is not scheduled for operation within the next 3-4 minutes, while if a major modification is to be undertaken, the modification will only be allowed if the UAV 10 is not scheduled for operation within, say, the next 20 minutes.
In a first step S100, the UAV owner 18 sends a request for profile modification to the SM-SR entity 16 (via the Subscription Management entity 17 and the SM-DP entity 15, not shown in the timing diagram). The SM-SR entity 16 in its turn sends the request to the USV 19 in step S101.
Upon receiving the request, the USV 19 acquires in step S102, from the HSS 21, information indicating whether or not the user device 10 comprising the eUICC 11 hosting the SIM profile 12 identified with the IMSI is an autonomous device or not. In this particular exemplifying embodiment, the USV 19 acquires information from the HSS 21 in step S102 indicating that the user device 10 indeed is a UAV.
The USV 19 then acquires information indicating operational status of the UAV 19 from the MME 20 in step S103. That is; whether the UAV 19 is airborne or not.
In this example, the MME 20 indicates that the UAV 10 is not airborne in step S103, and the USV 19 will indicate to the SM-SR entity 16 in step S104 that modification of the SIM profile 12 is allowed.
Finally, the SM-SR entity 16 proceeds with performing the modification of the SIM profile 12 in line with the request received in step S100.
Advantageously, the MNO 14 may (for example via the SM-SR entity 16) verify that the SIM profile 12 hosted by the UAV 10 can be safely modified, thereby preventing any connectivity-disrupting eUICC management operation to be performed while the associated UAV is airborne. Such verification increases the safety of the eUICC integration in the UAV ecosystem.
Assuming that modification of the SIM profile 12 is to be performed either by the UAV owner 18 or the MNO 14; the SM-SR entity 16 thus sends a request accordingly to the USV 19 in step S101. The user subscription profile (i.e. the SIM profile 12) of the UAV 10 may for instance be identified by including the IMSI in the request.
Upon receiving the request, the USV 19 acquires in step S102, from the HSS 21, information indicating whether or not the user device 10 comprising the eUICC 11 hosting the SIM profile 12 identified with the IMSI is an autonomous device or not. Hence, the IMSI of the SIM profile 12 would typically be registered at the HSS 21 and associated with the UAVID and/or the eID of the eUICC 11 of the UAV 10. This may be performed when the UAV 10 initially is registered with the MNO 14. In particular, the HSS 21 is capable of providing information as to whether the user device 10 for which the information is requested by providing the IMSI is an autonomous device or—for instance—an ordinary mobile phone; unless the user device 10 is an autonomous device such as e.g. a UAV or an autonomous car, the modification of the SIM profile 12 is not considered a critical action.
In this particular exemplifying embodiment, the USV 19 acquires information from the HSS 21 in step S102 indicating that the user device 10 indeed is a UAV. In contrast to the embodiment described with reference to
Thereafter, the USV 19 will turn directly to the UAV in step S103c in order to acquire information indicating operational status of the UAV 10. That is; whether the UAV 10 is in operation—i.e. in the air—or not. Generally, the MME 20 is only aware of whether the UAV 10 is connected to the network or not. Hence, the USV 19 will achieve more precise operational information by turning directly to the UAV 10.
In case the UAV 10 is airborne, the USV 19 responds to the SM-SR entity 16 in step S104 that modification of the SIM profile 12 is denied due to the risk of causing critical disruption of the wireless communication of the airborne UAV 10 with a potentially hazardous result.
In contrast, should the UAV 10 indicate in step S103c that it is not airborne, the USV 19 will indicate to the SM-SR entity 16 in step S104 that modification of the SIM profile 12 is allowed, and the MNO 14 can proceed with performing the modification of the SIM profile 12 accordingly.
The invention has mainly been described above with reference to a few embodiments. However, as is readily appreciated by a person skilled in the art, other embodiments than the ones disclosed above are equally possible within the scope of the invention, as defined by the appended patent claims.
| Filing Document | Filing Date | Country | Kind |
|---|---|---|---|
| PCT/SE2019/050147 | 2/19/2019 | WO | 00 |
