Method and apparatus for managing communication bundles for intelligent security platform

Abstract

The disclosure relates to a communication technology for convergence between IoT technology and a 5G communication system supporting a higher data transmission rate than a 4G system, and a system thereof. The disclosure can be applied to intelligent services based on 5G communication technology and IoT-related technology. The disclosure can be applied to a technology of managing connection between a terminal supporting multiple SIMs including a smart security platform installed therein and multiple activated telecommunication bundles. The method includes enabling a first telecommunication bundle among multiple telecommunication bundles of a smart security platform, generating a first pipe for communication between the activated first telecommunication bundle and a modem of the terminal, and mapping the generated first pipe to a first SIM port based on an identifier of the first SIM port among multiple SIM ports of the modem.

Description

Technical Field

[0001] This disclosure relates to an intelligent security platform, and more specifically, to a method and apparatus for managing communication bundles (telecom bundles) of the intelligent security platform. Background Technology

[0002] To meet the increasing demands of wireless data services since the deployment of 4G communication systems, efforts have been made to develop improved 5G or near-5G communication systems. 5G or near-5G communication systems are also known as "super 4G network" communication systems or "post-LTE" systems. Therefore, 5G communication systems are considered to be implemented in higher frequency (mmWave) bands, such as the 60GHz band, to achieve higher data rates. To reduce radio wave propagation loss and increase transmission distance, beamforming, massive MIMO, full-dimensional MIMO (FD-MIMO), array antennas, analog beamforming, and massive MIMO technologies in 5G communication systems are discussed. Furthermore, in 5G communication systems, development is underway for system network improvements based on advanced small cells, cloud radio access networks (RAN), ultra-dense networks, device-to-device (D2D) communication, wireless backhaul, mobile networks, cooperative communication, coordinated multipoint (CoMP), and receiver interference cancellation. In 5G systems, hybrid FSK and FQAM modulation and sliding window superposition coding (SWSC) have also been developed as advanced coding and modulation (ACM), as well as filter bank multicarrier (FBMC), non-orthogonal multiple access (NOMA) and sparse code multiple access (SCMA) as advanced access technologies.

[0003] The Internet, a human-centric network for generating and consuming information, is evolving into the Internet of Things (IoT), where distributed entities, such as things, exchange and process information without human intervention. A network of everything has emerged, combining IoT technology with big data processing through connections to cloud servers. To realize the IoT, technological elements such as sensing technology, wired / wireless communication and network infrastructure, service interface technology, and security technology are required. Recent research has focused on sensor networks, machine-to-machine (M2M) communication, and machine-type communication (MTC). This IoT environment can provide intelligent Internet technology services that create new value for human life by collecting and analyzing the data generated between connected things. Through the convergence and combination of existing information technology (IT) and various industrial applications, IoT can be applied to a wide range of fields, including smart homes, smart buildings, smart cities, smart or connected cars, smart grids, healthcare, smart appliances, and advanced medical services.

[0004] Consistent with this, various attempts have been made to apply 5G communication systems to IoT networks. For example, technologies such as sensor networks, MTC, and M2M communication can be achieved through beamforming, MIMO, and array antennas. The application of cloud RAN, as a big data processing technology, can also be considered an example of the integration of 5G and IoT technologies.

[0005] Furthermore, multi-SIM terminals, which enable access via multiple networks, are common in switching terminals. The modem of a multi-SIM terminal can simultaneously support network access from mobile network operators by using multiple Subscriber Identity Modules (SIMs) or a universal Subscriber Identity Module (USIM), providing an enhanced user experience. For example, one SIM can be used solely for calls, while another SIM can be used solely for data communication. When traveling within a country, various SIMs can be used instead of roaming services to provide optimized mobile communication services.

[0006] Multi-SIM terminals can be equipped with multiple Universal Integrated Circuit Cards (UICCs) or embedded UICCs (eUICCs). Optionally, in the case of Smart Security Platform (SSP) terminals, multiple telecom bundles can be activated, thereby supporting multiple SIMs.

[0007] Therefore, there are various technical problems and room for improvement in modems for multiple telecom bundles, multi-SIM terminals, and multi-SIM terminals installed in multiple UICCs, eUICCs, or SSPs, and related research is actively underway. Summary of the Invention

[0008] [Technical Issues]

[0009] This disclosure provides a method for activating / enabling a telecommunications bundle (communication bundle) included in a terminal and connecting the activated bundle to a modem.

[0010] This disclosure provides a method for activating and connecting multiple telecommunications bundles installed in an SSP terminal, taking into account the functionality of a multi-SIM modem.

[0011] [Technical Solution]

[0012] According to an aspect of this disclosure, a method for providing a terminal including a smart security platform is provided. The method includes: enabling a first telecommunications bundle among a plurality of telecommunications bundles of the smart security platform; generating a first channel for communication between the activated first telecommunications bundle and a modem of the terminal; and mapping the generated first channel to the first SIM port based on an identifier of a first SIM port among a plurality of subscriber identity module ports (SIMs) of the modem, wherein the first SIM port is associated with a first baseband.

[0013] In one implementation, the activation includes sending a bundle activation command to the secondary platform bundle payload (SPBL) of the smart security platform via the terminal's local bundle assistant (LBA), the bundle activation command including an identifier of the first telecommunications bundle to be activated.

[0014] In one implementation, the mapping includes sending a mapping request to the modem via an LBA to map the generated first pipe to a first SIM port, wherein the mapping request includes an identifier of the first SIM port and an identifier of the first pipe.

[0015] In one implementation, the bundle enable command further includes an identifier for a first SIM port, and the mapping includes sending a mapping request to the modem via SPBL to map the generated first pipe to the first SIM port.

[0016] In one implementation, a first channel is generated between the gateway of the first activated telecommunications bundle and the first gateway of the modem, according to a predetermined scheme.

[0017] In one implementation, the modem's first gateway is connected only to the first baseband.

[0018] In one implementation, a second conduit is also generated between the second telecommunications bundle gateway of the smart security platform and the second gateway of the modem, the second gateway of the modem being different from the first gateway connected to the first baseband.

[0019] In one implementation, the modem's first gateway is connected via a multiplexer to a plurality of basebands, including a first baseband, each of which is associated with a single SIM port.

[0020] In one implementation, a second conduit is also created between the gateway of the second telecommunications bundle of the smart security platform and the first gateway of the modem connected to the first baseband.

[0021] In this implementation, the pipe is an Application Protocol Data Unit (APDU) used for APDU communication.

[0022] In one implementation, the gateway of the first telecommunications bundle is the Universal Integrated Circuit Card (UICC) service gateway, and the gateway of the modem is the UICC application gateway.

[0023] According to another aspect of this disclosure, a terminal including a smart security platform is provided. The terminal includes: a transceiver; and a transceiver controller connected to the transceiver controller. The controller is configured to control: enabling a first telecommunications bundle among a plurality of telecommunications bundles of the smart security platform; generating a first channel for communication between the activated first switching bundle and a modem of the terminal; and mapping the generated first channel to the first SIM port based on an identifier of a first SIM port among a plurality of subscriber identity module ports (SIMs) of the modem, wherein the first SIM port is associated with a first baseband.

[0024] In one implementation, the controller is further configured to control the sending of a bundle enable command to the secondary platform bundle payload (SPBL) of the smart security platform via the terminal's local bundle assistant (LBA), the bundle enable command including an identifier of the first telecommunications bundle to be enabled.

[0025] In one implementation, the controller is further configured to control the sending of a mapping request to the modem via an LBA to map the generated first pipe to a first SIM port, wherein the mapping request includes an identifier of the first SIM port and an identifier of the first pipe.

[0026] In one implementation, the bundle enable command further includes an identifier for a first SIM port, and the controller is further configured to control the sending of a mapping request to the modem via SPBL to map the generated first pipe to the first SIM port.

[0027] In one implementation, a first channel is generated between the gateway of the first activated telecommunications bundle and the first gateway of the modem, according to a predetermined scheme.

[0028] In one implementation, the first gateway of the modem is connected only to the first baseband, and a second conduit is also generated between the gateway of the second telecommunications bundle of the smart security platform and the second gateway of the modem, the second gateway of the modem being different from the first gateway connected to the first baseband.

[0029] In one implementation, a first gateway of the modem is connected via a multiplexer to a plurality of basebands including a first baseband, each of the plurality of basebands being associated with a single SIM port, and a second conduit is also generated between the gateway of the second telecommunications bundle of the smart security platform and the first gateway of the modem connected to the first baseband.

[0030] In this implementation, the pipe is an Application Protocol Data Unit (APDU) used for APDU communication.

[0031] In one implementation, the gateway of the first telecommunications bundle is the Universal Integrated Circuit Card (UICC) service gateway, and the gateway of the modem is the UICC application gateway.

[0032] In addition, in order to support multiple SIMs in an SSP terminal, this disclosure provides a method for managing the gateway of the integrated SIM (iSIM) port, pipe and modem in an SSP terminal to activate multiple telecom bundles, through the described implementation.

[0033] The method of this disclosure according to an exemplary embodiment includes: activating a telecommunications bundle installed in an SSP according to a user request, wherein activating the telecommunications bundle includes identifying an iSIM port to be activated and the telecommunications bundle according to the user request; activating the telecommunications bundle by using the identified telecommunications bundle identifier and iSIM port identifier; and connecting the activated telecommunications bundle to a specific SIM port.

[0034] Additionally, connecting a modem to a telecommunications bundle according to an exemplary embodiment of this disclosure includes: connecting the modem and the telecommunications bundle based on an identifier of an iSIM port and an identifier of a conduit connecting the telecommunications bundle and the modem; or, connecting the modem and the telecommunications bundle based on an iSIM port identifier of the modem and an identifier of a gate for forming a conduit between the telecommunications bundle and the modem.

[0035] According to various embodiments of this disclosure, a method for providing a terminal including a smart security platform may include: activating a first telecommunications bundle of the smart security platform; forming a first APDU channel between the activated first telecommunications bundle and a modem of the terminal; and mapping the formed first APDU channel to a first SIM port of the modem, wherein the first SIM port is associated with a first logical baseband.

[0036] According to various embodiments of this disclosure, a terminal including a smart security platform may include: a transceiver; and a transceiver controller connected to the transceiver controller. The controller is configured to: activate a first telecommunications bundle of the smart security platform; form a first APDU channel between the activated first telecommunications bundle and the terminal's modem; and map the formed first APDU channel to a first SIM port of the modem, wherein the first SIM port is associated with a first logical baseband.

[0037] In one implementation, activation may include sending a bundle activation command to a smart security platform, the bundle activation command including an identifier of a first telecommunications bundle.

[0038] In this implementation, the bundle activation command can be sent from the terminal's Local Bundle Assistant (LBA) to the Smart Security Platform's Secondary Platform Bundle Loader (SPBL).

[0039] In an implementation, the bundle activation command may also include an identifier for the first SIM port.

[0040] In one implementation, the mapping may include sending a mapping request to the modem to map the formed first APDU pipe to a first SIM port of the modem, wherein the mapping request includes an identifier of the first SIM port.

[0041] In one implementation, the mapping request can be sent from the terminal's LBA to the modem, or it can be sent from the smart security platform's SPBL to the modem.

[0042] In an implementation, the mapping request may also include an identifier for the first APDU pipe.

[0043] In an implementation, according to a predetermined scheme, a first APDU channel can be formed between the gateway of the activated first telecommunications bundle and the gateway of the modem.

[0044] In one implementation, the modem may include a multiplexer connected to the modem's gateway, and a second APDU channel may be formed between the modem's gateway and the gateway of the second telecommunications bundle of the smart security platform, the second telecommunications bundle being different from the first telecommunications bundle.

[0045] The technical topics pursued in this disclosure may not be limited to those described above, and other unmentioned technical topics will be clearly understood by those skilled in the art from the following description.

[0046] [Beneficial Effects]

[0047] According to this disclosure, a terminal can activate a telecommunications bundle in a specific iSIM port of a multi-SIM modem. Therefore, even if the multiple logical basebands of the multi-SIM modem have different radio access capabilities, the activated telecommunications bundle can be connected to and used by the logical baseband corresponding to the user's request.

[0048] Furthermore, according to this disclosure, when the maximum simultaneous acceptable number of telecom bundles for a multi-SIM modem is exceeded, no pipeline is formed, and therefore the activated telecom bundles are not connected to the logical baseband, thereby preventing mobile network access failure. Attached Figure Description

[0049] The above and other aspects, features and advantages of this disclosure will become more apparent from the following detailed description taken in conjunction with the accompanying drawings, in which:

[0050] Figure 1 The interface between the components and internal components of an SSP terminal according to various embodiments of the present disclosure is shown;

[0051] Figure 2 Internal or external terminal components for downloading bundles from an SSP terminal, according to various embodiments of this disclosure, are shown.

[0052] Figure 3 Examples of eUICC terminals according to various embodiments of this disclosure are shown;

[0053] Figure 4 Examples of iSSP terminals according to various embodiments of the present disclosure are shown;

[0054] Figure 5 Examples of interfaces for APDU communication between a modem and a telecommunications bundle according to various embodiments of this disclosure are shown;

[0055] Figure 6 Examples of hosts in an iSSP generating pipelines through gates according to various embodiments of this disclosure are shown;

[0056] Figure 7A Examples of multi-SIM modems in terminals according to various embodiments of the present disclosure are shown, as well as the states in which multiple telecommunications bundles in an iSSP are respectively connected to the iSIM port;

[0057] Figure 7B Examples of multi-SIM modems in terminals according to various embodiments of the present disclosure are shown, as well as the states in which multiple telecommunications bundles in an iSSP are respectively connected to the iSIM port;

[0058] Figure 8 Examples of various embodiments of the present disclosure are shown of forming a conduit for communication between a modem host and a telecommunications bundle;

[0059] Figure 9A Examples of activating multiple telecom bundles in a multi-SIM modem and connecting these multiple telecom bundles to an iSIM port according to various embodiments of the present disclosure are shown;

[0060] Figure 9B Another example is shown of activating multiple telecom bundles in a multi-SIM modem and connecting these multiple telecom bundles to an iSIM port according to various embodiments of the present disclosure;

[0061] Figure 10 Examples of the process of activating two telecommunications bundles upon user request and assigning the two telecommunications bundles to two SIM ports of a modem, according to various embodiments of the present disclosure, are shown.

[0062] Figure 11 Another example of a process, according to various embodiments of the present disclosure, of activating two telecommunications bundles upon user request and assigning the two telecommunications bundles to two SIM ports of a modem, respectively; is shown.

[0063] Figure 12 The structure of a terminal according to various embodiments of this disclosure is shown;

[0064] Figure 13 The structure of an intelligent security platform according to various embodiments of this disclosure is shown; and

[0065] Figure 14 A flowchart is shown of a method for a smart security platform or terminal according to various embodiments of the present disclosure. Detailed Implementation

[0066] Before proceeding with the following detailed description, it may be advantageous to define certain words and phrases used throughout this patent document: the terms “include” and “comprise” and their derivatives mean including but not limited to; the term “or” is inclusive, meaning and / or; the phrases “associated with” and “associated with” and their derivatives may mean including, being included, interconnected with, containing, being contained, connected to or connected to, linked to or connected to, able to communicate with, cooperate with, interleaved, juxtaposed, adjacent, bound to or bound to, having, having the properties of, etc.; and the term “controller” means any device, system or component thereof that controls at least one operation, such device may be implemented in hardware, firmware or software, or at least a combination of two of the same. It should be noted that the functionality associated with any particular controller may be centralized or distributed, whether local or remote.

[0067] Furthermore, the various functions described below can be implemented or supported by one or more computer programs, each of which is formed by computer-readable program code and embodied in a computer-readable medium. The terms "application" and "program" refer to one or more computer programs, software components, instruction sets, procedures, functions, objects, classes, instances, associated data, or portions thereof suitable for implementation in appropriate computer-readable program code. The phrase "computer-readable program code" includes any type of computer code, including source code, object code, and executable code. The phrase "computer-readable medium" includes any type of media accessible by a computer, such as read-only memory (ROM), random access memory (RAM), hard disk drive, optical disc (CD), digital video disc (DVD), or any other type of storage. "Non-transitory" computer-readable media excludes wired, wireless, optical, or other communication links that transmit transient electrical or other signals. Non-transitory computer-readable media includes media that can permanently store data, as well as media that can store data and subsequently rewrite it, such as rewritable optical discs or erasable storage devices.

[0068] Definitions of certain words and phrases are provided throughout this patent document, and those skilled in the art will understand that, in many, if not most, cases, such definitions apply to prior and future use of the words and phrases defined herein.

[0069] The following discussion Figures 1 to 14 The various embodiments used to describe the principles of this disclosure in this patent document are merely exemplary and should not be construed in any way as limiting the scope of this disclosure. Those skilled in the art will understand that the principles of this disclosure can be implemented in any suitably arranged system or apparatus.

[0070] In the following, embodiments of the present disclosure will be described in detail with reference to the accompanying drawings.

[0071] In describing embodiments of this disclosure, descriptions related to techniques well-known in the art and not directly associated with this disclosure will be omitted. This omission of unnecessary descriptions is intended to prevent confusion with the main ideas of this disclosure and to convey those main ideas more clearly.

[0072] For the same reason, some elements may be exaggerated, omitted, or shown schematically in the accompanying drawings. Furthermore, the dimensions of each element do not perfectly reflect the actual dimensions. In the drawings, identical or corresponding elements are given the same reference numerals.

[0073] The advantages and features of this disclosure, and the ways in which they are implemented, will be apparent from the following detailed description of the embodiments and from the accompanying drawings. However, this disclosure is not limited to the embodiments set forth below, but can be implemented in various different forms. The following embodiments are provided only to fully disclose this disclosure and to inform those skilled in the art of its scope, which is limited only by the scope of the appended claims. Throughout this specification, the same or similar reference numerals denote the same or similar elements.

[0074] In this document, it will be understood that each block of a flowchart illustration, and combinations of blocks in a flowchart illustration, can be implemented by computer program instructions. These computer program instructions can be provided to a processor of a general-purpose computer, a special-purpose computer, or other programmable data processing apparatus to generate machine instructions, which, when executed by the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in one or more flowchart blocks. These computer program instructions can also be stored in a computer-usable or computer-readable storage medium that can direct the computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-usable or computer-readable storage medium produce an article of writing including instruction means for implementing the functions specified in one or more flowchart blocks. The computer program instructions can also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer-implemented process, such that the instructions, which execute on the computer or other programmable apparatus, provide steps for implementing the functions specified in one or more flowchart blocks.

[0075] Furthermore, each block in a flowchart can represent a module, segment, or section of code, which includes one or more executable instructions for implementing a specified logical function(s). It should also be noted that in some alternative implementations, the functions specified in a block may occur out of order. For example, two blocks shown consecutively may actually execute substantially simultaneously, or depending on the functionality involved, the blocks may sometimes execute in reverse order.

[0076] As used herein, "unit" refers to a software or hardware element that performs a predetermined function, such as a field-programmable gate array (FPGA) or application-specific integrated circuit (ASIC). However, "unit" is not always limited to software or hardware. A "unit" can be configured to be stored in addressable storage media or to execute one or more processors. Therefore, a "unit" includes, for example, software elements, object-oriented software elements, class elements or task elements, processes, functions, attributes, procedures, subroutines, segments of program code, drivers, firmware, microcode, circuits, data, databases, data structures, tables, arrays, and parameters. The elements and functions provided by a "unit" can be combined into a smaller number of elements or "units" or divided into a larger number of elements or "units." Furthermore, elements and "units" can be implemented as one or more CPUs within a playback device or a secure multimedia card. Additionally, a "unit" in an embodiment may include one or more processors.

[0077] This disclosure relates to methods and apparatus for activating a telecommunications bundle in a terminal including a smart security platform and a modem supporting multi-SIM functionality, and for connecting the activated telecommunications bundle to the modem. More specifically, this disclosure relates to a method for connecting the activated telecommunications bundle to a specific SIM port of the modem for network access by using a specific logical baseband in the modem.

[0078] This disclosure provides a method, according to an exemplary embodiment, for activating a telecommunications bundle (telecommunications bundle) included (installed) in an SSP terminal and connecting the activated bundle to a modem. Specifically, this disclosure provides a method for specifying a particular port among multiple ports and activating the telecommunications bundle when the modem supports multiple SIMs.

[0079] Additionally, this disclosure allows for the activation of specific bundles based on user needs, and allows network access by using specific radio access technologies when multiple basebands of a modem supporting multiple SIMs have different radio access technology (RAT) capabilities.

[0080] Terminal modems equipped with conventional UICCs, embedded UICCs (eUICCs), etc., connect to the UICC or eUICC via an ISO 7816-3 interface. However, as with integrated SSPs or integrated eUICCs, when the security media is embedded in a communication processor (CP) system-on-a-chip (SoC), the modem and communication security media cannot be connected via the ISO 7816-3 interface, thus requiring a technology different from existing technologies.

[0081] This disclosure provides a technology based on a host controller interface (HCI), which can be an interface between a secure medium and a modem with an integrated SSP or eUICC terminal.

[0082] The specific terms used in the following description are provided to aid in understanding this disclosure, and the use of these specific terms may be varied in different forms without departing from the technical spirit of this disclosure.

[0083] Security media (SE, eSE, UICC, eUICC, SSP)

[0084] In this disclosure, a secure element (SE) refers to a security module comprising a single chip that can store security information (e.g., mobile network access keys, user identification information such as ID cards / passports, credit card information, encryption keys, etc.) and use the stored security information to install and manage control modules (e.g., network access control modules such as Universal Subscriber Identity Modules (USIM), encryption modules, key generation modules, etc.). SEs can be used in various electronic devices (e.g., smartphones, tablet PCs, wearable devices, vehicles, IoT devices, etc.) and provide security services (e.g., mobile network access, payment, user authentication, etc.) through security information and control modules. Depending on whether the SE is connected to or installed in an electronic device, the SE can be used as a collective term for Universal Integrated Circuit Card (UICC), Embedded Secure Element (eSE), and Smart Security Platform (SSP) integrating UICC and eSE, and can be categorized as removable SEs, embedded SEs, and integrated SEs integrated into specific components or System-on-Chip (SoC).

[0085] In this disclosure, eSE refers to an embedded SE that is fixed to and used in an electronic device. Typically, an eSE can be manufactured for use by the terminal manufacturer solely upon request and can be manufactured to include an operating system and framework. An eSE can remotely download and install applet-type service control modules and can be used for various security services such as e-wallets, ticketing, e-passports, and digital keys. In this disclosure, an SE in the form of a single chip attached to an electronic device is referred to as an eSE, which is capable of remotely downloading and installing service control modules.

[0086] In this disclosure, a universal integrated circuit card refers to a smart card inserted and used in mobile communication terminals, etc., and may be referred to as a "UICC". A UICC may include an access control module for accessing a mobile network operator's network. Examples of access control modules include a USIM, a subscriber identification module (SIM), and an IP Multimedia Service Identification Module (iSIM). A UICC including a USIM is generally referred to as a USIM card. Similarly, a UICC including a SIM module is generally referred to as a SIM card. The SIM module may be installed during the manufacture of the UICC, or a SIM module for a mobile communication service that the user wishes to use for the required period may be downloaded into the UICC. A UICC may also download and install multiple SIMs, and at least one of the multiple SIMs may be selected and used. Depending on the chip form factor, the UICC may be fixed to a terminal and used, or it may be used in a removable form.

[0087] A UICC that is embedded in and used as a chip in a terminal is called an embedded UICC (eUICC). Specifically, a UICC embedded in a System-on-a-Chip (SoC) can also be called an integrated UICC (iUICC), which includes a communication processor, an application processor, or a single processor integrated into both. Typically, eUICCs and iUICCs can be fixed to and used in a terminal, and may access mobile network operator services by remotely downloading the SIM module from the eUICC or iUICC. An eUICC or iUICC can be powered by a specific SIM module embedded during manufacturing and can be embedded in the terminal. The SIM module information downloaded and used in the eUICC, along with authentication information for receiving network services and information included in the USIM application, can be collectively referred to as an eUICC profile. An eUICC profile can be called an eSIM profile, an iUICC profile, or a USIM profile, or more simply, a profile.

[0088] In this disclosure, the intelligent security platform is a security module capable of integrating UICC and eSE functionality within a single chip, and can be simply referred to as an "SSP". SSPs can be categorized as removable SSPs (rSSPs), embedded SSPs (eSSPs), and integrated SSPs embedded in a system-on-a-chip (SoC) (iSSPs). An SSP may include a main platform (PP) and at least one secondary platform bundle (SPB) operating on the PP. The main platform may include at least one of a hardware platform and a low-level operating system (LLOS), and the secondary platform bundle may include at least one of a high-level operating system (HLOS) and an application operating on the HLOS.

[0089] In this disclosure, a secondary platform bundle (SPB) is driven on the primary platform (PP) using the resources of the PP, and for example, a UICC bundle can refer to application software packages, file systems, authentication key values, etc. stored in an existing UICC, as well as an advanced operating system (HLOS) that operates the applications, file systems, authentication key values, etc. stored in the existing UICC.

[0090] In this disclosure, the "secondary platform bundle" may be referred to as a "bundle". The secondary platform bundle is simply referred to as a bundle. This bundle can access resources in the main platform's central processing unit, memory, etc., via the main platform interface (PPI), and therefore can operate on the main platform. This bundle can be embedded in communication applications such as Subscriber Identity Module (SIM), Universal SIM (USIN), and IP Multimedia SIM (ISIM), and can also be embedded in various applications such as e-wallets, ticketing, e-passports, and digital keys.

[0091] An SSP can be used for the UICC or eSE described above, depending on the bundles downloaded and installed remotely. It can also be used interchangeably for UICC and eSE by installing multiple bundles in a single SSP and operating them simultaneously. In other words, when a bundle including a configuration file is operated in the SSP, the SSP can be used for UICC to access the mobile operator's network. The corresponding UICC bundle can be operated by remotely downloading at least one configuration file into the bundle, and selecting and operating one of the at least one remotely downloaded configuration files, for example, in an eUICC or iUICC.

[0092] Additionally, when a bundle including service control modules operates on an SSP, the SSP can be used as an eSE, where the service control modules provide services such as e-wallets, ticketing, e-passports, or digital keys. Multiple service control modules can be installed and operated as a whole in a single bundle, or they can be installed and operated in separate bundles. The SSP can be used by downloading and installing the bundle to operate on the SSP from an external bundle management server (Secondary Platform Bundle Manager (SPB Manager)) using Over-the-Air (OTA) technology. This method of downloading and installing bundles using OTA technology on the SSP also applies to removable SSPs (rSSPs) that are detachably inserted into a terminal, embedded SSPs (eSSPs) installed in a terminal, and integrated SSPs (iSSPs) included in a SoC installed in a terminal.

[0093] In this disclosure, a telecommunications bundle can be a bundle having at least one network access application (NAA) embedded therein, or having the capability to remotely download and install at least one NAA embedded therein. The NAA is a module for accessing a network stored in the UICC and can be a USIM or ISIM. The telecommunications bundle may include a telecommunications family identifier relating to a telecommunications family.

[0094] In this disclosure, an eSIM bundle can be a bundle that has a driven eUICCOS and performs the same functions as an eUICC to install a configuration file in the terminal to operate network services. In this disclosure, the eSIM bundle can include a telecommunications family identifier relating to the eSIM bundle. The eSIM bundle can refer to a UICC bundle.

[0095] In this disclosure, a secondary platform bundle loader (SPBL) can refer to a management bundle used to install another bundle in an SSP and manage its activation, disabling, and removal. In this disclosure, the secondary platform bundle loader can be simply referred to as a loader. A local bundle assistant (LBA) on a terminal or remote server can use a loader to install, activate, disable, and remove specific bundles. In this disclosure, a loader can also be referred to as an SSP.

[0096] Terminal and Local Bundle Assistant (LBA)

[0097] In this disclosure, a terminal (terminal device) may be referred to as a mobile station (MS), user equipment (UE), user terminal (UT), wireless terminal, access terminal, terminal, subscriber unit, subscriber station, wireless device, wireless communication device, wireless transmission / reception unit (WTRU), mobile node, mobile device, or other terms. Various embodiments of the terminal include cellular phones, smartphones with wireless communication capabilities, personal digital assistants (PDAs) with wireless communication capabilities, wireless modems, mobile computers with wireless communication capabilities, shooting devices such as digital cameras with wireless communication capabilities, gaming devices with wireless communication capabilities, music storage and playback home appliances with wireless communication capabilities, and internet-connected home appliances capable of wireless internet access and browsing, and may also include portable units or terminals that have integrated these functional combinations. Furthermore, the terminal may include, but is not limited to, M2M terminals and MTC terminals / devices. In this disclosure, the terminal may be referred to as an electronic device.

[0098] In this disclosure, the terminal may have an embedded SSP, which can download and install bundled packages. Alternatively, an SSP physically separate from the terminal may be inserted into and connected to the terminal's slot, where the slot may have an SSP configured therein. For example, the SSP may be inserted into the terminal as a card. In this case, a separate SSP can be provided by a terminal with an embedded SSP. A terminal including an SSP may be referred to as an SSP terminal.

[0099] In this disclosure, Local Bundle Assistant (LBA) refers to software or an application installed on a terminal capable of controlling the SSP. The LBA can download bundles from the SSP and transmit management commands (such as activation, disabling, and deletion commands) for bundles pre-installed on the SSP. The terminal may include a Local Profile Assistant (LPA), which is software or an application installed on the terminal to control the eUICC. The LPA can be implemented as a subcomponent of the Local Bundle Assistant (LBA) and can exist on the terminal as a separate application from the LBA. The LPA can be software or an application capable of controlling an eSIM bundle, which is functionally similar to the eUICC, within a bundle installed on the SSP on the terminal.

[0100] Bundle Management

[0101] In this disclosure, bundle management can be a term that includes changing the status of bundles installed in the SSP (activating, disabling, or deleting), updating the metadata of bundles installed in the SSP, obtaining a list of bundles installed in the SSP, installing bundles in the SSP, etc.

[0102] Bundle management can be divided into local bundle management (LBM) and remote bundle management.

[0103] Local Bundle Management (LBM) can refer to operations performed directly using the SSP terminal, and the management of the SSP and its installed bundles through software within the SSP terminal. Local Bundle Management (LBM) can also be called bundle local management and local management. The SSP terminal's LBA (Local Base Application) software can transmit local bundle management commands, which carry information about the bundles under local bundle management and the specific operations to be performed. Local bundle management commands can be called local management commands and local commands. A Local Bundle Management Package (LBM package) can be configured to include one or more local bundle management commands transmitted from the terminal software LBA to the Secondary Platform Bundle Loader (SPBL). A Local Bundle Management Package can be called a bundle local management package, a local management package, a local management command package, and a local command package.

[0104] Users of SSP terminals can perform local bundle management through a local bundle assistant installed on the terminal, software with SSP access permissions, etc. Operations that can be performed through local bundle management can include changing the status of a target bundle (enabling, disabling, or deleting) or updating partial information or values ​​of a target bundle. Updating partial information or values ​​can involve updating information in the bundle's metadata. "Target bundle" can be used as a term to indicate a bundle that has undergone local bundle management.

[0105] Remote Bundle Management (RBM) can refer to operations performed by commands transmitted from an external server (i.e., service provider, remote management server, bundle management server (secondary platform bundle manager (SPB manager)), etc.) and managed by software in the SSP terminal to manage the SSP and the bundles installed on the SSP. RBM can be referred to as bundle remote management and remote control.

[0106] Service providers or terminal owners (device owners) can generate remote bundle management commands that carry information about the bundles under remote management and the specific operations to be performed. These remote bundle management commands can be referred to as remote management commands or local commands. Remote bundle management commands can be transmitted from the bundle management server (SPB Manager) to the terminal software LBA of the SSP terminal, where they are executed. Alternatively, remote bundle management commands can be transmitted from the SSP terminal's terminal software LBA to the secondary platform bundle loader (SPBL), where bundle management can be performed based on the details of the command.

[0107] A Remote Bundle Management Package (RBM package) can be configured to include one or more remote bundle management commands generated by an external server, transmitted from the external service to the SSP terminal software LBA, and transmitted from the terminal software LBA to the secondary platform bundle loader. The Remote Bundle Management Package can also be referred to as a Bundle Remote Management Package, a Remote Management Package, a Remote Management Command Package, or a Remote Command Package.

[0108] In this disclosure, the operation of activating (enabling) a bundle by a terminal or external server can mean changing the state of the corresponding configuration file to an active (enabling) state and configuring it so that the terminal can receive services provided by the corresponding bundle (e.g., communication services from a telecommunications operator, credit card payment services, user authentication services, etc.). A bundle in an active state can be referred to as an "active bundle (enabling bundle)". An active bundle can be stored in an encrypted state in an internal or external storage device of the SSP. In this disclosure, the active state (enabling secondary platform bundle or enabling bundle) of the bundle can be changed to an active state based on internal operations of the bundle (e.g., timers or polling) or external inputs to the bundle (e.g., user input, push notifications, requests from applications in the terminal, authentication requests from a switching operator, PP management messages, etc.). An active bundle can mean being loaded from an internal or external storage device of the SSP into the active memory of the SSP, processing security information using the security control device (security CPU) in the SSP, and providing security services to the terminal.

[0109] In this disclosure, disabling (disabling) a bundle by a terminal or external server can mean changing the state of the corresponding bundle to a disabled (disabled) state and performing configuration to prevent the terminal from receiving services provided by the corresponding bundle. A configuration file in a disabled state can be represented as "disabled bundle (disabled secondary platform bundle or disabled bundle)". An active bundle can be stored in encrypted form on internal or external storage devices of the SSP.

[0110] Si2 and Si3 interfaces

[0111] In this disclosure, the function invoked by the LBA can be a function executed in the Si2 interface corresponding to the interface between the LBA and the SPB manager, and in the Si3 interface corresponding to the interface between the LBA and the SPBL. The LBA can transmit parameters to the SPB manager or SPBL via a specific function. The parameters transmitted from the LBA by invoking a specific function can be referred to as a function instruction, function command, or command. The SPB manager or SPBL, having received the function command, can perform a specific operation according to the function command and can respond to the function command. This response can include parameters. The function command can be transmitted via the Si2 interface using the Hypertext Transfer Protocol (HTTP). Specifically, the function command can be transmitted via Si2 using an HTTP POST request message, and the command can be carried in the body of the HTTP POST request message and transmitted.

[0112] Forming (generating) APDU pipes

[0113] An APDU pipe corresponds to a pipe formed between two hosts for APDU communication. An APDU pipe is formed between the UICC APDU application gateway of one host and the UICC APDU service gateway of the other host. The process of forming an APDU pipe between two hosts can be performed with reference to ETSI TS 102 622 corresponding to the Host Controller Interface (HCI) standard and ETSI TS103 666-1 or ETSI TS 103 666-2 corresponding to the SSP / iSSP standard.

[0114] APDU pipes can also be called UICC pipes, UICC APDU pipes, etc.

[0115] The UICC application gate can be referred to as the UICC application gate.

[0116] The UICC APDU service gateway can be referred to as the UICC service gateway.

[0117] HCI configuration

[0118] The Host Controller Interface (HCI) defines the interface between hosts. The HCI can conform to the definitions in the ETSI TS 102 622 (Smart Card, UICC - Contactless Front-End (CLF) Interface) standard document; Host Controller Interface (HCI).

[0119] HCI includes commands, responses, gateways for exchanging events, mechanisms for transmitting Host Controller Protocol (HCP) messages, and HCP routing mechanisms.

[0120] A host corresponds to a logical entity that runs one or more services. A service can be a set of functions that perform a specific function, which can be considered as a set of atomic functions.

[0121] This gateway can be a switching entry point (entry point) for services operating within the host.

[0122] A gateway used to manage a host network can be called a management gateway.

[0123] All hosts in the network controller host and iSSP can have management gateways.

[0124] All hosts in the network controller host and iSSP can have a link management gateway.

[0125] All hosts in the network controller host and iSSP can have an identity management gateway.

[0126] All hosts in the network controller host and iSSP can have loopback gateways.

[0127] All hosts in the network controller host and iSSP can have one or more common gateways.

[0128] A pipe corresponds to a logical communication channel formed between two gateways on different hosts.

[0129] Each of the host, gateway, and pipe can have an identifier, and the host, gateway, and pipe can be referred to as the host identifier (host ID), gateway identifier (gate ID), and pipe identifier (pipe ID), respectively.

[0130] For host identifiers, a specific host can have the following fixed identifiers:

[0131] Host controller identifier: "00", terminal host identifier: "01", UICC host identifier: "02".

[0132] Identifier values ​​“80” to “BF” can be flexibly assigned to hosts by the network host controller, the entity used to manage host identifiers in the iSSP.

[0133] Gate identifiers can be used to identify the type of gate.

[0134] Pipe identifiers can be 7 bits long. Pipe identifiers can be used as headers for HCP packets and for packet routing in iSSP.

[0135] The host identifier in the telecom bundle in iSSP can have the UICC host identifier "02", but another value can be used.

[0136] The identifier for each other host in the iSSP can be assigned by the host controller or network controller host.

[0137] Multi-SIM modem

[0138] A multi-SIM modem is a modem that supports multiple logical basebands to support multi-SIM multi-standby or multi-SIM multi-activity terminals. As an example of multi-SIM multi-standby, it may include dual-SIM dual-standby (DSDS) that supports dual-SIM functionality using two SIM cards. Multi-SIM multi-standby (MSMS) and multi-SIM multi-activity (MSMA) share the characteristic that the modem supports multiple logical basebands. The difference between MSMS and MSMA is that MSMA has multiple transceivers to support access via multiple completely separate networks, while MSMS shares a single transceiver across multiple logical basebands through time-division multiplexing to support access via multiple networks. In this disclosure, a multi-SIM modem may correspond to a modem host domain, and a modem host domain may include at least one modem host.

[0139] In this disclosure, a logical baseband can refer to a network protocol stack that can perform network (e.g., 3GPP network) access based on information about a communication subscriber identifier (e.g., SIM authentication information). Digital information already processed by the logical baseband can be modulated by a transceiver, and its signal can be transmitted as an analog signal. After the analog signal received by the transceiver is converted and modulated into a digital signal, decoding processing can be performed by the local baseband. Depending on the modem's performance, the logical baseband can support, for example, GSM, 3G, 4G LTE, and 5G. Multiple logical basebands in a multi-SIM modem can support cellular switching at the same level (e.g., multiple logical basebands support at most 4G LTE, or all multiple logical basebands support 5G) or can support cellular networks at different levels (e.g., in multiple logical basebands, one logical baseband supports 5G, and another logical baseband supports at most 4G LTE).

[0140] A multi-SIM modem can connect to multiple physical SIMs, eUICCs, and telecom bundles. A multi-SIM modem can have the same number of SIM ports as the number of SIMs it can support simultaneously. Specifically, the SIM ports carried by a multi-SIM modem in an iSSP can be referred to as iSSP SIM ports (iSIM ports).

[0141] The iSIM port can be viewed as an independent SIM timeslot within the terminal's higher-level operating system / framework. For example, according to the global platform open mobile API standard, the iSIM port can correspond to a card reader class. Additionally, the iSIM port can be used as a medium that allows users in the terminal's UI to connect specific bundles to a specific baseband and activate those bundles.

[0142] A multi-SIM modem with two independent logical basebands can have two iSIM ports; similarly, a multi-SIM modem with independent logical basebands can have n iSIM ports.

[0143] A multi-SIM modem with two iSIM ports can simultaneously support two different UICCs, eUICCs, and telecom bundles. Similarly, a multi-SIM modem with n iSIM ports can simultaneously support n different UICCs, eUICCs, and telecom bundles. Here, "support" means using the authentication information in the UICC, eUICC, and telecom bundle to access the network and provide communication services.

[0144] In this disclosure, detailed descriptions of known functions or configurations in connection with this disclosure will be omitted where it is determined that such detailed descriptions might obscure the essential points of this disclosure.

[0145] Figure 1 The interface between the components and internal components of an SSP terminal according to various embodiments of the present disclosure is shown.

[0146] refer to Figure 1 The SSP terminal 101 may include an SSP 131 and a Local Bundle Assistant (LBA) 111 corresponding to the terminal software. Additionally, the SSP terminal 101 may include a transceiver, base station, server, etc., for sending signals to or receiving signals from another terminal, and a controller for controlling the overall operation of the SSP terminal 101. According to various embodiments of this disclosure, the controller can control the operation of the SSP terminal. The controller may include at least one processor. The controller can control the SSP 131 via the LBA 111.

[0147] SSP 131 may include a main platform 135, a main platform interface 134, a secondary platform bundle 133, and a secondary platform bundle loader 132. The main platform 135 may include a hardware platform and a low-level operating system. The secondary platform bundle 133 can be simply referred to as a bundle, and this bundle includes applications and a high-level operating system (HLOS) driving the main platform 135. The secondary platform bundle loader 132 can be simply referred to as an SPB loader or loader. The loader 132 is a type of bundle 133 and may correspond to a system bundle with special permissions to manage the bundle 133 installed in the SSP. Terminal software LBA 111 and loader 132 can exchange instructions and information through a first interface 122. The first interface 122 can be referred to as the Si3 interface.

[0148] LBA 111 can perform the following operations through the first interface:

[0149] - Obtain the first SSP information and SSP credentials from loader 132;

[0150] - Send server credentials;

[0151] - Send the bundle data to be installed in the SSP to loader 132; and / or

[0152] - Manage bundles installed in the SSP (activate, disable, delete, update bundle metadata, manage the list of installed bundles, etc.).

[0153] Figure 2 Internal or external terminal components for downloading bundles by an SSP terminal, according to various embodiments of this disclosure, are shown.

[0154] exist Figure 2 In the implementation method, terminal 203 corresponds to Figure 1The SSP terminal 101. LBA 204 can correspond to Figure 1 LBA 111. SPB loader 206 can correspond to Figure 1 The auxiliary platform bundle loader 132. Bundle 207 can correspond to Figure 1 The auxiliary platform bundle 133. (See reference.) Figure 1 The implementation methods of terminal 203, LBA 204 and SPB loader 206 are described.

[0155] according to Figure 2 In the service subscription process 210, user 200 can select and subscribe to services provided by service provider 201 (e.g., call and data services via a mobile communication network). During the service subscription process 210, user 200 can pay service provider 201 a pre-paid amount or subscription fee for the service, and service provider 201 can provide user 200 with pre-paid information for installing a bundle 207 capable of receiving the service on user's terminal 203. In the service subscription process 210, in order to use the services provided by service provider 201, user 200 can selectively transmit to service provider 201 the SSP identifier of the SSP 205 on terminal 203 where the bundle 207 is to be installed. The SSP identifier transmitted to service provider 201 during the service subscription process 210 allows the bundle 207 purchased by user 200 to be installed only on the SSP 205 with the corresponding SSP identifier.

[0156] According to some implementation methods, in Figure 2 In the service subscription process 210, an SSP activation code can be issued from the service provider 201 to the terminal 203 as pre-reserved information required for installing the bundle 207 on the terminal 203. The SSP activation code can be provided in QR code format, or it can be issued via email, text, or a link in Uniform Resource Identifier (URI) format or string via an application associated with the service provider. According to some implementations, the SSP activation code provided after the user 200 subscribes to the telecommunications service may include an eSIM activation code that allows downloading an eSIM profile instead of the telecommunications bundle, as well as information allowing downloading the telecommunications bundle.

[0157] In the bundle creation request transmission process 211, the service provider 201 and the SPB manager 202 can perform a bundle download preparation process. In the bundle creation request transmission process 211, the service provider 201 can optionally transmit the identifier (SSP ID) of the SSP 205 to be installed in the bundle to the SPB manager 202, and can transmit at least one of a bundle family identifier (SPB family ID) and a specific bundle identifier (SPB ID) capable of providing the service selected by the subscriber to the SPB manager 202. In the bundle creation request transmission process 211, the SPB manager 202 can select one of a bundle with the transmitted specific bundle identifier and a bundle with a bundle family identifier, and can transmit the selected bundle identifier to the service provider 201.

[0158] In the bundle creation request transmission process 211, the service provider 201 or SPB manager 202 can regenerate a bundle matching ID that can distinguish the selected bundle. This bundle matching ID can be referred to as CODE_M. Additionally, the SPB manager 202 can associate the transmitted SSP identifier (SSP ID) with the selected bundle to manage it. During the bundle creation request transmission process 211, the SPB manager 202 can also transmit the bundle management server address (SPB manager address) from which the selected bundle can be downloaded to the service provider 201.

[0159] In this scenario, the bundle management server address can be the address of a specific or predetermined bundle management server that stores the prepared bundle, and it can also be the address of another bundle management server that has installed and obtained download information for the prepared bundle (e.g., server address, etc.). During the bundle creation request transmission process 211, when the service provider 201 requests the preparation of a telecommunications bundle from the SPB manager 202, information regarding the eSIM profile matching the corresponding telecommunications bundle can be provided simultaneously.

[0160] When a portion of the bundle creation request transmission process 211 precedes the service subscription process 210, the service provider 201 may transmit bundle download information prepared for the user 200 during the service subscription process 210. As bundle download information, at least one of the following may be transmitted: the address of the bundle management server (SPB manager address) that prepared the bundle, the bundle matching ID that prepared the bundle, or the bundle family identifier that prepared the bundle.

[0161] refer to Figure 2In process 231, during the input of information for the bundle to be downloaded, the bundle download information can be transmitted to LBA 204 of terminal 203. The bundle downlink information can be at least one of the address of the bundle management server (SPB manager address) to which LBA 204 needs to access, the bundle identifier prepared during the bundle creation request transmission process 211, or the bundle family identifier prepared during the bundle creation request transmission process 211. The bundle identifier can include at least one of the bundle event ID or bundle matching ID generated during the bundle creation request transmission process 211. Additionally, the bundle identifier can include the bundle family identifier prepared during the bundle creation request transmission process 211. The bundle event ID can include at least one of the bundle management server address and the bundle matching ID prepared during the bundle creation request transmission process 211. The bundle download information can be entered into LBA 204 when user 200 enters an SSP activation code (e.g., by scanning a QR code, directly entering text, etc.), or it can be entered into LBA 204 via push input from an information providing server (not shown). Additionally, the LBA 204 access terminal 203 is pre-configured with an information providing server (not shown) and receives bundle download information.

[0162] The bundle downloaded to SSP 205 in SPB Manager 202 can be implemented as the operations and functions configured in interface 221 between SPB Manager 202 and LBA 204 and interface 222 between LBA 204 and SPB Loader 206. Interface 222 between LBA 204 and SPB Loader 206 can correspond to... Figure 1 The first interface 122. The interface 222 between LBA 204 and SPB loader 206 can be referred to as the Si3 interface.

[0163] Figure 3 Elements of an eUICC terminal according to various embodiments of this disclosure are shown.

[0164] LPA 301 can transmit APDU commands to eUICC 303 and receive APDU responses from eUICC 303. The APDU commands and responses correspond to the data acquisition ETSI TS 102 221 standard and the SGP.22 standard based on ISO 7816-4. APDU commands and responses can be used for communication between LPA 301 and eUICC 303, as well as for communication between modem 302 and eUICC 303.

[0165] LPA 301 and eUICC 303 can transmit or receive APDUs via modem 302. LPA 301 can transmit APDUs intended for eUICC 303 to the modem via a first interface 304 provided by modem 302. The first interface 304 can correspond to an interface used to transmit APDUs to the modem via the terminal's frame or operating system. This first interface can also correspond to an interface used to include the APDUs to be transmitted by LPA 301 in AT commands and send them to modem 302. Modem 302 can exchange APDUs with eUICC 303 via a second interface 305. This second interface can correspond to an interface based on ISO 7816-3.

[0166] Figure 4 Elements of an iSSP terminal according to various embodiments of the present disclosure are shown.

[0167] An iSSP terminal may include a modem 405 and an iSSP 406 embedded in a communication processor (CP) 407.

[0168] iSSP 406 can be collectively referred to as the Secondary Platform Bundle Loader (SPBL) in iSSP and the secondary bundles installed in iSSP.

[0169] Communication between the SPBL in LBA 401 and iSSP 406 can be performed through the third interface 403. The third interface 403 can be referred to as the Si3 interface. Commands and responses transmitted through the third interface 403 can be referred to as Si3 commands and Si3 responses, respectively.

[0170] LBA 401 can transmit Si3 commands to SPBL in iSSP 406 and can receive responses from SPBL.

[0171] The LBA 401 can send data to or receive data from the modem 405 via the fourth interface 404.

[0172] Modem 405 and iSSP 406 can send or receive data via fifth interface 408. Fifth interface 408 can correspond to an interface conforming to the SSP Common Layer (SCL) as defined in ETSI TS 103 666-1. The SCL transport layer can correspond to the Host Controller Interface (HCI) of ETSI TS 102 622. Fifth interface 408 can correspond to the APDU pipe formed between the UICCAPDU application gateway of modem 405 and the UICC APDU service gateway of a specific bundle in iSSP 406.

[0173] Figure 5Examples of interfaces for APDU communication between a modem and a telecommunications bundle, according to various embodiments of this disclosure, are shown.

[0174] exist Figure 5 The APDU pipe 506 formed between the modem 501 and the telecom bundle 503 can be Figure 4 Example of the fifth interface 408.

[0175] Modem 501 can perform APDU communication by forming an APDU pipe 506 with a telecommunications bundle 503 installed in iSSP 502. APDU pipe 506 can be generated with UICC APDU application gateway 504 and UICC APDU service gateway 505 of modem 501 as ingress points.

[0176] Figure 6 An example of a host in an iSSP generating a pipeline through a gate is shown according to various embodiments of this disclosure.

[0177] The iSSP network controller host 601 may include a management gateway 602. The management gateway 602 may form conduits (631 and 632) with management gateways 612 and 622 in different hosts, host A 611 and host B 621, respectively, to perform management functions between the hosts.

[0178] The link management port 603 of the network controller host 601 can form pipes (633 and 634) with the link management ports 613 and 623 of different hosts, respectively, in order to perform the function of managing the link connection between the hosts (link management).

[0179] Host A 611 and Host B 621 can form a pipeline through a gateway corresponding to a specific service, and can perform services by exchanging commands and responses or exchanging events.

[0180] Gateway 1 614 in host A 611 and gateway 2 in host B 621, which provide the same service, can form a pipe 635 between them to perform the corresponding service.

[0181] If host A 611 corresponds to a modem and host B 621 corresponds to a telecommunications bundle, an APDU pipe 636 can be formed between the UICC application gateway 615 in host A 611 and the UICC service gateway 625 in host B 621 to perform APDU communication and perform various services and functions performed in the UICC.

[0182] Figure 7AThe diagram illustrates the state in which a multi-SIM modem in a terminal according to various embodiments of the present disclosure and multiple telecommunications bundles in an iSSP are respectively connected to the iSIM port.

[0183] The multi-SIM modem 700 supports multiple logical basebands 701, 702 and 703. Figure 7A The multi-SIM modem 700 in the text can be an example of a tri-SIM modem that supports three logical basebands and three iSIM ports.

[0184] The first logical baseband 701, the second logical baseband 702, and the third logical baseband 703 can support the same radio access capabilities or different radio access capabilities. For example, all three logical basebands can be logical basebands that support 5G networks. In another example, two of the three logical basebands can support 5G networks, and the third logical baseband can support 4G networks. In yet another example, the three logical basebands can support 4G, 5G, and 6G networks respectively.

[0185] Figure 7A The modem 700 has three iSIM ports. The three iSIM ports correspond to the first iSIM port 741, the second iSIM port 742, and the third iSIM port 743.

[0186] exist Figure 7A In the above, the first iSIM port 741 corresponds to the iSIM port using the first baseband 701, the second iSIM port 742 corresponds to the iSIM port using the second baseband 702, and the third iSIM port 743 corresponds to the iSIM port using the third baseband 703.

[0187] Figure 7A The diagram shows that the first bundle 711 accesses the network using the first baseband 701, the second bundle 712 accesses the network using the second baseband 702, and the third bundle 713 accesses the network using the third baseband 703.

[0188] Figure 7A The diagram shows a first bundle 711 connected to a first iSIM port 741, a second bundle 712 connected to a second iSIM port 742, and a third bundle 713 connected to a third iSIM port 743.

[0189] according to Figure 7A The first iSIM port 741 is connected to the first baseband 701, and the first bundle 711 is activated and forms a first conduit 721 with a port connected to the first baseband 701 for connection to the first iSIM port 741.

[0190] Similarly, according to Figure 7A The second iSIM port 742 is connected to the second baseband 702, and the second bundle 712 is activated and forms a second conduit 722 with a port connected to the second baseband 702 for connection to the second iSIM port 742.

[0191] Similarly, according to Figure 7A The third iSIM port 743 is connected to the third baseband 703, and the third bundle 713 is activated and forms a third conduit 723 with a port connected to the third baseband 703 so as to connect to the third iSIM port 743.

[0192] Although not shown, the connection relationships 731, 732, and 733 between iSIM ports 741, 742, and 743 and logical basebands 701, 702, and 703 can be changed according to the modem configuration. The modem configuration can be changed by system terminal software 750. System terminal software 750 can correspond to system software that manages modem 700 by using APIs provided by modem 700 through operating system and framework 760. For example, system terminal software 750 can correspond to terminal software with system access rights, such as a SIM card manager for an Android terminal. Depending on the user's selection, system terminal software 750 can change the connection relationships 731, 732, and 733 between iSIM ports 741, 742, and 743 and basebands 701, 702, and 703. For example, according to a specific configuration, first iSIM port 741 can be connected to second baseband 702, second iSIM port 742 can be connected to third baseband 703, and third iSIM port 743 can be connected to first baseband 701. In addition, the iSIM port and the logical baseband can be connected to each other according to any combination that satisfies a 1:1 correspondence (dual-shot).

[0193] Figure 7B Another embodiment is shown, illustrating the state in which a multi-SIM modem in a terminal according to various embodiments of the present disclosure and multiple telecommunications bundles in an iSSP are respectively connected to an iSIM port.

[0194] and Figure 7A Compared to the implementation method, Figure 7B Implementation methods and Figure 7A The difference in the implementation is that the modem 700b includes a multiplexer 770b and has only one UICC application gateway. In this case, the gateways (UICC service gateways) of multiple bundles 711, 712, and 713 can be connected (mapped) to one gateway (UICC application gateway) of the modem 700b.

[0195] like Figure 7BAs shown, in modem 700b, first bundle 711, second bundle 712, and third bundle 713 can be activated and form first UICC pipe 721b, second UICC pipe 722b, and third UICC pipe 723c, respectively. Specifically, first bundle 711, second bundle 712, and third bundle 713 can be activated and can form first UICC pipe 721b, second UICC pipe 722b, and third UICC pipe 723c between the gateway of modem 700b (a UICC application gateway) and the gateways of first bundle 711, second bundle 712, and third bundle 713 (three UICC service gateways), respectively. In this case, multiplexer 770b can perform multiplexed communication with first bundle 711, second bundle 712, and third bundle 713 through the pipe IDs of the three UICC pipes 721b, 722b, and 723c generated by a UICC application gateway.

[0196] According to the implementation method, in Figure 7B The operations described in the implementation can be applied not only to modems but also to other modes such as... Figure 7B The example shown illustrates a single UICC application gateway, and it can also be applied to situations where multiple bundled UICC service gateways are connected to (mapped to) a single UICC application gateway. For example, Figure 7B The description in the implementation can also be applied to a modem that includes two UICC application gateways, and one of the two UICC application gateways is connected (mapped) to multiple bundled UICC service gateways.

[0197] Figure 8 Examples of various embodiments of the present disclosure are shown of a conduit for communication between a modem host and a telecommunications bundle.

[0198] The modem host 801 may include a logical baseband 804. The logical baseband 804 may refer to, for example, a protocol stack for network access using SIM authentication information.

[0199] Modem host 801 may include UICC application gateway 802. UICC application gateway 802 may form UICC pipeline 822 with UICC service gateway 812 of telecommunications bundle 811 to perform UICC functions.

[0200] Modem host 801 may include Card Application Kit (CAT) service gateway 803. CAT service gateway 803 may form a CAT pipe 823 with CAT application gateway 813 of telecom bundle 811 to perform CAT services. Card Application Kit may refer to the ETSI TS 102 223 smart card standard; Card Application Kit (CAT). For example, CAT application gateway 813 of telecom bundle 811 may send active UICC commands to the modem by transmitting protection UICC commands to CAT service gateway 803 via CAT pipe 823.

[0201] Figure 9A Examples of activating multiple telecom bundles in a multi-SIM modem and connecting these multiple telecom bundles to an iSIM port are shown according to various embodiments of the present disclosure.

[0202] In this disclosure, a multi-SIM modem may be referred to as modem host domain 900. Modem host domain 900 may be a host domain outside of the SSP host domain. Modem host domain 900 may have multiple modem hosts. Figure 9A An example of a dual-SIM modem is shown, wherein the modem host domain 900 of the dual-SIM modem may include two modem hosts (e.g., a first modem host 911 and a second modem host 921).

[0203] In this disclosure, an SSP host domain may include at least one host. For example, such as Figure 9A As shown, the SSP host domain may include a first host corresponding to the first telecommunications bundle 931 and a second host corresponding to the second telecommunications bundle 941. Figure 9A In one implementation, a host in modem host domain 900 (e.g., first modem host 911) can generate an APDU pipe (UICC) pipe with a host in SSP host domain (e.g., first telecom bundle 931).

[0204] In this embodiment, the first modem host 911 and the second modem host 921 can correspond to Figure 8 Modem host 801.

[0205] Figure 9A An example is shown where a first modem host 911 is connected to a first iSIM port 901 and a second modem host 921 is connected to a second iSIM port 902.

[0206] according to Figure 9AThe first telecommunications bundle 931 is activated and forms a UICC pipe 952 and a CAT pipe 953 with the first modem host 911, and can perform network access through the first baseband 914.

[0207] according to Figure 9A The first modem host 911 is connected to the first iSIM port 901, so it can be understood that the first telecom bundle 931 is connected to the first iSIM port 901.

[0208] In addition, according to Figure 9A The second telecommunications bundle 941 is activated and forms a UICC pipe 962 and a CAT pipe 963 with the second modem host 921, and can perform network access through the second baseband 954.

[0209] according to Figure 9A The second modem host 921 is connected to the second iSIM port 902, so it can be understood that the second telecom bundle 941 is connected to the second iSIM port 902.

[0210] Figure 9B Another example is shown of activating multiple telecom bundles in a multi-SIM modem and connecting these multiple telecom bundles to an iSIM port according to various embodiments of this disclosure.

[0211] Figure 9A and Figure 9B The difference between them is that, Figure 9B The modem host domain 900 has a single modem host (e.g., a first modem host 911). The first modem host 911 has multiple basebands 914 and 924, and may also have a UICC application gateway 922 and a CAT service gateway 913 for communicating with telecommunications bundles.

[0212] exist Figure 9B In one implementation, a host in modem host domain 900 (e.g., first modem host 911) can generate an APDU pipe (UICC) pipe with multiple hosts in SSP host domain (e.g., first telecom bundle 931 and second telecom bundle 941).

[0213] according to Figure 9BWhen the first telecommunications bundle 931 and the second telecommunications bundle 941 are activated and form a conduit with the first modem host 911, the UICC service gateway 932 of the first telecommunications bundle 931 and the UICC service gateway 942 of the second telecommunications bundle 941 can both form conduits 952 and 962 with the UICC application gateway 922 of the first modem host 911. In this case, the first modem host 911 can classify the bundles to be used for communication by the identifier of the conduit.

[0214] Although not shown, the multiplexer of the first modem host 911 can classify bundles that form pipes (e.g., 952 or 962) with the UICC application gateway 922 by the pipe identifier.

[0215] Furthermore, when the first telecommunications bundle 931 and the second telecommunications bundle 941 are activated and form a conduit with the first modem host 911, both the CAT application gateway 933 of the first telecommunications bundle 931 and the CAT application service gateway 943 of the second telecommunications bundle 941 can form a conduit with the CAT service gateway 913 of the first modem host 911. In this case, the CAT service gateway 913 can perform processing by classifying the bundles used for communication based on whether the conduit identifier of the transmitted packet corresponds to 953 or 963.

[0216] If the first telecom bundle 931 is connected to the first iSIM port 901 and uses the first baseband 914, the multiplexer of the first modem host 911 can forward packets received through pipe 953 from the CAT service gateway to the first baseband 914. Similarly, the UICC application gateway can forward packets transmitted by the terminal to the first telecom bundle 931 through the first iSIM port 901 to pipe 952 so that the packets can be forwarded to the UICC service gateway 932 of the first telecom bundle 931.

[0217] Figure 10 This disclosure illustrates various embodiments of the process of activating two telecommunications bundles upon user request and assigning the two telecommunications bundles to two SIM ports of a modem, respectively.

[0218] Operations 1011 to 1019 illustrate a series of implementations for activating the first bundle 1005 upon user request and connecting the first bundle 1005 to the iSIM port 1 (first SIM port) of the modem.

[0219] Operations 1021 to 1029 illustrate a series of implementations for activating the second bundle 1006 upon user request and connecting the second bundle 1006 to the iSIM port 2 (second SIM port) of the modem.

[0220] In operation 1011, user 1001 requests LBA 1002 (or LPA) to activate / enable the first bundle. In operation 1011, the user activates / enables the telecommunications company for the first bundle in a specific SIM slot via the terminal's SIM card configuration UI. For example, the user can perform the first bundle activation in iSIMport1.

[0221] In operation 1012, LBA 1002 transmits the first bundle activation / enable command to SPBL 1003. In operation 1012, for example, the first bundle activation command may correspond to the Si3.EnableSpb command that includes the first bundle identifier.

[0222] In operation 1013, SPBL 1003 activates / enables the first bundle 1005 via the iSSP's main platform (PP). Activating the first bundle may include, for example, decrypting and activating the encrypted first bundle 1005, and moving the decrypted / activated first bundle 1005 up to the next RAM. After the first bundle 1005 is activated, it may broadcast its activation to other entities in the iSSP. For example, such a broadcast may be performed by an entity in the iSSP referred to as the network controller host.

[0223] When the first bundle 1005 is activated, in operation 1014, the modem 1004 and the first bundle 1005 form / generate a first APDU pipeline.

[0224] In operation 1015, modem 1004 transmits the identifier of the first APDU pipe to SPBL 1003. Operation 1015 can be performed in conjunction with the network controller host (NCH) router corresponding to the entity in the iSSP.

[0225] In operation 1016, SPBL 1003 may transmit a response to the first bundle activation command in operation 1012 to LBA 1002. When the first bundle is successfully activated and a first APDU pipe is formed / generated with the modem, the response in operation 1016 may include a first APDU pipe identifier. Using the first APDU pipe identifier received from SPBL 1003, LBA 1002 can identify the identifier of the first APDU pipe formed for communication with the modem for the first bundle activated in operation 1012.

[0226] In operation 1017, LBA 1002 sends an APDU pipe-to-iSIM port mapping request to modem 1004 to map / connect the first bundle to iSIM port 1 in the modem. The corresponding APDU pipe-to-iSIM port mapping request may include the identifier of the APDU pipe and the identifier of the iSIM port to be mapped. When there is no direct data transmission route between LBA 1002 and modem 1004, operation 1017 can be performed via SPBL 1003. In this case, LBA 1002 can transmit the APDU pipe-to-iSIM port mapping request to SPBL 1003, which in turn transmits the mapping request to modem 1004, thus allowing the APDU pipe identifier and the identifier of the iSIM port to be mapped to be transmitted to modem 1004.

[0227] In operation 1018, modem 1004 can map the iSIMport identifier and APDU pipe identifier transmitted in operation 1017. Operation 1018 can correspond to the following operation: connecting a bundle (first bundle) to an APDU pipe (first APDU pipe) with a transmitting APDU pipe identifier in an APDU pipe formed by a modem having a logical baseband associated with the transmitted iSIMport identifier. For example, operation 1018 can correspond to an internal operation of the modem that allows network access via the logical baseband associated with the iSIMport identifier by utilizing the K value and IMSI of the first bundle. Through operation 1018, the activated telecommunications bundle can be connected to a specific logical baseband in the modem to perform network access.

[0228] In operation 1019, modem 1004 responds to the result of operation 1018. Through operation 1019, LBA 1002 can recognize that the first bundle was successfully mapped to the iSIMport corresponding to iSIMport1ID.

[0229] Operations 1021 to 1029 illustrate the process of activating the second bundle 1006 and mapping it to iSIMport2. Operations 1021, 1022, 1023, 1024, 1025, 1026, 1027, 1028, and 1029 can be performed by referring to operations 1011, 1012, 1013, 1014, 1015, 1016, 1017, 1018, and 1019, respectively.

[0230] Figure 11Another embodiment of the process of activating two telecommunications bundles upon user request and assigning the two telecommunications bundles to two SIM ports of a modem, according to various embodiments of the present disclosure, is shown.

[0231] and Figure 10 different, Figure 11 Some implementations of the bundle activation command sent from LBA 1102 to SPBL 1103 include the identifier of the iSIM port.

[0232] Operations 1111 to 1119 illustrate a series of implementations for activating the first bundle 1105 upon user request and connecting the first bundle 1105 to the iSIM port 1 (first SIM port) of the modem.

[0233] Operations 1121 to 1129 illustrate a series of implementations for activating the second bundle 1106 upon user request and connecting the second bundle 1106 to the iSIM port 2 (second SIM port) of the modem.

[0234] In operation 1111, user 1101 requests LBA 1102 to activate / enable the first bundle. In operation 1111, the user activates / enables the telecommunications company for the first bundle in a specific SIM slot via the terminal's SIM card configuration UI. For example, the user can perform the first bundle activation in iSIMport1.

[0235] In operation 1112, LBA 1102 transmits the first bundle activation / enable command to SPBL 1103. In operation 1112, for example, the first bundle activation command may correspond to the Si3.EnableSpb command, which includes the first bundle identifier and the iSIMport1 identifier.

[0236] In operation 1113, the first bundle 1105 is activated via SPBL 1103. Figure 11 Operation 1113 can correspond to Figure 10 Operation 1013.

[0237] In operation 1114, modem 1104 and first bundle 1105 form / generate APDU pipes. The formed APDU pipes may be referred to as the first APDU pipes. Figure 11 Operation 1114 can be combined with Figure 10 Operation 1014 corresponds to this.

[0238] In operation 1115, modem 1104 transmits the identifier of the first APDU pipe to SPBL 1103. According to some embodiments, operation 1115 may be omitted.

[0239] In operation 1116, SPBL 1103 may request a mapping / connection from modem 1104 to an APDU pipe to an iSIMport. The mapping request may include an identifier for the iSIMport. The mapping request may also include an APDU pipe identifier. The APDU pipe identifier included in the mapping request may be the APDU pipe identifier transmitted in operation 1115.

[0240] In operation 1117, modem 1104 can perform mapping from the iSIM port to the APDU pipe. According to... Figure 11 In the example above, operation 1117 can correspond to the following operation: mapping the first APDU pipe formed in operation 1113 between the modem and the activated first bundle to the iSIM port corresponding to the iSIMport identifier transmitted in operation 1116. Through operation 1117, the first bundle can perform network access by using the logical baseband corresponding to the modem's iSIMport1, according to the user request in operation 1111.

[0241] In operation 1118, modem 1104 can notify SPBL 1103 of the result that operation 1117 was successfully executed.

[0242] In operation 1119, SPBL 1103 can transmit to LBA 1102 the result of bundle activation (whether the operation was successfully executed) and whether the iSIM port mapped to the modem of the activated bundle was executed (whether operation 1117 was successfully executed).

[0243] In operation 1119, in response to successful bundle activation and successful mapping to the iSIM port, LBA 1102 can display on the screen to user 1101 via the UI that the first bundle has been activated and is being used in iSIMport1.

[0244] Operations 1121 to 1129 illustrate the process of activating the second bundle 1106 and mapping it to iSIMport2. Operations 1121, 1122, 1123, 1124, 1125, 1126, 1127, 1128, and 1129 can be performed by referring to operations 1111, 1112, 1113, 1114, 1115, 1116, 1117, 1118, and 1119, respectively.

[0245] Figure 12 The structure of a terminal according to various embodiments of this disclosure is shown.

[0246] refer to Figure 12The terminal may include a transceiver 1210, a controller 1220, and a memory 1230. In this disclosure, the controller 1220 may be defined as a circuit, an application-specific integrated circuit, or at least one processor.

[0247] Transceiver 1210 can send signals to or receive signals from another network entity that includes a server. For example, the transceiver can receive system information from the server and can send or receive information and / or messages depending on the implementation.

[0248] According to the embodiments provided in this disclosure, the controller 1220 can control the overall operation of the terminal. For example, the controller can control the signal flow between blocks to perform operations according to the accompanying drawings and flowcharts.

[0249] The memory 1230 can store at least one of information sent or received by the transceiver and information generated by the controller.

[0250] Figure 13 The structure of an intelligent security platform according to various embodiments of this disclosure is shown.

[0251] refer to Figure 13 The intelligent security platform may include a transceiver 1310, a controller 1320, and a memory 1330. In this disclosure, the controller 1320 may be defined as a circuit, an application-specific integrated circuit, or at least one processor.

[0252] Transceiver 1310 can send signals to or receive signals from another network entity within and / or outside the terminal. For example, the transceiver can receive system information from the terminal's controller and can send or receive information and / or messages according to the implementation.

[0253] According to the embodiments provided in this disclosure, controller 1320 can control the overall operation of the intelligent security platform. For example, the controller can control the signal flow between blocks to perform operations according to the accompanying drawings and flowcharts.

[0254] The memory 1330 can store at least one of information sent or received by the transceiver and information generated by the controller.

[0255] Figure 14 A flowchart is shown of a method for a smart security platform or terminal according to various embodiments of the present disclosure.

[0256] exist Figure 14 In this implementation, the terminal may be, for example, the SSP terminal described above, and the smart security platform may be, for example, an iSSP that includes multiple telecom bundles and SPBLs.

[0257] exist Figure 14 In this implementation, the operation of the terminal or security platform can be the operation of a controller that controls the corresponding operation.

[0258] refer to Figure 14 The terminal (or smart security platform) can activate / enable the first telecommunications bundle of the smart security platform (operation 1410). In an implementation, the terminal (or security platform) can enable the first telecommunications bundle (communication bundle) among multiple telecommunications bundles of the smart security platform.

[0259] The activation process for the bundled package can be found here. Figure 10 and Figure 11 For example, activating the first telecommunications bundle may include sending a bundle activation / enable command, including an identifier of the first telecommunications bundle, to the smart security platform. The bundle activation command can be sent from the terminal's LBA to the smart security platform's SPBL. In this case, the smart security platform can activate the first telecommunications bundle based on the bundle activation command for the first telecommunications bundle. According to an implementation, the bundle activation command may also include an identifier of the first SIM port.

[0260] The terminal (or intelligent security platform) can form / generate a first APDU channel between the activated first telecommunications bundle and the terminal's modem (Operation 1420). Figure 14 In one implementation, the modem may be a modem host domain or a modem host within a modem host domain. In another implementation, the terminal (or smart security platform) may generate a first channel for communication between the enabled first telecommunications bundle and the terminal's modem.

[0261] The APDU pipeline formation process can be referenced. Figures 3 to 11 For example, the first APDU channel can be formed between the modem gateway and the gateway of the activated first telecommunications bundle according to a predetermined scheme. Figure 7B As shown, the modem may include a multiplexer connected to the modem's gateway, and in this case, a second APDU pipeline may also be formed between the modem's gateway and the gateway of a second telecommunications bundle of the smart security platform, the second telecommunications bundle being different from the first telecommunications bundle.

[0262] The terminal (or smart security platform) can map the formed first APDU pipe to a first SIM port (operation 1430). In an implementation, the terminal (or smart security platform) can use the identifier of the SIM port to map the generated first pipe to the first SIM port among multiple SIM ports of the modem. Therefore, the first telecommunications bundle can be connected to the first logical baseband associated with the first SIM port. The mapping process can be referenced... Figure 10 and Figure 11 For example, mapping may include sending a mapping request to the modem to map the formed first APDU pipe to a first SIM port of the modem, and the mapping request may include an identifier of the first SIM port. The mapping request may be sent to the modem from the terminal's LBA or from the smart security platform's SPBL. According to an implementation, the mapping request may also include an identifier of the first APDU pipe.

[0263] In the detailed embodiments described above in this disclosure, elements included in this disclosure are represented in a singular or plural form according to the presented detailed embodiments. However, for the sake of convenience, the singular or plural form has been suitably chosen as presented, and this disclosure is not limited to elements represented in a singular or plural form. Thus, an element represented in a plural form may also include a single element, or an element represented in a singular form may also include multiple elements.

[0264] Although specific embodiments have been described in detail in this disclosure, various modifications and changes can be made thereto without departing from the scope of this disclosure. Therefore, the scope of this disclosure should not be limited to the embodiments, but should be defined by the appended claims and their equivalents.

[0265] It should be understood that the various embodiments of this disclosure and the terminology used are not intended to limit the technical features set forth herein to specific embodiments, and include various modifications, equivalents, or alternatives to the respective embodiments. Regarding the description of the drawings, similar reference numerals may be used to designate similar or related elements. The singular form of a noun corresponding to an item may include one or more of the things, unless the relevant context clearly indicates otherwise. As used herein, each of the phrases such as “A or B,” “at least one of A and B,” “at least one of A or B,” “A, B, or C,” “at least one of A, B, and C,” and “at least one of A, B, or C” may include all possible combinations of items listed together in a corresponding phrase. As used herein, terms such as “first,” “second,” “the first,” and “the second” may be used simply to distinguish a corresponding element from another element and do not otherwise limit the element (e.g., importance or order). It should be understood that if an element (e.g., the first element) is referred to (with or without the terms “operably” or “communically”) as being “connected to another element (e.g., the second element),” “linked to another element (e.g., the second element),” “connected to another element (e.g., the second element),” or “attached to another element (e.g., the second element)”, this means that the element can be directly (e.g., wired), wirelessly, or via another element (e.g., the third element) connected to or linked to other elements.

[0266] As used herein, the term "module" can include units implemented in hardware, software, or firmware, and may be used interchangeably with other terms (e.g., "logic," "logic block," "component," or "circuit"). A "module" can be the smallest unit or part of a single integrated component suitable for performing one or more functions. For example, according to an implementation, a "module" may be implemented as an application-specific integrated circuit (ASIC).

[0267] The various implementations described herein can be implemented as software (e.g., a program) comprising instructions stored in a machine-readable storage medium (e.g., internal or external memory). A machine is a means that can invoke stored instructions from the storage medium and operate according to the invoked instructions, and may include terminals according to various implementations. When the instructions are executed by a processor, the processor can perform the function corresponding to the instructions, with or without one or more other components under the processor's control. Instructions may include code generated or executed by a compiler or interpreter.

[0268] Machine-readable storage media may be provided in the form of non-transitory storage media. The term "non-transitory" simply means that the storage medium is a tangible device and does not include signals; however, this term does not distinguish between locations where data is stored semi-permanently and locations where data is temporarily stored in the storage medium.

[0269] Methods according to various embodiments of this disclosure may be included and provided in a computer program product. The computer program product may be traded as a product between a seller and a buyer. The computer program product may be distributed in the form of a machine-readable storage medium (e.g., an optical disc read-only memory (CD-ROM)) or via application storage (e.g., the Play Store). TM Distribution can be online (e.g., download or upload) or directly between two user devices (e.g., smartphones). If distributed online, at least a portion of the computer program product may be temporarily generated or at least temporarily stored in a machine-readable storage medium, such as the memory of a manufacturer's server, an app store server, or a relay server. According to various embodiments, each element described above (e.g., a module or program) may include a single entity or multiple entities, and some of the related sub-elements described above may be omitted, or other sub-elements may be included in various embodiments. Optionally or additionally, some elements (e.g., modules or programs) may be integrated into a single element. In this case, the integrated element may perform the functions performed by the respective related elements prior to integration in the same or similar manner. According to various embodiments, operations performed by a module, program, or another element may be performed sequentially, in parallel, repeatedly, or tentatively, or one or more of the operations may be performed in a different order or omitted, or one or more other operations may be added.

[0270] The embodiments of this disclosure described and illustrated in the specification and drawings are merely specific examples presented to readily explain the technical content of this disclosure and to aid in understanding it, and are not intended to limit the scope of this disclosure. Therefore, the scope of this disclosure should be interpreted to include all changes and modifications derived from this disclosure other than those disclosed herein.

[0271] Furthermore, some or all of the specific embodiments of the various implementations described above may be performed in combination with some or all of one or more other embodiments.

[0272] Although this disclosure has been described with reference to various embodiments, those skilled in the art can suggest various changes and modifications. This disclosure is intended to include such changes and modifications that fall within the scope of the appended claims.

Claims

1. A method for a terminal including a Smart Security Platform (SSP), the method comprising: The terminal sends a bundle enable command to the SSP's secondary platform bundle payload SPBL via the terminal's local bundle assistant (LBA). The bundle enable command includes the identifier of the first telecommunications bundle among the SSP's multiple telecommunications bundles. The first telecommunications bundle is activated via the SPBL based on the bundle activation command. A first channel for communication between the enabled first telecommunications bundle and the modem of the terminal is generated via a modem. The terminal sends a mapping request to the modem via the LBA to map the generated first pipe to the first SIM port among the multiple subscriber identification module SIM ports of the modem. as well as The modem maps the generated first pipe to the first SIM port based on the mapping request. Wherein, the first SIM port is associated with the first baseband, and The mapping request includes the identifier of the first SIM port and the identifier of the first pipe.

2. The method according to claim 1, further comprising: Based on a predetermined configuration, the first channel is generated between the gateway of the enabled first telecommunications bundle and the first gateway of the modem.

3. The method according to claim 2, wherein, The first gateway of the modem is connected to the first baseband.

4. The method according to claim 3, further comprising: A second conduit is generated between the second gateway of the SSP's second telecommunications bundle and the second gateway of the modem, wherein the second gateway of the modem is different from the first gateway of the modem that is connected to the first baseband.

5. The method according to claim 3, wherein, The first gateway of the modem is connected via a multiplexer to a plurality of basebands, including the first baseband, each of the plurality of basebands being associated with a single SIM port.

6. The method according to claim 5, further comprising: A second conduit is created between the gateway of the second telecommunications bundle of the SSP and the first gateway of the modem connected to the first baseband.

7. The method according to claim 1, wherein, The first pipe is an Application Protocol Data Unit (APDU) used for APDU communication.

8. The method according to claim 2, wherein, The first telecommunications bundle enabled has a UICC service gateway, and the modem's first gateway is a UICC application gateway.

9. A terminal including an intelligent security platform (SSP), the terminal comprising: transceiver; as well as A controller, operably connected to the transceiver, is configured to: The terminal's Local Bundle Assistant (LBA) sends a bundle activation command to the SSP's Secondary Platform Bundle Payload (SPBL). This bundle activation command includes the identifier of a first telecommunications bundle among the SSP's multiple telecommunications bundles and the identifier of a first SIM port among the terminal's modem's multiple Subscriber Identity Module (SIM) ports. The first telecommunications bundle is activated via the SPBL based on the bundle activation command. The modem generates a first channel for communication between the enabled first telecommunications bundle and the modem of the terminal. The terminal sends a mapping request to the modem via the LBA or the SPBL of the SSP to map the generated first pipe to a first SIM port among the multiple subscriber identity module SIM ports of the modem. The modem maps the generated first pipe to the first SIM port based on the mapping request. Wherein, the first SIM port is associated with the first baseband, and The mapping request includes the identifier of the first SIM port and the identifier of the first pipe.

10. A method for a terminal including a Smart Security Platform (SSP), the method comprising: The terminal sends a bundle enable command to the SSP's secondary platform bundle payload SPBL via the terminal's local bundle assistant (LBA). The bundle enable command includes the identifier of the first telecommunications bundle among the multiple telecommunications bundles of the SSP and the identifier of the first SIM port among the multiple subscriber identification module (SIM) ports of the terminal's modem. The first telecommunications bundle is activated via the SPBL based on the bundle activation command. The modem generates a first channel for communication between the enabled first telecommunications bundle and the modem of the terminal. The SPBL of the SSP sends a mapping request to the modem to map the generated first pipe to the first SIM port among the plurality of SIM ports of the modem. as well as The modem maps the generated first pipe to the first SIM port based on the mapping request. The first SIM port is associated with the first baseband.

Images