CLIAMS:
1. A method of accessing user credentials for changing Mobile Network Operator (MNO), the method comprising:
storing, by a first MNO, a plurality of user credentials corresponding to an operational profile of a subscriber in an elementary file in a Universal Integrated Circuit Card (UICC);
transmitting, by a second MNO, a request for accessing the user credentials to a subscription manager secure routing (SM-SR); and
accessing, by the SM-SR, the user credentials from the Universal Integrated Circuit Card (UICC).

2. The method of claim 1 further comprising:
authenticating, by the second MNO, the user credentials received from the SM-SR; and
enabling/ registering the operational profile of the subscriber with the second MNO.

3. The method of claim 1, wherein the user credentials are stored in the UICC in at least one of the elementary file (EF) form, a file structure form of tag, length, value (TLV), and an applet form.

4. The method of claim 1, wherein the first MNO stores the user credentials in the UICC during a first time authentication of the subscriber.

5. The method of claim 1, wherein the UICC comprises at least one of:
Embedded UICC (eUICC);
Subscriber identity module (SIM)
UMTS subscriber identity module (USIM); and
CDMA subscriber identity module (CSIM).

6. The method of claim 1, wherein the MNO is adapted to use an Over the Air (OTA) Platform to manage the content of the enabled user profile in the eUICC.

7. An universal integrated circuit card (UICC) interworking with external entities including a Mobile Network Operator (MNO) system and a Subscription Manager (SM) system, wherein the UICC includes profile access credentials which can decrypt an operational profile transmitted from one of the external entities, and the UICC provides the user credentials. ,TagSPECI:FIELD OF THE INVENTION

The present invention generally relates to the field of communication devices, and more particularly relates to a method and system of accessing user credentials for changing Mobile Network Operator (MNO).

BACKGROUND OF THE INVENTION

Universal integrated circuit card (UICC) is a smart card used in electronic devices. The UICC can be used in global system for mobile communication (GSM) network and in universal mobile telecommunication system (UMTS) network. In the GSM network, the UICC comprises of subscriber identity module (SIM) application and in UMTS, the UICC comprises of Universal SIM application.

In 2G network, the SIM card and the SIM application are bound together, so that "SIM card" could mean the physical card, or any physical card with the SIM application. In 3G and 4G networks, USIM, CSIM, and SIM card applications are bound together and are running on a UICC card. The UICC smart card consists of a CPU, ROM, RAM, EEPROM and I/O circuits.

The conventional universal integrated circuit card (UICC) is customized by an operator, and includes related information about the operator at delivery. After delivery, the information about the operator cannot be changed.

An embedded UICC (eUICC) is another type of UICC that is embedded into the electronic device. The eUICC’s are used mainly by devices of type Machine-2-Machine (M2M) communication and Internet of Things. In practice, the eUICC is a same type of chip of a normal SIM card but available in a surface mount SON-8 and is soldered to a circuit board as part of the manufacturing process, and thereby improving the resistance, reliability and security of the device from removing or swapping the plastic SIM card.

The eUICC can be implemented by a mobile network operator (MNO or only called as “operator”) and a corresponding subscription manager-secure routing unit (SM-SR) can perform remote management on the eUICC for various activities that includes, but not limited to, downloading data of the operator, handing over to or accessing a mobile network of the operator, and the like.

The eUICC can be a non-removable, fixed SIM card in the device that can be accessed by the user for various applications and service can be provided by the MNO using SM-SR.

Upon registering with the MNO, the UICC user credentials such as, but not limited to, user details, one or more identity proof documents, one or more address proof documents, one or more photographs, biometric credentials such as thumb impression, retina scan, and the like, signature, and the like can be received, authenticated and stored with the MNO for future use and security.

But, when the user wishes to switch his subscription from existing MNO to a new MNO, both in pre-paid and post-paid connection, the user needs to send an application along with user credentials to the new MNO. The existing MNO may not need the user credentials once the user switches to the new MNO. Further, the user has to provide hard copy of the same user credentials to the new MNO that leads to more time consumption. Further, there are chances that the user credentials that are still available with the existing MNO might be misused in one or the other way once the subscription gets switched to the new MNO.

Figure 1 is a schematic flow diagram 100 illustrating a method of enabling profile of a subscriber, according to the existing art. The flow diagram 100 illustrates interaction between the MNO 102, a subscription manager-secure routing unit (SM-SR) 104, and a eUICC 106 present in a wireless device. According to the flow diagram 100, at step 108, the MNO 102 sends a profile enabling request to the SM-SR 104, wherein the request comprises of unique eUICC ID (EID), integrated circuit card (ICC) ID and other information of the eUICC for which the operator has to be switched/ swapped.

Upon receiving the request, at step 110, the SM-SR 104 conducts POL2 check for currently enabled operator profile of a subscriber, wherein POL2 is policy rules associated to a profile of the subscriber and stored in relevant eUICC information set (EIS) at the SM-SR and the target profile of the subscriber. At step 112, the SM-SR 104 sends a POL2 conflict notification to the MNO 102. At step 114, the SM-SR 104 initiates authentication of user of the eUICC 106, wherein authentication includes receiving identification documents of the user and verifying the authenticity of the user. Further, at step 116, the SM-SR 104 transmits a profile enabling request (ISD-P-AID) message to the eUICC 106. At step 118, the eUICC 106 conducts the POL1 check at its end, wherein the POL1 is policy rules within the profile of the subscriber. At step 120, the eUICC 106 transmits POL1 conflict notification message to the SM-SR 104. Upon sending the POL1 conflict notification, at step 122, the eUICC 106 disables the currently enabled operator profile of the subscriber and enable the target profile of the subscriber.

Further, at step 124, the eUICC 106 transmits profile switch confirmation message to the SM-SR 104. Upon receiving the profile switch confirmation message, at step 126, the SM-SR 104 can perform EIS update, wherein the SM-SR 104 enables the target profile of the subscriber and disables the previous operator profile of the subscriber. At step 128, the SM-SR 104 can transmit the MNO 102 profile switch result message along with the EID, ICCID and other information of the eUICC 106. There is no method and system exist in the current art that can reduce the complexity involved in submitting user credentials to the new MNO while switching from existing MNO to the new MNO.

Thus, there exists a need for a system and method that can reduce the submission process of hard copy user credentials to the new MNO, and thereby reducing the threat of misuse of user credentials.

The above mentioned shortcomings, disadvantages and problems are addressed herein and which will be understood by reading and studying the following specification.

SUMMARY OF THE INVENTION

The various embodiments herein disclose a method and system of accessing user credentials for changing Mobile Network Operator (MNO). According to an embodiment of the present invention, a method of accessing user credentials for changing Mobile Network Operator (MNO), the method comprising storing, by a first MNO, a plurality of user credentials corresponding to an operational profile of a subscriber in an elementary file in a Universal Integrated Circuit Card (UICC), transmitting, by a second MNO, a request for accessing the user credentials to a subscription manager secure routing (SM-SR), and accessing, by the SM-SR, the user credentials from the Universal Integrated Circuit Card (UICC). The method can further comprise of authenticating, by the second MNO, the user credentials received from the SM-SR, and enabling/ registering the operational profile of the subscriber with the second MNO.

According to an embodiment of the present invention, the user credentials are stored in the UICC in at least one of the elementary file (EF) form, a file structure form of tag, length, value (TLV), and an applet form. According to another embodiment of the present invention, the first MNO stores the user credentials in the UICC during a first time authentication of the subscriber. According to another embodiment of the present invention, the UICC comprises at least one of Embedded UICC (eUICC), Subscriber identity module (SIM), UMTS subscriber identity module (USIM), and CDMA subscriber identity module (CSIM). According to an embodiment of the present invention, the MNO is adapted to use an Over the Air (OTA) Platform to manage the content of the enabled operational profile in the eUICC.

According to another embodiment of the present invention, an universal integrated circuit card (UICC) interworking with external entities including a Mobile Network Operator (MNO) system and a Subscription Manager (SM) system, wherein the UICC includes profile access credentials which can decrypt an operational profile transmitted from one of the external entities, and the UICC provides the user credentials.

The foregoing has outlined, in general, the various aspects of the invention and is to serve as an aid to better understanding the more complete detailed description which is to follow. In reference to such, there is to be a clear understanding that the present invention is not limited to the method or application of use described and illustrated herein. It is intended that any other advantages and objects of the present invention that become apparent or obvious from the detailed description or illustrations contained herein are within the scope of the present invention.

BRIEF DESCRIPTION OF THE DRAWINGS

The other objects, features and advantages will occur to those skilled in the art from the following description of the preferred embodiment and the accompanying drawings in which:

Figure 1 is a schematic flow diagram illustrating a method of enabling profile of a subscriber, according to the existing art.

Figure 2 is a schematic flow chart illustrating a method of accessing user credentials for changing Mobile Network Operator (MNO), according to an embodiment of the present invention.

Figure 3 is a schematic flow diagram illustrating a method of accessing user credentials for changing Mobile Network Operator (MNO), according to an embodiment of the present invention.

Figure 4 is a schematic block diagram illustrating an embedded universal integrated circuit card (eUICC) interworking with a Mobile Network Operator (MNO) system and a Subscription Manager secure routing (SM-SR) system, according to an embodiment of the present invention.

Although specific features of the present invention are shown in some drawings and not in others. This is done for convenience only as each feature may be combined with any or all of the other features in accordance with the present invention.

DETAILED DESCRIPTION OF THE INVENTION

The present invention provides a method and system of accessing user credentials for changing Mobile Network Operator (MNO). In the following detailed description of the embodiments of the invention, reference is made to the accompanying drawings that form a part hereof, and in which are shown by way of illustration specific embodiments in which the invention may be practiced. These embodiments are described in sufficient detail to enable those skilled in the art to practice the invention, and it is to be understood that other embodiments may be utilized and that changes may be made without departing from the scope of the present invention. The following detailed description is, therefore, not to be taken in a limiting sense, and the scope of the present invention is defined only by the appended claims.

The specification may refer to “an”, “one” or “some” embodiment(s) in several locations. This does not necessarily imply that each such reference is to the same embodiment(s), or that the feature only applies to a single embodiment. Single features of different embodiments may also be combined to provide other embodiments.

As used herein, the singular forms “a”, “an” and “the” are intended to include the plural forms as well, unless expressly stated otherwise. It will be further understood that the terms “includes”, “comprises”, “including” and/or “comprising” when used in this specification, specify the presence of stated features, integers, steps, operations, elements and/or components, but do not preclude the presence or addition of one or more other features integers, steps, operations, elements, components, and/or groups thereof. As used herein, the term “and/or” includes any and all combinations and arrangements of one or more of the associated listed items.

Unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this disclosure pertains. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the relevant art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.

The present invention provides a method and system of accessing user credentials for changing Mobile Network Operator (MNO), wherein modifications are made in file structure of universal integrated circuit card (UICC) such that user credentials can be easily and directly provided to a new mobile network operator (MNO), and thereby saving time and process of submitting hard copies of user credentials from the user end. The present invention can be described with respect to the herein below mentioned exemplary embodiments represented in the drawings, but not to limit the scope of the invention.

Figure 2 is a schematic flow chart 200 illustrating a method of accessing user credentials for changing Mobile Network Operator (MNO), according to an embodiment of the present invention. The present embodiment can be described with respect to the scenario, wherein an operational profile of a subscriber of a Universal Integrated Circuit Card (UICC) is registered with a first MNO and the subscriber of the UICC wishes to switch to a second MNO. In an embodiment of the present invention, the UICC can be any of the, but not limited to, eUICC, USIM, CSIM, SIM, and the like. The person having ordinarily skilled in the art can understand that the present method can be implemented for switching MNO for any of the known UICC, without departing from the scope of the invention.

According to the flow chart, at step 202, the method comprises step of storing, by a first MNO, a plurality of user credentials corresponding to an operational profile of a subscriber in an elementary file in the Universal Integrated Circuit Card (UICC). According to the present invention, the UICC comprises of a new file called as the elementary file that can be used for storing the plurality of user credentials corresponding to the operational profile of the subscriber, wherein the operational profile of the subscriber can be the active profile of the subscriber for which the user wishes to switch the first MNO to the second MNO. The subscriber is subscribed with the first MNO and the first MNO stores the user credentials corresponding to the subscriber in the elementary file of the UICC during first time authentication of the subscriber.

In an embodiment of the present invention, user credentials corresponding to the subscriber that can be stored in the elementary file by the first MNO can be any of certificates/ documents that can include one or more of, but not limited to, user photo, duplicate copy of passport, school/ college marks sheet, PAN card, electricity bill invoice, driving license, aadhar card, any of the national identity proof, company id, ration card, biometric inputs such as, thumb impression, retina scan, full set of finger scan, and the like, signature and the like that can be used to verify and validate the user.

In another embodiment of the present invention, the information can be stored in the eUICC in at least one form among, but not limited to, the elementary file (EF) form, a file structure form of tag, length, value (TLV), an applet form, and the like. In another embodiment of the present invention, the elementary file (EF) can be of the form EF id XX(User_Info), wherein EF id is the identification number assigned to the elementary file (EF) from the SM-SR, and User_Info can be the information that are stored in the EF associated with the user profile. The structure and format of the EF can vary from one user profile to the other based on the information being stored in the eUICC and the format being selected by the SM_SR. The person having ordinarily skilled in the art can understand that any of the other standard file format and structure can be used for storing the elementary file in the eUICC without departing from the scope of the invention.

At step 204, the method comprises step of transmitting, by the second MNO, a request for accessing the user credentials to a subscription manager secure routing (SM-SR). Initially, the subscriber having the operational profile with the first MNO wishes to switch to the second MNO, which will be a new MNO for the subscriber for accessing the UICC features. Once the subscriber places a request for accessing the UICC from the second MNO, the second MNO transmits profile enabling request message to the SM-SR. The SM-SR receives the message, checks for the first MNO, identifies the second MNO is requesting based on the subscriber request, and transmits the operational profile switch enable message to the second MNO. The second MNO receives the profile switch enable message from the SM-SR.

In an embodiment of the present invention, the profile switch enable message transmitted by the SM-SR comprises of information such as, but not limited to, eUICC identification (EID), identity of the SM-SR (SRID), Integrated Circuit Card ID (ICCID) corresponding to the user profile in the eUICC and the like. The information provided in the profile switch enable message can allow the MNO to identify the eUICC as well as user profile confirmation based on the ICCID. The person having ordinarily skilled in the art can understand that any other additional information can be provided as part of the profile switch enable message along with the hereinabove mentioned information, without departing from the scope of the invention.

Upon receiving the message, from the SM-SR, the second MNO transmits the request to access the user credentials to the SM-SR. In an embodiment of the present invention, the request message for accessing the user credentials corresponding to the operational profile can comprise of an ID of the UICC. In another embodiment of the present invention, the request message can comprise of operational profile ID using which the user credentials are to be obtained. The person having ordinarily skilled in the art can understand that any of the identification information is attached along with the request message for accessing user credentials such that the user credentials corresponding to the operational profile can be easily identified from the UICC, without departing from the scope of the invention.

Further, at step 206, the method comprises step of the SM-SR accessing the user credentials from the Universal Integrated Circuit Card (UICC). The second MNO transmits the request to the SM-SR for accessing the user credentials corresponding to the operational profile stored in the elementary file (EF) which the second MNO wishes to access. The SM-SR receives the request from the second MNO, accesses the elementary file of the UICC, and obtains the user credentials corresponding to the operational profile from the elementary file (EF) from an ISD- R associated with the Universal Integrated Circuit Card (eUICC) based on an elementary file name received from the second MNO.

The method further comprises step of authenticating, by the second MNO, the user credentials received from the SM-SR. Upon receiving the user credentials from the SM-SR, the second MNO can verify and validate the contents of the user credentials to authenticate the same. The authentication of the user credentials is essential as the user credentials can validate that the user is the true and original owner of the device in which the UICC is present.

The method further comprises the step of enabling/ registering the operational profile of the subscriber with the second MNO. If the authentication of the operational profile is successful, then the second MNO can inform the SM-SR that the user profile is successfully authenticated and hence eligible for registration with the second MNO. Upon receiving the information from the second MNO, the SM-SR can enable the operational profile for registering with the second MNO. As the second MNO can receive the user credentials corresponding to the operational profile of the subscriber from the SM-SR, the subscriber need not to submit the user credentials or hard copy of documents to the second MNO in person, but can directly obtain the same user credentials saved in the elementary file of the UICC by the first MNO itself. Thus, the present invention reduces the burden of repeated submission of user credentials and documents to the second MNO and thus simplifying the registration process with the new MNO.

In an embodiment of the authentication of the subscriber fails, then the second MNO can disable the operational profile of the subscriber. In another embodiment of the present invention, if the authentication of the operational profile of the subscriber fails, then the second MNO can request the subscriber to submit new user credentials for authentication such that the subscriber can avail the services of the second MNO. According to an embodiment of the present invention, the second MNO can manage the contents of the operational profile that is enabled after authentication. In an embodiment of the present invention, the MNO can use an Over the Air (OTA) Platform to manage the content of the enabled user profile in the UICC.

According to an embodiment of the present invention, SM-SR can access the elementary file of the UICC, access user credentials corresponding to the operational user stored in the elementary file by the first MNO, and provide the necessary information to the second MNO. In another embodiment of the present invention, both the SM-SR and one or more MNOs can access the elementary file, and obtain the user credentials corresponding to the subscriber while authenticating the operational profile of the subscriber before enabling/ registration. The SM-SR can monitor and allocate the one or more accessing privileges and restrictions to the one or more MNOs, without departing from the scope of the invention.

Consider an exemplary scenario, wherein one or more operational profiles can be saved in the eUICC, which can be registered with one or more MNOs. When the subscriber with one of the operational profiles saved in the eUICC wishes to switch the MNO, the subscriber can send a request, which will be received by the second MNO. Upon receiving the request, the second MNO can send a profile enabling request to the SM-SR, which will be acknowledged by a profile switch enable message, wherein the profile switch enable message can comprise of SM-SR ID, EID, and ICCID.

Upon receiving the profile switch enable message, the second MNO can request for viewing the operational profile, wherein the second MNO can mention the identification details for identifying particular operational profile. The SM-SR can access the elementary file, access the user credentials corresponding to the operational profile of the subscriber stored in the elementary file by the first MNO, and provide the user credentials to the second MNO with respect to the requested operational profile. The second MNO can receive the user credentials and authenticate the operational profile based on the received user credentials. Upon successful authentication, the second MNO can allow registration of the operational profile with its network to access services.

It is to be observed that more than one operational profiles can be saved in the eUICC, which can be registered with one or more MNOs. But, it is to be remembered that the operational profile can be registered with only one MNO at a time. When the subscriber wishes to switch the registration from one MNO to the another MNO, then the registration and other permissions with respect to accessing that particular operational profile can be transferred from the existing MNO to the registered MNO.

In an embodiment of the present invention, only the MNO with which the operational profile is currently registered, along with the SM-SR, have permissions to access the information of the subscriber, and can make modifications in the user credentials. Thus, the operational profile can be kept as private, and only the currently registered MNO can access the operational profile. In another embodiment of the present invention, the MNO with which the operational profile is currently registered, MNOs with which the user was previously registered, along with SM-SR, have permissions to access the user credentials of the subscriber, and can make modifications in the user credentials. In another embodiment of the present invention, the SM-SR can allow previously registered MNO to only view the user credentials but not to make any modifications in the user credentials.

Yet in another embodiment of the present invention, the user credentials present in the elementary file of the eUICC with respect to operational profile of the subscriber can be made public to all the available MNOs, wherein the MNOs can view the operational profile, but are restricting from modifying the user credentials. The person having ordinarily skilled in the art can understand that the policies with respect to accessing and modifying the user credentials from the operational profile of the eUICC can be varied and modified according to the requirement, without departing from the scope of the invention.

Figure 3 is a schematic flow diagram 300 illustrating a method of accessing user credentials for changing Mobile Network Operator (MNO), according to an embodiment of the present invention. According to the diagram 300, the method described interaction between a MNO 302, a SM-SR 304, and a eUICC ISD-R 306. According to the flow diagram 300, initially, subscriber sends a request to the MNO 302 for switching to the network of the MNO 302 from the existing MNO (not shown in Figure). The MNO 302 requests the SM-SR 304 by sending a profile enable request message. At step 308, the SM_SR 304 can transmit the profile switch result as enabled along with SRID, EID, and ICCID among other information.

At step 310, the MNO 302 can transmit an access user information message to the SM-SR 304 along with the EID. Upon receiving the message from the MNO 302, at step 312, the SM-SR 304 can transmit a GET DATA message to the eUICC ISD-R 306, wherein the GET DATA message can comprise of eUICC controlling authority security domain (ecasd) application identifier (aid), EF ID XX (user_info) and the like. Upon receiving the GET DATA request, at step 314, the eUICC ISD-R 306 transmits response to the SM-SR 304, wherein the response comprises of DATA accessed from EF XX.

Upon receiving the response from the eUICC ID-R 306, at step 316, the SM-SR 304 can transmit the same response to the MNO 302. At step 318, the MNO 302 can authenticate the subscriber by verifying and validating the user credentials obtained from the response message received from the SM-SR 304. Upon successful authentication of the user credentials, the MNO 302 can allow subscriber registration.

Figure 4 is a schematic block diagram illustrating an embedded universal integrated circuit card (eUICC) 400 interworking with a Mobile Network Operator (MNO) system and a Subscription Manager secure routing (SM-SR) system, according to an embodiment of the present invention. According to the block diagram, the eUICC 400 comprises of a eUICC Identity (eUICC ID) 402, a eUICC controlling authority security domain (ECASD) 404, an ISD-R 406, one ur more user profiles operational profile 1 408a, operational profile 2 408b, … operational profile n 408n, and an elementary file (EF) 410. The eUICC ID 402 can be used for identifying the eUICC 400. Further, the block diagram comprises of eUICC controlling authority security domain (ECASD) 404 that is created while manufacturing the eUICC 400. The ECASD 404 comprises of one or more of, but not limited to, eUICC private keys, the associated certificates, the CI’s root public keys, and the like. The ECASD 404 takes care of establishment of new keysets in ISD-R 406.

The eUICC 400 can further comprise of issuer security domain root (ISD-R) 406, wherein the ISD-R 406 can also be created while manufacturing of the eUICC 400. The ISD-R 406 can be associated with SM-SR (not shown in the Figure) by establishing a secure connection with the SM-SR. The ISD-R 406 can perform wrapping and unwrapping of operational profiles 408a, 408b… 408n during profile download process by the SM-SR. Further, the ISD-R 406 can execute platform management functions in accordance with the policy rules set by the SM-SR.

Further, the eUICC 400 comprises of one or more operational profiles 408a, 408b,… 408n. The operational profiles 408a, 408b… 408n can comprise of plurality of information and files such as, but not limited to, file systems with respect to the operational profile, applets, policy rules associated with the particular profile, issuer security domain profile (ISD-P), mobile network operator security domain (MNO-SD) and the like. Each of the operational profile can be controlled by one mobile network operator (MNO) (not shown in the Figure). In an embodiment of the present invention, one or more operational profiles 408a, 408b,… 408n of all the operational profiles stored in the eUICC 400 can be enabled and controlled by one or more MNOs simultaneously. In another embodiment of the present invention, one or more operational profiles 408a, 408b,… 408n of all the operational profiles stored in the eUICC 400 can be disabled but still saved in the eUICC 400. The SM-SR holds permissions to delete or amend the operational profile, policies and permissions associated with the operational profile stored in the eUICC. The policies, structure, features and functionalities of the eUICC 400 is described in detail in the 3GPP standards, and hence does not described in detail.

The eUICC 400 further comprises of the elementary file (EF) 410, wherein all the user credentials with respect to one or more operational profiles 408a, 408b,… 408n can stored herein. In an embodiment of the present invention, the SM-SR can create one or more files within the elementary file (EF) 410 for saving user credentials associated with one or more user profiles 408a, 408b,… 408n. In an embodiment of the present invention, the user credentials with respect to the particular operational profile of the subscriber stored in the elementary file (EF) 410 can be accessed and user credentials can be obtained based on at least one of, but not limited to, a operational profile ID assigned by the SM-SR, file ID assigned to the subscriber file stored within the elementary file (EF) 410, and the like. The SM-SR can access the elementary file (EF) 410 based on the request from the MNO, obtain the user credentials associated with the operational profile present in the eUICC 400 and can provide the information to the MNO for authentication of the user.

In an embodiment of the present invention, the operational profile can be switched from one MNO to the other MNO, and the user credentials stored in the elementary file 410 can be provided to the MNO. In an embodiment of the present invention, a new file can be created in the elementary file 410 which can only be accessed by the new MNO, as policies and accessing rights set by the SM-SR. In another embodiment of the present invention, the user credentials present in the file related to the existing MNO can remain in the same file of the elementary file 410, but the file access rights and policies can be changed for the new MNO, such that the new MNO can also access the user credentials, without departing from the scope of the invention.

The present embodiments have been described with reference to specific example embodiments; it will be evident that various modifications and changes may be made to these embodiments without departing from the broader spirit and scope of the various embodiments. Furthermore, the various devices, modules, and the like described herein may be enabled and operated using hardware circuitry, for example, complementary metal oxide semiconductor based logic circuitry, firmware, software and/or any combination of hardware, firmware, and/or software embodied in a machine readable medium. For example, the various electrical structure and methods may be embodied using transistors, logic gates, and electrical circuits, such as application specific integrated circuit.

Although the embodiments herein are described with various specific embodiments, it will be obvious for a person skilled in the art to practice the invention with modifications. However, all such modifications are deemed to be within the scope of the claims. It is also to be understood that the following claims are intended to cover all of the generic and specific features of the embodiments described herein and all the statements of the scope of the embodiments which as a matter of language might be said to fall there between.