The present invention relates to a method for
administering life cycles of communication profiles managed
by a subscriber identity module embedded or inserted in a
5 telecommunications terminal.
In known manner, in order to be able to communicate
with a given telecommunications network, wireless
telecommunications terminals, e.g. such as mobile
telephones or the equivalent, are designed to co-operate
10 with an identity module of a subscriber to that mobile
telephone network, also known as a universal integrated
circuit chip (UICC) or as a UICC module.
A UICC module may be in the form of a subscriber
identity module (SIM) card suitable for being inserted in
15 an appropriate telecommunications terminal. Such a SIM
card contains a set of files known as "personalization
data" or as a "communication profile", which files contain
subscription data suitable for giving access to the
network, and in particular a key and a unique international
20 mobile subscriber identity (IMSI) associated with a
particular subscription of a user with an associated mobile
network operator. Such a communication profile is
standardized.
The profile is stored in permanent manner in a read
25 only memory (ROM) of the SIM card so the SIM card is not
reprogrammable. That makes it possible in particular to
reduce the risk of fraud relating to the identity of the
user by making it more difficult to modify or duplicate the
SIM card or its subscription data.
30 Consequently, the only way for a user to change mobile
network operator is generally manually to replace the
current SIM card in the mobile telephone with a new SIM
card issued by a new operator selected by the user. The
new SIM card contains the subscription data needed to
35 access the network and the services specific to the new
operator.
3
A UICC module may also be in the form of an embedded
subscriber identity module (eUICC), enabling its user to
change operator without needing to physically replace the
eUICC module in the telecommunications terminal. Such
5 eUICC modules are more recent and they are defined in a
document ETSI TS 103 383 entitled "SmartCards, embedded
UICC, requirements specification" dated April 2014 (version
12.4.0). That document made by the European
Telecommunications Standards Institute (ETSI) defines an
10 eUICC module as a secure hardware element of small size,
that is not easily accessible or replaceable, and that
makes it possible to switch from one profile to another in
secure manner.
The eUICC module is suitable for containing a
15 plurality of communication profiles, each communication
profile, when active, giving the terminal access in secure
manner to an operator's network and to the services defined
by the profile in question. It is thus possible to change
operator or to modify access to services by changing the
20 active communication profile in the eUICC module.
A communication profile is installed, uninstalled,
activated, and/or deactivated by means of a process of
administering the life cycle of a profile. This process
may also serve to administer the files of communication
25 profiles and to switch from one profile to another.
Various processes exist for administering the life
cycle of a communication profile. Each of these processes
may make use of one or more specific commands, that need
not be supported by another process. Specifically,
30 commands of the "GSMA" and "ETSI" types are not uniform at
present. Other processes, such as those disclosed in
application US 2012/0221292 are not standardized.
Furthermore, a given command may be interpreted in
different ways as a function of the process of
35 administering under consideration (i.e. in application of
different rules).
4
There thus exist problems of compatibility between a
module and a terminal when the module and the terminal do
not support the same process of administering the life
cycle of a communication profile, and this non-
5 compatibility can give rise errors in the operation of the
module and/or of the terminal.
One of the objects of the invention is to avoid such
problems of compatibility.
10 Object and summary of the invention
To this end, the present invention provides an
administering method for administering life cycles of
communication profiles, the profiles being managed by a
subscriber identity module embedded in a telecommunications
15 terminal, the method being performed by the module,
each profile being configured to enable the terminal
to communicate with a mobile telephone network in
compliance with the communication profile when the
communication profile is active,
20 said module being suitable for using at least one
process of administering, the process being suitable for
administering the life cycles of each of the profiles, the
process using a set of at least one command and/or at least
one rule,
25 the method comprising the steps of:
· receiving a message issued by the terminal and
representative of the capabilities of the terminal;
· selecting or not selecting the set used by the
process as a function of the capabilities of the terminal;
30 and
· if the set is selected, administering at least one
life cycle of at least one of the profiles by using the set
of at least one command and/or of at least one rule.
Thus, the module selects a set of at least one command
35 and/or of at least one rule enabling at least one life
cycle of at least one of the profiles to be administered as
a function of the capabilities of the terminal.
5
The invention supports a plurality of particular
situations:
· either the message issued by the terminal includes
explicitly the capability of the terminal to support the
5 process of administering supported by the module;
· or else the message issued by the terminal includes
implicitly the capability of the terminal to support the
process of administering supported by the module, and the
module deduces this capability from said content of the
10 message.
In the second situation (message including the
capability of the terminal implicitly):
· either the message has no information about the
capability of the terminal for supporting the process of
15 administering supported by the module, from which the
module deduces that the terminal does not support the
process of administering;
· or else the module deduces the capability of the
terminal to support the process of administering supported
20 by the module from the capabilities transmitted by means of
the message issued by the terminal.
In a particular implementation, the message issued by
the terminal includes explicitly the capability of the
terminal to use (or support) the process.
25 In a particular implementation, the step of selecting
or not selecting the set is also a function of the
capabilities of the module.
In a particular implementation, the method further
comprises the steps of:
30 · receiving a command for selecting a profile as
issued by the terminal; and
· selecting one of the profiles.
In a particular implementation, the communication
profile is selected depending on a predefined selection
35 rule stored in a non-volatile memory of the module.
In a particular implementation, the rule for selecting
a profile is a rule from among the following rules:
6
· selecting the most recently activated communication
profile of the module;
· selecting a priority communication profile in a list
stored in the module;
5 · selecting the sole communication profile of the
embedded subscriber identify module; or
· selecting a communication profile specified in the
command for selecting a communication profile.
In a particular implementation, the method further
10 includes a step of issuing a message to the terminal
including information about the capabilities of the module.
In a particular implementation, the message includes
information about the capabilities of the module includes:
· information about the process of administering used
15 by the module; and/or
· the number of communication profiles stored in the
module; and/or
· the type of file system supported by the module;
and/or
20 · information about the selected communication
profile.
In a particular implementation, the message including
information about the capabilities of said module
corresponds to at least one "BER-TLV" type object defined
25 by the ISO 7816-4 standard or by the ETSI TS 102.221
standard.
The present invention also provides a method for
administering life cycles of communication profiles, the
profiles being supported by a telecommunications terminal
30 suitable for co-operating with a subscriber identity module
embedded or inserted in the terminal, the method being
performed by the terminal,
each profile being configured to enable the terminal
to communicate with a mobile telephone network in
35 compliance with the communication profile when the
communication profile is active,
7
the terminal being suitable for using at least one
process of administering, the process being suitable for
administering the life cycles of each of the profiles, the
process using a set of at least one command and/or of at
5 least one rule,
the method including the following steps:
· issuing a message representative of the capabilities
of the terminal to the module;
· receiving a message including information about the
10 capabilities of the module, the message coming from the
module;
· selecting or not selecting the set used by the
process as a function of the capabilities of the module;
and
15 · if the set is selected, administering at least one
life cycle of at least one of the profiles by using the set
of at least one command and/or of at least one rule.
In a particular implementation, the method is
performed the first time the telecommunications terminal is
20 started.
In a particular implementation, the method further
comprises the step of:
· issuing a command for selecting a communication
profile to the module.
25 In a particular implementation, the command for
selecting a communication profile complies with the "select
file" APDU command defined by the ISO 7816-4 standard.
In a particular implementation, the message issued by
the terminal corresponds to a message issued using the
30 "terminal profile" APDU command defined by the ESTI
TS 102.221 standard, further including additional data
specifying that the terminal is suitable for supporting the
process of administering.
The present invention also provides a subscriber
35 identity module embedded in a telecommunications terminal,
the module being suitable for managing a plurality of
communication profiles,
8
each profile being configured to enable the terminal
to communicate with a mobile telephone network in
compliance with the communication profile when the
communication profile is active,
5 the module being suitable for using at least one
process of administering, the process being suitable for
administering the life cycles of each of the profiles, the
process using a set of at least one command and/or at least
one rule,
10 the module comprising:
· means for receiving a message issued by the
terminal, the message being representative of the
capabilities of the terminal; and
· means for selecting or not selecting the set used by
15 the process, as a function of the capabilities of the
terminal; and
· means for administering at least one life cycle of
at least one of the profiles, using the set of at least one
command and/or of at least one rule, if said set is
20 selected.
In a particular embodiment, the means for selecting or
not selecting a set select the set as a function also of
the capabilities of the module.
The present invention also provides a
25 telecommunications terminal suitable for co-operating with
a subscriber identity module embedded or inserted in the
terminal,
the terminal being suitable for supporting a plurality
of communication profiles,
30 each profile being configured to allow the terminal to
communicate with a mobile telephone network in compliance
with the communication profile when the communication
profile is active,
the telecommunications terminal being suitable for
35 using at least one process of administering, the process
being suitable for administering the life cycles of each of
9
the profiles, the process using a set of at least one
command and/or of at least one rule,
the terminal including:
· means for sending a message representative of the
5 capabilities of the terminal to the module;
· means for receiving a message including information
about the capabilities of the module, the message coming
from the module; and
· means for selecting or not selecting the set used by
10 the process as a function of the capabilities of the
module; and
· means for administering at least one life cycle of
at least one of the profiles by using the set of at least
one command and/or of at least one rule, if said set is
15 selected.
The present invention also provides a computer program
including instructions for executing steps of a method as
defined above when said program is executed by a processor.
The present invention also provides a processor20
readable data medium storing a computer program including
instructions for executing steps of an administering method
as defined above.
Brief description of the drawings
25 Other characteristics and advantages of the present
invention appear from the following description made with
reference to the accompanying drawings, which show an
implementation having no limiting character. In the
figures:
30 · Figure 1 schematically represents a subscriber
identity module in accordance with a particular embodiment
of the invention, this module being embedded in a
telecommunications terminal in accordance with a particular
embodiment of the invention;
35 · Figure 2 schematically represents the Figure 1
subscriber identity module, the module being embedded in a
conventional telecommunications terminal;
10
· Figure 3 schematically represents the Figure 1
telecommunications terminal, in which a conventional
subscriber identity module is inserted;
· Figures 4A and 4B show various communication profile
5 configurations stored in the Figure 1 module;
· Figure 5 shows a register stored in the Figure 1
module;
· Figure 6 is a flow chart showing the main steps of a
method for administering implemented by the module and the
10 terminal of Figure 1;
· Figure 7 is a flow chart showing the main steps of a
method for administering implemented by the Figure 2
module; and
· Figure 8 is a flow chart showing the main steps of a
15 method for administering implemented by the Figure 3
terminal.
Detailed description of embodiments
Figure 1 shows a subscriber identity module 100 in
20 accordance with a particular embodiment of the invention,
the subscriber identity module 100 being embedded in a
telecommunications terminal 110 in accordance with a
particular embodiment of the invention.
In the example of Figure 1, the subscriber identity
25 module 100 is an eUICC card. By way of example, this eUICC
card is soldered or integrated in the terminal 110.
This module is suitable for managing a plurality of
communication profiles P1-Pn. Each of these profiles P1-Pn
has a life cycle, which begins when the profile P1-Pn is
30 installed and which ends when the profile P1-Pn is
uninstalled. During the life cycle, the profile is thus
installed and uninstalled, but can also be activated and
deactivated. The files of the profile may also be
administered during its life cycle.
35 Furthermore, the module 100 is suitable for
supporting, i.e. for using, at least one process of
administering a profile life cycle, the process being
11
suitable for administering the life cycles of each of said
profiles P1-Pn. The process makes use of a set of at least
one command and/or at least one rule.
The term "process of administering a profile life
5 cycle" is used to mean a process enabling communication
profiles to be installed, uninstalled, activated, and
deactivated. The process may also enable the files of
communication profiles to be administered and enable
switching to be performed from one profile to another.
10 The command and/or the rule used by a process of
administering may be non-standard. Thus, another process
of administering may be unable to implement the command
and/or the rule, and may implement a different command
and/or rule.
15 The term "command" is used to mean a computer command,
i.e. an order to execute a task.
The term "rule" is used to mean a rule for
interpreting a command that has been received and for
responding to that command.
20 In addition, the terminal 110 is suitable for
supporting, i.e. for using, at least one process of
administering the life cycles of profiles. The process may
be the same process as the process supported by the module
100, or it may be a different process.
25 In an example, one of the processes of administering
is a process of the "enable/disable" type or a process
making use of a system of files for "administering"
profiles used by the terminal in order to select profiles.
In an example, the command and/or the rule used by a
30 process of administering relates to creating an exchange
protocol while activating a secure channel. Specifically,
certain profiles use certificates for this purpose, while
other profiles use symmetric or asymmetric keys for this
purpose.
35 The module 100 includes an operating system 120, e.g.
stored in a ROM. The subscriber identity module 100 also
12
includes a rewritable non-volatile memory 130 and a
communication interface 140.
The operating system 120 includes a profile management
module 150.
5 Typically, the rewritable non-volatile memory 130 is
an electrically erasable programmable read only memory
(EEPROM) or a flash memory. The non-volatile memory 130
also includes a plurality of communication profiles P1-Pn.
Each profile P1-Pn is a set of files configured to
10 enable the terminal to communicate with a mobile telephony
network associated with a particular network operator,
whenever said communication profile P1-Pn is active.
In an example, the profiles P1-Pn are organized with
the configuration shown in Figure 4A. In this first
15 configuration, each profile P1-Pn comprises:
· a main directory or "master file" MF1;
· secondary directories or "dedicated files" DF; and
· elementary files EF.
The elementary files may in particular include
20 subscription data (e.g. identifiers (IMSI, etc.),
cryptographic keys, algorithms (e.g. authentication
algorithms) ...).
In another example, the profiles P1-Pn are organized
with the configuration shown in Figure 4B. In this second
25 configuration, each profile P1-Pn comprises:
· a main directory or "SIM dedicated file" SDF;
· secondary directories or "dedicated files" DF; and
· elementary files EF.
In this configuration, the main directory SDF of each
30 profile P1-Pn is a subdirectory of a directory or "master
file" MF2 that is common to all of the profiles P1-Pn.
The profiles arranged in the first configuration are
profiles of a type that is different from the type of the
profiles arranged in the second configuration.
35 Other types of profile include for example "2G"
profiles, "3G" profiles, "CDMA" profiles, or a profile
specific to a mobile network operator.
13
Each process of administering is suitable for
administering the life cycle of each profile P1-Pn. Each
process of administering thus administers the life cycle of
each profile P1-Pn, independently of the type of the
5 profile.
In a variant, the non-volatile memory 130 includes a
single communication profile P1-Pn.
The module 150 is configured to select one or more
communication profiles P1-Pn in the module 100 on the basis
10 of a predefined selection rule for selecting a set RL
containing at least one rule, that is contained in the
rewritable non-volatile memory 130 in the module 100. By
way of example, selection may comply with the 3GPP standard
TS 31.102 "Characteristics of the universal subscriber
15 identity module application".
In an example, the rules of the set RL are as follows:
· selecting the most recently activated communication
profile P1-Pn of the module 100;
· selecting a priority communication profile P1-Pn
20 from a list or a first register R1 as defined below;
· selecting the sole communication network P1-Pn of
the embedded subscriber identity module; or
· selecting a communication profile P1-Pn specified in
a command received by the module 100 for selecting a
25 communication profile P1-Pn.
The module 150 is also capable of consulting the first
register R1 and a second register R2, these registers R1
and R2 being stored in the non-volatile memory 130.
By way of example, the first register R1 is in the
30 form of a database (cf. Figure 5) and may comprise for
example the following element in association:
· an identifier ID1-IDn of the profile P1-Pn in
question;
together with at least one of the following elements:
35 · a status SA1-SAn of the profile P1-Pn in question,
this status SA1-SAn indicating whether or not the profile
P1-Pn is active;
14
· a status SO1-SOn of the profile P1-Pn in question,
this status SO1-SOn indicating a selection priority order
for the profile P1-Pn;
· a status SDA1-SD1n of the profile P1-Pn in question,
5 this status SDA1-SD1n indicating whether profile P1-Pn is
the most recently activated communication profile P1-Pn;
and
· a pointer to the memory address @1-@n of the
communication profile P1-Pn in question.
10 In a variant, a plurality of registers replaces the
first register R1, each register comprising the identifier
ID1-IDn in association with at least one other one of the
aforesaid elements.
By way of example, the second register R2 is in the
15 form of a database, and may for example comprise the
following elements in association:
· a process of administering suitable for use by the
module 100; and
· the set comprising at least one command and/or at
20 least one rule used by the process of administering.
The operating system 120, and more particularly the
software module 150, constitutes an example of a computer
program in the meaning of the invention, this program
including instructions for executing steps of a method for
25 administering profile life cycles performed by the module
100 in a particular embodiment of the invention.
The memory in which the operating system 120 is to be
found thus constitutes an example of a data medium in the
meaning of the invention, that is readable by a processor
30 (not shown) of the module 100.
The terminal 110 includes an operating system 160
(e.g. stored in a ROM), a non-volatile memory 170, and a
communication interface 180 suitable for communicating with
the communication interface 140 of the module 110.
35 Typically, the non-volatile memory 170 is an EEPROM
type memory or a flash type memory. The non-volatile
15
memory 170 includes a third register R3 that may be
consulted by the operating system 160.
By way of example, the third register R3 is in the
form of a database and may comprise for example the
5 following elements in association:
· a process of administering suitable for use by
the terminal 110; and
· the set comprising at least one command and/or at
least one rule used by the process of administration.
10 The operating system 160 constitutes an example of a
computer program in the meaning of the invention, the
program including instructions for executing steps of a
method for administering the life cycles of profiles,
performed by the terminal 110 in a particular embodiment of
15 the invention.
The memory in which the operating system 160 is to be
found thus constitutes an example of a data medium in the
meaning of the invention that is readable by a processor
(not shown) of the terminal 110.
20 In an example, the terminal 110 is a mobile telephony
terminal. In another example, the terminal 110 is a
communication device suitable for co-operating with a
subscriber identity module such as an eUICC card or a SIM
card. By way of example, the communication device may be
25 any smart object capable of communicating via a
telecommunications network with another machine (e.g. an
energy consumption meter in a building suitable for
communicating via a telecommunications network with an
energy supplier).
30 Figure 2 shows the subscriber identity module 100 of
Figure 1, the subscriber identity module 100 now being
embedded in a conventional telecommunications terminal 210.
The term "conventional communication terminal 210" is
used to mean a terminal that is not suitable for using a
35 process of administering. Consequently, the terminal does
not enable communication profiles to be installed,
uninstalled, activated, or deactivated. Furthermore, the
16
terminal 210 does not enable profile files to be
administered, and does not enable switching from one
profile to another.
The terminal 110 includes an operating system 160, a
5 non-volatile memory 170, and a communication interface 180
suitable for communicating with the communication interface
140 of the module 110.
Typically, the non-volatile memory 170 is an EEPROM
type memory or a flash type memory.
10 In an example, the terminal 210 is a mobile telephone
terminal. In another example, the terminal 210 is a
communication device suitable for co-operating with a
subscriber identity module such as an eUICC card or a SIM
card. By way of example, the communication device may be a
15 communicating smart object as mentioned above, capable of
communicating via a telecommunications network with another
machine (e.g. an energy consumption meter of a building
suitable for communicating via a telecommunications network
with an energy supplier).
20 Figure 3 shows the Figure 1 telecommunications
terminal 110 in which a conventional subscriber identity
module 300 is inserted.
In the example of Figure 3, the subscriber identity
module 300 is a SIM card.
25 The term "conventional subscriber identity module 300"
is used to mean a module that is not suitable for using a
process of administering. Consequently, the module 300
does not enable communication profiles to be installed,
uninstalled, activated, or deactivated. Furthermore, the
30 module 300 does not enable profile files to be administered
and does not enable switching from one profile to another.
Specifically, a conventional subscriber identity
module has only one profile. That profile is defined by
the personalization data of the module 300. The data may
35 include in particular subscription data (e.g. identifiers
(IMSI, etc.), cryptographic keys, algorithms (e.g.
authentication algorithms) ...).
17
The module 300 includes an operating system 320 e.g.
stored in a ROM. The module 300 also includes a rewritable
non-volatile memory 330 and a communication interface 340.
Figure 6 shows a method for administering life cycles
5 of profiles, which method is performed by the
telecommunications terminal 110 of Figure 1 and the
subscriber identity module 100 embedded in the Figure 1
terminal. The steps B602, B604, B606, B610, and B615 of
the method are performed by the module 100, while the steps
10 A600, A601, A606, A608, and A610 of the method are
performed by the terminal 110. The step AB620 of the
method is performed both by the module 100 and by the
terminal 110.
The first step A600 of the method corresponds to the
15 initial starting of the telecommunications terminal 110,
when the module 100 is embedded in the terminal 110.
The terminal 110 issues (step A602) a command M602 for
selecting a communication profile P1-Pn.
This selection command M602 may include information
20 about the profile P1-Pn desired by the terminal 110. This
information may be the identifier ID1-IDn of the desired
profile P1-Pn, a path for accessing the main directory MF1
or SDF of the desired profile P1-Pn, or a name of the main
directory MF1 or SDF of the desired profile P1-Pn. In an
25 example, the command M602 for selecting a communication
profile complies with the APDU "select MF" command as
defined in section 6.11 of the ISO 7816-4 standard.
On receiving (step B602) the command M602, the module
100, in a step B604, selects a communication profile P1-Pn
30 in compliance with a predefined selection rule of the set
of rules RL.
Thus, in an example, the module 100 consults the
statuses SDA1-SDA1 of the first register R1 to determine
the most recently activated profile P1-Pn, and then selects
35 (B604) that most recently activated communication profile
P1-Pn.
18
In another example, the module 100 consults the
statuses SO1-SOn of the first register R1 to determine the
profile P1-Pn having the highest priority selection order
and it selects (B604) this priority profile P1-Pn.
5 In another example, the module 100 selects (B604) the
sole communication profile contained in the module 100.
In yet another example that may be used when the
selection command M602 includes information about the
profile P1-Pn desired by the terminal 100, the module 100
10 selects (B604) the communication profile P1-Pn
corresponding to that information. The module 100 may then
consult the first register R1.
The module 100 is thus capable of selecting a
communication profile P1-Pn having a main directory that is
15 a subdirectory of a directory that is common to all of the
profiles P1-Pn, as shown in Figure 4B, or a communication
profile P1-Pn having a main directory that is not a
subdirectory of a directory that is common to all of the
profiles P1-Pn, as shown in Figure 4A.
20 Thereafter, in a step B606, the module 100 issues a
message M606 to the terminal 110. This message M606
includes information about the capabilities of the module
100.
In an example, the information relating to the
25 capabilities of the module 100 comprises:
· information about the process(es) of administering
the life cycle of profiles P1-Pn that are supported by the
module 100; and/or
· the number of communication profiles P1-Pn stored in
30 the module 100; and/or
· the type of file system supported by the module 100;
and/or
· information about the selected communication profile
P1-Pn, e.g. its identifier ID1-IDn.
35 In an example, the message M606 complies with the APDU
"MF FCP TLV" command defined in the ISO 7816-4 standard,
which includes at least one object of the "BER-TLV" type as
19
defined in the ISO 7816-4 standard or in the ETSI
TS 102.221 standard.
Thus, the message M606 including information about the
capabilities of the module 100 corresponds at least to a
5 BER-TLV type object. The information about the selected
profile is thus included in a BER-TLV type object.
After receiving (step A606) the message M606, the
terminal 110, in a step A608, selects or does not select a
set of at least one command and/or at least one rule used
10 by a process of administering.
The selection or non-selection of the set is performed
as a function of the capabilities of the module 100,
transmitted by the message M606, and as a function of the
capabilities of the terminal 110.
15 Typically, the terminal 110 deduces all of the
processes of administering supported by the module 100 from
the information about the processes of administering
supported by the module 100.
Thereafter, the terminal 110 searches for the
20 process(es) that it supports from among the process(es)
supported by the module 100.
If the terminal 110 supports a plurality of processes
supported by the module 100, the terminal selects one of
these processes as a function of a predefined selection
25 rule.
In addition, if the terminal 110 supports one process
from among the process(es) supported by the module 100, the
terminal 110 selects this process. The terminal 110 then
selects the set of at least one command and/or at least one
30 rule used by the selected process. The selected process
may then be performed by the terminal 110.
If the terminal 110 does not support any of the
processes supported by the module 100 (or does not support
the only process it supports), then the terminal 100 does
35 not select a process and does not select a set. The
terminal 110 is then not capable of administering life
cycles of the profiles P1-Pn. In a variant, if the
20
terminal 110 does not support any of the processes
supported by the module 100 (or does not support the only
supported process), the terminal 110 selects a predefined
process capable solely of administering the files of the
5 selected profile.
In an example, the terminal 110 consults the register
R3 to determine whether it supports at least one of the
processes of administering supported by the module 100 (or
the only supported process), in order optionally to select
10 the set corresponding to the selected process.
Furthermore, in a step A610, the terminal 110 issues a
message M610 to the module 100, which message is
representative of the capabilities of the terminal 110 (for
example the card application toolkit (CAT) capabilities).
15 This message M610 may include information about the
capability of the terminal 110 to support a process of
administering.
More precisely, if during the step A608 the terminal
110 has selected the set used by the selected process, then
20 the message M610 includes information about the capability
of the terminal 110 to use this process. The message M610
issued by the terminal 110 thus includes explicitly the
capability of said terminal 110 to support the selected
process. In a variant, the message M610 does not include
25 information about the capability of the terminal 110 to use
the selected process, and the module 100 deduces this
capability of said terminal 110 to support the selected
process of administering from other capabilities
transmitted in the message M610 issued by the terminal 110.
30 If the terminal 110 does not select a set during step
A608, the message M610 does not have any information about
the capability of the terminal 110 for using a process
supported by the module 100, or it contains information
about the inability of the terminal 110 to use a process
35 supported by the module 100.
In an example, this message M610 issued by the
terminal 110 corresponds to a message issued using the
21
"terminal profile" APDU command as defined by the ETSI
TS 102.221 standard.
If the message M610 includes information about the
capability of the terminal 110 to use a process supported
5 by the module 100, then in a step B615, the module 100
selects, e.g. by consulting the register R2, the set of at
least one command and/or at least one rule associated with
the process, and that needs to be used by the module 100.
Thus, the module 100 selects a set of at least one command
10 and/or at least one rule as a function of the capabilities
of the terminal 110 and of the module 100. The process can
then be performed by the module 100.
If the message M610 does not have any information
about the capability of the terminal 110 to use a process
15 supported by the module 100, or contains information to the
effect that the terminal 110 is not able to use a process
supported by the module 100, the module 100 does not select
a set. The module 100 is then not capable of administering
life cycles of the profiles P1-Pn. In a variant, the
20 module selects the predefined process serving solely to
administer the files of the selected profile.
In a step AB620, if the module 100 and the terminal
110 have selected a set corresponding to a process
supported by the module 100 and by the terminal 110, the
25 module 100 and the terminal 110 administer at least one
life cycle of at least one of the profiles P1-Pn by using
the selected set. For example, the selected profile P1-Pn
may be activated by the module 150 using the selected set.
Activation may be performed by changing the status SA1-SAn
30 of the first register R1 listing all of the communication
profiles of the module 100.
Figure 7 shows a method for administering life cycles
of profiles that is performed by the subscriber identity
module 100 and by the telecommunications terminal 210 of
35 Figure 2.
The steps B702, B704, B706, B710, and B715 of this
method are performed by the module 100, while the steps
22
A700, A702, A706, and A710 of this method are performed by
the terminal 210.
The first step A700 of this method corresponds to
initial starting of the telecommunications terminal 210,
5 when the module 100 is embedded in the terminal 210.
The terminal 210 issues (step A702) a command M702 for
selecting a communication profile P1-Pn.
In an example, the communication profile selection
command M702 complies with the "select MF" APDU command
10 defined by section 6.11 of the ISO 7816-4 standard.
On receiving (step B702) the command M702, the module
100, in a step B704, selects a communication profile P1.
Thereafter, in a step B706, the module 100 issues a
message M706 to the terminal 110. This message M706
15 includes information about the capabilities of the module
100.
In an example, the information about the capabilities
of the module 100 comprises:
· information about the processes of administering the
20 life cycle of the profiles P1-Pn that are supported by the
module 100 (or the only process that is supported); and/or
· the number of communication profiles P1-Pn stored in
the module 100; and/or
· the type of file system supported by the module 100;
25 and/or
· information about the selected communication profile
P1-Pn, e.g. its identifier ID1-IDn or the profile type
P1-Pn.
In an example, this message M706 complies with the "MF
30 FCP TLV" APDU command defined by the ISO 7816-4 standard,
which includes at least one "BER-TLV" type object defined
by the ISO 7816-4 standard or by the ETSI TS 102.221
standard.
Thus, the message M706 including information about the
35 capabilities of the module corresponds to at least one
"BER-TLV" type object. The information about the
23
capabilities of the module is thus included in a "BER-TLV"
type object.
On receiving (step A706) the message M706, the
terminal 210 does not have any information about the
5 selected communication profile. Specifically, since the
terminal 210 is a conventional terminal, it is not suitable
for considering and analyzing this data.
In addition, in a step A710, the terminal 110 issues
to the module 100 a message M710 representing the
10 capabilities of the terminal 110 (e.g. its CAT
capabilities).
In an example, the message M710 issued by the terminal
110 corresponds to a message issued in compliance with the
"terminal profile" APDU command as defined by the ETSI
15 TS 102.221 standard.
Since the terminal 210 is a conventional terminal, the
message M710 does not include information about the
capabilities of the terminal 210 to support a process of
administering.
20 After receiving the message M710, the module 100 does
not select a set of commands and rules.
More precisely, the module 100, in a step B715,
deduces from the absence of information about the
capability of the terminal 210 to support a given process
25 of administering that the terminal 210 is a conventional
terminal that is not capable of using a process of
administering. The module 100 therefore does not select a
process and does not select a set, and the life cycles of
the profiles P1-Pn are then not administered. In a
30 variant, the module 100 selects a predefined process
serving solely to administer the files of the selected
profile.
Figure 8 shows a method for administering life cycles
of profiles performed by the telecommunications terminal
35 110 and the subscriber identity module 300 of Figure 3.
The steps B802, B804, B806, and B810 of this method are
performed by the module 300, while the steps A800, A802,
24
A806, A808, and A810 of this method are performed by the
terminal 110.
The first step A800 of this method corresponds to
initial starting of the telecommunications terminal 110
5 when the module 300 is embedded in the terminal 110.
In step A802, the terminal 110 issues a command M802
to select a communication profile P1-Pn.
This selection command M802 may include information
about the profile P1-Pn desired by the terminal 110. This
10 information may be an identifier ID1-IDn of the desired
profile P1-Pn, a path for accessing the main directory MF1
or SDF of the desired profile P1-Pn, or a name of the main
directory MF1 or SDF of the desired profile P1-Pn. In an
example, the communication profile selection command M802
15 complies with the "select MF" APDU command defined by
section 6.11 of the ISO 7816-4 standard.
On receiving (in step B802) the command M802, the
module 300, in a step B804, selects the sole "profile" P1
stored in the non-volatile memory 330 of the module 300
20 (i.e. the personalization data).
Thereafter, in a step B806, the module 300 issues a
message M806 to the terminal 110. This message M806
includes information about the selected communication
profile P1.
25 In an example, the information relating to the
selected profile P1 describes the life cycle handling
capabilities of the profile.
In an example, this message M806 complies with the "MF
FCP TLV" APDU command defined by the ISO 7816-4 standard,
30 and includes at least one "BER-TLV" type object as defined
by the ISO 7816-4 standard or by the ESTI TS 102.221
standard.
Thus, the M806 message including information about the
selected communication profile corresponds to at least one
35 "BER-TLV" type object. The information relating of the
selected profile is thus included in a "BER-TLV" type
object.
25
After receiving (step A806) the message M806, the
terminal 110 deduces from the absence of information about
the processes of administering supported by the module 100
that the module 300 is a conventional module that cannot
5 use a process of administering (step A808). The terminal
110 therefore does not select a set.
Furthermore, in a step A810, the terminal 110 issues
to the module 300 a message M810 representing the
capabilities of the terminal 110 (e.g. its CAT
10 capabilities).
In an example, the message M810 issued by the terminal
110 corresponds to a message issued using the "terminal
profile" APDU command defined by the ETSI TS 102.221
standard. This message M810 includes information about the
15 capability of the terminal to support at least one process
of administering life cycles of profiles.
On receiving (step B810) the message M810, the module
300 has no information about the capability of the terminal
to support a process of administering. Specifically, since
20 the module 300 is a conventional module, it is not suitable
for taking this data into consideration and analyzing it.
The life cycle of the profile P1 is then not administered.
The method thus makes it possible to administer the
life cycles of profiles only when the terminal and the
25 module both support a common process of administering.
Otherwise, life cycles of profiles are not administered.
It is then, by way of example, to switch from one profile
to another. This makes it possible to limit the errors of
operation of the module and/or of the terminal, since it is
30 impossible for the module and the terminal to use two
different processes of administering, making use of
commands and/or rules that are different.
26

CLAIMS
1. An administering method for administering life cycles of
communication profiles (P1-Pn), said profiles (P1-Pn)
being managed by a subscriber identity module (100)
5 embedded in a telecommunications terminal (110, 210),
said method being performed by said module (100),
each profile (P1-Pn) being configured to enable the
terminal (110, 210) to communicate with a mobile
telephone network in compliance with said communication
10 profile (P1-Pn) when said communication profile (P1-Pn)
is active,
said module (100) being suitable for using at least
one process of administering, said process being
suitable for administering the life cycles of each of
15 said profiles (P1-Pn), said process using a set of at
least one command and/or at least one rule,
the method comprising the steps of:
· receiving (B610, B710) a message (M610, M710)
issued by the terminal (110, 210) and representative of
20 the capabilities of said terminal (110, 210);
· selecting or not selecting (B615, B715) the set used
by said process as a function of said capabilities of
said terminal (110, 210); and
· if said set is selected, administering (AB620,
25 AB720) at least one life cycle of at least one of said
profiles by using said set of at least one command
and/or of at least one rule.
2. An administering method according to claim 1, wherein
30 the message (M610, M710) issued by the terminal (110,
210) includes explicitly the capability of said terminal
(110, 210) to use said process.
3. An administering method according to claim 1 or claim 2,
35 wherein the step of selecting or not selecting said set
27
is also a function of the capabilities of said module
(100).
4. An administering method according to any one of claims 1
5 to 3, further comprising the steps of:
· receiving (B602, B702) a command (M602, M702) for
selecting a profile (P1-Pn) as issued by the terminal
(110, 210); and
· selecting one of said profiles (P1-Pn).
10
5. An administering method according to claim 4, wherein
said communication profile (P1-Pn) is selected depending
on a predefined selection rule stored in a non-volatile
memory of said module (100).
15
6. An administering method according to claim 5, wherein
the rule for selecting a profile (P1-Pn) is a rule from
among the following rules:
· selecting the most recently activated communication
20 profile (P1-Pn) of said module (100);
· selecting a priority communication profile (P1-Pn)
in a list (R1) stored in said module (100);
· selecting the sole communication profile (P1-Pn) of
the embedded subscriber identity module (100); or
25 · selecting a communication profile (P1-Pn) specified
in the command for selecting a communication profile
(P1-Pn).
7. An administering method according to any one of claims 1
30 to 6, further including a step of issuing (B606, B706) a
message (M606, M706) to the terminal (110, 210)
including information about the capabilities of said
module.
35 8. An administering method according to claim 7, wherein
the message (M606, M706) including information about the
capabilities of said module includes:
28
· information about said process of administering used
by said module (100); and/or
· the number of communication profiles (P1-Pn) stored
in said module (100); and/or
5 · the type of file system supported by said module
(100); and/or
· information about the selected communication profile
(P1-Pn).
10 9. An administering method according to claim 7 or claim 8,
wherein the message (M606, M706) including information
about the capabilities of said module corresponds to at
least one "BER-TLV" type object defined by the ISO
7816-4 standard or by the ETSI TS 102.221 standard.
15
10. An administering method for administering life cycles of
communication profiles (P1-Pn), said profiles (P1-Pn)
being supported by a telecommunications terminal (110)
suitable for co-operating with a subscriber identity
20 module (100, 300) embedded or inserted in said terminal
(110), said method being performed by said terminal
(110),
each profile (P1-Pn) being configured to enable
the terminal (110) to communicate with a mobile
25 telephone network in compliance with said communication
profile (P1-Pn) when said communication profile (P1-Pn)
is active,
said terminal (110) being suitable for using at
least one process of administering, said process being
30 suitable for administering the life cycles of each of
said profiles, said process using a set of at least one
command and/or of at least one rule,
said method including the following steps:
· issuing (A610, A810) a message (M610, M810)
35 representative of the capabilities of said terminal
(110) to said module (100, 300);
29
· receiving (A606, A806) a message (M606, M806)
including information about the capabilities of said
module (100, 300), said message (M606, M806) coming from
said module (100, 300);
5 · selecting or not selecting the set used by said
process as a function of said information the
capabilities of said module (100, 300); and
· if said set is selected, administering at least one
life cycle of at least one of said profiles (P1-Pn) by
10 using said set of at least one command and/or of at
least one rule.
11. An administering method according to claim 10, that is
performed the first time the telecommunications terminal
15 (110) is started (A600, A800).
12. An administering method according to claim 10 or claim
11, further comprising the step of:
· issuing (A602, A802) a command (M602, M802) for
20 selecting a communication profile (P1-Pn) to said module
(100, 300).
13. An administering method according to any one of claims 4
to 6, or 12, wherein the command (M602, M802) for
25 selecting a communication profile (P1-Pn) complies with
the "select file" APDU command defined by the ISO 7816-4
standard.
14. An administering method according to any one of claims 1
30 to 13, wherein said message (M610, M810) issued by the
terminal (110) corresponds to a message issued using the
"terminal profile" APDU command defined by the ESTI
TS 102.221 standard, further including additional data
specifying that the terminal (110) is suitable for using
35 said process of administering.
30
15. A subscriber identity module (100) embedded in a
telecommunications terminal (110, 210),
said module being suitable for managing a
plurality of communication profiles (P1-Pn),
5 each profile (P1-Pn) being configured to enable
the terminal (110, 210) to communicate with a mobile
telephone network in compliance with said communication
profile (P1-Pn) when said communication profile (P1-Pn)
is active,
10 said module being suitable for using at least one
process of administering, said process being suitable
for administering the life cycles of each of said
profiles (P1-Pn), said process using a set of at least
one command and/or at least one rule,
15 said module comprising:
· means for receiving a message (M610, M710) issued by
the terminal (110, 210), said message (M610, M710) being
representative of the capabilities of said terminal
(110, 210); and
20 · means for selecting or not selecting the set used by
said process, as a function of said capabilities of said
terminal (110, 210); and
· means for administering at least one life cycle of
at least one of said profiles, using said set of at
25 least one command and/or of at least one rule, if said
set is selected.
16. A subscriber identity module (100) according to claim
15, wherein the means for selecting or not selecting a
30 set select the set as a function also of the
capabilities of said module (100).
17. A telecommunications terminal (110) suitable for cooperating
with a subscriber identity module (100, 300)
35 embedded or inserted in said terminal,
said terminal being suitable for supporting a
plurality of communication profiles (P1-Pn),
31
each profile (P1-Pn) being configured to allow
the terminal to communicate with a mobile telephone
network in compliance with said communication profile
(P1-Pn) when said communication profile (P1-Pn) is
5 active,
said telecommunications terminal being suitable
for using at least one process of administering, said
process being suitable for administering the life cycles
of each of said profiles, said process using a set of at
10 least one command and/or of at least one rule,
said terminal including:
· means for sending a message (M610, M810)
representative of the capabilities of said terminal to
said module (100, 300);
15 · means for receiving a message (M606, M806) including
information about the capabilities of said module, said
message (M606, M806) coming from said module (100, 300);
and
· means for selecting or not selecting said set used
20 by said process as a function of said information about
the capabilities of said module (100, 300); and
· means for administering at least one life cycle of
at least one of said profiles (P1-Pn) by using said set
of at least one command and/or of at least one rule, if
25 said set is selected.
18. A computer program including instructions for executing
steps of an administering method according to any one of
claims 1 to 9, when said program is executed by a
30 processor.
19. A computer program including instructions for executing
steps of an administering method according to any one of
claims 10 to 14, when said program is executed by a
35 processor.
32
20. A processor-readable data medium storing a computer
program including instructions for executing steps of an
administering method according to any one of claims 1 to
9.
5
21. A processor-readable data medium storing a computer
program including instructions for executing steps of an
administering method according to any one of claims 10
to 14.