(19)
(11)EP 3 242 407 B1

(12)EUROPEAN PATENT SPECIFICATION

(45)Mention of the grant of the patent:
04.11.2020 Bulletin 2020/45

(21)Application number: 15874471.4

(22)Date of filing:  04.01.2015
(51)International Patent Classification (IPC): 
H04B 1/38(2015.01)
H04L 29/08(2006.01)
H04W 8/18(2009.01)
G06F 16/23(2019.01)
(86)International application number:
PCT/CN2015/070060
(87)International publication number:
WO 2016/106778 (07.07.2016 Gazette  2016/27)

(54)

DATA UPDATING METHOD AND APPARATUS, AND EMBEDDED UNIVERSAL INTEGRATED CIRCUIT CARD

DATENAKTUALISIERUNGSVERFAHREN UND VORRICHTUNG SOWIE EINGEBETTETE UNIVERSELLE IC-KARTE

PROCÉDÉ ET APPAREIL DE MISE À JOUR DE DONNÉES, ET CARTE DE CIRCUIT INTÉGRÉ UNIVERSELLE EMBARQUÉE


(84)Designated Contracting States:
AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

(43)Date of publication of application:
08.11.2017 Bulletin 2017/45

(73)Proprietor: Huawei Technologies Co. Ltd.
Shenzhen, Guangdong 518129 (CN)

(72)Inventors:
  • ZHAO, Xiaona
    Shenzhen Guangdong 518129 (CN)
  • CHANG, Xinmiao
    Shenzhen Guangdong 518129 (CN)
  • LI, Guoqing
    Shenzhen Guangdong 518129 (CN)

(74)Representative: Gill Jennings & Every LLP 
The Broadgate Tower 20 Primrose Street
London EC2A 2ES
London EC2A 2ES (GB)


(56)References cited: : 
EP-A1- 2 773 077
CN-A- 103 765 934
US-A1- 2014 308 991
WO-A2-2013/176499
US-A1- 2013 231 087
US-A1- 2014 308 991
  
      
    Note: Within nine months from the publication of the mention of the grant of the European patent, any person may give notice to the European Patent Office of opposition to the European patent granted. Notice of opposition shall be filed in a written reasoned statement. It shall not be deemed to have been filed until the opposition fee has been paid. (Art. 99(1) European Patent Convention).


    Description

    TECHNICAL FIELD



    [0001] The present invention relates to the field of communication security technologies, and in particular, to a data update method, an apparatus, and an embedded universal integrated circuit card (embedded Universal Integrated Circuit Card, eUICC).

    BACKGROUND



    [0002] With popularity of mobile terminals, mobile payment services have gradually developed. To improve security of the mobile payment services, usually a secure element (Secure Element, SE) needs to be disposed in a terminal, to implement secure storage and computation of sensitive data of a user. The SE may be controlled by a mobile network operator (Mobile Network Operator, MNO), and a physical carrier of the SE may be a UICC (Universal Integrated Circuit Card, universal integrated circuit card), or may be an unpluggable eUICC directly welded in the terminal. According to an eUICC remote provisioning protocol formulated by the GSMA, multiple profiles (Profile) of multiple MNOs may be configured in each eUICC. Each profile is downloaded and installed in a main security domain dedicated to an MNO corresponding to the profile (that is, an ISD-P (Issuer Security Domain) defined in the eUICC remote provisioning protocol by the GSMA). The terminal enables a profile of one MNO each time, and when MNO switching needs to be performed, the terminal needs to disable a profile of an original MNO (referred to as a source profile below), and enable a profile of a new MNO (referred to as a target profile below). The profile is a collection of MNO-related file structures, data, and applications, including a profile type, an ISD-P AID, an ICCID, an MSISDN, a DPID, and the like, and may be configured in the ISD-P over the air.

    [0003] Currently, a UICC SE is a secure element implementation solution dominated and controlled by an MNO. Each application service provider needs to first sign a business cooperation agreement with an operator in order to download an application and install the application in the UICC SE. In addition, different MNOs of a same country or different MNOs of different countries may also sign a cooperation agreement to implement use of a same application in different MNO environments, so as to bring convenience to users and promote development of the industry. For example, operators from China, Japan, and Korea (which are separately China Mobile, NTT DOCOMO, and KT) reached an agreement on NFC international roaming in 2013. However, when a physical carrier of an SE in which MNO-related payment applications are located is changed from a UICC to an eUICC, some or all applications corresponding to a source profile cannot be normally used in an MNO environment corresponding to a target profile after profile switching is performed, because none of operations such as SE creation, deletion, and management, and application downloading, installation, and update is specified in the current eUICC remote provisioning protocol formulated by the GSMA.

    [0004] US 2013/231087 A1 describes a multi-use embedded universal integrated circuit card containing more than one active mobile network operator profile.

    [0005] US 2014/308991 A1 describes technology for managing profiles in an EUICC in a terminal.

    SUMMARY



    [0006] Embodiments of the present invention provide a data update method, an apparatus, and an eUICC, to resolve a prior-art problem that switching of an MNO in an eUICC easily leads to that an application in an SE cannot be used, affecting access of a user to application data in the SE.

    [0007] To resolve the foregoing technical problem, the embodiments of the present invention disclose the technical solutions as explained in the appended claims.

    DESCRIPTION OF DRAWINGS



    [0008] To describe the technical solutions in the embodiments of the present invention or in the prior art more clearly, the following briefly describes the accompanying drawings required for describing the embodiments or the prior art. Apparently, the accompanying drawings in the following description show merely some embodiments of the present invention, and a person of ordinary skill in the art may still derive other drawings from these accompanying drawings without creative efforts.

    FIG. 1 is a schematic architectural diagram of an eUICC according to an embodiment of the present invention;

    FIG. 2 is a schematic structural diagram of a data update apparatus according to an embodiment of the present invention;

    FIG. 3 is a flowchart of a data update method according to an embodiment of the present invention;

    FIG. 4 is a flowchart of a first application example of a data update method according to an embodiment of the present invention;

    FIG. 5 is a flowchart of a second application example of a data update method according to an embodiment of the present invention; and

    FIG. 6 is a flowchart of a third application example of a data update method according to an embodiment of the present invention.


    DESCRIPTION OF EMBODIMENTS



    [0009] To make a person skilled in the art understand the technical solutions in the embodiments of the present invention better, and make the objectives, features, and advantages of the embodiments of the present invention clearer, the following further describes the technical solutions in the embodiments of the present invention in detail with reference to the accompanying drawings.

    [0010] Referring to FIG. 1, FIG. 1 is a schematic architectural diagram of a universal integrated circuit card eUICC according to the present invention. The eUICC 1 includes: at least one secure element SE (one secure element 11 is used as an example in this embodiment), a processor 12, and a data interface 13.

    [0011] Each secure element 11 of the at least one secure element is configured to store an application corresponding to at least one profile profile.

    [0012] In this embodiment, the secure element 11 is configured to store an application corresponding to a profile profile in the eUICC. For example, in an eUICC remote provisioning specification defined by the GSMA, the SE may correspond to an ISD-P (Issuer Security Domain Profile). The profile is a collection of MNO-related file structures, data, and applications, mainly including a profile type, an ISD-P AID (ISD-P Application Identifier, which is used to identify an ISD-P), an ICCID (Integrated Circuit Card ID, which is used to uniquely identify a profile), an MSISDN, and the like, and may be configured in the ISD-P over the air, or may be configured in the ISD-P in another manner (for example, by means of wireless transmission). The management apparatus is a module that is in the eUICC and that is configured to execute some management commands such as ISD-P creation/deletion and profile enabling/disabling. Exemplarily, in the eUICC remote provisioning specification defined by the GSMA, the management apparatus may correspond to an ISD-R (Issuer Security Domain Root). The at least one public secure element SE (Secure Element) is space, in the eUICC and other than the storage module, that is used to store and run an application corresponding to a profile in the storage module.

    [0013] The profile (Profile) refers to a combination of file structures, data, and applications. A file and/or an application (such as a network access application) of an enabled profile (Enabled Profile) may be selected by using a universal integrated circuit card-terminal (UICC-Terminal) interface. There is a type of profile referred to as a provisioning profile (Provisioning profile). After the Provisioning profile is installed in an eUICC, the Provisioning profile may be used for access to a communications network, so as to provide a transmission capability for eUICC management and profile management between the eUICC and a remote entity (such as an SM-SR or an SM-DP). There is a type of profile referred to as an operational profile (operational profile). The Operational profile includes one or more network access applications and associated network access certificates.

    [0014] The processor 12 is configured to manage at least one application stored in the at least one secure element.

    [0015] The data interface 13 is configured to receive a profile enabling request. The profile enabling request is used to switch a source profile to a target profile, the profile enabling request includes identifier information of the target profile, and the source profile is a profile that is in an enabled state before the switching.

    [0016] The processor 12 is further configured to update a first correspondence to a second correspondence according to the profile enabling request. The first correspondence is a correspondence between a first application set and the source profile, and the first application set includes at least one application in the at least one SE. The second correspondence is a correspondence between the second application set and the target profile, and the second application set includes at least one application in the first application set.

    [0017] At least one application in the first application set refers to at least one of the at least one application, such as a wallet application developed by an operator, a payment application developed by a third party such as a bank, or a payment application jointly developed by a third party such as a bank and multiple operators, which is installed in the eUICC. The application in this embodiment also applies to the following embodiments, and is not described in detail below.

    [0018] In this embodiment of the present invention, the processor can update a correspondence between at least one application (that is, a first application set) stored in the at least one SE and a source profile to a correspondence between at least one application (that is, a second application set) in the first application set and a target profile according to a profile enabling request, so as to ensure that some or all applications in the SE can still be used when subscription information of a bound MNO becomes invalid, thereby ensuring that after enabling the target profile, a user can normally access and use some or all applications and data in the SE that correspond to the source profile.

    [0019] It should be noted that the first application set includes an application that corresponds to both the source profile and the target profile (that is, an application that can be normally used when the source profile or the target profile is enabled, that is, an application that can be normally used either in an MNO environment corresponding to the source profile or in an MNO environment corresponding to the target profile), and may further include all applications corresponding to only the source profile (that is, applications that can be normally used as long as the source profile is enabled, that is, applications that can be normally used only in the MNO environment corresponding to the source profile). The second application set includes at least one of the application that corresponds to both the source profile and the target profile, and may further include all applications corresponding to only the target profile (that is, applications that can be normally used as long as the target profile is enabled, that is, applications that can be normally used only in the MNO environment corresponding to the target profile).

    [0020] To better described the solutions of the present invention, that the first application set includes an application that is in the at least one SE and that corresponds to both the source profile and the target profile is used as an example, and for specific content, refer to the following embodiments.

    [0021] Optionally, in another embodiment, based on the foregoing embodiment, the first application set managed by the processor 12 includes: an application that is in the at least one SE and that corresponds to both the source profile and the target profile.

    [0022] That is, the application that corresponds to both the source profile and the target profile refers to an application that can be used in both the MNO environments corresponding to the source profile and the target profile.

    [0023] Optionally, in another embodiment, based on the foregoing embodiment, the at least one SE 11 is at least one public SE (not shown in the figure), and the at least one public SE is configured to store at least an application corresponding to the source profile and an application corresponding to the target profile.

    [0024] Optionally, in another embodiment, based on the foregoing embodiment, the eUICC further includes: the memory, configured to: before the processor 12 updates the first correspondence to the second correspondence according to the profile enabling request, store the first correspondence, where the first correspondence includes a correspondence between an identifier of the first application set and identification information of the source profile.

    [0025] Optionally, in another embodiment, based on the foregoing embodiment, the updating a first correspondence to a second correspondence according to the profile enabling request specifically includes:

    selecting at least one application from the first application set according to the identification information of the target profile or according to the identification information of the target profile and a user indication; and

    obtaining an identifier of the selected at least one application from the first correspondence, and associating the identifier of the at least one application with the identification information of the target profile, to obtain the second correspondence.



    [0026] The identification information of the target profile may be either of an ISD-P AID and an ICCID in the GSMA, or even a mobile phone number, an IMSI, or the like, but is not limited thereto.

    [0027] Optionally, in another embodiment, based on the foregoing embodiment, the first correspondence specifically includes: a first mapping table of the eUICC and at least one profile. The first mapping table includes at least the identification information of the source profile; and a second mapping table of the at least one public SE, and the at least one application in the at least one public SE.

    [0028] The processor 12 associates the first mapping table with the second mapping table, to obtain the first correspondence.

    [0029] Optionally, in another embodiment, based on the foregoing embodiment, the first mapping table further includes: an identifier of the eUICC; or an identifier of the eUICC, enabled state information corresponding to the source profile, the identification information of the target profile, and disabled state information corresponding to the target profile.

    [0030] The second mapping table further includes: the identifier of the eUICC, an identifier of the at least one public SE, and an identifier of the at least one application; or the identifier of the eUICC, an identifier of the at least one public SE, an identifier of the at least one application, and enabled or disabled state information of the at least one application.

    [0031] The obtaining an identifier of the selected at least one application from the first correspondence, and associating the identifier of the at least one application with the identification information of the target profile, to obtain the second correspondence specifically includes: updating the identification information of the source profile in the first mapping table to the identification information of the target profile; or updating the enabled state information corresponding to the source profile in the first mapping table to disabled state information, and updating the disabled state information corresponding to the target profile to enabled state information;
    updating the identifier of the at least one application in the second mapping table to an identifier of at least one of the at least one application; or setting, by the management apparatus, status information of the at least one application in the second mapping table to an enabled state, and setting status information corresponding to a remaining application to a disabled state; and
    associating, by the management apparatus, the first mapping table with the second mapping table, to obtain the second correspondence.

    [0032] Optionally, in another embodiment, based on the foregoing embodiment, the at least one application in the first application set (that is, the at least one of the at least one application) includes: at least one application that is determined from the first application set according to a setting preset by a user; or at least one application that is determined from the first application set according to a selection made by a user during profile switching or after profile switching.

    [0033] Optionally, in another embodiment, based on the foregoing embodiment, the data interface 13 is further configured to: when the at least one application in the first application set is at least one application that is determined by the processor from the first application set according to a selection made by a user during profile switching or after profile switching, output an application list to a terminal, where the application list includes the first application set stored in the public SE or at least one application in the first application set.

    [0034] The processor 12 is further configured to determine at least one application from the application list according to a selection made by the user.

    [0035] Further, in the foregoing embodiment, the processor in the eUICC can update a correspondence between at least one application stored in the at least one public SE and a source profile to a correspondence between the at least one application and a target profile according to a profile enabling request, so as to ensure that some or all applications in the public SE can still be used when subscription information of a bound MNO becomes invalid, thereby ensuring that after enabling the target profile, a user can normally access and use some or all applications and data in the public SE that correspond to the source profile.

    [0036] Optionally, in another embodiment, based on the foregoing embodiment, the at least one SE 11 includes a first private SE and a second private SE (not shown in the figure), the first private SE is disposed in a first private storage device, and the second private SE is disposed in a corresponding second private storage device.

    [0037] The processor is configured to manage the first private SE and the second private SE.

    [0038] The source profile is installed in the first private SE, and the target profile is installed in the second private SE.

    [0039] The first private SE is configured to store at least one application that corresponds to a profile installed in the first private storage device.

    [0040] The second private SE is configured to store at least one application that corresponds to a profile installed in the second private storage device.

    [0041] It should be noted that in this embodiment, the at least one SE 11 includes at least two private SEs, that is, the first private SE and the second private SE, which may be two private SEs in one SE; alternatively, the two SEs are two independent private SEs, that is, one SE is the first private SE, and the other SE is the second private SE.

    [0042] Optionally, in another embodiment, based on the foregoing embodiment, the processor 12 is further configured to: determine information indicating that application and data migration needs to be performed, where the information is information used to migrate an application and data from the first private SE to the second private SE; and migrate at least one application in the first application set and data related to the at least one application to the second private SE according to the information, so as to update the first correspondence to the second correspondence. That is, at least one of the at least one application that is in the first private SE corresponding to the source profile and data related to the at least one application are migrated to the second private SE corresponding to the target profile, according to the information, so that the correspondence between the source profile and the at least one application that is stored in the first private SE and that corresponds to the source profile is updated to the correspondence between the at least one of the at least one application and the target profile.

    [0043] In this embodiment, the processor 12 may determine, in multiple manners, the information indicating that application and data migration needs to be performed. In this embodiment, two manners are used as examples for description. One determining manner is shown in step 502 to step 510 in FIG. 5, and the other determining manner is shown in step 603 to step 609 in FIG. 6, which are not described in detail here. For details, refer to the following descriptions.

    [0044] Optionally, in another embodiment, based on the foregoing embodiment, the migrating, according to the information, at least one application in the first application set and data related to the at least one application to the second private SE corresponding to the target profile specifically includes: obtaining the at least one application and the data related to the at least one application from the first application set according to the information; and migrating the obtained at least one application and the obtained data related to the at least one application to the second private SE corresponding to the target profile.

    [0045] Optionally, in another embodiment, based on the foregoing embodiment, the obtaining the at least one application and the data related to the at least one application from the first application set includes:
    the at least one application that is determined from the first application set according to the setting preset by the user, and data related to the at least one application; or the at least one application that is determined from the first application set according to the selection made by the user during the profile switching or after the profile switching, and data related to the at least one application.

    [0046] Optionally, in another embodiment, based on the foregoing embodiment, the data interface 13 is further configured to: when the at least one application determined from the first application set is at least one application that is determined by the processor from the first application set according to a selection made by a user during profile switching or after profile switching, output a migratable-application list to a terminal, where the migratable-application list includes an identifier of an application that is stored in the first private SE corresponding to the source profile and that can be used when switching to the target profile is performed.

    [0047] The processor 12 is further configured to determine, from the first application set according to a selection made by the user in the migratable-application list, at least one application in an application corresponding to the source profile.

    [0048] Further, in this embodiment of the present invention, the processor in the eUICC can migrate, according to determined migration information, at least one application in a first private SE in a memory (for example, a source memory) corresponding to a source profile and data related to the at least one application to a second private SE in another memory (for example, a target memory) corresponding to a target profile, so that an application and data in the source memory can still be used when the source profile is disabled, thereby ensuring that after enabling the target profile, a user can normally access and use some or all applications and data in a public SE that correspond to the source profile.

    [0049] Correspondingly, an embodiment of the present invention further provides a data update management apparatus, and a schematic structural diagram of the data update management apparatus is shown in FIG. 2. The management apparatus 21 is disposed in a universal integrated circuit card eUICC 2, at least one secure element SE 22 (where one SE is used as an example in this embodiment) is further disposed in the eUICC 2, the at least one SE 22 is configured to store an application corresponding to at least one profile profile, and the management apparatus 21 is configured to manage the at least one SE 22. The management apparatus 21 includes a first receiving unit 211 and an update unit 212.

    [0050] The first receiving unit 211 is configured to receive a profile enabling request. The profile enabling request is used to switch a source profile to a target profile, the profile enabling request includes identifier information of the target profile, and the source profile is a profile that is in an enabled state before the switching.

    [0051] The update unit 212 is configured to update a first correspondence to a second correspondence according to the profile enabling request. The first correspondence includes a correspondence between a first application set and the source profile, and the first application set includes at least one application in the at least one SE. The second correspondence is a correspondence between a second application set and the target profile, and the second application set includes at least one application in the first application set.

    [0052] Optionally, the at least one application updated by the update unit 212 includes: an application that is in the at least one SE and that corresponds to both the source profile and the target profile.

    [0053] Optionally, in another embodiment, based on the foregoing embodiment, the update unit 212 is specifically configured to: when the at least one secure element SE 22 is at least one public SE, and in this embodiment, the at least one public SE is configured to store at least an application corresponding to the source profile and an application corresponding to the target profile, update the first correspondence to the second correspondence according to the profile enabling request.

    [0054] Optionally, in another embodiment, the apparatus further includes: a storage unit (not shown in the figure). The storage unit is configured to: before the update unit updates the first correspondence to the second correspondence according to the profile enabling request, store the first correspondence, where the first correspondence includes a correspondence between an identifier of the first application set and identification information of the source profile.

    [0055] Optionally, in another embodiment, the update unit 212 includes: a selection unit and a first update unit (which are not shown in the figure). The selection unit is configured to select at least one application from the first application set according to the identification information of the target profile or according to the identification information of the target profile and a user indication. The first update unit is configured to obtain an identifier of the selected at least one application from the first correspondence, and associate the identifier of the at least one application with the identification information of the target profile, to obtain the second correspondence.

    [0056] Optionally, in another embodiment, the storage unit includes: a first storage unit, a second storage unit, and an association unit. The first storage unit is configured to store a first mapping table of the eUICC and at least one profile. The first mapping table includes at least the identification information of the source profile. The second storage unit is configured to store a second mapping table of the eUICC, the at least one public SE, and the at least one application in the at least one public SE. The association unit is configured to associate the first mapping table with the second mapping table, to obtain the first correspondence.

    [0057] Optionally, in another embodiment, the first mapping table stored in the first storage unit further includes: an identifier of the eUICC; or an identifier of the eUICC, enabled state information corresponding to the source profile, the identification information of the target profile, and disabled state information corresponding to the target profile. The second mapping table stored in the second storage unit further includes: the identifier of the eUICC, an identifier of the at least one public SE, and an identifier of the at least one application; or the identifier of the eUICC, an identifier of the at least one public SE, an identifier of the at least one application, and enabled or disabled state information of the at least one application.

    [0058] The first update unit is specifically configured to: update the first mapping table according to the profile enabling request, where the identification information of the source profile in the first mapping table is updated to the identification information of the target profile; or the enabled state information corresponding to the source profile in the first mapping table is updated to disabled state information, and the disabled state information corresponding to the target profile is updated to enabled state information; update the second mapping table according to the profile enabling request, where the identifier of the at least one application in the second mapping table is updated to an identifier of at least one of the at least one application; or status information corresponding to at least one of the at least one application in the second mapping table is set to an enabled state, and status information corresponding to a remaining application is set to a disabled state; and associate the first mapping table with the second mapping table, to obtain the second correspondence.

    [0059] Optionally, in another embodiment, the at least one application that is updated by the update unit 212 and that is in the first application set includes: at least one application that is determined from the first application set according to a setting preset by a user; or at least one application that is determined from the first application set according to a selection made by a user during profile switching or after profile switching.

    [0060] Optionally, in another embodiment, the apparatus may further include: a first output unit and a first determining unit (which are not shown in the figure). The first output unit is configured to: when the at least one application that is updated by the update unit that is in the first application set is at least one application that is determined by the management apparatus from the first application set according to a selection made by a user during profile switching or after profile switching, output an application list to a terminal, where the application list includes the first application set stored in the public SE or at least one application in the first application set. The first determining unit is configured to determine at least one application from the application list according to a selection made by the user.

    [0061] Optionally, in another embodiment, based on the embodiment shown in FIG. 2, the at least one secure element SE includes a first private SE and a second private SE, and at least a first storage module and a second storage module are further disposed in the eUICC. The management apparatus is further configured to manage at least the first storage module and the second storage module, the source profile is installed in the first storage module, and the target profile is installed in the second storage module. The first private SE is disposed in the first storage module, and the second private SE is disposed in the second storage module. The first private SE is configured to store at least one application corresponding to the source profile, and the second private SE is configured to store at least one application corresponding to the target profile.

    [0062] That is, in this embodiment, the first storage module may be a source storage module, and the second storage module may be a target storage module. The at least one application may be an application corresponding to the source profile and the target profile. The application corresponding to the source profile and the target profile may be a same application, or may be multiple same applications, which is not limited in this embodiment.

    [0063] Optionally, in another embodiment, the first application set is specifically the at least one application corresponding to the source profile in the first private SE. The update unit includes: a second determining unit and a migration unit (which are not shown in the figure). The second determining unit is configured to determine information indicating that application and data migration needs to be performed. The information is information used to migrate an application and data from the first private SE to the second private SE.

    [0064] The migration unit is configured to migrate, according to the information, at least one application in the first application set and data related to the at least one application to the second private SE corresponding to the target profile, so that the first correspondence is updated to the second correspondence.

    [0065] That is, at least one of the at least one application that is in the first private SE corresponding to the source profile and data related to the application are migrated to the second private SE corresponding to the target profile, according to the information, so that the correspondence between the source profile and the at least one application that is stored in the first private SE and that corresponds to the source profile is updated to the correspondence between the at least one of the at least one application and the target profile.

    [0066] The data migration information may include at least the identification information of the target profile or identification information of the private SE corresponding to the target profile. The identification information of the target profile may be an identifier (such as an ICCID defined by the GSMA) of the target profile, or may be identifier information (such as an ISD-P AID defined by the GSMA) of the storage module corresponding to the target profile, or may be other information that can identify the target profile (such as a mobile phone number or an IMSI). The identification information of the private SE corresponding to the target profile may be an identifier (such as an SEID) of the private SE. Certainly, the migration information may further include other identification information, which is not limited in this embodiment.

    [0067] Optionally, the migration unit includes an obtaining unit and a first migration unit. The obtaining unit is configured to obtain the at least one application and the data related to the at least one application from the first application set according to the information. The first migration unit is configured to migrate the obtained at least one application and the obtained data related to the at least one application to the second private SE.

    [0068] Optionally, in another embodiment, the at least one application in the first application set and the data related to the at least one application that are obtained by the obtaining unit include: at least one application that is determined from the first application set according to a setting preset by a user, and data related to the at least one application; or at least one application that is determined from the first application set according to a selection made by a user during profile switching or after profile switching, and data related to the at least one application.

    [0069] Optionally, in another embodiment, the apparatus may further include: a second output unit and a third determining unit (which are not shown in the figure). The second output unit is configured to: when the at least one application that is determined from the first application set and that is obtained by the obtaining unit is at least one application that is determined by the management apparatus from the first application set according to a selection made by a user during profile switching or after profile switching, output a migratable-application list to a terminal. The migratable-application list includes an identifier of an application that is stored in the first private SE and that can be used when switching to the target profile is performed.

    [0070] The third determining unit is configured to determine at least one application from the first application set according to a selection made by the user in the migratable-application list.

    [0071] In this embodiment of the present invention, the management apparatus can migrate, according to determined migration information, at least one application in a private SE in a source storage module corresponding to a source profile and data related to the at least one application to a private SE in a target storage module corresponding to a target profile, so that an application and data in the source storage module can still be used when the source profile is disabled, thereby ensuring that after enabling the target profile, a user can normally access and use some or all applications and data in a public SE that correspond to the source profile.

    [0072] Based on the implementation process of the foregoing apparatus, an embodiment of the present invention further provides a data update method, and a flowchart of the data update method is shown in FIG. 3. The method is applied to a universal integrated circuit card eUICC in which a management apparatus and at least one secure element SE are disposed. The at least one SE is configured to store an application corresponding to at least one profile profile, and the management apparatus is configured to manage the at least one SE. The method includes:

    [0073] Step 301: The management apparatus receives a profile enabling request, where the profile enabling request is used to switch a source profile to a target profile, the profile enabling request includes identifier information of the target profile, and the source profile is a profile that is in an enabled state before the switching.

    [0074] Step 302: The management apparatus updates a first correspondence to a second correspondence according to the profile enabling request, where the first correspondence is a correspondence between a first application set and the source profile, and the first application set includes at least one application in the at least one SE; and the second correspondence is a correspondence between a second application set and the target profile, and the second application set includes at least one application in the first application set.

    [0075] The first application set includes: an application that is in the at least one SE and that corresponds to both the source profile and the target profile. The application that corresponds to both the source profile and the target profile refers to an application that can be used in both MNO environments corresponding to the source profile and the target profile.

    [0076] Optionally, the at least one secure element SE is at least one public SE.

    [0077] The at least one public SE is configured to store at least an application corresponding to the source profile and an application corresponding to the target profile.

    [0078] Optionally, in another embodiment, based on the foregoing embodiment, before the updating, by the management apparatus, a first correspondence to a second correspondence according to the profile enabling request, the method further includes:
    storing, by the management apparatus, the first correspondence, where the first correspondence includes a correspondence between an identifier of the first application set and identification information of the source profile.

    [0079] Optionally, in another embodiment, based on the foregoing embodiment, the updating, by the management apparatus, a first correspondence to a second correspondence according to the profile enabling request specifically includes:

    selecting, by the management apparatus, at least one application from the first application set according to the identification information of the target profile or according to the identification information of the target profile and a user indication; and

    obtaining, by the management apparatus, an identifier of the selected at least one application from the first correspondence, and associating the identifier of the at least one application with the identification information of the target profile, to obtain the second correspondence.



    [0080] Optionally, in another embodiment, based on the foregoing embodiment, the storing, by the management apparatus, the first correspondence includes:

    storing, by the management apparatus, a first mapping table of the eUICC and at least one profile, where the first mapping table includes at least the identification information of the source profile;

    storing, by the management apparatus, a second mapping table of the eUICC, the at least one public SE, and the at least one application in the at least one public SE; and

    associating, by the management apparatus, the first mapping table with the second mapping table, to obtain the first correspondence.



    [0081] Optionally, in another embodiment, based on the foregoing embodiment, the first mapping table further includes: an identifier of the eUICC; or an identifier of the eUICC, enabled state information corresponding to the source profile, the identification information of the target profile, and disabled state information corresponding to the target profile.

    [0082] The second mapping table further includes: the identifier of the eUICC, an identifier of the at least one public SE, and an identifier of the at least one application; or the identifier of the eUICC, an identifier of the at least one public SE, an identifier of the at least one application, and enabled or disabled state information of the at least one application.

    [0083] The obtaining, by the management apparatus, an identifier of the selected at least one application from the first correspondence, and associating the identifier of the at least one application with the identification information of the corresponding target profile, to obtain the second correspondence includes:

    updating, by the management apparatus, the identification information of the source profile in the first mapping table to the identification information of the target profile; or updating, by the management apparatus, the enabled state information corresponding to the source profile in the first mapping table to disabled state information, and updating the disabled state information corresponding to the target profile to enabled state information;

    updating, by the management apparatus, the identifier of the at least one application in the second mapping table to an identifier of at least one of the at least one application; or setting, by the management apparatus, status information of the at least one application in the second mapping table to an enabled state, and setting status information corresponding to a remaining application to a disabled state; and

    associating, by the management apparatus, the first mapping table with the second mapping table, to obtain the second correspondence.



    [0084] Optionally, the at least one application in the first application set includes: at least one application that is determined by the management apparatus from the first application set according to a setting preset by a user; or at least one application that is determined by the management apparatus from the first application set according to a selection made by a user during profile switching or after profile switching.

    [0085] Optionally, in another embodiment, based on the foregoing embodiment, when the at least one application in the first application set is at least one application that is determined by the management apparatus from the first application set according to a selection made by a user during profile switching or after profile switching, the method further includes:

    outputting, by the management apparatus, an application list to a terminal, where the application list includes the first application set stored in the public SE or at least one application in the first application set; and

    determining, by the management apparatus, at least one application from the application list according to a selection made by the user.



    [0086] Optionally, in another embodiment, based on the foregoing embodiment, the at least one secure element SE includes a first private SE and a second private SE, the first private SE is disposed in a corresponding first storage module, and the second private SE is disposed in a corresponding second storage module.

    [0087] The source profile is installed in the first storage module, and the target profile is installed in the second storage module.

    [0088] The first private SE stores at least one application corresponding to the source profile, and the second private SE stores at least one application corresponding to the target profile.

    [0089] The first storage module and the second storage module are disposed in the eUICC, and are managed by the management apparatus.

    [0090] Optionally, in another embodiment, based on the foregoing embodiment, the first application set is specifically the at least one application corresponding to the source profile in the first private SE; and the updating, by the management apparatus, a first correspondence to a second correspondence according to the profile enabling request specifically includes:

    determining, by the management apparatus, information indicating that application and data migration needs to be performed, where the information is information used to migrate an application and data from the first private SE to the second SE; and

    migrating, by the management apparatus, at least one application in the first application set and data related to the at least one application to the second private SE according to the information, so as to update the first correspondence to the second correspondence.



    [0091] Optionally, in another embodiment, based on the foregoing embodiment, the migrating, by the management apparatus, at least one application in the first application set and data related to the application to the second private SE according to the information includes:

    obtaining, by the management apparatus, the at least one application and the data related to the at least one application from the first application set according to the information; and

    migrating, by the management apparatus, the obtained at least one application and the obtained data related to the at least one application to the second private SE.



    [0092] Optionally, in another embodiment, based on the foregoing embodiment, the at least one application in the first application set and the data related to the at least one application include:
    at least one application that is determined by the management apparatus from the first application set according to a setting preset by a user, and data related to the application; or at least one application that is determined by the management apparatus from the first application set according to a selection made by a user during profile switching or after profile switching, and data related to the at least one application.

    [0093] Optionally, in another embodiment, based on the foregoing embodiment, when the at least one application determined from the first application set is at least one application that is determined by the management apparatus from the first application set according to a selection made by a user during profile switching or after profile switching, the method further includes:

    outputting, by the management apparatus, a migratable-application list to a terminal, where the migratable-application list includes an identifier of an application that is stored in the first private SE and that can be used when switching to the target profile is performed; and

    determining, by the management apparatus, at least one application from the first application set according to a selection made by the user in the migratable-application list.



    [0094] To facilitate understanding of a person skilled in the art, the following provides a description by using specific application examples.

    [0095] Further, refer to FIG. 4. FIG. 4 is a flowchart of a first application example of a data update method according to an embodiment of the present invention. This embodiment is described based on an eUICC remote provisioning specification formulated by the GSMA. In this embodiment, a process of updating a profile associated with an application in a public SE is described by using a specific application example. In the process, an eUICC includes a management apparatus. The management apparatus includes, for example, a maintenance and update module and a switching module, but is not limited thereto. An update process thereof specifically includes:

    [0096] Step 401: The eUICC maintains an SEID-EID mapping list and an EID-ICCID mapping list by using an application selection and query module.

    [0097] An SEID is used to identify a secure element SE, an EID is used to identify an embedded universal integrated circuit card eUICC, and an ICCID is used to identify a profile.

    [0098] In an example, it is assumed that the eUICC includes multiple public SEs, where n applications are already installed in an SE1 (which has an identifier of SEID1), AID1 to AIDk are applications corresponding to a profile 1, and AID1 and AIDk can still be used after the profile 1 is switched to a profile 2 (that is, AID1 and AIDk are applications that are jointly subscribed to by an MNO corresponding to the profile 1 and an MNO corresponding to the profile 2, that is, both the two applications can be used in the two MNO environments. An SEID-EID list is shown in Table 1:
    Table 1
    EID SEID1 AID1
    AID2
    ...
    AIDk
    ...
    AIDn
    ...  
    SEIDm  


    [0099] Assuming that currently the profile 1 in the eUICC is enabled (enabled), and remaining profile 2 to profile m are all disabled (disabled), an EID-ICCID list is shown in Table 2:
    Table 2
    EID ICCID1 (enabled)
    ICCID2 (disabled)
    ...
    ICCIDm (disabled)


    [0100] Table 2 is described by using an example in which a profile is identified by an ICCID. Certainly, other identifiers such as an ISD-P AID, a mobile phone number, and an IMSI may also be used. In this example, the EID-ICCID list described in Table 2 includes an identifier (such as an EID) of the eUICC, an identifier (such as ICCID1) of the profile 1, status information (such as an enabled state enabled) corresponding to the profile 1, an identifier (such as ICCID2) of the profile 2, status information (such as a disabled state disabled) corresponding to the profile 2, and the like. After profile switching is completed, only corresponding status information of the profiles in the list needs to be updated. In addition, the EID-ICCID list may alternatively include only the identifier (such as the EID) of the eUICC and the identifier (such as ICCID1) of the profile 1. After profile switching is completed, only the identifiers of the profiles in the list need to be updated.

    [0101] Step 402: An MNO sends a profile enabling request (Profile Enabling Request) to an SM-SR, where the request includes an EID and a target ICCID.

    [0102] It should be noted that the sending, by an MNO, a profile enabling request to an SM-SR may be that a user proactively requests the MNO to trigger, or may be automatically triggered by the MNO, which is not limited in the present invention.

    [0103] Step 403: After completing a policy check (and mutual authentication with the eUICC), an SM-SR forwards the profile enabling request (Profile enabling request) to the switching module in the eUICC, where the profile enabling request includes an ISD-P AID corresponding to a target profile.

    [0104] It should be noted that according to the eUICC remote provisioning specification formulated by the GSMA, an eUICC information set (eUICC Information Set, EIS) stored by the SM-SR includes related identification information of each profile (as shown in the following EIS content); therefore, the SM-SR may find, according to the target ICCID in step 803, the ISD-P AID corresponding to the target profile.

    [0105] The EIS content is as follows: EIS={EID, Type, Version, Production Date, Platform Management Credentials, Certificate, SRID, {profile 0: profile Type, ISD-P AID, ICCID, MSISDN, State, DPID, Allocated Memory, POL2 profile 1: profile Type, ISD-P AID, ICCID, MSISDN, State, DPID, Allocated Memory, POL2 ... profile n: ... } }

    [0106] ISD-P AID: ISD-P Application Identifier, which is used to identify an ISD-P.

    [0107] ICCID: Integrated Circuit Card ID, which is generated by the SM-DP in a personalization process of a profile, and may be used to identify the profile.

    [0108] MSISDN: Mobile Subscriber International ISDN (Integrated Service Digital Network, integrated services digital network) number, which may be understood as a unique number that can identify a mobile user in a telephony network, and therefore, may also be used to identify a profile.

    [0109] DPID: ID of the relevant SM-DP, which is used to identify the SM-DP.

    [0110] SRID: ID of the relevant SM-SR, which is used to identify the SM-SR.

    [0111] Step 404: The switching module of the eUICC performs a profile switching operation after a policy check is performed, that is, disables a source profile and enables the target profile.

    [0112] Step 405: The switching module of the eUICC sends a list update and maintenance request to the maintenance and update module, where the list update and maintenance request includes the target ICCID.

    [0113] Step 406: The maintenance and update module of the eUICC maintains the SEID-EID list and updates the EID-ICCID list, to bind AIDs of some or all applications of the source profile to the target profile.

    [0114] Specifically, the maintenance and update module maintains the SEID-EID list. The list may be maintained according to an AID(s) of a to-be-bound application(s) that is/are set in advance (that is, some or all applications corresponding to the source profile), or the list may be maintained according to an AID(s) of a to-be-bound application(s) that is/are determined according to a selection made by the user in real time. It should be noted that the above-mentioned actions of maintaining the SEID-EID list are not specifically shown in FIG. 8.

    [0115] Exemplarily, assuming that the target profile is the profile 2, the EID-ICCID list is updated to:
    Table 3
    EID ICCID1 (disabled)
    ICCID2 (enabled)
    ...
    ICCIDm (disabled)


    [0116] Specifically, in this example, according to content of the foregoing Table 2, the status information corresponding to the source profile (ICCID1) in the EID-ICCID list needs to be updated from enabled (enabled) to disabled (disabled), and the status information corresponding to the target profile (ICCID2) needs to be updated from disabled (disabled) to enabled (enabled). In addition, if the EID-ICCID list includes only the identifier (such as the EID) of the eUICC and the identifier (such as ICCID1) of the profile 1, the identifier of the profile needs to be updated from the source profile (ICCID1) to the target profile (ICCID2).

    [0117] It should be noted that some or all AIDs of the source profile can be bound to the target profile only after the EID-ICCID list is updated and the applications to be bound are determined. Determining, from all the AIDs corresponding to the source profile, some or all AIDs that are to be bound to the target profile may specifically include the following cases:
    1. (1) The AID(s) that is/are to be bound to the target profile may be set before the profile switching is requested, that is, set in advance, that is, set before step 802. It should be noted that the setting action may be implemented when an application is downloaded and installed, or the AID(s) may be uniformly set by the user after all applications are installed.
    2. (2) An application (such as AID1 and AIDk in Table 1) that can be bound to the target profile 2 may be reported to the user by using a UI of a terminal before the EID-ICCID list is updated, for example, after the eUICC receives the profile enabling request or after profile enabling is completed, and then the application to be bound is determined according to a selection made by the user.
    3. (3) After the EID-ICCID list is updated, similar to the method (2), an application that can be bound may be reported to the user and the user is prompted to make a selection to determine the application to be bound.


    [0118] Step 407: The maintenance and update module of the eUICC feeds back an EID-ICCID list update notification and an application binding update result to a user by using a UI.

    [0119] By means of the foregoing step 401 to step 407, subscription data of all applications that are bound to the target profile and that correspond to the source profile may be quickly updated by using the SEID-EID list and the EID-ICCID list, so as to ensure that after enabling the target profile, the user can normally access and use some or all applications and data in a public SE that correspond to the source profile.

    [0120] Step 408: The user sends an application selection request to the eUICC by using the UI of a terminal, where the application selection request includes an AID(s) of an application(s) and an SEID of the eUICC in which the application(s) is located.

    [0121] Step 409: The eUICC queries, based on the EID-ICCID list and the SEID-EID list maintained by the maintenance and update module, for an ICCID(s) currently corresponding to the AID(s).

    [0122] Step 410: The eUICC feeds back a query notification to the user by using the UI, where the query notification may include the AID(s) and the ICCID(s).

    [0123] It should be noted that in the foregoing implementation process, step 408 to step 410 are optional steps.

    [0124] Step 402 to step 404 are a profile update phase; step 405 and step 407 are a list update phase; and step 408 to step 410 are an application selection and query phase.

    [0125] It should be noted that still using that the source profile is the profile 1 and the target profile is the profile 2 as an example, when the profile 1 is in an enabled state, the SEID-EID list shown in the foregoing Table 1 may include only the applications that correspond to both the profile 1 and the profile 2, that is, may include only AID1 and AIDk that can be normally used both in an MNO environment corresponding to the profile 1 and an MNO environment corresponding to the profile 2. The SEID-EID list may alternatively include the applications that correspond to both the profile 1 and the profile 2, and the applications AID2 to AIDk-1 that correspond to only the profile 1. After the profile 1 is disabled, and the profile 2 is enabled, correspondingly, the SEID-EID list shown in the foregoing Table 1 may include only some or all applications such as AID1 and/or AIDk that are selected from applications corresponding to functions of the profile 1 and the profile 2, and certainly, may further include an AID of an application that corresponds to only the profile 2.

    [0126] Referring to FIG. 5, FIG. 5 is a flowchart of a second application example of a data update method according to an embodiment of the present invention. This embodiment is an extension based on an eUICC remote provisioning specification of the GSMA. In this embodiment, a process of migrating and updating an application and data that are in a private SE is described by using a specific application example. An eUICC includes, for example, an ISD-R (that is, a management apparatus), an ISD-P2 (including an SE 2) (that is, a second storage module or a target storage module), and an ISD-P1 (including an SE 1) (that is, a first storage module or a source storage module), but is not limited thereto. A migration and update process thereof specifically includes:

    [0127] In this example, it is assumed that a source profile is a profile 1 and corresponds to a private secure element SE 1; a target profile is a profile 2 and corresponds to a private secure element SE 2; and AID1 to AIDm are corresponding identifiers of m applications installed in the SE 1, where two applications corresponding to AID1 and AIDk can still be normally used when the profile 1 is switched to the profile 2 (that is, it may be understood as that the two applications are applications that are jointly subscribed to by two MNOs corresponding to the profile 1 and the profile 2, and the two applications can be used in both of the two MNO environments).

    [0128] Step 500: An MNO sends a profile enabling request (Profile Enabling Request) to an SM-SR, where the profile enabling request includes an EID and a target ICCID.

    [0129] Step 501: After performing a policy check (and mutual authentication with the eUICC), an SM-SR forwards the profile enabling request to the ISD-R of the eUICC, where the profile enabling request includes an ISD-P AID corresponding to a target profile.

    [0130] It should be noted that the policy check herein is a policy check performed by an SM-SR in the eUICC remote provisioning protocol formulated by the GSMA, and is not described in detail herein. In addition, if the SM-SR and the eUICC have not performed mutual authentication, the mutual authentication needs to be performed, as indicated by the content in the parentheses in this step.

    [0131] Step 502: After performing a policy check, the ISD-R sends a migratable-application check request to the SE 1.

    [0132] It should be noted that the policy check herein is a policy check performed by an eUICC in the eUICC remote provisioning protocol formulated by the GSMA, and is not described in detail herein. In addition, in this embodiment, the following step 503 may not necessarily be triggered by the migratable-application check request in step 502, but instead, the following step 503 may be triggered by an operation of disabling the profile 1 in the ISD-P1 by the ISD-R after the eUICC completes the policy check.

    [0133] Step 503: The SE 1 performs a migratable-application check according to the received migratable-application check request and generates a migratable-application list AID_LIST. It should be noted that in this embodiment, based on the foregoing assumption in the embodiment shown in FIG. 4, applications included in the migratable-application list AID LIST are AID1 and AIDk.

    [0134] Step 504: The SE 1 of the eUICC reports a migratable-application list notification to a user by using a UI, where the migratable-application list includes the migratable-application list AID_LIST.

    [0135] It should be noted that in this embodiment, the SE 1 may directly report the migratable-application list to the user, or may report the migratable-application list to the user by using the ISD-R.

    [0136] Step 505: The user selects an AID(s) of an application(s) from the migratable-application list by using the UI.

    [0137] Step 506: The user feeds back a migratable-application acknowledgment to the SE 1 of the eUICC by using the UI, where the migratable-application acknowledgment includes the AID(s) of the selected application(s).

    [0138] Specifically, in this embodiment, a UI of a terminal may directly feed back a user selection result to the SE 1, or may feed back a user selection result to the SE 1 by using the ISD-R.

    [0139] It should be noted that step 504 to step 506 are optional steps. That is, in this embodiment, the SE 1 of the eUICC may not report the user selection result to the user, but instead, the ISD-R makes a selection by itself and determines an AID(s) of an application(s) to be migrated, or determines, according to a migratable application selected by the user in advance, an AID(s) of an application(s) to be migrated.

    [0140] Step 507: The SE 1 of the eUICC sends an application migration request to the ISD-R.

    [0141] It should be noted that the application migration request may include an identifier SEID1 of a source SE and/or an identifier SEID2 of a target SE, or may not include an SEID1, or may not include the SEID2, because the profile enabling request previously received by the ISD-R includes the ISD-P AID corresponding to the target profile. In addition, in the foregoing step 506, if the ISD-R does not know a migratable-application(s) to be migrated, the request in this step may carry an AID(s) of the application(s).

    [0142] Step 508: The ISD-R of the eUICC performs a policy check.

    [0143] It should be noted that the policy check described herein is different from the policy checks described in the foregoing step 501 and step 502. The policy check performed by the ISD-R is mainly for purpose of checking whether the eUICC supports migrating, by using the ISD-R, these subscription applications and data related to the subscription applications from a private SE corresponding to a profile of an MNO to a private SE corresponding to a profile of another MNO that has a cooperation and subscription relationship with the MNO in applications. The applications described herein may be applications that can support online and/or offline payment, such as a bank card application and a public transportation card application. Correspondingly, data related to these applications may be: data generated in a patronization phase of a card, such as a card number or a card key, transaction-related data that is generated during use of a card, and the like. A specific policy check manner is not limited in the present invention.

    [0144] Step 509: After performing a policy check, the ISD-R of the eUICC feeds back an application migration acknowledgment to the SE 1.

    [0145] Specifically, based on the foregoing step 508, if a result of the policy check is yes, the ISD-R feeds back an application migration acknowledgment to the SE 1, to notify the SE 1 that the application and the data related to the application that are determined above (such as in step 504 to step 506) can be migrated to the ISD-R.

    [0146] Step 510: Perform application and data migration between the ISD-R and the SE 1 of the eUICC.

    [0147] Specifically, the SE 1 migrates the application and the data related to the application that are determined in the foregoing step 504 to step 506 to the ISD-R.

    [0148] It should be noted that in this embodiment, step 503 to step 506 or step 504 to step 506 may alternatively be performed between step 509 and step 510.

    [0149] Step 511: The ISD-R of the eUICC performs a profile switching operation, that is, disables the source profile and enables the target profile.

    [0150] It should be noted that this step may alternatively be performed before step 510 or after step 512.

    [0151] Step 512: The ISD-R of the eUICC sends an application migration request to the SE 2.

    [0152] Step 513: The SE 2 of the eUICC feeds back an application migration acknowledgment to the ISD-R.

    [0153] Step 514: Perform application and data migration between the ISD-R and the SE 2 of the eUICC.

    [0154] Specifically, the ISD-R migrates the selected application and the data related to the selected application that are obtained from the SE 1 based on the foregoing step 510 to the SE 2. In addition, this step may alternatively be completed during the foregoing step 512 and step 513. That is, the application migration request sent by the ISD-R to the SE 2 includes the application and the data related to the application that are migrated in this step.

    [0155] Step 515: The ISD-R of the eUICC feeds back an application migration result notification to the user by using the UI, where the application migration result notification may include an AID(s) of an application(s) that is/are already migrated.

    [0156] Certainly, in this embodiment, the ISD-R included in the eUICC may be understood as a function module in the management apparatus, the ISD-P2 (SE 2) may be understood as a function module in the target storage module, and the ISD-P1 (SE 1) may be understood as a function module in the source storage module.

    [0157] It should be noted that in this embodiment, for definitions of the SM-DP, the ISD-R, the SM-SR, the ISD-P, and some related identifiers, refer to parameter definitions made by the GSM Association (GSMA), and are not described in detail herein. The ISD-R and the ISD-P may be understood as logical entities rather than physical entities.

    [0158] In this embodiment, in addition to the foregoing implementation manner shown in FIG. 5, an objective of migrating an application and data related to the application from a private SE corresponding to a source profile to a private SE corresponding to a target profile may also be implemented by using other implementation manners. The other specific implementation manners include, for example, but not limited to, the following two embodiments:

    [0159] In a first embodiment, after step 502 in FIG. 5, the ISD-R may send (after performing the policy check described in step 508) an application migration request to the ISD-P1 (as described in the foregoing step 507). The ISD-P1 performs (after performing a policy check similar to the policy check described in step 508) a migratable-application check according to the request (as described in the foregoing step 503), and reports, to the ISD-R, a migratable-application list AID_LIST obtained after the check. The ISD-R determines, by itself, a selected application according to the AID LIST or requests a user to determine a selected application, and feeds back an application migration acknowledgment to the ISD-P1 (as described in the foregoing step 509). The ISD-P1 sends a corresponding application on the private SE (the SE 1) of the ISD-P1 and data related to the application to the ISD-R according to the selected application (as described in the foregoing step 510). For details, refer to a third application example shown in FIG. 6:

    [0160] In FIG. 6, for details of step 601 and step 602, refer to step 500 and step 501.

    [0161] Step 603: The ISD-R performs a migratable-application check.

    [0162] Step 604: The ISD-R sends an application migration request to an SE 1, where the application migration request includes identification information of the target profile.

    [0163] For details of step 605 to step 608, refer to step 503 to step 506.

    [0164] Step 609: The SE 1 feeds back an application migration acknowledgment to the ISD-R, where the application migration acknowledgment includes a selected application and data related to the selected application.

    [0165] For details of step 610 to step 614, refer to step 511 to step 515.

    [0166] In a second embodiment, after step 502 in FIG. 5, the ISD-R may send (after performing the policy check described in step 508) a migratable-application check request to the ISD-P1. The ISD-P1 performs (after performing a policy check similar to the policy check described in step 508) a migratable-application check according to the request (as described in the foregoing step 503), and reports, to the ISD-R, a migratable-application list AID_LIST obtained after the check. The ISD-R determines, by itself, a selected application according to the AID LIST or requests a user to determine a selected application, and feeds back the selected application to the ISD-P1. The ISD-P1 may directly send a corresponding application on the private SE (the SE 1) of the ISD-P1 and data related to the application to the ISD-R (as described in the foregoing step 510), or send the application and the data related to the application to the ISD-R after sending an application migration request to the ISD-R and receiving an acknowledgment from the ISD-R (as described in step 507 and step 509).

    [0167] In can be known from the foregoing embodiments that in a case in which multiple private SEs are disposed in the eUICC to separately store an application and data that correspond to each profile, by means of the embodiments of the present invention, a management apparatus in the eUICC determines information indicating that application and data migration needs to be performed, and migrates, according to the migration information, at least one application in a private SE in a source storage module corresponding to a source profile and data related to the at least one application to a private SE in a target storage module corresponding to a target profile, so that an application and data in the source storage module can still be used after the source profile is disabled, thereby ensuring that after enabling the target profile, a user can normally access and use some or all applications and data that correspond to the source profile.

    [0168] A person skilled in the art may clearly understand that, the technologies in the embodiments of the present invention may be implemented by software in addition to a necessary general hardware platform. Based on such an understanding, the technical solutions of the present invention essentially or the part contributing to the prior art may be implemented in a form of a software product. The software product is stored in a storage medium, such as a ROM/RAM, a hard disk, or an optical disc, and includes several instructions for instructing a computer device (which may be a personal computer, a server, or a network device) to perform the methods described in the embodiments or some parts of the embodiments of the present invention.

    [0169] The embodiments in this specification are all described in a progressive manner, for same or similar parts in the embodiments, reference may be made to these embodiments, and each embodiment focuses on a difference from other embodiments. Especially, a system embodiment is basically similar to a method embodiment, and therefore is described briefly; for related parts, reference may be made to partial descriptions in the method embodiment.

    [0170] The foregoing descriptions are implementation manners of the present invention, but are not intended to limit the protection scope of the present invention. Any modification, equivalent replacement, and improvement made without departing from the principle of the present invention shall fall within the protection scope of the present invention.


    Claims

    1. A data update method, wherein the method is applied to an embedded universal integrated circuit card eUICC in which a management apparatus and at least one secure element SE are disposed, wherein the at least one SE is configured to store an application corresponding to at least one profile, and the management apparatus is configured to manage the at least one SE, wherein the at least one secure element SE is at least one public SE, wherein a public SE is space in the eUICC, other than a storage module, that is used to store and run an application corresponding to a profile in the storage module, and the at least one public SE is configured to store at least an application corresponding to the source profile and an application corresponding to the target profile; and the method comprises:

    receiving (301), by the management apparatus, a profile enabling request, wherein the profile enabling request is used to switch a source profile to a target profile, the profile enabling request comprises identifier information of the target profile, and the source profile is a profile that is in an enabled state before the switching; and

    updating (302), by the management apparatus, a first correspondence to a second correspondence according to the profile enabling request, wherein

    the first correspondence is a correspondence between a first application set and the source profile, and the first application set comprises at least one application in the at least one SE; and the second correspondence is a correspondence between a second application set and the target profile, and the second application set comprises at least one application in the first application set; and wherein

    the updating, by the management apparatus, a first correspondence to a second correspondence according to the profile enabling request specifically comprises:

    selecting, by the management apparatus, at least one application from the first application set according to the identification information of the target profile or according to the identification information of the target profile and a user indication; and

    obtaining, by the management apparatus, an identifier of the selected at least one application from the first correspondence, and associating the identifier of the at least one application with the identification information of the target profile, to obtain the second correspondence.


     
    2. The method according to claim 1, wherein
    the first application set comprises: an application that is in the at least one SE and that corresponds to both the source profile and the target profile.
     
    3. The method according to claim 1 or claim 2, wherein before the updating, by the management apparatus, a first correspondence to a second correspondence according to the profile enabling request, the method further comprises:
    storing, by the management apparatus, the first correspondence, wherein the first correspondence comprises a correspondence between an identifier of the first application set and identification information of the source profile.
     
    4. The method according to any one of claims 1 to 3, wherein the storing, by the management apparatus, the first correspondence comprises:

    storing, by the management apparatus, a first mapping table of the eUICC and at least one profile, wherein the first mapping table comprises at least the identification information of the source profile;

    storing, by the management apparatus, a second mapping table of the eUICC, the at least one public SE, and the at least one application in the at least one public SE; and

    associating, by the management apparatus, the first mapping table with the second mapping table, to obtain the first correspondence.


     
    5. The method according to any one of claims 1 to 4, wherein
    the first mapping table further comprises: an identifier of the eUICC; or an identifier of the eUICC, enabled state information corresponding to the source profile, the identification information of the target profile, and disabled state information corresponding to the target profile;
    the second mapping table further comprises: the identifier of the eUICC, an identifier of the at least one public SE, and an identifier of the at least one application; or the identifier of the eUICC, an identifier of the at least one public SE, an identifier of the at least one application, and enabled or disabled state information of the at least one application; and
    the obtaining, by the management apparatus, an identifier of the selected at least one application from the first correspondence, and associating the identifier of the at least one application with the identification information of the target profile, to obtain the second correspondence comprises:

    updating, by the management apparatus, the identification information of the source profile in the first mapping table to the identification information of the target profile; or updating, by the management apparatus, the enabled state information corresponding to the source profile in the first mapping table to disabled state information, and updating the disabled state information corresponding to the target profile to enabled state information;

    updating, by the management apparatus, the identifier of the at least one application in the second mapping table to an identifier of at least one of the at least one application; or setting, by the management apparatus, status information of the at least one of the at least one application in the second mapping table to an enabled state, and setting status information corresponding to a remaining application to a disabled state; and

    associating, by the management apparatus, the first mapping table with the second mapping table, to obtain the second correspondence.


     
    6. A data update management apparatus, wherein the management apparatus is disposed in an embedded universal integrated circuit card eUICC, at least one secure element SE is further disposed in the eUICC, the at least one SE is configured to store an application corresponding to at least one profile, and the management apparatus is configured to manage the at least one SE; and the management apparatus comprises:

    a first receiving unit, configured to receive (301) a profile enabling request, wherein the profile enabling request is used to switch a source profile to a target profile, the profile enabling request comprises identifier information of the target profile, and the source profile is a profile that is in an enabled state before the switching; and

    an update unit, configured to update (302) a first correspondence to a second correspondence according to the profile enabling request, wherein the first correspondence comprises a correspondence between a first application set and the source profile, and the first application set comprises at least one application in the at least one SE; and the second correspondence is a correspondence between a second application set and the target profile, and the second application set comprises at least one application in the first application set; wherein

    the update unit is specifically configured to: when the at least one secure element SE is at least one public SE, wherein a public SE is space in the eUICC, other than a storage module, that is used to store and run an application corresponding to a profile in the storage module, and the at least one public SE is configured to store at least an application corresponding to the source profile and an application corresponding to the target profile, update the first correspondence to the second correspondence according to the profile enabling request; and

    wherein the update unit further comprises:

    a selection unit, configured to select at least one application from the first application set according to the identification information of the target profile or according to the identification information of the target profile and a user indication; and

    a first update unit, configured to obtain an identifier of the selected at least one application from the first correspondence, and associate the identifier of the at least one application with the identification information of the target profile, to obtain the second correspondence..


     
    7. The apparatus according to claim 6, wherein the at least one application updated by the update unit comprises: an application that is in the at least one SE and that corresponds to both the source profile and the target profile.
     
    8. The apparatus according to claim 6 or 7, further comprising:
    a storage unit, configured to: before the update unit updates the first correspondence to the second correspondence according to the profile enabling request, store the first correspondence, wherein the first correspondence comprises a correspondence between an identifier of the first application set and identification information of the source profile.
     
    9. The apparatus according to any one of claims 6 to 8, wherein the storage unit comprises:

    a first storage unit, configured to store a first mapping table of the eUICC and at least one profile, wherein the first mapping table comprises at least the identification information of the source profile;

    a second storage unit, configured to store a second mapping table of the eUICC, the at least one public SE, and the at least one application in the at least one public SE; and

    an association unit, configured to associate the first mapping table with the second mapping table, to obtain the first correspondence.


     
    10. The apparatus according to any one of claims 6 to 9, wherein
    the first mapping table stored in the first storage unit further comprises: an identifier of the eUICC; or an identifier of the eUICC, enabled state information corresponding to the source profile, the identification information of the target profile, and disabled state information corresponding to the target profile;
    the second mapping table stored in the second storage unit further comprises: the identifier of the eUICC, an identifier of the at least one public SE, and an identifier of the at least one application; or the identifier of the eUICC, an identifier of the at least one public SE, an identifier of the at least one application, and enabled or disabled state information of the at least one application; and
    the first update unit is specifically configured to: update the first mapping table according to the profile enabling request, wherein the identification information of the source profile in the first mapping table is updated to the identification information of the target profile; or the enabled state information corresponding to the source profile in the first mapping table is updated to disabled state information, and the disabled state information corresponding to the target profile is updated to enabled state information; update the second mapping table according to the profile enabling request, wherein the identifier of the at least one application in the second mapping table is updated to an identifier of at least one of the at least one application; or status information corresponding to at least one of the at least one application in the second mapping table is set to an enabled state, and status information corresponding to a remaining application is set to a disabled state; and associate the first mapping table with the second mapping table, to obtain the second correspondence.
     
    11. The apparatus according to claim 6, wherein
    the at least one application that is updated by the update unit and that is in the first application set comprises: at least one application that is determined from the first application set according to a setting preset by a user; or at least one application that is determined from the first application set according to a selection made by a user during profile switching or after profile switching.
     


    Ansprüche

    1. Datenaktualisierungsverfahren, wobei das Verfahren auf eine eUICC (Embedded Universal Integrated Circuit Card) angewendet wird, in der eine Verwaltungsvorrichtung und mindestens ein Secure Element SE angeordnet sind, wobei das mindestens eine SE dafür konfiguriert ist, eine Anwendung zu speichern, die mindestens einem Profil entspricht, und wobei die Verwaltungsvorrichtung dafür konfiguriert ist, das mindestens eine SE zu verwalten, wobei das mindestens eine sichere Element SE mindestens ein öffentliches SE ist, wobei ein öffentliches SE ein von einem Speichermodul verschiedener Raum in der eUICC ist, der zum Speichern und Ausführen einer Anwendung entsprechend einem Profil im Speichermodul verwendet wird, und wobei das mindestens eine öffentliche SE dafür konfiguriert ist, mindestens eine Anwendung entsprechend dem Quellprofil und eine Anwendung entsprechend dem Zielprofil zu speichern; und
    das Verfahren Folgendes umfassend:

    Empfangen (301), durch die Verwaltungsvorrichtung, einer Profilaktivierungsanforderung, wobei die Profilaktivierungsanforderung verwendet wird, um ein Quellprofil auf ein Zielprofil zu schalten, wobei die Profilaktivierungsanforderung Identifikationsinformationen des Zielprofils umfasst und wobei das Quellprofil ein Profil ist, das sich vor dem Schalten in einem aktivierten Zustand befindet; und

    Aktualisieren (302), durch die Verwaltungsvorrichtung, einer ersten Korrespondenz mit einer zweiten Korrespondenz gemäß der Profilaktivierungsanforderung, wobei die erste Korrespondenz eine Korrespondenz zwischen einem ersten Anwendungssatz und dem Quellprofil ist, und wobei der erste Anwendungssatz mindestens eine Anwendung in dem mindestens einen SE umfasst; und

    wobei die zweite Korrespondenz eine Korrespondenz zwischen einem zweiten Anwendungssatz und dem Zielprofil ist und wobei der zweite Anwendungssatz mindestens eine Anwendung aus dem ersten Anwendungssatz umfasst; und

    wobei das Aktualisieren, durch die Verwaltungsvorrichtung, einer ersten Korrespondenz mit einer zweiten Korrespondenz gemäß der Profilaktivierungsanforderung spezifisch Folgendes umfasst:

    Auswählen, durch die Verwaltungsvorrichtung, mindestens einer Anwendung aus dem ersten Anwendungssatz entsprechend den Identifikationsinformationen des Zielprofils oder entsprechend den Identifikationsinformationen des Zielprofils und einer Benutzerangabe; und

    Erhalten, durch die Verwaltungsvorrichtung, einer Kennung der ausgewählten mindestens einen Anwendung aus der ersten Korrespondenz, und Verknüpfen der Kennung der mindestens einen Anwendung mit den Identifikationsinformationen des Zielprofils, um die zweite Korrespondenz zu erhalten.


     
    2. Verfahren nach Anspruch 1, der erste Anwendungssatz Folgendes umfassend:
    eine Anwendung, die sich in der mindestens einen SE befindet und die sowohl dem Quell- als auch dem Zielprofil entspricht.
     
    3. Verfahren nach Anspruch 1 oder Anspruch 2, wobei das Verfahren vor dem Aktualisieren, durch die Verwaltungsvorrichtung, einer ersten Korrespondenz mit einer zweiten Korrespondenz gemäß der Profilaktivierungsanforderung ferner Folgendes umfasst:
    Speichern, durch die Verwaltungsvorrichtung, der ersten Korrespondenz, wobei die erste Korrespondenz eine Korrespondenz zwischen einer Kennung des ersten Anwendungssatzes und Identifikationsinformationen des Quellprofil umfasst.
     
    4. Verfahren nach einem der Ansprüche 1 bis 3, wobei das Speichern, durch die Verwaltungsvorrichtung, der ersten Korrespondenz Folgendes umfasst:

    Speichern, durch die Verwaltungsvorrichtung, einer ersten Zuordnungstabelle der eUICC und mindestens eines Profils, wobei die erste Zuordnungstabelle mindestens die Identifikationsinformation des Quellprofils umfasst;

    Speichern, durch die Verwaltungsvorrichtung, einer zweiten Zuordnungstabelle der eUICC, des mindestens einen öffentlichen SE und der mindestens einen Anwendung in dem mindestens einen öffentlichen SE; und

    Verknüpfen, durch die Verwaltungsvorrichtung, der ersten Zuordnungstabelle mit der zweiten Zuordnungstabelle, um die erste Korrespondenz zu erhalten.


     
    5. Verfahren nach einem der Ansprüche 1 bis 4, die erste Zuordnungstabelle ferner Folgendes umfassend:

    eine Kennung der eUICC; oder

    eine Kennung der eUICC, Informationen zum aktivierten Zustand entsprechend dem Quellprofil, die Identifikationsinformationen des Zielprofils und Informationen zum deaktivierten Zustand entsprechend dem Zielprofil;

    die zweite Zuordnungstabelle ferner Folgendes umfassend:

    die Kennung der eUICC, eine Kennung der mindestens einen öffentlichen SE und eine Kennung der mindestens einen Anwendung; oder

    die Kennung der eUICC, eine Kennung der mindestens einen öffentlichen SE, eine Kennung der mindestens einen Anwendung und Informationen über den aktivierten oder deaktivierten Zustand der mindestens einen Anwendung; und

    wobei das Erhalten, durch die Verwaltungsvorrichtung, einer Kennung der ausgewählten mindestens einen Anwendung aus der ersten Korrespondenz, und das Verknüpfen der Kennung der mindestens einen Anwendung mit den Identifikationsinformationen des Zielprofils, um die zweite Korrespondenz zu erhalten, Folgendes umfasst:

    Aktualisieren, durch die Verwaltungsvorrichtung, der Identifikationsinformationen des Quellprofils in der ersten Zuordnungstabelle auf die Identifikationsinformationen des Zielprofils; oder

    Aktualisieren, durch die Verwaltungsvorrichtung, der Informationen über den aktivierten Zustand, die dem Quellprofil in der ersten Zuordnungstabelle entsprechen, auf Informationen über den deaktivierten Zustand, und Aktualisieren der Informationen über den deaktivierten Zustand, die dem Zielprofil entsprechen, auf Informationen über den aktivierten Zustand;

    Aktualisieren, durch die Verwaltungsvorrichtung, der Kennung der mindestens einen Anwendung in der zweiten Zuordnungstabelle auf eine Kennung von mindestens einer der mindestens einen Anwendung; oder Setzen, durch die Verwaltungsvorrichtung, von Zustandsinformationen der mindestens einen der mindestens einen Anwendung in der zweiten Zuordnungstabelle in einen aktivierten Zustand und Setzen von Zustandsinformationen, die einer verbleibenden Anwendung entsprechen, in einen deaktivierten Zustand; und

    Verknüpfen, durch die Verwaltungsvorrichtung, der ersten Zuordnungstabelle mit der zweiten Zuordnungstabelle, um die zweite Korrespondenz zu erhalten.


     
    6. Datenaktualisierungs-Verwaltungsvorrichtung, wobei die Verwaltungsvorrichtung in einer eUICC (Embedded Universal Integrated Circuit Card) angeordnet ist, wobei mindestens ein Secure Element SE ferner in der eUICC angeordnet ist, wobei das mindestens eine SE dafür konfiguriert ist, eine Anwendung zu speichern, die mindestens einem Profil entspricht, und wobei die Verwaltungsvorrichtung dafür konfiguriert ist, das mindestens eine SE zu verwalten; und
    die Verwaltungsvorrichtung Folgendes umfassend:

    eine erste Empfangseinheit, die für Folgendes konfiguriert ist: Empfangen (301) einer Profilaktivierungsanforderung, wobei die Profilaktivierungsanforderung verwendet wird, um ein Quellprofil auf ein Zielprofil zu schalten, wobei die Profilaktivierungsanforderung Identifikationsinformationen des Zielprofils umfasst und wobei das Quellprofil ein Profil ist, das sich vor dem Schalten in einem aktivierten Zustand befindet; und

    eine Aktualisierungseinheit, die dafür konfiguriert ist, eine erste Korrespondenz mit einer zweiten Korrespondenz gemäß der Profilaktivierungsanforderung zu aktualisieren (302), wobei die erste Korrespondenz eine Korrespondenz zwischen einem ersten Anwendungssatz und dem Quellprofil umfasst, und wobei der erste Anwendungssatz mindestens eine Anwendung in der mindestens einen SE umfasst; und

    wobei die zweite Korrespondenz eine Korrespondenz zwischen einem zweiten Anwendungssatz dem Zielprofil ist und wobei der zweite Anwendungssatz mindestens eine Anwendung aus dem ersten Anwendungssatz umfasst;

    wobei die Aktualisierungseinheit speziell für Folgendes konfiguriert ist:

    wenn das mindestens eine Secure Element SE mindestens ein öffentliches SE ist, wobei ein öffentliches SE ein von einem Speichermodul verschiedener Raum in der eUICC ist, der zum Speichern und Ausführen einer Anwendung verwendet wird, die einem Profil in dem Speichermodul entspricht, und das mindestens eine öffentliche SE dafür konfiguriert ist, mindestens eine dem Quellprofil entsprechende Anwendung und eine dem Zielprofil entsprechende Anwendung zu speichern, die erste Korrespondenz mit der zweiten Korrespondenz gemäß der Profilaktivierungsanforderung zu aktualisieren; und

    die Aktualisierungseinheit ferner Folgendes umfassend:

    eine Auswahleinheit, die für Folgendes konfiguriert ist: Auswählen mindestens einer Anwendung aus dem ersten Anwendungssatz entsprechend den Identifikationsinformationen des Zielprofils oder entsprechend den Identifikationsinformationen des Zielprofils und einer Benutzerangabe; und eine erste Aktualisierungseinheit, die für Folgendes konfiguriert ist: Erhalten einer Kennung der ausgewählten mindestens einen Anwendung aus der ersten Korrespondenz, und Verknüpfen der Kennung der mindestens einen Anwendung mit den Identifikationsinformationen des Zielprofils, um die zweite Korrespondenz zu erhalten.


     
    7. Vorrichtung nach Anspruch 6, wobei die mindestens eine von der Aktualisierungseinheit aktualisierte Anwendung Folgendes umfasst:
    eine Anwendung, die sich in der mindestens einen SE befindet und die sowohl dem Quell- als auch dem Zielprofil entspricht.
     
    8. Vorrichtung nach Anspruch 6 oder 7, ferner umfassend:
    eine Speichereinheit, die für Folgendes konfiguriert ist:

    bevor die Aktualisierungseinheit die erste Korrespondenz mit der zweiten Korrespondenz gemäß der Profilaktivierungsanforderung aktualisiert, Speichern der ersten Korrespondenz, wobei die erste Korrespondenz eine Korrespondenz zwischen einer Kennung des ersten Anwendungssatzes und

    Identifikationsinformationen des Quellprofils umfasst.


     
    9. Vorrichtung nach einem der Ansprüche 6 bis 8, die Speichereinheit Folgendes umfassend:

    eine erste Speichereinheit, die dafür konfiguriert ist, eine erste Zuordnungstabelle der eUICC und mindestens ein Profil zu speichern, wobei die erste Zuordnungstabelle mindestens die Identifikationsinformation des Quellprofils umfasst;

    eine zweite Speichereinheit, die dafür konfiguriert ist, eine zweite Zuordnungstabelle der eUICC, der mindestens einen öffentlichen SE und der mindestens einen Anwendung in der mindestens einen öffentlichen SE zu speichern; und

    eine Verknüpfungseinheit, die dafür konfiguriert ist, die erste Zuordnungstabelle mit der zweiten Zuordnungstabelle zu verknüpfen, um die erste Korrespondenz zu erhalten.


     
    10. Vorrichtung nach einem der Ansprüche 6 bis 9, wobei die erste in der ersten Speichereinheit gespeicherte Zuordnungstabelle ferner Folgendes umfasst:

    eine Kennung der eUICC; oder

    eine Kennung der eUICC, Informationen zum aktivierten Zustand entsprechend dem Quellprofil, die Identifikationsinformationen des Zielprofils und Informationen zum deaktivierten Zustand entsprechend dem Zielprofil;

    wobei die zweite Zuordnungstabelle, die in der zweiten Speichereinheit gespeichert ist, ferner Folgendes umfasst:

    die Kennung der eUICC, eine Kennung der mindestens einen öffentlichen SE und eine Kennung der mindestens einen Anwendung; oder

    die Kennung der eUICC, eine Kennung der mindestens einen öffentlichen SE, eine Kennung der mindestens einen Anwendung und Informationen über den aktivierten oder deaktivierten Zustand der mindestens einen Anwendung; und

    wobei die erste Aktualisierungseinheit speziell für Folgendes konfiguriert ist:

    Aktualisieren der ersten Zuordnungstabelle gemäß der Profilaktivierungsanforderung, wobei die Identifikationsinformation des Quellprofils in der ersten Zuordnungstabelle auf die Identifikationsinformation des Zielprofils aktualisiert wird; oder

    wobei die Informationen über den aktivierten Zustand, die dem Quellprofil in der ersten Zuordnungstabelle entsprechen, auf Informationen über den deaktivierten Zustand aktualisiert werden, und wobei die Informationen über den deaktivierten Zustand, die dem Zielprofil entsprechen, auf Informationen über den aktivierten Zustand aktualisiert werden;

    Aktualisieren der zweiten Zuordnungstabelle gemäß der Profilaktivierungsanforderung, wobei die Kennung der mindestens einen Anwendung in der zweiten Zuordnungstabelle auf eine Kennung von mindestens einer der mindestens einen Anwendung aktualisiert wird; oder

    wobei Statusinformationen, die mindestens einer der mindestens einen Anwendung in der zweiten Zuordnungstabelle entsprechen, in einen aktivierten Zustand gesetzt werden, und Statusinformationen, die einer verbleibenden Anwendung entsprechen, in einen deaktivierten Zustand gesetzt werden; und

    Verknüpfen der ersten Zuordnungstabelle mit der zweiten Zuordnungstabelle, um die zweite Korrespondenz zu erhalten.


     
    11. Vorrichtung nach Anspruch 6, wobei die mindestens eine Anwendung, die von der Aktualisierungseinheit aktualisiert wird und die sich im ersten Anwendungssatz befindet, Folgendes umfasst:

    mindestens eine Anwendung, die aus der ersten Anwendung bestimmt wird, die gemäß einer von einem Benutzer voreingestellten Einstellung bestimmt wird; oder

    mindestens eine Anwendung, die aus der ersten Anwendung bestimmt wird, die gemäß einer Auswahl, die ein Benutzer während des Profilwechsels oder nach dem Profilwechsel getroffen hat, festgelegt wird.


     


    Revendications

    1. Procédé de mise à jour de données, le procédé s'appliquant à une carte universelle incorporée de circuit intégré, eUICC, dans laquelle sont disposés un appareil de gestion et au moins un élément sécurisé, SE, lesdits SE étant configurés pour stocker une application correspondant à au moins un profil et l'appareil de gestion étant configuré pour gérer lesdits SE, lesdits éléments sécurisés, SE, étant au moins un SE public, un SE public étant un espace dans l'eUICC, autre qu'un module de stockage, qui sert à stocker et à exécuter une application correspondant à un profil dans le module de stockage et lesdits SE publics étant configurés pour stocker au moins une application correspondant au profil source et une application correspondant au profil cible ; et
    le procédé comprenant :

    la réception (301), par l'appareil de gestion, d'une demande d'activation de profil, la demande d'activation de profil servant à commuter un profil source vers un profil cible, la demande d'activation de profil comprenant des informations d'identifiant du profil cible et le profil source étant un profil qui se trouve dans un état activé avant la commutation ; et

    la mise à jour (302), par l'appareil de gestion, d'une première correspondance vis-à-vis d'une seconde correspondance selon la demande d'activation de profil, la première correspondance étant une correspondance entre un premier ensemble d'applications et le profil sourceet le premier ensemble d'applications comprenant au moins une application dans lesdits SE ; et

    la seconde correspondance étant une correspondance entre un second ensemble d'applications et le profil cible et le second ensemble d'applications comprenant au moins une application dans le premier ensemble d'applications ; et

    la mise à jour, par l'appareil de gestion, d'une première correspondance vis-à-vis d'une seconde correspondance selon la demande d'activation de profil comprenant spécifiquement :

    la sélection, par l'appareil de gestion, d'au moins une application à partir du premier ensemble d'applications, selon les informations d'identification du profil cible ou selon les informations d'identification du profil cible et d'une indication d'utilisateur ; et

    l'obtention, par l'appareil de gestion, d'un identifiant desdites applications sélectionnées à partir de la première correspondance et l'association de l'identifiant desdites applications aux informations d'identification du profil cible, pour obtenir la seconde correspondance.


     
    2. Procédé selon la revendication 1, dans lequel le premier ensemble d'applications comprend :
    une application qui se trouve dans lesdits SE et qui correspond à la fois au profil source et au profil cible.
     
    3. Procédé selon la revendication 1 ou la revendication 2, le procédé comprend en outre, avant la mise à jour, par l'appareil de gestion, d'une première correspondance vis-à-vis d'une seconde correspondance selon la demande d'activation de profil :
    le stockage, par l'appareil de gestion, de la première correspondance, la première correspondance comprenant une correspondance entre un identifiant du premier ensemble d'applications et des informations d'identification du profil source.
     
    4. Procédé selon l'une quelconque des revendications 1 à 3, dans lequel le stockage, par l'appareil de gestion, de la première correspondance comprend :

    le stockage, par l'appareil de gestion, d'une première table de mappage de l'eUICC et d'au moins un profil, la première table de mappage comprenant au moins les informations d'identification du profil source ;

    le stockage, par l'appareil de gestion, d'une seconde table de mappage de l'eUICC, desdits SE publics et desdites applications dans lesdits SE publics ; et

    l'association, par l'appareil de gestion, de la première table de mappage à la seconde table de mappage, pour obtenir la première correspondance.


     
    5. Procédé selon l'une quelconque des revendications 1 à 4, dans lequel la première table de mappage comprend en outre :

    un identifiant de l'eUICC ; ou

    un identifiant de l'eUICC, des informations d'état activé correspondant au profil source, les informations d'identification du profil cible et des informations d'état désactivé correspondant au profil cible ;

    dans lequel la seconde table de mappage comprend en outre :

    l'identifiant de l'eUICC, un identifiant desdits SE publics et un identifiant desdites applications ; ou

    l'identifiant de l'eUICC, un identifiant desdits SE publics, un identifiant desdites applications et des informations d'état activé ou désactivé desdites applications ; et

    dans lequel l'obtention, par l'appareil de gestion, d'un identifiant desdites applications sélectionnées à partir de la première correspondance et l'association de l'identifiant desdites applications aux informations d'identification du profil cible, pour obtenir la seconde correspondance comprend :

    la mise à jour, par l'appareil de gestion, des informations d'identification du profil source de la première table de mappage is-à-vis des informations d'identification du profil cible ; ou

    la mise à jour, par l'appareil de gestion, des informations d'état activé correspondant au profil source de la première table de mappage vis-à-vis des informations d'état désactivé et la mise à jour des informations d'état désactivé correspondant au profil cible vis-à-vis des informations d'état activé ;

    la mise à jour, par l'appareil de gestion, de l'identifiant desdites applications de la seconde table de mappage vis-à-vis d'un identifiant d'au moins une desdites applications ; ou

    le réglage, par l'appareil de gestion, des informations d'état desdites applications dans la seconde table de mappage dans un état activé et le réglage des informations d'état correspondant à une application restante dans un état désactivé ; et

    l'association, par l'appareil de gestion, de la première table de mappage à la seconde table de mappage, pour obtenir la seconde correspondance.


     
    6. Appareil de gestion de mise à jour de données, dans lequel l'appareil de gestion est disposé dans une carte universelle incorporée de circuit intégré, eUICC, au moins un élément sécurisé, SE, étant en outre disposé dans l'eUICC, lesdits SE étant configurés pour stocker une application correspondant à au moins un profil et l'appareil de gestion étant configuré pour gérer lesdits SE ; et
    l'appareil de gestion comprend :

    une première unité de réception, configurée pour recevoir (301) une demande d'activation de profil, la demande d'activation de profil servant à commuter un profil source vers un profil cible, la demande d'activation de profil comprenant des informations d'identifiant du profil cible et le profil source étant un profil qui se trouve dans un état activé avant la commutation ; et

    une unité de mise à jour, configurée pour mettre à jour (302) une première correspondance vis-à-vis d'une seconde correspondance selon la demande d'activation de profil, la première correspondance comprenant une correspondance entre un premier ensemble d'applications et le profil source et le premier ensemble d'applications comprenant au moins une application desdits SE ; et

    la seconde correspondance étant une correspondance entre un second ensemble d'applications et le profil cible et le second ensemble d'applications comprenant au moins une application du premier ensemble d'applications ;

    l'unité de mise à jour étant spécifiquement configurée pour :

    lorsque lesdits éléments sécurisés, SE, est au moins un SE public, un SE public étant un espace dans l'eUICC, autre qu'un module de stockage, qui sert à stocker et à exécuter une application correspondant à un profil dans le module de stockage et que lesdits SE publics sont configurés pour stocker au moins une application correspondant au profil source et une application correspondant au profil cible, mettre à jour la première correspondance vis-à-vis de la seconde correspondance selon la demande d'activation de profil ; et

    l'unité de mise à jour comprenant en outre :

    une unité de sélection, conçue pour sélectionner au moins une application à partir du premier ensemble d'applications selon les informations d'identification du profil cible ou selon les informations d'identification du profil cible et une indication d'utilisateur ; et

    une première unité de mise à jour, configurée pour obtenir un identifiant desdites applications sélectionnées à partir de la première correspondance et pour associer l'identifiant desdites applications aux informations d'identification du profil cible, pour obtenir la seconde correspondance.


     
    7. Appareil selon la revendication 6, dans lequel lesdites applications mises à jour par l'unité de mise à jour comprennent :
    une application qui se trouve dans lesdits SE et qui correspond à la fois au profil source et au profil cible.
     
    8. Appareil selon la revendication 6 ou 7, comprenant en outre :
    une unité de stockage, configurée pour :
    avant que l'unité de mise à jour ne mette à jour la première correspondance vis-à-vis de la seconde correspondance selon la demande d'activation de profil, stocker la première correspondance, la première correspondance comprenant une correspondance entre un identifiant du premier ensemble d'applications et des informations d'identification du profil source.
     
    9. Appareil selon l'une quelconque des revendications 6 à 8, dans lequel l'unité de stockage comprend :

    une première unité de stockage, configurée pour stocker une première table de mappage de l'eUICC et au moins un profil, la première table de mappage comprenant au moins les informations d'identification du profil source ;

    une seconde unité de stockage, configurée pour stocker une seconde table de mappage de l'eUICC, lesdits SE publics et lesdites applications dans lesdits SE publics ; et

    une unité d'association, configurée pour associer la première table de mappage à la seconde table de mappage, pour obtenir la première correspondance.


     
    10. Appareil selon l'une quelconque des revendications 6 à 9, dans lequel la première table de mappage, stockée dans la première unité de stockage, comprend en outre :

    un identifiant de l'eUICC ; ou

    un identifiant de l'eUICC, des informations d'état activé correspondant au profil source, les informations d'identification du profil cible et des informations d'état désactivé correspondant au profil cible ;

    la seconde table de mappage stockée dans la seconde unité de stockage comprenant en outre :

    l'identifiant de l'eUICC, un identifiant desdits SE publics et un identifiant desdites applications ; ou

    l'identifiant de l'eUICC, un identifiant desdits SE publics, un identifiant desdites applications et des informations d'état activé ou désactivé desdites applications ; et

    la première unité de mise à jour étant spécifiquement configurée pour :

    mettre à jour la première table de mappage selon la demande d'activation de profil, les informations d'identification du profil source de la première table de mappage étant mises à jour vis-à-vis des informations d'identification du profil cible ; ou

    les informations d'état activé correspondant au profil source de la première table de mappage étant mises à jour vis-à-vis des informations d'état désactivé et les informations d'état désactivé correspondant au profil cible étant mises à jour vis-à-vis des informations d'état activé ;

    mettre à jour la seconde table de mappage selon la demande d'activation de profil, l'identifiant desdites applications de la seconde table de mappage étant mis à jour vis-à-vis d'un identifiant d'au moins une desdites applications ; ou

    les informations d'état correspondant à au moins une desdites applications de la seconde table de mappage étant réglées dans un état activé et les informations d'état correspondant à une application restante étant réglées dans un état désactivé ; et

    l'association de la première table de mappage à la seconde table de mappage, pour obtenir la seconde correspondance.


     
    11. Appareil selon la revendication 6, dans lequel lesdites applications, mises à jour par l'unité de mise à jour et se trouvant dans le premier ensemble d'applications, comprennent :

    au moins une application déterminée à partir du premier ensemble d'applications selon un paramètre prédéfini par un utilisateur ; ou

    au moins une application déterminée à partir du premier ensemble d'applications selon une sélection effectuée par un utilisateur, lors de la commutation de profil ou après la commutation de profil.


     




    Drawing

















    Cited references

    REFERENCES CITED IN THE DESCRIPTION



    This list of references cited by the applicant is for the reader's convenience only. It does not form part of the European patent document. Even though great care has been taken in compiling the references, errors or omissions cannot be excluded and the EPO disclaims all liability in this regard.

    Patent documents cited in the description