CN108476400B

CN108476400B - Profile processing method, device and system

Info

Publication number: CN108476400B
Application number: CN201680075522.5A
Authority: CN
Inventors: 高林毅
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2016-01-11
Filing date: 2016-01-11
Publication date: 2021-03-02
Anticipated expiration: 2036-01-11
Also published as: CN108476400A; WO2017120745A1

Abstract

The embodiment of the invention provides a profile processing method, device and system. The profile processing method comprises the following steps: acquiring mark information, wherein the mark information comprises mark data; sending a profile downloading request to a signing management device, wherein the profile downloading request at least comprises the mark data; and receiving a first profile sent by the subscription management device, wherein the first profile is generated by the subscription management device according to a selected one of at least one second profile associated with the mark data. The embodiment of the invention associates one marking data with a plurality of profiles and carries out safety protection on the marking data, thereby not only realizing the reutilization of the marking data and reducing the cost, but also preventing replay attack and improving the safety.

Description

Profile processing method, device and system

Technical Field

The embodiment of the invention relates to communication technologies, in particular to a profile processing method, device and system.

Background

An existing Subscriber Identity Module (SIM) Card or a Universal Integrated Circuit Card (UICC) Card is generally subscribed to a Card provider in a centralized manner by a Mobile Network Operator (MNO), so that subscription information required for accessing a Mobile Operator Network, including an International Mobile Subscriber Identity Number (IMSI), Ki, and encryption algorithm parameters, necessary for accessing the Mobile Operator Network, is downloaded to the Card before the delivery, and a user may access the Network by inserting the SIM Card or the UICC Card into a terminal after purchasing the SIM Card. For an embedded universal integrated circuit card (eUICC), the embedded UICC is not necessarily purchased by an operator, and may also be purchased by a terminal manufacturer and then integrated in a terminal for sale. Therefore, before the eUICC leaves the factory, the eUICC does not know who uses the eUICC, and where the eUICC is used, the eUICC may not contain Data capable of accessing the mobile network, and after the eUICC is embedded in the terminal, the profile can be downloaded into the eUICC by using a remote management technology from Subscription Manager-Data Preparation +, SM-DP for short, and then the eUICC can access the network by using the profile. The terminal comprises a Local Profile Assistant (LPA) and an eUICC, wherein the LPA comprises a Local Profile Download (LPD) and a Local User Interface (LUI), the LPD is responsible for downloading the Profile, namely the LPD downloads the Profile from SM-DP + to the LPD through a hypertext Transfer Protocol Server (HTTPS) secure connection, and then sends the downloaded Profile to the eUICC. The LUI provides interactive logic and an interface with a user, and the user can complete the management of the profile through the LUI, such as downloading new profile, activating the profile, deactivating the profile, deleting the profile and the like.

The current method for downloading profile from SM-DP + comes from the eUICC specification for consumer electronics products (GSMA), which is being established by Global System for Mobile Communications Assembly, and includes a profile downloading procedure that uses an activation code (activation code) to download profile. However, one activation code is required to be used for downloading one profile each time, once the profile is bound, the profile cannot be reused, and a terminal manufacturer must apply for a large amount of activation codes for testing, maintenance, repair and the like, so that the cost is high, and the use and management are inconvenient.

In addition, when the user manages the profile, the identity of the user needs to be verified, such as a password or a fingerprint, and only the user who passes the identity verification can manage the profile. In the existing specification, after the user passes the identity authentication, the profile in the eUICC can be checked and managed indiscriminately, the profiles of different users cannot be distinguished, and the security degree is very low.

Disclosure of Invention

Embodiments of the present invention provide a profile processing method, apparatus, and system, so as to implement reuse of profile and marked data, reduce cost, prevent replay attack, and improve security.

In a first aspect, an embodiment of the present invention provides a profile processing method, including:

acquiring mark information, wherein the mark information comprises mark data and/or mark identification;

sending a profile downloading request to a signing management device, wherein the profile downloading request at least comprises the mark data;

and receiving a first profile sent by the subscription management device, wherein the first profile is generated by the subscription management device according to a selected one of at least one second profile associated with the mark data.

According to the profile processing method, one piece of marked data is associated with a plurality of profiles, so that the profiles and the marked data are repeatedly utilized, and the cost is reduced.

With reference to the first aspect, in a first possible implementation manner of the first aspect, before the sending the profile download request to the subscription management device, the method further includes:

receiving first information of an embedded universal integrated circuit card (eUICC), and sending the first information to subscription management equipment, wherein the first information at least comprises challenge information of the eUICC;

receiving second information returned by the subscription management equipment, wherein the second information at least comprises challenge information of the subscription management equipment;

the challenge information of the subscription management equipment and the marked data are subjected to security protection, the security protection of the invention can comprise Hash operation or encryption operation, wherein the encryption operation can comprise a mode of using symmetric encryption or public and private key encryption, and the invention is suitable for an encryption method which can perform security protection on the marked data;

sending third information to the eUICC, so that the eUICC generates signature information by using the third information, wherein the third information at least comprises the label data and the label identification after security protection;

receiving fourth information of the eUICC, wherein the fourth information at least comprises the signature information;

the sending of the profile download request to the subscription management device includes:

and sending a profile downloading request to the signing management equipment, wherein the profile downloading request comprises the mark data after security protection, the mark identification and the signature information.

The profile processing method can prevent replay attack on the marked data and improve the safety degree.

With reference to the first aspect or the first possible implementation manner of the first aspect, in a second possible implementation manner of the first aspect, before the obtaining the tag information, the method further includes:

sending a profile information acquisition message to the eUICC, wherein the profile information acquisition message comprises a profile type;

and receiving and displaying the profile information which is sent by the eUICC and corresponds to the profile type.

With reference to the first aspect and any one of the first to the second possible implementation manners of the first aspect, in a third possible implementation manner of the first aspect, the performing security protection on the tag data by using the challenge information of the contract management device includes:

and carrying out hash operation on the challenge information of the contract signing management equipment and the mark data.

With reference to the first aspect and any one of the first to third possible implementation manners of the first aspect, in a fourth possible implementation manner of the first aspect, the profile download request further includes specific indication information, where the specific indication information is used to indicate that a profile that needs to be downloaded by the subscription management device is a specific type of profile, and the specific type of profile in the present invention may be a test profile that is applied to any scenario where a profile needs to be reused, including scenarios where a test profile is applied to testing, maintenance, and the like.

The processing method of the profile can be used for indicating that the profile needing to be downloaded is the profile of a specific type through specific indication information. For example, if the specific indication information indicates that the profile needing to be downloaded is the test profile, the download process of the test profile is executed according to the specific indication information SM-DP +.

With reference to the first aspect and any one of the first to fourth possible implementation manners of the first aspect, in a fifth possible implementation manner of the first aspect, after the receiving the first profile sent by the subscription management device, the method further includes:

sending a first profile deletion notification to the subscription management device, where the first profile deletion notification includes at least one of the following information: and the profile identifier or the eUICC identifier is used for enabling the subscription management equipment to acquire a first profile corresponding to at least one piece of information in the profile identifier or the eUICC identifier according to the first profile deletion notification, and restoring the first profile into a second profile.

With reference to the fifth possible implementation manner of the first aspect, in a sixth possible implementation manner of the first aspect, before the sending the profile first deletion notification to the subscription management device, the method further includes:

The method for processing the profile can realize the receiving and displaying of the profile information corresponding to the profile type, so that the subsequent steps only process the profile corresponding to the profile information, other types of profiles are protected, and the safety degree is improved.

With reference to the sixth possible implementation manner of the first aspect, in a seventh possible implementation manner of the first aspect, after the receiving and displaying the profile information corresponding to the profile type and sent by the eUICC, the method further includes:

acquiring a profile deleting instruction input by a user;

and deleting the corresponding specific type of profile in the eUICC according to the profile deleting instruction.

With reference to the fifth possible implementation manner of the first aspect, in an eighth possible implementation manner of the first aspect, before the sending the profile first deletion notification to the subscription management device, the method further includes:

and receiving a second profile deletion notification sent by the eUICC, wherein the second profile deletion notification is sent after the eUICC detects that a specific type of profile is stored after receiving an eUICC challenge command or a profile activation command, and deleting the specific type of profile.

With reference to the first aspect and any one of the first to eighth possible implementation manners of the first aspect, in a ninth possible implementation manner of the first aspect, after the receiving the first profile sent by the subscription management device, the method further includes:

the mobile network operator MNO is informed that the profile download is complete.

In a second aspect, an embodiment of the present invention provides a profile processing method, including:

receiving a profile downloading request sent by a terminal device, wherein the profile downloading request at least comprises mark data acquired by the terminal device;

selecting one from at least one second profile associated with the marking data to generate a first profile;

and sending the first profile to the terminal equipment.

With reference to the second aspect, in a first possible implementation manner of the second aspect, before the receiving the profile download request sent by the terminal device, the method further includes:

acquiring first information sent by terminal equipment, wherein the first information at least comprises challenge information of an embedded universal integrated circuit card (eUICC);

sending second information to the terminal equipment, wherein the second information at least comprises challenge information of the contract signing management equipment;

the receiving of the profile download request sent by the terminal device includes:

receiving a profile download request sent by the terminal device, where the profile download request includes tag data obtained by the terminal device after performing security protection on the obtained tag data by using challenge information of the subscription management device, a tag identifier, and signature information generated by the eUICC;

the selecting one of the at least one second profile associated with the marking data to generate a first profile includes:

and acquiring corresponding marking data according to the marking identifier, verifying the marking data after the safety protection according to the marking data, and selecting one of at least one second profile associated with the marking data to generate a first profile after the verification is passed.

With reference to the first possible implementation manner of the second aspect, in a second possible implementation manner of the second aspect, the obtaining, according to the tag identifier, corresponding tag data, and verifying, according to the tag data, the tag data after security protection includes:

acquiring the marked data corresponding to the mark identifier, and performing security protection processing on the marked data by using challenge information, wherein the security protection can be hash operation or encryption operation, the encryption operation can comprise a symmetric encryption or public and private key encryption mode, and the method is suitable for an encryption method which can perform security protection on the marked data;

and comparing the processed marking data with the marking data after safety protection, and if the processed marking data is the same as the marking data after safety protection, the verification is passed.

With reference to the first or the second possible implementation manner of the second aspect, in a third possible implementation manner of the second aspect, the selecting, after the verification is passed, one of at least one second profile associated with the marking data to generate the first profile includes:

acquiring at least one second profile associated with the marking data corresponding to the marking identifier, and selecting one of the second profiles;

and adding fifth information in the selected second profile to generate the first profile, wherein the fifth information at least comprises initialization security channel information and a configuration profile security domain command.

With reference to the second aspect and any one of the first to third possible implementation manners of the second aspect, in a fourth possible implementation manner of the second aspect, before the acquiring the first information sent by the terminal device, the method further includes:

generating at least one second profile and a piece of marking information according to a subscription request of a mobile network operator MNO, wherein the marking information comprises the marking data and the marking identification;

associating the at least one second profile with the marking data;

returning a subscription response to the MNO, the subscription response including the tag information.

With reference to the second aspect and any one of the first to third possible implementation manners of the second aspect, in a fifth possible implementation manner of the second aspect, before the acquiring the first information sent by the terminal device, the method further includes:

acquiring mark information according to an order request of a Mobile Network Operator (MNO), wherein the mark information comprises the mark data and the mark identification, and generating at least one second profile;

associating the at least one second profile with the marking data;

a subscription response is returned to the MNO.

With reference to the second aspect and any one of the first to fifth possible implementation manners of the second aspect, in a sixth possible implementation manner of the second aspect, after the sending the first profile to the terminal device, the method further includes:

receiving a first profile deletion notification sent by the terminal device, wherein the first profile deletion notification includes at least one of the following information: a profile identifier or an eUICC identifier;

acquiring a first profile corresponding to at least one piece of information in the profile identification or the eUICC identification according to the profile first deletion notification;

restoring the first profile to a second profile.

With reference to the sixth possible implementation manner of the second aspect, in a seventh possible implementation manner of the second aspect, after the restoring the first profile to the second profile, the method further includes:

and generating an encryption key, decrypting the second profile, and encrypting again by using the encryption key.

With reference to the sixth or seventh possible implementation manner of the second aspect, in an eighth possible implementation manner of the second aspect, the restoring the first profile to the second profile includes:

and removing fifth information in the first profile to generate the second profile, wherein the fifth information at least comprises initialization security channel information and a configuration profile security domain command.

In a third aspect, an embodiment of the present invention provides a terminal device, including:

the system comprises an acquisition module, a storage module and a display module, wherein the acquisition module is used for acquiring mark information which comprises mark data and/or mark identification;

a sending module, configured to send a profile download request to a subscription management device, where the profile download request at least includes the tag data;

a receiving module, configured to receive a first profile sent by the subscription management device, where the first profile is generated by the subscription management device according to a selected one of at least one second profile associated with the tag data.

With reference to the third aspect, in a first possible implementation manner of the third aspect, the method further includes: a safety protection module;

the receiving module is also used for receiving first information of an embedded universal integrated circuit card (eUICC);

the sending module is further configured to send the first information to subscription management equipment, where the first information at least includes challenge information of the eUICC;

the receiving module is further configured to receive second information returned by the subscription management device, where the second information at least includes challenge information of the subscription management device;

the security protection module is used for performing security protection on the marked data by using challenge information of the contract signing management equipment;

the sending module is further configured to send third information to the eUICC, so that the eUICC generates signature information using the third information, where the third information at least includes the tag data and the tag identifier after security protection;

the receiving module is further configured to receive fourth information of the eUICC, where the fourth information at least includes the signature information;

the sending module is specifically configured to send a profile download request to the subscription management device, where the profile download request includes the tag data after security protection, the tag identifier, and the signature information.

With reference to the third aspect or the first possible implementation manner of the third aspect, in a second possible implementation manner of the third aspect, the sending module is further configured to send a profile information acquisition message to the eUICC, where the profile information acquisition message includes a profile type;

the receiving module is further configured to receive and display the profile information corresponding to the profile type and sent by the eUICC.

With reference to the third aspect and any one of the first to second possible implementation manners of the third aspect, in a third possible implementation manner of the third aspect, the security protection module is specifically configured to perform a hash operation on the challenge information of the subscription management device and the tag data.

With reference to the third aspect and any one of the first to third possible implementation manners of the third aspect, in a fourth possible implementation manner of the third aspect, the profile download request further includes specific indication information, where the specific indication information is used to indicate that a profile that needs to be downloaded by the subscription management device is a profile of a specific type.

With reference to the third aspect and any one of the first to fourth possible implementation manners of the third aspect, in a fifth possible implementation manner of the third aspect, the sending module is further configured to send a profile first deletion notification to the subscription management device, where the profile first deletion notification includes at least one of the following information: and the profile identifier or the eUICC identifier is used for enabling the subscription management equipment to acquire a first profile corresponding to at least one piece of information in the profile identifier or the eUICC identifier according to the first profile deletion notification, and restoring the first profile into a second profile.

With reference to the fifth possible implementation manner of the third aspect, in a sixth possible implementation manner of the third aspect, the sending module is further configured to send a profile information acquisition message to the eUICC, where the profile information acquisition message includes a profile type;

With reference to the sixth possible implementation manner of the third aspect, in a seventh possible implementation manner of the third aspect, the method further includes: a deletion module;

the acquisition module is also used for acquiring a profile deletion instruction input by a user;

and the deleting module is used for deleting the corresponding specific type of profile in the eUICC according to the profile deleting instruction.

With reference to the fifth possible implementation manner of the third aspect, in an eighth possible implementation manner of the third aspect, the receiving module is further configured to receive a second profile deletion notification sent by the eUICC, where the second profile deletion notification is sent after the eUICC detects that a specific type of profile is stored after receiving an eUICC challenge obtaining instruction or a profile activation instruction, and deletes the specific type of profile.

With reference to the third aspect and any one of the first to eighth possible implementation manners of the third aspect, in a ninth possible implementation manner of the third aspect, the sending module is further configured to notify a mobile network operator MNO of completion of downloading the profile.

In a fourth aspect, an embodiment of the present invention provides a subscription management device, including:

the system comprises a receiving module, a processing module and a processing module, wherein the receiving module is used for receiving a profile downloading request sent by a terminal device, and the profile downloading request at least comprises mark data acquired by the terminal device;

a selection module, configured to select one of at least one second profile associated with the tag data to generate a first profile;

and the sending module is used for sending the first profile to the terminal equipment.

With reference to the fourth aspect, in a first possible implementation manner of the fourth aspect, the method further includes: an acquisition module;

the selection module comprises: the device comprises a verification unit and a profile generation unit;

the acquisition module is used for acquiring first information sent by terminal equipment, wherein the first information at least comprises challenge information of an embedded universal integrated circuit card (eUICC);

the sending module is further configured to send second information to the terminal device, where the second information at least includes challenge information of a subscription management device;

the receiving module is specifically configured to receive a profile download request sent by the terminal device, where the profile download request includes tag data obtained by the terminal device after performing security protection on the obtained tag data by using challenge information of the subscription management device, a tag identifier, and signature information generated by the eUICC;

the verification unit is used for acquiring corresponding marking data according to the marking identifier and verifying the safely protected marking data according to the marking data;

and the profile generating unit is used for selecting one from at least one second profile associated with the marking data to generate a first profile after the verification is passed.

With reference to the first possible implementation manner of the fourth aspect, in a second possible implementation manner of the fourth aspect, the verification unit is specifically configured to acquire tag data corresponding to the tag identifier, and perform security protection processing on the tag data using challenge information; and comparing the processed marking data with the marking data after safety protection, and if the processed marking data is the same as the marking data after safety protection, the verification is passed.

With reference to the first or second possible implementation manner of the fourth aspect, in a third possible implementation manner of the fourth aspect, the profile generating unit is specifically configured to acquire at least one second profile associated with the tag data corresponding to the tag identifier, and select one second profile; and adding fifth information in the selected second profile to generate the first profile, wherein the fifth information at least comprises initialization security channel information and a configuration profile security domain command.

With reference to the fourth aspect and any one of the first to third possible implementation manners of the fourth aspect, in a fourth possible implementation manner of the fourth aspect, the method further includes: a first generation module and a first association module;

the first generation module is used for generating at least one second profile and a piece of marking information according to a subscription request of a Mobile Network Operator (MNO), wherein the marking information comprises the marking data and the marking identification;

the first associating module is configured to associate the at least one second profile with the marking data;

the sending module is further configured to return a subscription response to the MNO, where the subscription response includes the tag information.

With reference to the fourth aspect and any one of the first to third possible implementation manners of the fourth aspect, in a fifth possible implementation manner of the fourth aspect, the method further includes: a second generation module and a second association module;

a second generation module, configured to obtain a piece of tag information according to an order request of a mobile network operator MNO, where the tag information includes the tag data and the tag identifier, and generate at least one second profile;

a second associating module for associating the at least one second profile with the marking data;

the sending module is further configured to return a subscription response to the MNO.

With reference to the fourth aspect and any one of the first to fifth possible implementation manners of the fourth aspect, in a sixth possible implementation manner of the fourth aspect, the method further includes: a recovery module;

the receiving module is further configured to receive a first profile deletion notification sent by the terminal device, where the first profile deletion notification includes at least one of the following pieces of information: a profile identifier or an eUICC identifier; acquiring a first profile corresponding to at least one piece of information in the profile identification or the eUICC identification according to the profile first deletion notification;

the restoring module is configured to restore the first profile to a second profile.

With reference to the sixth possible implementation manner of the fourth aspect, in a seventh possible implementation manner of the fourth aspect, the method further includes:

and the encryption module is used for generating an encryption key and encrypting the second profile again by using the encryption key after decrypting the second profile.

With reference to the sixth or seventh possible implementation manner of the fourth aspect, in an eighth possible implementation manner of the fourth aspect, the recovery module is specifically configured to remove fifth information in the first profile to generate the second profile, where the fifth information at least includes initialization security channel information and a configuration profile security domain command.

In a fifth aspect, an embodiment of the present invention provides a terminal device, including:

a processor for obtaining marking information, the marking information comprising marking data and/or marking identification;

a sender, configured to send a profile download request to a subscription management device, where the profile download request at least includes the tag data;

a receiver, configured to receive a first profile sent by the subscription management device, where the first profile is generated by the subscription management device according to a selected one of at least one second profile associated with the tag data.

With reference to the fifth aspect, in a first possible implementation manner of the fifth aspect, the processor is further configured to obtain first information of an embedded universal integrated circuit card eUICC;

the transmitter is further configured to send the first information to subscription management equipment, where the first information at least includes challenge information of the eUICC;

the receiver is further configured to receive second information returned by the subscription management device, where the second information at least includes challenge information of the subscription management device;

the processor is further configured to perform security protection on the tag data by using challenge information of the subscription management device;

the processor is further configured to control transmission of third information to the eUICC, so that the eUICC generates signature information using the third information, where the third information at least includes the tag data and the tag identifier after security protection; acquiring fourth information of the eUICC, wherein the fourth information at least comprises the signature information;

the sender is specifically configured to send a profile download request to the subscription management device, where the profile download request includes the tag data after security protection, the tag identifier, and the signature information.

With reference to the fifth aspect or the first possible implementation manner of the fifth aspect, in a second possible implementation manner of the fifth aspect, the processor is further configured to control transmission of a profile information acquisition message to the eUICC, where the profile information acquisition message includes a profile type; and acquiring and controlling to display the profile information which is sent by the eUICC and corresponds to the profile type.

With reference to the fifth aspect and any one of the first to the second possible implementation manners of the fifth aspect, in a third possible implementation manner of the fifth aspect, the processor is specifically configured to perform a hash operation on the challenge information of the subscription management device and the tag data.

With reference to the fifth aspect and any one of the first to third possible implementation manners of the fifth aspect, in a fourth possible implementation manner of the fifth aspect, the profile download request further includes specific indication information, where the specific indication information is used to indicate that the profile that needs to be downloaded by the subscription management device is a specific type of profile.

With reference to the fifth aspect and any one of the first to fourth possible implementation manners of the fifth aspect, in a fifth possible implementation manner of the fifth aspect, the transmitter is further configured to send a profile first deletion notification to the subscription management device, where the profile first deletion notification includes at least one of the following information: and the profile identifier or the eUICC identifier is used for enabling the subscription management equipment to acquire a first profile corresponding to at least one piece of information in the profile identifier or the eUICC identifier according to the first profile deletion notification, and restoring the first profile into a second profile.

With reference to the fifth possible implementation manner of the fifth aspect, in a sixth possible implementation manner of the fifth aspect, the processor is further configured to control transmission of a profile information acquisition message to the eUICC, where the profile information acquisition message includes a profile type; and acquiring and controlling to display the profile information which is sent by the eUICC and corresponds to the profile type.

With reference to the sixth possible implementation manner of the fifth aspect, in a seventh possible implementation manner of the fifth aspect, the processor is further configured to acquire a profile deletion instruction input by a user; and deleting the corresponding specific type of profile in the eUICC according to the profile deleting instruction.

With reference to the fifth possible implementation manner of the fifth aspect, in an eighth possible implementation manner of the fifth aspect, the processor is further configured to obtain a second profile deletion notification sent by the eUICC, where the second profile deletion notification is sent after the eUICC detects that a specific type of profile is stored after receiving an eUICC challenge obtaining instruction or a profile activating instruction, and deletes the specific type of profile.

With reference to the fifth aspect and any one of the first to eighth possible implementation manners of the fifth aspect, in a ninth possible implementation manner of the fifth aspect, the transmitter is further configured to notify a mobile network operator MNO of completion of the profile download.

In a sixth aspect, an embodiment of the present invention provides a subscription management device, including:

the system comprises a receiver and a processing unit, wherein the receiver is used for receiving a profile downloading request sent by a terminal device, and the profile downloading request at least comprises mark data acquired by the terminal device;

a processor for selecting one of at least one second profile associated with the marking data to generate a first profile;

and the transmitter is used for transmitting the first profile to the terminal equipment.

With reference to the sixth aspect, in a first possible implementation manner of the sixth aspect, the receiver is further configured to obtain first information sent by a terminal device, where the first information at least includes challenge information of an embedded universal integrated circuit card eUICC;

the transmitter is further configured to transmit second information to the terminal device, where the second information at least includes challenge information of a subscription management device;

the receiver is specifically configured to receive a profile download request sent by the terminal device, where the profile download request includes tag data obtained by the terminal device after performing security protection on the obtained tag data by using challenge information of the subscription management device, a tag identifier, and signature information generated by the eUICC;

the processor is further configured to obtain corresponding tag data according to the tag identifier, and verify the tag data after security protection according to the tag data; and selecting one of the at least one second profile associated with the marking data to generate the first profile after the verification is passed.

With reference to the first possible implementation manner of the sixth aspect, in a second possible implementation manner of the sixth aspect, the processor is specifically configured to obtain tag data corresponding to the tag identifier, and perform security protection processing on the tag data using challenge information; and comparing the processed marking data with the marking data after safety protection, and if the processed marking data is the same as the marking data after safety protection, the verification is passed.

With reference to the first or second possible implementation manner of the sixth aspect, in a third possible implementation manner of the sixth aspect, the processor is specifically configured to obtain at least one second profile associated with the tag data corresponding to the tag identifier, and select one of the second profiles; and adding fifth information in the selected second profile to generate the first profile, wherein the fifth information at least comprises initialization security channel information and a configuration profile security domain command.

With reference to the sixth aspect and the first to third possible implementation manners of the sixth aspect, in a fourth possible implementation manner of the sixth aspect, the processor is further configured to generate at least one second profile and one piece of tag information according to a subscription request of a mobile network operator MNO, where the tag information includes the tag data and the tag identifier; associating the at least one second profile with the marking data;

the transmitter is further configured to return an order response to the MNO, the order response including the tag information.

With reference to the sixth aspect and the first to third possible implementation manners of the sixth aspect, in a fifth possible implementation manner of the sixth aspect, the processor is further configured to obtain a piece of label information according to a subscription request of a mobile network operator MNO, where the label information includes the label data and the label identifier, and generate at least one second profile; associating the at least one second profile with the marking data;

the transmitter is further configured to return an order response to the MNO.

With reference to the sixth aspect and the first to fifth possible implementation manners of the sixth aspect, in a sixth possible implementation manner of the sixth aspect, the receiver is further configured to receive a profile first deletion notification sent by the terminal device, where the profile first deletion notification includes at least one of the following information: a profile identifier or an eUICC identifier; acquiring a first profile corresponding to at least one piece of information in the profile identification or the eUICC identification according to the profile first deletion notification;

the processor is further configured to restore the first profile to a second profile.

With reference to the sixth possible implementation manner of the sixth aspect, in a seventh possible implementation manner of the sixth aspect, the processor is further configured to generate an encryption key, and decrypt the second profile and then re-encrypt the second profile using the encryption key.

With reference to the sixth or seventh possible implementation manner of the sixth aspect, in an eighth possible implementation manner of the sixth aspect, the processor is specifically configured to remove fifth information in the first profile to generate the second profile, where the fifth information at least includes initialization security channel information and a configuration profile security domain command.

In a seventh aspect, an embodiment of the present invention provides a communication device, including: the system comprises terminal equipment, subscription management equipment and an embedded universal integrated circuit card eUICC; the terminal device adopts the apparatus described in any one of the third aspect and the first to ninth possible implementation manners of the third aspect, and the subscription management device adopts the apparatus described in any one of the fourth aspect and the first to eighth possible implementation manners of the fourth aspect.

In an eighth aspect, an embodiment of the present invention provides a communication device, including: the system comprises terminal equipment, subscription management equipment and an embedded universal integrated circuit card eUICC; the terminal device adopts any one of the first to ninth possible implementation manners of the fifth aspect and the fifth aspect, and the subscription management device adopts any one of the first to eighth possible implementation manners of the sixth aspect and the sixth aspect.

According to the profile processing method, device and system provided by the embodiment of the invention, the marked data are associated with the plurality of profiles and are subjected to security protection, so that the marked data are reused, the cost is reduced, replay attack can be prevented, and the security is improved.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.

Fig. 1 is a flowchart of an embodiment of a profile processing method according to the present invention;

FIG. 2 is a schematic diagram of a communication system;

fig. 3 is a flowchart of another embodiment of a profile processing method according to the present invention;

fig. 4 is a flowchart of another embodiment of the profile processing method of the present invention;

fig. 5 is a flowchart of a profile processing method according to a fourth embodiment of the present invention;

fig. 6 is a flowchart of a profile processing method according to a fifth embodiment of the present invention;

fig. 7 is a schematic structural diagram of an embodiment of a terminal device according to the present invention;

fig. 8 is a schematic structural diagram of another embodiment of the terminal device of the present invention;

fig. 9 is a schematic structural diagram of a terminal device according to still another embodiment of the present invention;

fig. 10 is a schematic structural diagram of an embodiment of a subscription management device according to the present invention;

fig. 11 is a schematic structural diagram of another embodiment of a subscription management device according to the present invention;

fig. 12 is a schematic structural diagram of a subscription management device according to still another embodiment of the present invention;

fig. 13 is a schematic structural diagram of a subscription management device according to a fourth embodiment of the present invention;

fig. 14 is a schematic structural diagram of a fifth embodiment of a subscription management device according to the present invention;

fig. 15 is a schematic structural diagram of a terminal device according to a fourth embodiment of the present invention;

fig. 16 is a schematic structural diagram of a subscription management device according to a sixth embodiment of the present invention;

fig. 17 is a schematic structural diagram of an embodiment of the communication system of the present invention.

Detailed Description

In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

Fig. 1 is a flowchart of an embodiment of a profile processing method of the present invention, and as shown in fig. 1, the profile processing method of the present invention includes a method of downloading and deleting a profile, and the method is applicable to a communication system including a subscription management device, a terminal device, and an eUICC, where the profile in the present invention may be user subscription management information, which may be a set of file structures, data, a combination of applications, and the like, and when operator data is included, the profile may be used to access an operator network to use a service provided by the operator; the functions of the subscription management device may include generating a profile, securing the profile, binding the profile to a specific eUICC, storing the profile, downloading the profile, and the like. Fig. 2 is a schematic structural diagram of a communication system, and as shown in fig. 2, there is an LPA in a terminal device, where the eUICC may also be a component independent from the terminal device, and optionally, the eUICC may also be a component of the terminal device. The LPA comprises an LPD and an LUI, the LPD is responsible for downloading the profile, namely the LPD downloads the profile from the SM-DP + to the LPD through HTTPS secure connection, and then sends the downloaded profile to the eUICC. The LUI provides interaction logic and an interface with the user, the interaction interface can also be provided by other terminals related to the terminal equipment, and the user can complete the management of the profile through the LUI, such as downloading new profile, activating the profile, deactivating the profile, deleting the profile and the like. The subscription management device may be the SM-DP + described above.

The method of the embodiment may include:

s101, SM-DP + receives an order request sent by an MNO;

since the eUICC is not necessarily purchased by an operator, but may be purchased by a terminal manufacturer and then integrated in a terminal for sale, the terminal manufacturer usually orders a profile to the MNO, for example, if a staff of the terminal manufacturer needs to use a test profile dedicated to a test for maintaining, managing, updating, etc. a terminal device, then these test profiles are ordered to the MNO. And the MNO makes a profile subscription to the SM-DP + according to the subscription request of the terminal manufacturer. The MNO may include in the subscription request the type or attribute of the profile to be subscribed to, which is uniformly denoted by the present invention. For example: the type of profile or the attribute of profile is test, so as to inform SM-DP + that the subscription is the profile for testing, and the subscription request may further include the required number of profiles, a profile identifier, and the like.

s102, SM-DP + generating at least one profile and one mark information according to the MNO subscription request, wherein the mark information comprises mark data and mark identification, and associating the at least one profile with the mark data;

and the SM-DP + generates at least one profile and one piece of marking information according to the subscription request of the MNO, wherein the marking data in the marking information is used for matching the profile downloading request sent by the terminal equipment and the at least one profile, and the marking identification is an index of the marking data. The mark data and the mark identifier in the mark information may be, for example, a token and a token id, the token and the token id may be two character strings respectively, or in one character string, some fields identify the token id, the other fields identify the token, and one mark information is associated with at least one profile.

Optionally, the SM-DP + may generate the tag information itself as described above, or may acquire the tag information from the MNO, and the tag information at this time may be sent by the MNO by carrying it in the subscription request.

s103, SM-DP + returns a subscription response to the MNO, the subscription response including the tag information.

The SM-DP + sends a subscription response to the MNO, and if the mark information is generated by the SM-DP +, the subscription response needs to contain the mark information; if the tag information is generated by the MNO, the subscription response may not include the tag information.

And the MNO sends the marking information to a terminal manufacturer applying for the profile order, and the process that the terminal manufacturer applies for the usable profile for the eUICC by the terminal manufacturer is ended. And then, staff of the terminal manufacturer can download the profile by using the mark information and use the profile to operate the terminal equipment, including testing, maintenance, management, use and the like.

In this embodiment, the terminal manufacturer orders at least one profile from SM-DP + through the MNO, and the at least one profile is associated with one piece of tag data, so that the terminal manufacturer can reuse the profile, and the cost is reduced.

After the profile is ordered, a user may input information into the terminal device by means of a keyboard, touch, scanning a two-dimensional code, and the like, the terminal device identifies an operation corresponding to the information and starts a corresponding function, for example, the user inputs a certain Personal Identification Number (PIN), and the terminal device identifies that the PIN is a preset instruction for starting the LPA, so that the terminal device starts the LPA function, and thus the terminal device enters a state of testing, maintenance, and the like. Optionally, the information input by the user in the above manner may include two types, one type of information is used to trigger the terminal device to start the LPA, for example, the PIN, and the other type of information is other information such as flag information after starting the LPA.

In addition, the LPA function is turned on, and the terminal device enters a test state, a maintenance state, or the like, which may be considered as an engineering mode or a test mode of the terminal device. Specifically, the LPA may be an application (APP for short) or one of the setting functions of the terminal device, when the user wants to start the LPA, the terminal device prompts the user to input authentication information, the user inputs a PIN code, and the LPA may enter a specific mode when verifying that the PIN code input by the user is a preset PIN code entering the specific mode rather than a PIN code set by the user, and may execute the next action in the specific mode. Or, the user inputs a specific character string on a dialing interface of the terminal device, and then the terminal device is triggered to automatically enter a specific mode of the LPA, and the like.

Fig. 3 is a flowchart of another embodiment of the profile processing method of the present invention, and as shown in fig. 3, the method of the present embodiment is also applicable to the communication system shown in fig. 2. After the above process of subscribing to the profile, the method of this embodiment may include:

s201, the terminal device sends a profile information acquisition message to the eUICC, wherein the profile information acquisition message comprises a profile type;

the terminal device may obtain the message by sending the profile information to the eUICC, and carry the profile type in the message, so as to know whether the profile corresponding to the profile type already exists in the eUICC. For example, the terminal device sends GetProfileInfo information to the eUICC, where the criteria for setting the search include an indication that the profile type is a specific type.

And s202, the terminal equipment receives and displays the profile information which is sent by the eUICC and corresponds to the profile type.

The profile information may include a profile element number and a status. And the terminal equipment can display the profile information to the user after receiving the feedback of the eUICC, and if the eUICC does not conform to the profile matched with the profile type, the terminal equipment is displayed to be empty. Therefore, the user can check whether the profile in the eUICC is the profile required by the user, and if not, the user can operate the terminal equipment to download or delete the profile.

In this embodiment, the terminal device may acquire whether a profile meeting the condition exists in the eUICC through information interaction with the eUICC, so that the subsequent steps may be performed according to the storage condition of the profile, for example, if the profile in the eUICC is not the profile required by the user, the profile may be downloaded or deleted according to the operation of the user.

Fig. 4 is a flowchart of a profile processing method according to another embodiment of the present invention, and as shown in fig. 4, the method of the present embodiment is also applicable to the communication system shown in fig. 2. After step s202 of the method embodiment shown in fig. 3, the method of this embodiment may include:

s301, the terminal device obtains the mark information;

similarly, the terminal device may obtain the tag information obtained in advance by the user in a manner of keyboard input, touch input, scanning the two-dimensional code, and the like, where the tag information may include tag data such as token, and may also include a tag identifier such as token id.

s302, the terminal device receives first information of the eUICC, where the first information at least includes challenge information of the eUICC;

s303, the terminal equipment sends the first information to SM-DP +;

s304, the terminal equipment receives second information returned by the SM-DP +, and the second information at least comprises challenge information of the SM-DP +;

s305, the terminal equipment uses the challenge information of SM-DP + to carry out security protection on the marked data;

the terminal equipment can perform hash operation on the challenge information and the marked data of the SM-DP + so as to realize security protection. Optionally, the terminal device may further encrypt the challenge information and the tag data of the SM-DP + by using a symmetric key pre-agreed with the SM-DP +. Therefore, even if the token needs to be provided for the SM-DP + every time the profile is downloaded, the token is protected to prevent replay attack, and the safety degree is improved.

s306, the terminal device sends the third information to the eUICC, so that the eUICC generates signature information by using the third information, wherein the third information at least comprises the label data and the label identifier after security protection;

after the terminal device performs security protection on the tag data, the tag data and the tag identifier after security protection can be sent to the eUICC, and the third information may further include information such as a confirmation code. And the eUICC signs the received third information.

s307, the terminal device receives fourth information of the eUICC, where the fourth information at least includes signature information;

besides the signature information, the fourth information may also include some information related to the eUICC itself, such as a certificate of the eUICC, the eUICC capability, and the like, where the certificate of the eUICC includes the eUICC identification.

s308, the terminal equipment sends a profile downloading request to the SM-DP +, wherein the profile downloading request comprises the mark data, the mark identification and the signature information after the safety protection;

after the terminal device has the information such as the mark data, the mark identifier, the signature information of the eUICC and the like after the security protection, the terminal device can request the SM-DP + to download the profile.

Optionally, the profile download request further includes specific indication information, where the specific indication information is used to indicate that the profile that needs to be downloaded by SM-DP + is a specific type of profile. For example, if the specific indication information indicates that the profile needing to be downloaded is the test profile, the download process of the test profile is executed according to the specific indication information SM-DP +.

s309, SM-DP + obtaining corresponding marking data according to the marking identification, and verifying the marking data after security protection according to the marking data;

after receiving the profile download request, the SM-DP + needs to ensure that the mark data after security protection in the profile download request corresponds to the locally inquired mark data, the SM-DP + locally acquires the mark data corresponding to the mark identification in the profile download request, performs security protection processing on the mark data by using the challenge information of the SM-DP +, namely performs the same hash operation on the challenge information of the SM-DP + and the mark data, compares the mark data after the hash operation with the mark data after the security protection which is also performed with the hash operation, and if the challenge information is the same, confirms that the verification is passed. Optionally, if the security protection of the tag data adopts a symmetric key encryption manner, the SM-DP + may search for a corresponding symmetric key according to the tag identifier, then decrypt the received encrypted tag data to obtain decrypted tag data (token), and compare the decrypted token with the token corresponding to the tag identifier, or the SM-DP + may also encrypt the token corresponding to the tag identifier and the challenge information using the symmetric key, and compare whether the encrypted result is the same as the received encrypted tag data.

s310, after the verification is passed, SM-DP + selects one of at least one second profile associated with the marking data to generate a first profile;

according to the steps of the method embodiment shown in fig. 1, the profile initially generated by the SM-DP + according to the MNO subscription request is plaintext data that is not yet securely protected, i.e., an Unprotected Profile Packet (UPP), then the SM-DP + generates an encryption key, encrypts and integrity-protects the UPP to form a protected profile (PPP), the SM-DP + associates at least one PPP with one tag data, and the PPP is the second profile. And when the SM-DP + receives a profile downloading request, acquiring mark data according to the mark identification, finding at least one corresponding second profile according to the mark data, and selecting one profile corresponding to the mark data from the SM-DP +, namely the second profile (PPP). Optionally, the SM-DP + may also directly obtain the mark data, and then find the corresponding at least one second profile according to the mark data, and the SM-DP + selects one profile corresponding to the mark data, that is, the second profile (ppp). Adding fifth information to the selected Profile before the SM-DP + to generate a first Profile, wherein the fifth information at least comprises initialization security channel information and a Profile security Domain configuration command, and the Profile security Domain is a security container for storing one Profile, such as an issued security Domain Profile (ISD-P) or a Profile Domain command. SM-DP + generates a configuration ISD-P command, obtains the metadata of the profile, encrypts the configuration ISD-P command and the profile metadata by using a session key generated after key negotiation between SM-DP + and eUICC, and then adds the session key and initialization security channel information (InitialiseSecurieChannel) to the selected profile to form a first profile (bound profile package, BPP for short)). At this time, the first profile is successfully bound with the eUICC, because only the eUICC can decrypt the first profile except for SM-DP +.

It should be noted that, after the SM-DP + sends the first profile to the terminal device, it stores it as a record that the first profile has been downloaded, and updates the association relationship with the token, that is, the first profile is associated with the token, and the second profile before the first profile is generated is associated with the token originally. Therefore, some of the profiles corresponding to the token may be PPP and some may already be BPP, but when SM-DP + receives the profile download request, only one of the second profiles (PPP) corresponding to the token is selected to generate the first profile (BPP).

In addition, the SM-DP + may also store the first profile as an indication that the profile has been downloaded.

s311, the terminal device receives the first profile sent by the SM-DP +;

s312, the terminal device sends the first profile to the eUICC;

at which point the flow for profile download ends.

s313, the terminal device notifies the MNO that the profile download is complete.

The terminal device may notify the SM-DP + first, and then notify the MNO that the downloading is completed by the SM-DP +, so that the MNO performs related configuration.

According to the embodiment, one piece of marked data is associated with a plurality of profiles, and the marked data is subjected to security protection, so that not only can the profiles and the marked data be repeatedly utilized, the cost be reduced, but also replay attack can be prevented, and the security degree is improved.

Fig. 5 is a flowchart of a profile processing method according to a fourth embodiment of the present invention, and as shown in fig. 5, the method of the present embodiment is also applicable to the communication system shown in fig. 2. After step s202 of the method embodiment shown in fig. 3, the method of this embodiment may include:

s401, the terminal device obtains a profile deletion instruction input by a user;

the method of this embodiment is a process of deleting the profile after the terminal device finishes downloading the profile. Similarly, in this embodiment, the user may also input information into the terminal device by using a keyboard, touch, scanning the two-dimensional code, and the like, and the terminal device identifies an operation corresponding to the information and starts a corresponding function, so that the terminal device enters a test state, a maintenance state, and the like.

Through the steps of the method embodiment shown in fig. 3, the terminal device may display the profile information to the user, so that the user can check whether the profile in the eUICC is the profile that needs to be deleted, if so, the terminal device may be operated to delete the profile, and the user may input a profile deletion instruction by clicking a deletion option.

s402, the terminal equipment deletes the corresponding specific type profile in the eUICC according to the profile deletion instruction;

and the terminal equipment deletes the profile corresponding to the profile identifier in the eUICC. For example, the test profile downloaded before the test is not used, and therefore, the test profile is deleted, and the terminal device deletes the test profile according to the above steps, where the type of the test profile is known to be deleted. Specifically, by combining the steps in which the terminal device acquires the profile to be deleted from the eUICC, the profile identifier of the profile to be deleted can be carried in the deletion instruction sent to the eUICC, and the eUICC deletes the corresponding profile.

s403, the terminal device sends a first profile deletion notification to the SM-DP +, where the first profile deletion notification includes at least one of the following information: a profile identifier or an eUICC identifier;

and after acquiring the profile identifier of the profile to be deleted, notifying the SM-DP + that the first profile corresponding to at least one piece of information in the profile identifier or the eUICC identifier is deleted on the eUICC.

s404, obtaining a first profile corresponding to at least one information in the profile identification or the eUICC identification according to the profile first deletion notification;

and the SM-DP + acquires a first profile corresponding to at least one piece of information in the profile identification or the eUICC identification.

s405, SM-DP + restores the first profile to the second profile.

And removing fifth information in the first profile by the SM-DP + to generate a second profile, wherein the fifth information at least comprises initialization safety channel information and a configuration ISD-P command. For example, SM-DP + removes the initial secure channel information (initialisecuurcecurchannel) before the first profile, and session key encryption CI, SM, PPK and other information generated after the SM-DP + and eUICC perform key agreement, and restores the first profile (bpp) to the second profile (ppp). The second profile recovered in this way may be added with new fifth information again to form a new first profile, so as to be recycled.

s406, SM-DP + generates an encryption key, and re-encrypts the second profile using the encryption key after decrypting the second profile.

For the recovered second profile, SM-DP + may randomly generate a new encryption key in order to improve security, and decrypt the second profile with the original key and then re-encrypt it with the new encryption key.

In this embodiment, the first profile to be deleted is restored to the second profile, so that the profile can be reused, the cost is reduced, and the security is improved by re-encrypting the second profile.

Fig. 6 is a flowchart of a fifth embodiment of the profile processing method of the present invention, and as shown in fig. 6, the method of the present embodiment is also applicable to the communication system shown in fig. 2. The method of the embodiment may include:

s501, the terminal device receives a second profile deletion notification sent by the eUICC, wherein the second profile deletion notification is sent after the eUICC detects that a specific type of profile is stored after receiving an eUICC challenge obtaining instruction or a profile activating instruction, and deletes the specific type of profile;

in this embodiment, the user does not actively delete the unused profile, and if the profile needs to be changed into the profile of the user after the user takes the terminal device, or the user needs to activate the profile, the eUICC is triggered to detect whether other types of profiles exist. For example, a serviceman uses the test profile to maintain the terminal device, and after the user of the terminal device returns the terminal device, the user downloads or uses the profile of the terminal device, and at this time, the eUICC is triggered to detect whether the test profile in the previous test is not deleted. And when the eUICC detects that the specific type of profile is stored after receiving an eUICC challenge acquiring instruction or a profile activating instruction sent by the terminal equipment, deleting the profile. And the eUICC notifies the terminal equipment after deleting the profile of the specific type.

s502, the terminal device sends a first profile deletion notification to the SM-DP +, where the first profile deletion notification includes at least one of the following information: a profile identifier or an eUICC identifier;

s503, obtaining a first profile corresponding to at least one piece of information in the profile identifier or the eUICC identifier by the SM-DP + according to the first profile deletion notification;

s504, SM-DP + restoring the first profile to a second profile;

s505, SM-DP + generates an encryption key, and decrypts the second profile and re-encrypts using the encryption key.

Steps s502 to s505 are similar to the implementation principle of steps s403 to s406 of the above method embodiment, and are not described again here.

Fig. 7 is a schematic structural diagram of an embodiment of a terminal device of the present invention, and as shown in fig. 7, the apparatus of this embodiment may include: the system comprises an acquisition module 11, a sending module 12 and a receiving module 13, wherein the acquisition module 11 is used for acquiring mark information, and the mark information comprises mark data and/or mark identification; a sending module 12, configured to send a profile download request to a subscription management device, where the profile download request at least includes the tag data; a receiving module 13, configured to receive a first profile sent by the subscription management device, where the first profile is generated by the subscription management device according to a selected one of at least one second profile associated with the tag data.

The apparatus of this embodiment may be configured to implement the technical solutions of the above method embodiments, and the implementation principles and technical effects are similar, which are not described herein again.

Fig. 8 is a schematic structural diagram of another embodiment of the terminal device of the present invention, and as shown in fig. 8, the apparatus of this embodiment may further include, on the basis of the apparatus structure shown in fig. 7: a security protection module 14. The receiving module 13 is further configured to receive first information of an embedded universal integrated circuit card eUICC; the sending module 12 is further configured to send the first information to a subscription management device, where the first information at least includes challenge information of the eUICC; the receiving module 13 is further configured to receive second information returned by the subscription management device, where the second information at least includes challenge information of the subscription management device; the security protection module 14 is configured to perform security protection on the marked data by using challenge information of the contract signing management device; the sending module 12 is further configured to send third information to the eUICC, so that the eUICC generates signature information using the third information, where the third information at least includes the tag data and the tag identifier after security protection; the receiving module 13 is further configured to receive fourth information of the eUICC, where the fourth information at least includes the signature information; the sending module 12 is specifically configured to send a profile download request to the subscription management device, where the profile download request includes the tag data after security protection, the tag identifier, and the signature information.

Further, the sending module 12 is further configured to send a profile information obtaining message to the eUICC, where the profile information obtaining message includes a profile type; the receiving module 13 is further configured to receive and display the profile information corresponding to the profile type and sent by the eUICC.

Further, the security protection module 14 is specifically configured to perform a hash operation on the challenge information of the signed management device and the tag data.

Further, the profile download request further includes specific indication information, where the specific indication information is used to indicate that the profile that needs to be downloaded by the subscription management device is a specific type of profile.

Further, the sending module 12 is further configured to send a profile first deletion notification to the subscription management device, where the profile first deletion notification includes at least one of the following information: and the profile identifier or the eUICC identifier is used for enabling the subscription management equipment to acquire a first profile corresponding to at least one piece of information in the profile identifier or the eUICC identifier according to the first profile deletion notification, and restoring the first profile into a second profile.

Fig. 9 is a schematic structural diagram of a terminal device according to still another embodiment of the present invention, and as shown in fig. 9, the apparatus of this embodiment may further include, on the basis of the apparatus structure shown in fig. 7: the module 15 is deleted. The obtaining module 11 is further configured to obtain a profile deleting instruction input by a user; the deleting module 15 is configured to delete the specific type of profile corresponding to the eUICC according to the profile deleting instruction.

Further, the receiving module 13 is further configured to receive a second profile deletion notification sent by the eUICC, where the second profile deletion notification is sent after the eUICC detects that a specific type of profile is stored after receiving the eUICC challenge obtaining instruction or the profile activating instruction, and deletes the specific type of profile.

Further, the sending module 12 is further configured to notify the mobile network operator MNO that the profile download is completed.

Fig. 10 is a schematic structural diagram of an embodiment of a subscription management device of the present invention, and as shown in fig. 10, the apparatus of this embodiment may include: the system comprises a receiving module 21, a selecting module 22 and a sending module 23, wherein the receiving module 21 is configured to receive a profile downloading request sent by a terminal device, and the profile downloading request at least includes tag data acquired by the terminal device; a selecting module 22, configured to select one of the at least one second profile associated with the marking data to generate a first profile; a sending module 23, configured to send the first profile to the terminal device.

Fig. 11 is a schematic structural diagram of another embodiment of the subscription management device of the present invention, and as shown in fig. 11, the apparatus of this embodiment may further include, on the basis of the apparatus structure shown in fig. 10: the obtaining module 24, and the selecting module 22 includes a verifying unit 221 and a profile generating unit 222. The obtaining module 24 is configured to obtain first information sent by a terminal device, where the first information at least includes challenge information of an embedded universal integrated circuit card eUICC; the sending module 23 is further configured to send second information to the terminal device, where the second information at least includes challenge information of a subscription management device; the receiving module 21 is specifically configured to receive a profile download request sent by the terminal device, where the profile download request includes tag data obtained by the terminal device after performing security protection on the obtained tag data by using challenge information of the subscription management device, a tag identifier, and signature information generated by the eUICC; the verification unit 221 is configured to obtain corresponding tag data according to the tag identifier, and verify the tag data after security protection according to the tag data; the profile generating unit 222 is configured to select one of the at least one second profile associated with the marked data to generate a first profile after the verification is passed.

Further, the verification unit 221 is specifically configured to acquire tag data corresponding to the tag identifier, and perform security protection processing on the tag data using challenge information; and comparing the processed marking data with the marking data after safety protection, and if the processed marking data is the same as the marking data after safety protection, the verification is passed.

Further, the selecting module 22 is specifically configured to acquire at least one second profile associated with the marked data, and select one of the second profiles; and adding fifth information in the selected second profile to generate the first profile, wherein the fifth information at least comprises initialization security channel information and a configuration profile security domain command.

Fig. 12 is a schematic structural diagram of a subscription management device according to still another embodiment of the present invention, and as shown in fig. 12, the apparatus of this embodiment may further include, on the basis of the apparatus structure shown in fig. 11: a first generation module 25 and a first association module 26. The first generating module 25 is configured to generate at least one second profile and a piece of marking information according to a subscription request of a mobile network operator MNO, where the marking information includes the marking data; the first associating module 26 is configured to associate the at least one second profile with the marking data; the sending module 23 is further configured to return a subscription response to the MNO, where the subscription response includes the tag information.

Fig. 13 is a schematic structural diagram of a fourth embodiment of a subscription management device of the present invention, and as shown in fig. 13, the apparatus of this embodiment may further include, on the basis of the apparatus structure shown in fig. 11: a second generation module 27 and a second association module 28. A second generating module 27, configured to obtain a piece of marking information according to a subscription request of a mobile network operator MNO, where the marking information includes the marking data, and generate at least one second profile; a second associating module 28, configured to associate the at least one second profile with the marking data; the sending module 23 is further configured to return a subscription response to the MNO.

Fig. 14 is a schematic structural diagram of a fifth embodiment of a subscription management device of the present invention, and as shown in fig. 14, the apparatus of this embodiment may further include, on the basis of the apparatus structure shown in fig. 10: a recovery module 29 and an encryption module 30. The receiving module 21 is further configured to receive a first profile deletion notification sent by the terminal device, where the first profile deletion notification includes a profile identifier or an eUICC identifier; acquiring a first profile corresponding to the profile identifier or the eUICC identifier according to the profile first deletion notification; the restoring module 28 is configured to restore the first profile to a second profile.

The encryption module 30 is configured to generate an encryption key, decrypt the second profile, and re-encrypt the second profile using the encryption key.

Further, the recovering module 29 is specifically configured to remove fifth information in the first profile to generate the second profile, where the fifth information at least includes initialization security channel information and a configuration profile security domain command.

Fig. 15 is a schematic structural diagram of a fourth embodiment of the terminal device of the present invention, and as shown in fig. 15, the device of this embodiment may include: a processor 41, a transmitter 42, a receiver 43, an input unit, and an output unit, wherein the processor 41 generally controls the overall operation of the terminal device, such as operations associated with display, telephone call, data communication, camera operation, and recording operation. Processor 41 may execute instructions to perform all or a portion of the steps of the method described above. Further, processor 41 may include one or more modules that facilitate interaction between processor 41 and other components. For example, the processor 41 may include a multimedia module to facilitate interaction between multimedia components and the processor 41. The transmitter 42 and receiver 43 are configured to facilitate communication between the terminal device and other devices in a wired or wireless manner. The terminal device may access a WIreless network based on a communication standard, such as WIreless Fidelity (WiFi), 2G or 3G, or a combination thereof. In an exemplary embodiment, the transmitter 42 and the receiver 43 receive a broadcast signal or broadcast-related information from an external broadcast management system via a broadcast channel. In an exemplary embodiment, the transmitter 42 and the receiver 43 further include Near Field Communication (NFC) modules to facilitate short-range communications. For example, the NFC module may be implemented based on Radio Frequency Identification (RFID) technology, Infrared Data Association (IrDA) technology, Ultra Wideband (UWB) technology, Bluetooth (BT) technology, and other technologies. The input unit and the output unit receive numeric or various character information, and may include input keys and function keys for setting various functions and controlling functions of the terminal device. More specifically, the input unit and the output unit may include a key for requesting a movement. For example, a user may operate the input unit and the output unit to move a menu page or a focus on a menu page. The keys used to request movement may include a keyboard (arrow keys or volume keys), a rocker, an optical rocker, a jog wheel key, and the like. Further, the input unit and the output unit may include a determination key for performing a selected (focused) menu item. The input unit and the output unit may be constituted by one or a combination of a button type keyboard, a jog dial, an optical jog dial, a jog dial, and the like.

In addition, the memory of the terminal device is configured to store various types of data to support operations at the terminal device. Examples of such data include instructions for any application or method operating on the terminal device, contact data, phonebook data, messages, pictures, videos, etc. The Memory may be implemented by any type of volatile or non-volatile Memory device or combination thereof, such as Static Random Access Memory (SRAM), Electrically Erasable Programmable Read-Only Memory (EEPROM), Erasable Programmable Read-Only Memory (EPROM), Programmable Read-Only Memory (PROM-Only Memory), Read-Only Memory (ROM), magnetic Memory, flash Memory, magnetic disk or optical disk.

A processor 4l for obtaining marking information, the marking information comprising marking data and/or marking identification; a transmitter 42, configured to send a profile download request to a subscription management device, where the profile download request at least includes the tag data; a receiver 43, configured to receive a first profile sent by the subscription management device, where the first profile is generated by the subscription management device according to a selected one of at least one second profile associated with the tag data.

Further, the mark information further comprises a mark identifier; the processor 41 is further configured to obtain first information of an embedded universal integrated circuit card eUICC; the transmitter 42 is further configured to send the first information to a subscription management device, where the first information at least includes challenge information of the eUICC; the receiver 43 is further configured to receive second information returned by the subscription management device, where the second information at least includes challenge information of the subscription management device; the processor 41 is further configured to perform security protection on the tag data by using challenge information of the contract management device; the processor 41 is further configured to control to transmit third information to the eUICC, so that the eUICC generates signature information using the third information, where the third information at least includes the tag data and the tag identifier after security protection; acquiring fourth information of the eUICC, wherein the fourth information at least comprises the signature information; the sender 42 is specifically configured to send a profile download request to the subscription management device, where the profile download request includes the tag data after security protection, the tag identifier, and the signature information.

Further, the processor 41 is further configured to control transmission of a profile information acquisition message to the eUICC, where the profile information acquisition message includes a profile type; and acquiring and controlling to display the profile information which is sent by the eUICC and corresponds to the profile type.

Further, the processor 41 is specifically configured to perform a hash operation on the challenge information of the subscription management device and the tag data.

Further, the transmitter 42 is further configured to transmit a profile first deletion notification to the subscription management device, where the profile first deletion notification includes at least one of the following information: and the profile identifier or the eUICC identifier is used for enabling the subscription management equipment to acquire a first profile corresponding to at least one piece of information in the profile identifier or the eUICC identifier according to the first profile deletion notification, and restoring the first profile into a second profile.

Further, the processor 41 is further configured to obtain a profile deletion instruction input by a user; and deleting the corresponding specific type of profile in the eUICC according to the profile deleting instruction.

Further, the processor 41 is further configured to obtain a second profile deletion notification sent by the eUICC, where the second profile deletion notification is sent after the eUICC detects that a specific type of profile is stored after receiving the eUICC challenge obtaining instruction or the profile activating instruction, and deletes the specific type of profile.

Further, the sender 42 is further configured to notify the mobile network operator MNO that the profile download is complete.

Fig. 16 is a schematic structural diagram of a sixth embodiment of a subscription management device of the present invention, and as shown in fig. 16, the device of this embodiment may include: a receiver 51, a processor 52, and a transmitter 53, wherein the processor 52 generally controls the overall operation of the subscription management device, such as operations associated with display, phone calls, data communications, camera operations, and recording operations. Processor 52 may execute instructions to perform all or a portion of the steps of the method described above. Further, processor 52 may include one or more modules that facilitate interaction between processor 52 and other components. For example, the processor 52 may include a multimedia module to facilitate interaction between multimedia components and the processor 52. The transmitter 53 and the receiver 51 are configured to facilitate wired or wireless communication between the subscription management device and other devices. The subscription manager may access a WIreless network based on a communication standard, such as WIreless Fidelity (WiFi), 2G or 3G, or a combination thereof. In an exemplary embodiment, the transmitter 53 and the receiver 51 receive a broadcast signal or broadcast-related information from an external broadcast management system via a broadcast channel. In an exemplary embodiment, the transmitter 53 and the receiver 51 further include Near Field Communication (NFC) modules to facilitate short-range communications. For example, the NFC module may be implemented based on Radio Frequency Identification (RFID) technology, Infrared Data Association (IrDA) technology, Ultra Wideband (UWB) technology, Bluetooth (BT) technology, and other technologies.

In addition, the memory of the subscription management device is configured to store various types of data to support operations at the subscription management device. Examples of such data include instructions for any application or method operating on the subscription management device, contact data, phonebook data, messages, pictures, videos, and the like. The Memory may be implemented by any type of volatile or non-volatile Memory device or combination thereof, such as Static Random Access Memory (SRAM), Electrically Erasable Programmable Read-Only Memory (EEPROM), Erasable Programmable Read-Only Memory (EPROM), Programmable Read-Only Memory (PROM-Only Memory), Read-Only Memory (ROM), magnetic Memory, flash Memory, magnetic disk or optical disk.

The receiver 51 is configured to receive a profile download request sent by a terminal device, where the profile download request at least includes tag data acquired by the terminal device; a processor 52 for generating a first profile from one of at least one second profile associated with the marking data; a transmitter 53, configured to transmit the first profile to the terminal device.

Further, the receiver 51 is further configured to obtain first information sent by a terminal device, where the first information at least includes challenge information of an embedded universal integrated circuit card eUICC; the transmitter 53 is further configured to transmit second information to the terminal device, where the second information at least includes challenge information of a subscription management device; the receiver 51 is specifically configured to receive a profile download request sent by the terminal device, where the profile download request includes tag data obtained by the terminal device after performing security protection on the obtained tag data by using challenge information of the subscription management device, a tag identifier, and signature information generated by the eUICC; the processor 52 is further configured to obtain corresponding tag data according to the tag identifier, and verify the tag data after security protection according to the tag data; and selecting one of the at least one second profile associated with the marking data to generate the first profile after the verification is passed.

Further, the processor 52 is specifically configured to acquire tag data corresponding to the tag identifier, and perform security protection processing on the tag data using challenge information; and comparing the processed marking data with the marking data after safety protection, and if the processed marking data is the same as the marking data after safety protection, the verification is passed.

Further, the processor 52 is specifically configured to obtain at least one second profile associated with the marking data, and select one of the second profiles; and adding fifth information in the selected second profile to generate the first profile, wherein the fifth information at least comprises initialization security channel information and a configuration profile security domain command.

Further, the processor 52 is further configured to generate at least one second profile and a piece of marking information according to a subscription request of a mobile network operator MNO, where the marking information includes the marking data; associating the at least one second profile with the marking data; the sender 53 is further configured to return an order response to the MNO, the order response comprising the tag information.

Further, the processor 52 is further configured to obtain a tag information according to a subscription request of a mobile network operator MNO, where the tag information includes the tag data, and generate at least one second profile; associating the at least one second profile with the marking data; the sender 53 is also used to return an order response to the MNO.

Further, the receiver 51 is further configured to receive a first profile deletion notification sent by the terminal device, where the first profile deletion notification includes a profile identifier or an eUICC identifier; acquiring a first profile corresponding to the profile identifier or the eUICC identifier according to the profile first deletion notification; the processor 52 is further configured to restore the first profile to a second profile.

Further, the processor 52 is further configured to generate an encryption key, and decrypt the second profile and then re-encrypt the second profile using the encryption key.

Further, the processor 52 is specifically configured to remove fifth information in the first profile to generate the second profile, where the fifth information at least includes initialization security channel information and a configuration profile security domain command.

Fig. 17 is a schematic structural diagram of an embodiment of a communication system of the present invention, and as shown in fig. 17, the system of the present embodiment includes: a terminal device 61, a subscription management device 62, and an eUICC 63, where the terminal device 61 may adopt the structure of any apparatus embodiment in fig. 7 to 9, and correspondingly, may execute the technical solution of any method embodiment in fig. 1 to 6, and the implementation principle and the technical effect thereof are similar, and are not described herein again; the subscription management device 62 may adopt the structure of any one of the apparatus embodiments in fig. 10 to fig. 14, and correspondingly, may execute the technical solution of any one of the method embodiments in fig. 1 to fig. 6, and the implementation principle and the technical effect thereof are similar, and are not described herein again.

Further, the terminal device 61 in the communication system described in fig. 17 may adopt the structure of the device embodiment shown in fig. 15, and accordingly, may execute the technical solution of any one of the method embodiments in fig. 1 to fig. 6, and the implementation principle and the technical effect thereof are similar, and are not described herein again; the subscription management device 62 may adopt the structure of the device embodiment shown in fig. 16, and correspondingly, may execute the technical solution of any one of the method embodiments in fig. 1 to fig. 6, and the implementation principle and the technical effect are similar, and are not described herein again.

In the embodiments provided in the present invention, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.

The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.

In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit.

The integrated unit implemented in the form of a software functional unit may be stored in a computer readable storage medium. The software functional unit is stored in a storage medium and includes several instructions to enable a computer device (which may be a personal computer, a server, or a network device) or a processor (processor) to execute some steps of the methods according to the embodiments of the present invention. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.

It is obvious to those skilled in the art that, for convenience and simplicity of description, the foregoing division of the functional modules is merely used as an example, and in practical applications, the above function distribution may be performed by different functional modules according to needs, that is, the internal structure of the device is divided into different functional modules to perform all or part of the above described functions. For the specific working process of the device described above, reference may be made to the corresponding process in the foregoing method embodiment, which is not described herein again.

Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.

Claims

1. A profile processing method is characterized by comprising the following steps:

acquiring mark information, wherein the mark information comprises mark data;

receiving a first profile sent by the subscription management device, where the first profile is generated by the subscription management device according to a selected one of a plurality of second profiles associated with the tag data;

2. The method of claim 1, wherein the tag information further comprises a tag identification; before sending the profile download request to the subscription management device, the method further includes:

using the challenge information of the contract signing management equipment to perform security protection on the mark data;

receiving fourth information of the eUICC, wherein the fourth information at least comprises the signature information.

3. The method according to claim 1 or 2, wherein before the obtaining the mark information, further comprising:

4. The method of claim 2, wherein the securing the label data using the challenge information of the subscription management device comprises:

5. The method according to claim 1, 2 or 4, wherein the profile download request further includes specific indication information, and the specific indication information is used to indicate that the profile required to be downloaded by the subscription management device is a specific type of profile.

6. The method according to claim 1, 2 or 4, wherein after receiving the first profile sent by the subscription management device, the method further comprises:

7. The method of claim 6, wherein before sending the profile first deletion notification to the subscription management device, further comprising:

8. The method of claim 7, wherein after receiving and displaying the profile information corresponding to the profile type sent by the eUICC, the method further comprises:

acquiring a profile deleting instruction input by a user;

9. The method of claim 6, wherein before sending the profile first deletion notification to the subscription management device, further comprising:

10. The method according to claim 1, 2 or 4, wherein after receiving the first profile sent by the subscription management device, the method further comprises:

11. A profile processing method is characterized by comprising the following steps:

generating a first profile from one of a plurality of second profiles associated with the marking data;

sending the first profile to the terminal equipment;

and receiving a profile downloading request sent by the terminal equipment, wherein the profile downloading request comprises the mark data, the mark identification and the signature information generated by the eUICC, which are obtained after the terminal equipment uses the challenge information of the signed management equipment to perform security protection on the obtained mark data.

12. The method of claim 11, wherein the profile download request further comprises a tag identification; before receiving the profile download request sent by the terminal device, the method further includes:

13. The method according to claim 12, wherein the obtaining of the corresponding tag data according to the tag identifier and the verifying of the tag data after the security protection according to the tag data comprises:

acquiring mark data corresponding to the mark identification, and performing security protection processing on the mark data by using challenge information;

14. The method according to any one of claims 11 to 13, wherein the selecting one of the at least one second profile associated with the marker data to generate the first profile comprises:

acquiring at least one second profile associated with the marking data, and selecting one of the second profiles;

15. The method according to any one of claims 11 to 13, wherein before the obtaining the first information sent by the terminal device, the method further comprises:

generating at least one second profile and a piece of marking information according to a subscription request of a mobile network operator MNO, said marking information comprising said marking data;

associating the at least one second profile with the marking data;

16. The method according to any one of claims 11 to 13, wherein before the obtaining the first information sent by the terminal device, the method further comprises:

acquiring marking information according to an order request of a Mobile Network Operator (MNO), wherein the marking information comprises the marking data, and generating at least one second profile;

associating the at least one second profile with the marking data;

a subscription response is returned to the MNO.

17. The method according to any one of claims 11 to 13, wherein after the sending the first profile to the terminal device, further comprising:

restoring the first profile to a second profile.

18. The method of claim 17, wherein after restoring the first profile to the second profile, further comprising:

19. The method of claim 17, wherein restoring the first profile to the second profile comprises:

20. A terminal device, comprising:

the system comprises an acquisition module, a storage module and a processing module, wherein the acquisition module is used for acquiring mark information which comprises mark data;

a receiving module, configured to receive a first profile sent by the subscription management device, where the first profile is generated by the subscription management device according to a selected one of a plurality of second profiles associated with the tag data;

21. The apparatus of claim 20, wherein the tag information further comprises a tag identification; the device further comprises: a safety protection module;

the receiving module is further configured to receive fourth information of the eUICC, where the fourth information at least includes the signature information.

22. The apparatus according to claim 20 or 21, wherein the sending module is further configured to send a profile information obtaining message to the eUICC, where the profile information obtaining message includes a profile type;

23. The apparatus according to claim 21, wherein the security protection module is specifically configured to perform a hash operation on the challenge information of the contract management device and the tag data.

24. The apparatus according to claim 20, 21 or 23, wherein the profile download request further includes specific indication information, and the specific indication information is used to indicate that the profile required to be downloaded by the subscription management device is a specific type of profile.

25. The apparatus according to claim 20, 21, or 23, wherein the sending module is further configured to send a profile first deletion notification to the subscription management device, where the profile first deletion notification includes at least one of the following information: and the profile identifier or the eUICC identifier is used for enabling the subscription management equipment to acquire a first profile corresponding to at least one piece of information in the profile identifier or the eUICC identifier according to the first profile deletion notification, and restoring the first profile into a second profile.

26. The apparatus of claim 25, wherein the sending module is further configured to send a profile information obtaining message to the eUICC, and wherein the profile information obtaining message comprises a profile type;

27. The apparatus of claim 26, further comprising: a deletion module;

28. The apparatus of claim 25, wherein the receiving module is further configured to receive a second profile deletion notification sent by the eUICC, where the second profile deletion notification is sent after the eUICC detects that a specific type of profile is stored after receiving an eUICC challenge obtaining instruction or a profile activating instruction, and deletes the specific type of profile.

29. The apparatus according to claim 20, 21 or 23, wherein the sending module is further configured to notify a mobile network operator MNO of completion of the profile download.

30. A subscription management device, comprising:

a selection module, configured to select one of a plurality of second profiles associated with the tag data to generate a first profile;

a sending module, configured to send the first profile to the terminal device;

the receiving module is specifically configured to receive a profile download request sent by the terminal device, where the profile download request includes tag data obtained by the terminal device after performing security protection on the obtained tag data by using the challenge information of the subscription management device, a tag identifier, and signature information generated by the eUICC.

31. The apparatus of claim 30, wherein the profile download request further comprises a tag identification; the device further comprises: an acquisition module;

32. The apparatus according to claim 31, wherein the verification unit is specifically configured to obtain tag data corresponding to the tag identifier, and perform security protection processing on the tag data using challenge information; and comparing the processed marking data with the marking data after safety protection, and if the processed marking data is the same as the marking data after safety protection, the verification is passed.

33. The device according to any one of claims 30 to 32, wherein the selection module is specifically configured to obtain at least one second profile associated with the marking data and select one of the second profiles; and adding fifth information in the selected second profile to generate the first profile, wherein the fifth information at least comprises initialization security channel information and a configuration profile security domain command.

34. The apparatus of any one of claims 30 to 32, further comprising: a first generation module and a first association module;

the first generation module is used for generating at least one second profile and one marking information according to a subscription request of a mobile network operator MNO, wherein the marking information comprises the marking data;

35. The apparatus of any one of claims 30 to 32, further comprising: a second generation module and a second association module;

a second generation module, configured to obtain a piece of marking information according to an order request of a mobile network operator MNO, where the marking information includes the marking data, and generate at least one second profile;

36. The apparatus of any one of claims 30 to 32, further comprising: a recovery module;

37. The apparatus of claim 36, further comprising:

38. The apparatus according to claim 36, wherein the recovery module is specifically configured to remove fifth information in the first profile to generate the second profile, and the fifth information at least includes an initialize secure channel information and a configure profile security domain command.

39. A terminal device, comprising:

a processor for obtaining marking information, the marking information comprising marking data;

a receiver, configured to receive a first profile sent by the subscription management device, where the first profile is generated by the subscription management device according to a selected one of a plurality of second profiles associated with the tag data;

the sender is specifically configured to send a profile download request to the subscription management device, where the profile download request includes the tag data after security protection, the tag identifier, and signature information.

40. The apparatus of claim 39, wherein the tag information further comprises a tag identification; the processor is also used for acquiring first information of an embedded universal integrated circuit card (eUICC);

the processor is further configured to control transmission of third information to the eUICC, so that the eUICC generates signature information using the third information, where the third information at least includes the tag data and the tag identifier after security protection; and acquiring fourth information of the eUICC, wherein the fourth information at least comprises the signature information.

41. The device of claim 39 or 40, wherein the processor is further configured to control transmission of a profile information acquisition message to the eUICC, wherein the profile information acquisition message comprises a profile type; and acquiring and controlling to display the profile information which is sent by the eUICC and corresponds to the profile type.

42. The device according to claim 39 or 40, wherein the processor is specifically configured to perform a hash operation on the challenge information of the subscription management device and the tag data.

43. The device according to claim 39 or 40, wherein the profile download request further includes specific indication information, and the specific indication information is used to indicate that the profile required to be downloaded by the contract management device is a specific type of profile.

44. The device of claim 39 or 40, wherein the transmitter is further configured to transmit a profile first deletion notification to the subscription management device, where the profile first deletion notification includes at least one of the following information: and the profile identifier or the eUICC identifier is used for enabling the subscription management equipment to acquire a first profile corresponding to at least one piece of information in the profile identifier or the eUICC identifier according to the first profile deletion notification, and restoring the first profile into a second profile.

45. The device of claim 44, wherein the processor is further configured to control transmission of a profile information get message to the eUICC, wherein the profile information get message comprises a profile type; and acquiring and controlling to display the profile information which is sent by the eUICC and corresponds to the profile type.

46. The device of claim 45, wherein the processor is further configured to obtain a profile deletion instruction input by a user; and deleting the corresponding specific type of profile in the eUICC according to the profile deleting instruction.

47. The device of claim 44, wherein the processor is further configured to obtain a second profile deletion notification sent by the eUICC, where the second profile deletion notification is sent after the eUICC detects that a specific type of profile is stored after receiving an eUICC challenge command or a profile activation command, and deletes the specific type of profile.

48. The device according to claim 39 or 40, wherein said sender is further configured to notify a mobile network operator MNO of the completion of the profile download.

49. A subscription management device, comprising:

a processor for generating a first profile from one of a plurality of second profiles associated with the marking data;

a transmitter, configured to transmit the first profile to the terminal device;

the receiver is specifically configured to receive a profile download request sent by the terminal device, where the profile download request includes tag data obtained by the terminal device after performing security protection on the obtained tag data by using challenge information of the subscription management device, a tag identifier, and signature information generated by the eUICC.

50. The device of claim 49, wherein the profile download request further comprises a tag identification; the receiver is further configured to obtain first information sent by a terminal device, where the first information at least includes challenge information of an embedded universal integrated circuit card (eUICC);

51. The device according to claim 50, wherein the processor is specifically configured to obtain tag data corresponding to the tag identifier, and perform security protection processing on the tag data using challenge information; and comparing the processed marking data with the marking data after safety protection, and if the processed marking data is the same as the marking data after safety protection, the verification is passed.

52. The device according to any of claims 49 to 51, wherein the processor is specifically configured to obtain at least one second profile associated with the marking data and select one of the at least one second profile; and adding fifth information in the selected second profile to generate the first profile, wherein the fifth information at least comprises initialization security channel information and a configuration profile security domain command.

53. The device according to any of claims 49 to 51, wherein the processor is further configured to generate at least one second profile and a marking information according to a subscription request of a Mobile Network Operator (MNO), the marking information comprising the marking data; associating the at least one second profile with the marking data;

54. The device according to any of claims 49 to 51, wherein the processor is further configured to obtain a marking information according to a subscription request of a Mobile Network Operator (MNO), the marking information including the marking data, and generate at least one second profile; associating the at least one second profile with the marking data;

the transmitter is further configured to return an order response to the MNO.

55. The device according to any one of claims 49 to 51, wherein the receiver is further configured to receive a profile first deletion request sent by the terminal device, where the profile first deletion request includes at least one of the following information: a profile identifier or an eUICC identifier; acquiring a first profile corresponding to at least one piece of information in the profile identification or the eUICC identification according to the profile first deletion notification;

56. The device of claim 55, wherein the processor is further configured to generate an encryption key and decrypt the second profile before re-encrypting using the encryption key.

57. The device according to claim 55, wherein the processor is specifically configured to remove fifth information in the first profile to generate the second profile, and the fifth information at least includes an initialize secure channel information and a configure profile security domain command.

58. A communication device, comprising: the system comprises terminal equipment, subscription management equipment and an embedded universal integrated circuit card eUICC; the terminal device adopts the device of any one of claims 20 to 29, and the subscription management device adopts the device of any one of claims 30 to 38.

59. A communication device, comprising: the system comprises terminal equipment, subscription management equipment and an embedded universal integrated circuit card eUICC; the terminal device adopts the device of any one of claims 39-48, and the subscription management device adopts the device of any one of claims 49-57.