CN109302291A - A kind of method of multi-certificate and determining required Certification system - Google Patents
A kind of method of multi-certificate and determining required Certification system Download PDFInfo
- Publication number
- CN109302291A CN109302291A CN201811259670.XA CN201811259670A CN109302291A CN 109302291 A CN109302291 A CN 109302291A CN 201811259670 A CN201811259670 A CN 201811259670A CN 109302291 A CN109302291 A CN 109302291A
- Authority
- CN
- China
- Prior art keywords
- certificate
- certification system
- certification
- mark
- data command
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
This application discloses a kind of multi-certificate and the methods for determining required Certification system, wherein, multi-certificate includes eUICC card, it include multiple Certification systems in the eUICC card, the mark of the mark of each one and only one certificate issue side of Certification system, each certificate issue side in more Certification systems is all different.The application realizes the technical effect that can be downloaded to the data of different operators by storing the data of the Certification system of multiple and different operators in advance in eUICC card.
Description
Technical field
This application involves the sides of communication technique field more particularly to a kind of multi-certificate and determining required Certification system
Method.
Background technique
As shown in Figure 1, SGP-02-v3-1_Remote Provisioning Architecture for Embedded
The certificate authentication system used in UICC specification includes: CI (certificate issue side), EUM (eUICC card manufacturer), SM-SR (signing
Manage Security routing server), SM-DP (signing management data preparation server) and EUICC.CI includes CI certificate, CI public key
With CI private key.SM-SR includes SM-SR certificate, SM-SR private key and SM-SR public key.SM-DP includes SM-DP certificate, SM-DP public key
With SM-DP private key.EUM includes EUM certificate, EUM private key and EUM public key.Wherein, CI certificate, SM-DP certificate and SM-SR certificate
It is signed, can only be verified by signature of the CI public key to three certificates by CI private key.EUICC certificate is by EUM private key
It signs, can only be verified by signature of the EUM public key to EUICC certificate.
Table 1 is referred to, table 1 is the certificate format according to specification definition.Wherein, CA Identifier (certificate issue side
Mark) be each certificate issue side CI unique identification.
Table 1
As shown in Fig. 2, CI certificate, CI public key, EUM certificate, EUM public key, EUICC certificate and the public and private key (EUICC of EUICC
Public key and EUICC private key) deposit in eUICC card (Embedded Universal Integrated Circuit Card, insertion
Formula Universal Integrated Circuit Card).CI certificate, CI public key, SM-SR certificate, the public and private key of SM-SR (SM-SR private key and SM-SR public key),
The public and private key of SM-DP certificate, SM-DP (SM-DP public key and SM-DP private key) deposits in server.When eUICC card receives SM-SR card
After book or SM-DP certificate, the true and false by using CI public key verifications SM-SR certificate or SM-DP certificate is to judge follow-up data
No processing.
But the preset CI public key of meeting after existing eUICC card factory, if operator uses different CI certificates
The certificate of publisher's distribution, then can not achieve the mutual authentication between different operators.Such as: mobile operator has the CI of oneself
There are the certificate issue side CI of oneself, the different words of publisher in certificate issue side, connection operator, and certificate cannot be mutually authenticated,
That is, the certificate that a certificate issue side CI can only be used to issue, the certificate of other certificate issue sides CI distribution cannot be by
It is verified and uses.
Summary of the invention
The method of Certification system needed for a kind of being designed to provide multi-certificate and determine of the application, by
Store the data of the Certification system of multiple and different operators in eUICC card in advance, realize can data to different operators into
The technical effect of row downloading.
In order to achieve the above objectives, the application provides a kind of multi-certificate, including eUICC card, includes multiple in eUICC card
Certification system, the mark of each described one and only one certificate issue side of Certification system, each of described more Certification systems
The mark of certificate issue side is all different.
Preferably, multiple Certification systems are stored using chain structure.
Preferably, Certification system further includes CI certificate, CI public key, EUM certificate, EUM public key, EUICC certificate, EUICC public affairs
Private key and next Certification system member, certificate linked list head are directed toward first Certification system in multiple Certification systems, multiple cards
Next Certification system member of a upper Certification system in style of calligraphy system is directed to next Certification system.
Preferably, each Certification system includes Certification system information and Certification system content two parts;Certification system letter
Breath includes mark, Certification system content class, the next certificate information class of certificate issue side;Certification system content includes CI card
Book, CI public key, EUM certificate, EUM public key, EUICC certificate, the public and private key of EUICC;Next certificate body in multiple Certification systems
System is stored in next certificate information class an of Certification system.
The application also provides a kind of method for determining required Certification system, suitable for above-mentioned multi-certificate, determine into
Row interaction server in eUICC card Certification system to be used method are as follows: reception the data command from server,
Analyze and obtain the mark of the certificate issue side in data command;Along the direction path of certificate linked list head successively to multiple certificate bodies
System is inquired, and compares the certificate issue in the mark and data command of the certificate issue side in the Certification systems of current queries
Identifying whether for side is identical;If not identical, continue to inquire and compare the mark of the certificate issue side in next Certification system with
Identifying whether for certificate issue side in data command is identical, until finding the mark with the certificate issue side in data command
The Certification system of mark with identical credentials publisher, and the determining mark with the certificate issue side in data command has phase
Certification system with the mark of certificate issue side is server Certification system to be used.
Preferably, if the mark of all certificate issue sides in multiple Certification systems is and data command after inquiry comparison
In the mark of certificate issue side be not inconsistent, then directly return and execute failure result.
Preferably, data command includes SM-SR certificate or SM-DP certificate, the mark of the certificate issue side in data command
For the mark of the certificate issue side of SM-SR certificate or SM-DP certificate.
Preferably, data command includes the mark of certificate issue side.
Preferably, after determining server institute Certification system to be used, server to eUICC card transmission SM-SR certificate or
SM-DP certificate.
Preferably, when eUICC card determine server used in Certification system, and get SM-SR certificate or SM-DP card
After book, CI public key is obtained from the Certification system, and carry out using signature of the CI public key to SM-SR certificate or SM-DP certificate
Verifying continues with the instruction that server issues, and return instruction result if verifying is correct;If authentication failed is directly returned
Return instruction execution failure result.
For the application by storing the data of the Certification system of multiple and different operators in advance in eUICC card, realization can be with
The technical effect that the data of different operators are downloaded.
Detailed description of the invention
In order to illustrate the technical solutions in the embodiments of the present application or in the prior art more clearly, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
The some embodiments recorded in application can also be obtained according to these attached drawings other for those of ordinary skill in the art
Attached drawing.
Fig. 1 is the schematic diagram of certificate authentication system;
Fig. 2 is the schematic diagram of eUICC card in the prior art;
Fig. 3 is the flow chart of the method for Certification system needed for determining;
Fig. 4 is a kind of schematic diagram of embodiment of the eUICC card with multiple Certification systems;
A kind of reality of the server that Fig. 5 is interacted for determination method of Certification system to be used in eUICC card
Apply the flow chart of example;
Fig. 6 is the schematic diagram of another embodiment of the eUICC card with multiple Certification systems.
Specific embodiment
With reference to the attached drawing in the embodiment of the present invention, technical solution in the embodiment of the present invention carries out clear, complete
Ground description, it is clear that described embodiments are some of the embodiments of the present invention, instead of all the embodiments.Based on the present invention
In embodiment, those skilled in the art's every other embodiment obtained without making creative work, all
Belong to the scope of protection of the invention.
The application provides a kind of method of multi-certificate and determining required Certification system, by shifting to an earlier date in eUICC card
The data of the Certification system of multiple and different operators are stored, the technology that the data of different operators are downloaded can be imitated by realizing
Fruit.
A kind of multi-certificate, including eUICC card, include multiple Certification systems in eUICC card, and multiple Certification systems utilize
Chain structure storage, one and only one CA Identifier (mark of certificate issue side) of each Certification system, more certificate bodies
Each CA Identifier in system is all different.
As shown in figure 3, a kind of method for determining required Certification system is determined and is carried out suitable for above-mentioned multi-certificate
Interactive server in eUICC card Certification system to be used method are as follows:
S110: the data command from server is received, analyzes and obtains the CA Identifier in data command.
S120: successively multiple Certification systems are inquired along the direction path of certificate linked list head, and compare current queries
Certification system in CA Identifier and the CA Identifier in data command it is whether identical.
S130: if not identical, continue to inquire and compare CA Identifier and the data command in next Certification system
In CA Identifier it is whether identical, until find with the CA Identifier in data command have identical CA
The Certification system of Identifier.Execute S140: determining that there is identical CA with the CA Identifier in data command
The Certification system of Identifier is server Certification system to be used.
Embodiment one
In eUICC card include multiple Certification systems, the Certification system include CA Identifier, CI certificate, CI public key,
EUM certificate, EUM public key, EUICC certificate, the public and private key of EUICC and oNext (next Certification system member), certificate linked list head refers to
The oNext of first Certification system into multiple Certification systems, the upper Certification system in multiple Certification systems is directed to
Next Certification system.
Specifically, as shown in figure 4, before eUICC card dispatches from the factory preset multiple Certification systems, the CA in more Certification systems
Identifier is all different.When preset Certification system, using GP standardize in standard store data instruct, establish chain type knot
Structure is stored.It links gauge outfit and is directed toward first Certification system, first Certification system includes CA Identifier1, CI certificate
1, the public and private key 1 of CI public key 1, EUM certificate 1, EUM public key 1, EUICC certificate 1, EUICC and oNext1 (next Certification system at
1), the oNext1 of first Certification system is directed toward second Certification system to member, and second Certification system includes CA
The public and private key 2 of Identifier2, CI certificate 2, CI public key 2, EUM certificate 2, EUM public key 2, EUICC certificate 2, EUICC and oNext2
The oNextN of (next Certification system member 2) ... n-th Certification system is directed toward the N+1 Certification system, sequentially forms chain
Formula structure.
Further, as one embodiment, the server interacted institute's certificate to be used in eUICC card is determined
The method of system are as follows:
The first data command is received in S210:eUICC clamping, is analyzed and is obtained the CA Identifier in the first data command.
Specifically, server sends the first data command to eUICC card, which includes SM-SR certificate or SM-DP card
Book.After the first data command is received in eUICC clamping, the first data command is analyzed according to certificate format and obtains the first data
The CA Identifier of SM-SR certificate or SM-DP certificate in instruction.
S220:eUICC card successively inquires multiple Certification systems along the direction path of certificate linked list head, and compares and work as
Whether the CA Identifier in the Certification system of preceding inquiry and the CA Identifier1 in the first data command are identical.Tool
Body, after eUICC card gets the CA Identifier in the first data command, using enquiry module to more in eUICC card
A Certification system is inquired, and is linked gauge outfit by certificate and is found first Certification system, and compares in the first data command
Whether CA Identifier is identical as the CA Identifier1 of first Certification system.
S230: if not identical, continue to inquire and compare the CA Identifier and the first data in next Certification system
Whether the CA Identifier in instruction is identical, until finding has phase with the CA Identifier in the first data command
With the Certification system of CA Identifier.Specifically, if CA Identifier1 and the first data in first Certification system
CA Identifier in instruction is not identical, then is directed toward second Certification system by the oNext1 of first Certification system, and compare
It is whether identical compared with the CA Identifier2 in the second Certification system and the CA Identifier in the first data command, if phase
Together, then the second Certification system is server Certification system to be used, if not identical, by second Certification system
ONext2 is directed toward third Certification system, and compares in CA Identifier3 and the first data command in third Certification system
CA Identifier it is whether identical, successively inquire to determining server institute's Certification system to be used or inquired the eUICC
All Certification systems in card.
S240: if they are the same, determining that there is identical CA Identifier with the CA Identifier in the first data command
Certification system be server Certification system to be used.
S250: if after inquiry comparison, all CA Identifier in multiple Certification systems are and in the first data command
CA Identifier be not inconsistent, then directly return execute failure result.
Further, as shown in figure 5, as another embodiment, the server interacted institute in eUICC card is determined
The method of Certification system to be used are as follows:
The second data command is received in S310:eUICC clamping.Specifically, the second data command includes CA Identifier, it can
Guarantee that eUICC card can know server institute Certification system to be used in advance.
S320:eUICC card successively inquires multiple Certification systems along the direction path of certificate linked list head, and compares and work as
Whether the CA Identifier in the Certification system of preceding inquiry and the CA Identifier in the second data command are identical.Specifically
, after eUICC card gets the CA Identifier in the second data command, using enquiry module to multiple in eUICC card
Certificate is inquired, and is linked gauge outfit by certificate and is found first Certification system, and compares the CA in the second data command
Whether Identifier is identical as the CA Identifier1 of first Certification system.
S330: if not identical, continue to inquire and compare the CA Identifier and the second data in next Certification system
Whether the CA Identifier in instruction is identical.Specifically, if CA Identifier1 and second in first Certification system
CA Identifier in data command is not identical, then is directed toward second Certification system by the oNext1 of first Certification system,
And compare the CA Identifier2 in the second Certification system and whether the CA Identifier in the second data command is identical,
If they are the same, then the second Certification system is server Certification system to be used, if not identical, by second Certification system
ONext2 is directed toward third Certification system, and compares in CA Identifier3 and the second data command in third Certification system
CA Identifier it is whether identical, successively inquire to determining server institute's Certification system to be used or inquired the eUICC
All Certification systems in card.
S340: if they are the same, determining that there is identical CA Identifier with the CA Identifier in the second data command
Certification system be server Certification system to be used, execute S360.
S350: if after inquiry comparison, all CA Identifier in multiple Certification systems are and in the second data command
CA Identifier be not inconsistent, then directly return execute failure result.
S360: after determining server institute Certification system to be used, server sends third data command to eUICC card.
Specifically, the third data command includes SM-SR certificate or SM-DP certificate.
Further, when eUICC card determines Certification system used in server, and SM-SR certificate or SM-DP are got
After certificate, obtain CI public key from the Certification system, and using the CI public key to the signature of SM-SR certificate or SM-DP certificate into
Row verifying.If verifying is correct, the instruction that server issues, and return instruction result are continued with;If authentication failed, directly
Return instruction executes failure result.
Embodiment two
It include multiple Certification systems in eUICC card, each Certification system includes in Certification system information and Certification system
Hold two parts;Certification system information includes CA Identifier, Certification system content class, next certificate information class;Certificate body
It is content include CI certificate, CI public key, EUM certificate, EUM public key, EUICC certificate, the public and private key of EUICC;In multiple Certification systems
Next Certification system be stored in next certificate information class an of Certification system.
Specifically, first Certification system includes certificate as shown in fig. 6, certificate linked list head is directed toward first Certification system
System information 1 and Certification system content 1;Certification system information 1 includes CA Identifier1, Certification system content class 1, next
A certificate information class 1;Certification system content 1 include CI certificate 1, CI public key 1, EUM certificate 1, EUM public key 1, EUICC certificate 1,
The public and private key 1 of EUICC;Second Certification system includes Certification system information 2 and Certification system content 2;Second Certification system is protected
It is stored in next certificate information class 1 of first Certification system, second Certification system includes CA Identifier2, certificate
Syllabus and content class 2, next certificate information class 2;Certification system content 2 includes CI certificate 2, CI public key 2, EUM certificate 2, EUM public affairs
The public and private the N+1 Certification system of key 2 ... ... of key 2, EUICC certificate 2, EUICC is stored in next card of n-th Certification system
In book info class N.
Further, as one embodiment, the server interacted institute's certificate to be used in eUICC card is determined
The method of system are as follows:
S410: the 4th data command is received, analyzes and obtains the CA Identifier in the 4th data command.Specifically,
4th data command includes SM-SR certificate or SM-DP certificate.After the 4th data command is received in eUICC clamping, according to certificate format pair
4th data command is analyzed and obtains the CA Identifier in the 4th data command.
S420:eUICC card successively inquires multiple Certification systems along the direction path of certificate linked list head, and compares and work as
Whether the CA Identifier in the Certification system information of preceding inquiry and the CA Identifier in the 4th data command are identical.
Specifically, after eUICC card gets the CA Identifier in the 4th data command, using enquiry module in eUICC card
Multiple Certification systems are inquired, and are linked gauge outfit by certificate and are found the Certification system information 1 of first Certification system, and compare
Whether the CA Identifier in the 4th data command is identical as the CA Identifier1 of Certification system information 1.
S430: if not identical, continue to inquire and compare the CA Identifier and the 4th in next Certification system information
Whether the CA Identifier in data command is identical.Specifically, if CA Identifier1 in first Certification system with
CA Identifier in 4th data command is not identical, then searches from next certificate information class 1 of first Certification system
The Certification system information 2 of second Certification system, and compare the number of the CA Identifier2 in second Certification system and the 4th
Whether identical according to the CA Identifier in instruction, if they are the same, then second Certification system is server certificate to be used
System searches third Certification system from next certificate information class 2 of second Certification system, and compare if not identical
Whether the CA Identifier3 in third Certification system and the CA Identifier in the 4th data command are identical, successively look into
Ask to determine server Certification system to be used or inquired all Certification systems in the eUICC card.
S440: if they are the same, determining that there is identical CA Identifier with the CA Identifier in the 4th data command
Certification system be server Certification system to be used.
S450: if after inquiry comparison, all CA Identifier in multiple Certification systems are and in the 4th data command
CA Identifier be not inconsistent, then directly return execute failure result.
Further, as another embodiment, the server interacted institute's card to be used in eUICC card is determined
The method of style of calligraphy system are as follows:
The 5th data command is received in S510:eUICC clamping.Specifically, the 5th data command includes CA Identifier, it can
Guarantee that eUICC card can know server institute Certification system to be used in advance.
S520:eUICC card successively inquires multiple Certification systems along the direction path of certificate linked list head, and compares and work as
Whether the CA Identifier in the Certification system information of preceding inquiry and the CA Identifier in the 5th data command are identical.
Specifically, after eUICC card gets the CA Identifier in the 5th data command, using enquiry module in eUICC card
Multiple certificates are inquired, and are linked gauge outfit by certificate and are found first Certification system, and compare the CA in the 5th data command
Whether Identifier is identical as the CA Identifier1 of first Certification system.
S530: if not identical, continue to inquire and compare the CA Identifier and the 5th in next Certification system information
Whether the CA Identifier in data command is identical.Specifically, if CA Identifier1 in first Certification system with
CA Identifier in 5th data command is not identical, then searches from next certificate information class 1 of first Certification system
Second Certification system, and compare the CA in CA Identifier2 and the 5th data command in the second Certification system
Whether Identifier is identical, and if they are the same, then the second Certification system is server Certification system to be used, if not identical,
Third Certification system then is searched from next certificate information class 2 of second Certification system, and is compared in third Certification system
CA Identifier3 and the CA Identifier in the 5th data command it is whether identical, successively inquire to determine server
Certification system to be used or inquired all Certification systems in the eUICC card.
S540: if they are the same, determining that there is identical CA Identifier with the CA Identifier in the 5th data command
Certification system be server Certification system to be used, execute S560.
S550: if after inquiry comparison, all CA Identifier in multiple Certification systems are and in the 5th data command
CA Identifier be not inconsistent, then directly return execute failure result.
S560: after determining server institute Certification system to be used, server sends the 6th data command to eUICC card,
6th data command includes SM-SR certificate or SM-DP certificate
Further, when eUICC card determines Certification system used in server, and SM-SR certificate or SM-DP are got
After certificate, obtain CI public key from the Certification system, and using the CI public key to the signature of SM-SR certificate or SM-DP certificate into
Row verifying.If verifying is correct, the instruction that server issues, and return instruction result are continued with;If authentication failed, directly
Return instruction executes failure result.
For the application by the way that the diploma systems of multiple and different operators is stored in advance before the factory of eUICC card, having reached can be with
The data of different operators are downloaded, convenient for the technical effect of operator's switching.
Although the preferred embodiment of the application has been described, it is created once a person skilled in the art knows basic
Property concept, then additional changes and modifications may be made to these embodiments.So it includes excellent that the following claims are intended to be interpreted as
It selects embodiment and falls into all change and modification of the application range.Obviously, those skilled in the art can be to the application
Various modification and variations are carried out without departing from spirit and scope.If in this way, these modifications and variations of the application
Belong within the scope of the claim of this application and its equivalent technologies, then the application is also intended to encompass these modification and variations and exists
It is interior.
Claims (10)
1. a kind of multi-certificate, which is characterized in that include multiple Certification systems in the eUICC card, often including eUICC card
The mark of a described one and only one certificate issue side of Certification system, each certificate issue side in more Certification systems
Mark is all different.
2. more Certification systems according to claim 1, which is characterized in that multiple Certification systems are stored using chain structure.
3. multi-certificate according to claim 2, which is characterized in that Certification system further include CI certificate, CI public key,
EUM certificate, EUM public key, EUICC certificate, the public and private key of EUICC and next Certification system member, certificate linked list head are directed toward multiple
First Certification system in Certification system, next Certification system member of the upper Certification system in multiple Certification systems
It is directed to next Certification system.
4. multi-certificate according to claim 2, which is characterized in that each Certification system includes Certification system
Information and Certification system content two parts;The Certification system information include the mark of certificate issue side, Certification system content class,
Next certificate information class;The Certification system content include CI certificate, CI public key, EUM certificate, EUM public key, EUICC certificate,
The public and private key of EUICC;Next Certification system in multiple Certification systems is stored in next certificate letter an of Certification system
It ceases in class.
5. a kind of method for determining required Certification system, suitable for the multi-certificate as described in claim 1-4, feature exists
In, determine the server that interacts in eUICC card Certification system to be used method are as follows:
The data command from server is received, the mark of the certificate issue side in data command is analyzed and obtain;
Successively multiple Certification systems are inquired along the direction path of certificate linked list head, and compare the Certification system of current queries
In certificate issue side mark and the certificate issue side in data command identify whether it is identical;
If not identical, continue to inquire and compare the card in the mark and data command of the certificate issue side in next Certification system
Identifying whether for book publisher is identical, sends out with the mark of the certificate issue side in data command with identical credentials until finding
The Certification system of the mark of row side, and determine that the mark with the certificate issue side in data command is issued with identical credentials
The Certification system of the mark of side is server Certification system to be used.
6. multi-certificate according to claim 5, which is characterized in that if after inquiry comparison, in multiple Certification systems
Mark of the mark of all certificate issue sides with the certificate issue side in data command is not inconsistent, then directly returns to execute and unsuccessfully tie
Fruit.
7. multi-certificate according to claim 6, which is characterized in that the data command includes SM-SR certificate or SM-
DP certificate, the mark of the certificate issue side for being identified as SM-SR certificate or SM-DP certificate of the certificate issue side in the data command
Know.
8. multi-certificate according to claim 6, which is characterized in that the data command includes the mark of certificate issue side
Know.
9. multi-certificate according to claim 8, which is characterized in that determine server institute Certification system to be used
Afterwards, server sends SM-SR certificate or SM-DP certificate to eUICC card.
10. multiple diploma systems according to claim 7 or 9, which is characterized in that when eUICC card determines that server is made
Certification system, and after getting SM-SR certificate or SM-DP certificate, obtains CI public key from the Certification system, and using should
CI public key verifies the signature of SM-SR certificate or SM-DP certificate, if verifying is correct, continues with what server issued
Instruction, and return instruction result;If authentication failed, direct return instruction executes failure result.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811259670.XA CN109302291A (en) | 2018-10-26 | 2018-10-26 | A kind of method of multi-certificate and determining required Certification system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811259670.XA CN109302291A (en) | 2018-10-26 | 2018-10-26 | A kind of method of multi-certificate and determining required Certification system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109302291A true CN109302291A (en) | 2019-02-01 |
Family
ID=65158897
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811259670.XA Pending CN109302291A (en) | 2018-10-26 | 2018-10-26 | A kind of method of multi-certificate and determining required Certification system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109302291A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110198537A (en) * | 2019-05-13 | 2019-09-03 | 深圳杰睿联科技有限公司 | Support eSIM management method, system and the eSIM activating method of multi-digital certificate |
| CN110677263A (en) * | 2019-09-30 | 2020-01-10 | 恒宝股份有限公司 | Method and system for issuing certificate under new CI system by eSIM card on line |
| WO2021062945A1 (en) * | 2019-09-30 | 2021-04-08 | 恒宝股份有限公司 | Method and device for expanding applications of embedded universal integrated circuit card |
| CN112637848A (en) * | 2020-12-18 | 2021-04-09 | 中国联合网络通信集团有限公司 | Method, device and system for managing authentication application certificate |
| DE102019130351A1 (en) * | 2019-11-11 | 2021-05-12 | Bayerische Motoren Werke Aktiengesellschaft | Communication module, means of locomotion and method for operating a communication module |
| CN113127838A (en) * | 2021-03-26 | 2021-07-16 | 东信和平科技股份有限公司 | Multi-certificate storage method, system and storage medium based on embedded chip card |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140359288A1 (en) * | 2013-06-03 | 2014-12-04 | Thomas Rosted Jensen | Authentication devices, key generator devices, methods for controlling an authentication device, and methods for controlling a key generator |
| CN105916144A (en) * | 2015-02-23 | 2016-08-31 | 苹果公司 | Techniques for dynamically supporting different authentication algorithms |
| CN106507341A (en) * | 2016-11-25 | 2017-03-15 | 宇龙计算机通信科技(深圳)有限公司 | The method of Intelligent Recognition configuration file, system and mobile terminal |
-
2018
- 2018-10-26 CN CN201811259670.XA patent/CN109302291A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140359288A1 (en) * | 2013-06-03 | 2014-12-04 | Thomas Rosted Jensen | Authentication devices, key generator devices, methods for controlling an authentication device, and methods for controlling a key generator |
| CN105916144A (en) * | 2015-02-23 | 2016-08-31 | 苹果公司 | Techniques for dynamically supporting different authentication algorithms |
| CN106507341A (en) * | 2016-11-25 | 2017-03-15 | 宇龙计算机通信科技(深圳)有限公司 | The method of Intelligent Recognition configuration file, system and mobile terminal |
Non-Patent Citations (1)
| Title |
|---|
| 仇剑书: "eSIM安全性分析及实现方案研究", 《互联网天地》 * |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110198537A (en) * | 2019-05-13 | 2019-09-03 | 深圳杰睿联科技有限公司 | Support eSIM management method, system and the eSIM activating method of multi-digital certificate |
| CN110677263A (en) * | 2019-09-30 | 2020-01-10 | 恒宝股份有限公司 | Method and system for issuing certificate under new CI system by eSIM card on line |
| WO2021062945A1 (en) * | 2019-09-30 | 2021-04-08 | 恒宝股份有限公司 | Method and device for expanding applications of embedded universal integrated circuit card |
| DE102019130351A1 (en) * | 2019-11-11 | 2021-05-12 | Bayerische Motoren Werke Aktiengesellschaft | Communication module, means of locomotion and method for operating a communication module |
| DE102019130351B4 (en) | 2019-11-11 | 2022-05-05 | Bayerische Motoren Werke Aktiengesellschaft | Communication module, means of transportation and method for operating a communication module |
| CN112637848A (en) * | 2020-12-18 | 2021-04-09 | 中国联合网络通信集团有限公司 | Method, device and system for managing authentication application certificate |
| CN112637848B (en) * | 2020-12-18 | 2023-03-14 | 中国联合网络通信集团有限公司 | Method, device and system for managing authentication application certificate |
| CN113127838A (en) * | 2021-03-26 | 2021-07-16 | 东信和平科技股份有限公司 | Multi-certificate storage method, system and storage medium based on embedded chip card |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109302291A (en) | A kind of method of multi-certificate and determining required Certification system | |
| CN103139172B (en) | A kind of service implementation method and device | |
| CN101588390B (en) | Method for improving centralized authentication service system service viscosity and load equilibrium apparatus | |
| CN103427995B (en) | User authentication method, SSL (security socket layer) VPN (virtual private network) server and SSL VPN system | |
| CN105099692A (en) | Safety verification method, device, server and terminal | |
| WO2012119434A1 (en) | Method for dynamic authentication between reader and tag, and device therefor | |
| CN109559136B (en) | Information management system and method | |
| CN109413096A (en) | A kind of login method and device more applied | |
| CN109005159A (en) | The data processing method and certificate server of terminal access system server | |
| CN112734431B (en) | Method and device for querying Fabric Block Link book data | |
| CN112689979A (en) | Article identity management method, terminal, micro-processing unit, identification equipment and system | |
| CN109242405A (en) | Government affairs processing method and processing device, computer equipment and readable storage medium storing program for executing | |
| CN109492377A (en) | Device authentication method, apparatus and electronic equipment | |
| CN105992204A (en) | Access authentication method of applications of mobile intelligent terminal and device | |
| CN117786140A (en) | Information processing method, information processing device, electronic equipment and computer readable storage medium | |
| CN109190399A (en) | Method for anti-counterfeit, system and storage medium based on block chain | |
| CN107508822A (en) | Access control method and device | |
| CN108022100A (en) | A kind of cross-certification system and method based on block chain technology | |
| CN112929349A (en) | Method and device for sharing private data based on block chain and electronic equipment | |
| CN105577619A (en) | Method and system for logging in client and client | |
| CN105704154B (en) | A kind of service processing method based on RESTful, apparatus and system | |
| CN106453213B (en) | Call method and device between a kind of system | |
| CN109615388A (en) | The method, apparatus and storage medium of the logical card of block chain are generated and exchanged based on article | |
| CN111666554B (en) | Certificate authentication method, device, equipment and storage medium | |
| CN102629345A (en) | Chain type communication cooperation method, apparatus and system thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190201 |
|
| RJ01 | Rejection of invention patent application after publication |