CN109479007B

CN109479007B - Data service control method, related equipment and system

Info

Publication number: CN109479007B
Application number: CN201680087742.XA
Authority: CN
Inventors: 陈曦; 刘治锋
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2016-07-29
Filing date: 2016-07-29
Publication date: 2021-05-11
Anticipated expiration: 2036-07-29
Also published as: WO2018018604A1; CN109479007A

Abstract

The embodiment of the invention discloses a data service method, related equipment and a system. The method comprises the following steps: the terminal sends a request for acquiring data service to the server; the terminal receives the service information of the data service distributed to the terminal user returned by the server; and the terminal charges the terminal user in a trusted execution environment according to the service information of the data service and the use condition of the terminal user to the data service. The scheme can realize the credible monitoring and control of the condition that the user uses the data service locally at the terminal, avoid the frequent interaction between the terminal and the mobile virtual operator and reduce the load of a service platform of the mobile virtual operator.

Description

Data service control method, related equipment and system

Technical Field

The present invention relates to the field of mobile communications technologies, and in particular, to a data service control method, a related device, and a system.

Background

Data Service (Data Service) is a Service in the PS (Packet Switching, chinese: Packet Switching) domain, and is a mobile communication Service using Data transmission and information interaction as technologies. With the richness of mobile data services and the improvement of mobile transmission rate, more and more mobile data service products based on flow, duration and the like are provided. When a user uses a mobile data service product, how to control the user to access the internet and monitor the flow consumption or the time consumption of the user is always a very concerned technical problem for mobile communication operators. The Mobile communication Operator may be a basic Mobile Operator (MNO) or a Mobile Virtual Operator (MVNO).

In the prior art, for data services directly provided or sold by a basic mobile operator, such as various traffic packages or duration packages, recording and monitoring must be performed by a traffic charging control entity in a core network of the basic mobile operator. For example, a Serving GPRS SUPPORT NODE (SGSN) is used to collect usage of radio resources by a user and generate a call ticket. A Gateway GPRS Support Node (GGSN) is used to provide various rich charging functions including general charging, content charging, and online charging. An Authentication, Authorization, and Accounting Server (AAA Server) is used for Authentication, Authorization, and Accounting.

For example, as shown in FIG. 1, when a user attempts to surf the internet, traffic passes through the gateway. The gateway sends an authentication request to the AAA server. AAA server checks the user flow (or time length), judges whether the user consumed flow (or time length) exceeds the limit of the service package purchased by the user, if so, returns authentication failure; and if the limit is not exceeded, returning authentication success. After the authentication is successful, the gateway forwards the traffic to the Internet, so that the user can surf the Internet normally. And after the authentication fails, the gateway refuses to establish a data channel for the user to access the Internet, and stops providing the data service.

The scheme has strong dependence on the network of the basic mobile operator and needs to pass through a flow charging control entity in the core network of the basic mobile operator. The above scheme cannot be adopted for data services that are not directly provided by the underlying mobile operator, such as data services provided by a mobile virtual operator. If a mobile virtual operator wants to customize such traffic charging control services in the underlying mobile operator network, the cost of customization is typically high.

For this problem, the mobile virtual operator generally uses a real-time cloud verification method to perform data service control. However, this greatly increases the load on the service platform of the mobile virtual operator.

Disclosure of Invention

The embodiment of the invention provides a data service control method, related equipment and a system, which can realize the credible monitoring and control of the condition that a user uses the data service on a terminal side, avoid the frequent interaction between the terminal and a service platform of a mobile virtual operator and reduce the load of the service platform of the mobile virtual operator.

In a first aspect, a data service control method is provided, which is applied to a terminal side, and includes: the terminal sends a request for acquiring data service of data service to a server, then receives service information of the data service distributed to the terminal user returned by the server, and the terminal charges the terminal user in a trusted execution environment according to the service information of the data service and the use condition of the data service by the terminal user.

In a second aspect, a data service control method is provided, which is applied to a server side of a mobile virtual operator, and includes: the server receives a request for acquiring the data service sent by the terminal, responds to the request for acquiring the data service, distributes the data service for the terminal user, and sends the service information of the distributed data service to the terminal according to the identification information.

Specifically, the server refers to a server of a mobile virtual carrier. The request for obtaining the data service of the data service may include identification information of the terminal user, and is used to indicate a mobile user applying for the data service. In a specific implementation, the identification information of the end user may include: an IMSI stored on the end user's SIM card, or an account number registered by the end user in the server. It should be noted that the identification information of the end user may also be other information capable of uniquely identifying the user in the service platform of the mobile virtual operator, which is not limited herein.

By implementing the data service control method described in the first aspect and the second aspect, the situation that the user uses the data service can be monitored and controlled locally at the terminal, frequent interaction between the terminal and the server is avoided, and the load of the service platform of the mobile virtual operator is reduced.

With reference to the first aspect or the second aspect, in some possible embodiments, when the end user accesses the internet by using the data service, the terminal may count, through a wireless modem, usage of the data service by the end user, for example, traffic consumed by the end user, internet access duration, and the like. The wireless modem may send the usage obtained by statistics to the TEE through a secure pipe, and please refer to relevant contents in the embodiment of fig. 3 for the definition of the secure pipe and the implementation of the secure pipe in the terminal, which is not described herein.

In combination with the first or second aspect, in some possible embodiments, the service information may include a charging policy. The terminal may specifically charge the terminal user in the TEE according to the charging policy and the usage.

In a specific implementation, the charging policy may include: the charging type is, for example, charging according to traffic or charging according to internet access time length. The charging policy may further include: the charging criteria may be used to measure the cost per unit of usage, e.g., per unit of flow or per unit of time. In practical applications, the charging policy may also be formulated according to specific requirements, for example, a charging standard in different time periods (the charging in a peak time period is higher than that in a normal time period), which is not limited in this embodiment of the present invention.

Further, the service information of the data service may further include a quota of the data service. The terminal can also deduct the quota of the data service according to the use condition of the user on the data service in the trusted execution environment, judge whether the quota is used completely, and trigger to stop providing the data service for the terminal user if the quota is used completely.

Specifically, the terminal may trigger to stop providing the data service to the terminal user by:

in a first implementation, the terminal triggers a modem to close a data service connection between the terminal and the base mobile operator, which may enable stopping the provision of the data service to the terminal user.

In a second implementation manner, the terminal reports a result of the data service completion to the server, and triggers the mobile server to notify the basic mobile operator to stop providing the data service to the terminal user.

With reference to the first aspect or the second aspect, in some possible embodiments, the SIM card of the end user may be a hard SIM card provided by the mobile virtual operator, for example, an eSIM card or a hard SIM card similar to a common SIM card.

With reference to the first aspect or the second aspect, in some possible embodiments, the SIM card of the end user may also be a soft SIM card issued by the server.

Specifically, the server may issue the soft SIM card to the terminal in the following manner:

in a first implementation, the server may issue a soft SIM card to the terminal according to the selection of the terminal user. The end user's selection may be embodied in the request for obtaining a soft SIM card, which may carry identification information of the target base mobile operator selected by the end user. That is, the server may issue, to the terminal, a soft SIM card for accessing the target base mobile operator according to the identification information of the target base mobile operator carried in the request.

In a second implementation manner, the server may issue a soft SIM card suitable for the geographical location to the terminal according to the geographical location of the terminal user. The soft SIM card applicable to the geographic position refers to: a soft SIM card for accessing an underlying mobile operator network at the geographic location that has a partnership with a mobile virtual operator to which the server belongs.

With reference to the first aspect or the second aspect, in some possible embodiments, the terminal may send the request for obtaining the data service to the server through Wi-Fi, or may send the request for obtaining the data service to the server through a telephone communication link. In some possible embodiments, if the terminal is built-in with a SIM card provided by an underlying mobile operator, for example a 2G SIM card for china mobile, the terminal may send the request to the server via a data service connection provided by the underlying mobile operator, for example a GPRS data link.

With reference to the first aspect or the second aspect, in some possible embodiments, the data service allocated to the end user may support the end user to surf the internet through 2 or more than 2 networks of the basic mobile operators. In a specific implementation, the data service provided by the mobile virtual operator does not limit the basic mobile operator network used by the terminal user, and the server can adaptively issue the soft SIM card suitable for the geographical location to the terminal according to the geographical location of the terminal user, so that the terminal user can surf the internet through the basic mobile operator network at the geographical location.

With reference to the first aspect or the second aspect, in some possible embodiments, for the terminal user to surf the internet, the server may receive a ticket fed back by the basic mobile operator, and may also receive a charging condition reported by the terminal for the terminal user. The server can check the bill of the basic mobile operator by using the charging condition reported by the terminal. Therefore, unnecessary service cost due to wrong telephone bills generated by the basic mobile operator can be avoided, and the accuracy of the mobile virtual operator for paying communication service to the basic mobile operator is improved.

Specifically, the reporting policy of the charging condition adopted by the terminal is different from real-time reporting, and the terminal does not need to frequently interact with the server. For example, when the consumption of the terminal user for the data service reaches a fixed threshold, for example, the traffic consumption reaches 10M or the duration of the internet access lasts 2 hours, the terminal reports the charging condition for the terminal user to the server. For another example, when the terminal user starts or finishes surfing the internet each time, the terminal reports a charging condition for the terminal user to the server.

With reference to the first aspect or the second aspect, in some embodiments, the request for acquiring the soft SIM card sent by the terminal and the request for acquiring the data service sent by the terminal may be embodied in a same user application process, where the application process may be used to request the server to issue the soft SIM card and to request the server to allocate the data service to the terminal user. That is, the request for acquiring the soft SIM card and the request for acquiring the data service may be represented by the same request.

In a third aspect, a terminal is provided, including: the system comprises a processor, a radio frequency module and a SIM card, wherein two execution environments run in the processor: a general purpose execution environment and a trusted execution environment, wherein:

the universal execution environment is used for sending a request for acquiring data service to a server through the radio frequency module and receiving service information of the distributed data service returned by the server through the radio frequency module;

and the trusted execution environment is used for charging the terminal user according to the service information of the data service and the use condition of the terminal user to the data service.

Specifically, the request for acquiring the data service may include identification information of the end user. For implementation of the identification information, reference may be made to the content described in the first aspect or the second aspect, which is not described herein again.

In combination with the third aspect, in some possible embodiments, the service information of the data service may include a quota of the data service. The trusted execution environment can also be used for deducting the quota of the data service according to the use condition of the data service by the user, judging whether the quota is used completely, and triggering to stop providing the data service for the terminal user if the quota is used completely.

In a specific implementation, after the general execution environment receives the service information of the distributed data service through the radio frequency module, the general execution environment may be configured to invoke a trusted client application programming interface provided by the trusted execution environment to send the service information to the trusted execution environment.

With reference to the third aspect, in some possible embodiments, the terminal further includes: the wireless modem can be used for counting the use condition of the terminal user on the data service when the terminal user surfs the internet, and sending the use condition obtained by counting to the trusted execution environment through a secure pipeline; the secure pipe is established between the wireless modem and the trusted execution environment for enabling secure data transfer between the trusted execution environment and the wireless modem.

Specifically, the trusted execution environment may trigger to stop providing the data service to the end user by:

in a first implementation, the trusted execution environment may be specifically configured to issue a close command to the wireless modem via the secure pipe, and trigger the wireless modem to close a data service connection between the terminal and the basic mobile operator, so as to stop providing the data service to the terminal user.

In a second implementation manner, the trusted execution environment may be specifically configured to report a result of completion of the data service to the server through the radio frequency module, and trigger the server to notify the basic mobile operator to stop providing the data service to the terminal user.

With reference to the third aspect, in some possible embodiments, the SIM card of the end user may be a soft SIM card issued by the server. For concrete implementation of acquiring the soft SIM card by the terminal, please refer to the content described in the first aspect or the second aspect, which is not described herein again.

In a fourth aspect, a terminal is provided, including: means for performing the method of the first aspect described above.

In a fifth aspect, a server is provided, including: a receiver, a transmitter, and a processor, wherein:

the receiver is used for receiving a request for acquiring data service sent by a terminal;

the processor is used for responding to the request for acquiring the data service and distributing the data service to the terminal user;

the transmitter is used for sending the service information of the distributed data service to the terminal according to the identification information;

the terminal is used for charging the terminal user according to the service information of the distributed data service and the use condition of the terminal user to the distributed data service in a trusted execution environment.

With reference to the fifth aspect, in some possible embodiments, the SIM card in the terminal may be a soft SIM card issued by the transmitter. Specifically, the mode of the soft SIM card issued by the transmitter may be as follows:

in a first implementation, the receiver may be configured to receive a request sent by the terminal to acquire a soft SIM card. The transmitter may then be configured to send a soft SIM card to the terminal in response to the request.

In a second implementation manner, the transmitter may be specifically configured to issue, to the terminal, a soft SIM card applicable to the geographic location according to the geographic location where the terminal user is located. The soft SIM card applicable to the geographic position refers to: a soft SIM card for accessing an underlying mobile operator network at the geographic location in a partnership with the mobile virtual operator.

With reference to the fifth aspect, in some possible embodiments, the receiver may be further configured to receive a charging condition sent by the terminal for the terminal user. The charging condition is sent by the terminal when the usage of the data service by the terminal user reaches a fixed threshold each time. Then, the processor may be specifically configured to check the ticket of the basic mobile operator according to the charging condition reported by the terminal, so as to avoid paying an unnecessary service cost due to an incorrect ticket generated by the basic mobile operator, and improve accuracy of the mobile virtual operator in paying the communication service to the basic mobile operator.

In a sixth aspect, a server is provided, comprising: means for performing the method of the second aspect described above.

In a seventh aspect, a communication system is provided, including: a terminal and a server, wherein the terminal may be the terminal described in the third aspect, and the server may be the server described in the fifth aspect. The terminal may also be the terminal described in the fourth aspect, and the server may also be the server described in the sixth aspect. It should be noted that, in some embodiments, the terminal may be the terminal described in the above whole, and the server may be the server described in the above whole.

In an eighth aspect, there is provided a readable non-volatile storage medium storing computer instructions for implementing the method described in the first aspect above.

In a ninth aspect, there is provided a readable non-volatile storage medium storing computer instructions for implementing the method described in the second aspect above.

By implementing the method embodiment of the invention, the terminal user is charged in the TEE of the terminal according to the service information of the data service acquired from the mobile virtual operator and the service condition of the data service by the terminal user, thereby ensuring that the charging operation aiming at the terminal user can not be attacked by malicious software and the charging operation is credible. Therefore, the credible monitoring and control of the condition that the user uses the data service can be realized at the local part of the terminal, the frequent interaction between the terminal and the mobile virtual operator is avoided, and the load of a service platform of the mobile virtual operator is reduced.

Drawings

In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings used in the description of the embodiments will be briefly introduced below.

FIG. 1 is a schematic flow control diagram of a conventional infrastructure mobile operator;

FIG. 2 is a schematic diagram of an application scenario to which embodiments of the present invention relate;

FIG. 3 is a block diagram of a trusted execution environment according to an embodiment of the present invention;

fig. 4 is a flowchart illustrating a data service control method according to an embodiment of the present invention;

fig. 5 is a flowchart illustrating another data service control method according to an embodiment of the present invention;

fig. 6 is a flowchart illustrating a further data service control method according to an embodiment of the present invention;

fig. 7 is a schematic diagram of a hardware architecture of a terminal according to an embodiment of the present invention;

fig. 8 is a schematic structural diagram of a terminal according to an embodiment of the present invention;

FIG. 9 is a diagram illustrating a hardware architecture of a server according to an embodiment of the present invention;

fig. 10 is a schematic structural diagram of a server according to an embodiment of the present invention.

Detailed Description

The terminology used in the description of the embodiments of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention.

To facilitate understanding of the embodiments of the present invention, an application scenario related to the embodiments of the present invention is first introduced: mobile virtual operator (MVNO). The mobile virtual operator is equivalent to a distributor of a basic mobile operator, and after communication services are purchased in batches from the basic mobile operator, data business services with own characteristics are formulated and provided for consumers. The biggest difference between the mobile virtual operator and the basic mobile operator is that the mobile virtual operator does not own network resources such as an access network and a core network, and needs to establish data services such as virtual network operation information, entertainment, mobile payment and information by leasing communication network facilities of the basic mobile operator and deploying necessary charging and customer service systems.

Fig. 2 shows an architectural diagram of a mobile virtual operator. As shown in fig. 2, in this architecture, MNO200 and MVNO300 share a Radio Access Network (RAN) and a part of core Network devices: VMSC (Visited Mobile-service Switching Center, Chinese), SGSN, etc. MVNO300 only has partially independent core network devices: GMSC (Gateway Mobile Switching Center, Chinese), GGSN, and independent service platform, charging system, etc.

In particular implementations, a user of terminal 100 may obtain, e.g., purchase, data traffic services, e.g., traffic packets, from MVNO300 and then access the internet through the RAN access network of MNO200 and through the network of MNO 200.

In order to be able to access the network of MNO200, terminal 100 needs to have a hard SIM (Subscriber Identity Module) card provided by MVNO300 built in for accessing MNO 200. In one possible scenario, terminal 100 may not have a built-in hard SIM card. For this possible scenario, MVNO300 may issue a soft SIM to terminal 100 for accessing MNO 200. In some possible embodiments, the MVNO300 may issue a soft SIM card suitable for the geographical location to the terminal 100 according to the geographical location of the terminal 100. The soft SIM card applicable to the geographic position refers to: a SIM card for accessing an MNO network at the geographic location that has a cooperative relationship with the MVNO 300. For example, mobile operator telecom luck (pccw) is a partner operator of MVNO300 in hong kong. When the MVNO300 finds that the user of the terminal 100 is in hong kong, the MVNO300 issues a soft SIM card for accessing the PCCW to the terminal 100. The user of the terminal 100 can access the PCCW network through the soft SIM card and surf the internet through the PCCW network.

Here, the SIM card is a communication module provided by a mobile communication operator (MNO or MVNO) to a user according to a request of the user, so that the user can use data and a communication circuit on the SIM card to implement network communication with an operator network, thereby implementing a network communication service application of the terminal. The types of SIM cards provided by different mobile communication carriers and the data and protocols within the SIM cards are different.

The current SIM card is mainly a hard SIM card, which is a smart card composed of hardware circuits. The soft SIM Card is a virtualized SIM Card that implements the communication function of the hard SIM Card through computer software, and may also be referred to as a Virtual SIM Card (Virtual SIM Card). In a specific implementation, the soft SIM card is implemented by an operator storing all information originally set on the hard SIM card in one soft SIM card data packet. When sending a card to the user terminal 100, the operator only needs to provide the soft SIM card data packet to the user, and the user can implement the function of the hard SIM card by opening and operating the soft SIM card data packet through the preset soft SIM card application in the terminal, thereby implementing the communication between the terminal and the network.

In the embodiment of the present invention, the terminal 100 in fig. 2 may be a mobile communication device, such as a mobile phone, a vehicle-mounted device, a wearable device, an M2M (Machine to Machine, chinese: Machine to Machine) device, and a terminal device in a future 5G network.

It should be noted that, not limited to fig. 2, the MVNO300 may cooperate with a plurality of basic mobile operators to provide a customer with a composite service based on the plurality of basic mobile operators. For example, the monthly flow package that the MVNO300 sells to the consumer only limits the total amount of flow and does not limit which underlying mobile carrier network the consumer uses. The consumer can use the network of China mobile to surf the internet and also can use the network of China telecom to surf the internet. The examples are intended to illustrate embodiments of the invention and should not be construed as limiting.

Note that MNO200 may cooperate with a plurality of mobile virtual carriers to provide services such as network access to customers of the plurality of mobile virtual carriers, not limited to the example shown in fig. 2.

It should be noted that the data service provided by the mobile virtual operator may include: a flow package, a duration package, or a service package based on usage times. In practical applications, the data service may also be a combined service in the foregoing forms, and the embodiment of the present invention is not limited.

It should be noted that, in some possible scenarios, the base mobile operator may also take the role of the mobile virtual operator, such as issuing a soft SIM card to the user, providing data service sold by the mobile virtual operator to the user, and so on. That is, the base mobile operator and the mobile virtual operator may be the same mobile communication operator.

Based on the application scenario shown in fig. 2, embodiments of the present invention provide a terminal, a data service control method and a data service control system, where a terminal user is charged according to a user's internet access situation in a trusted execution environment of the terminal. The scheme can realize the credible monitoring and control of the condition that the user uses the data service at the terminal side, avoid the frequent interaction between the terminal and the service platform of the mobile virtual operator and reduce the load of the service platform of the mobile virtual operator.

FIG. 3 is an architecture diagram of a trusted execution environment provided by an embodiment of the present invention. As shown in fig. 3, two execution environments coexist in the terminal 100: a Trusted Execution Environment (TEE) and a universal Execution Environment (REE). Here, the REE refers to an execution environment capable of providing rich functions, such as ANDROID, IOS, WINDOWS, LINUX, or the like. The TEE is an independent execution environment running in parallel with the REE, and provides security services for the REE. The hardware and software resources that the TEE can access are separate from the REE. The TEE provides a more secure execution space than the REE, and can withstand software attacks that applications or services are vulnerable to in the REE, such as tampering, malicious interception, obtaining root user rights of an operating system, and the like. To ensure security, when the terminal 100 is powered on or restarted, the TEE is started first, and then the REE is started.

As shown in fig. 3, the architecture of the REE broadly includes: a Client Application (Client Application) and a REE operating system (REE OS). Wherein: the client application can be an E-Mail, calendar, phonebook, etc. rich application. In the embodiment of the invention, the client application can also communicate with the trusted application of the TEE end by calling the trusted client API provided by the TEE.

As shown in fig. 3, the architecture of the TEE can be roughly divided into two major parts: the first part is a trusted Client api (TEE Client api) provided to the REE, mainly for the Client application (Client APP) running in the REE to access the TEE. The second part is Trusted Application (TA), Trusted operating system (TEE OS) and Trusted hardware resources (including Trusted memory space) at the TEE end.

In the embodiment of the present invention, as shown in fig. 3, the client application running on the REE OS may include: a service module 101. The traffic module 101 may be used to obtain data traffic services from a mobile virtual operator. The service module 101 may also call a trusted client API provided by the TEE, such as send (info), where "info" represents service information, such as a quota, of the data service acquired by the user. And the Send (info) is an API provided by the TEE end and used for sending the service information of the data service to the TEE. In a specific implementation, after obtaining the service information, the TEE may be configured to store the service information in a specified TEE memory or a specified trusted storage, so as to ensure that the service information is not maliciously tampered with.

In the embodiment of the present invention, as shown in fig. 3, the client application running on the TEE OS may include: a control module 102. The control module 102 may be configured to perform charging according to the service information of the data service and the usage of the data service by the end user. In a specific implementation, the control module 102 running in the TEE may obtain service information of the data service, such as a charging policy, from the specified TEE memory or a specified trusted storage, and then charge the service condition of the end user according to the charging policy.

In this embodiment of the present invention, the wireless Modem (Modem)104 is configured to count usage of the data service by the user, such as traffic consumption, duration of internet access, and the like. As shown in fig. 3, a Secure pipe (Secure Tunnel)103 is established between the wireless modem 104 and the TEE OS for enabling Secure data transfer between the TEE OS and the wireless modem 104. After receiving the usage of the data traffic service by the user transmitted by the wireless modem 104, the TEE OS may cache the usage in a trusted store, so that the control module 102 may obtain the user's online status from the trusted store. That is, the control module 102 in the TEE may trigger the TEE OS to obtain the usage of the data traffic service by the user counted by the wireless modem 104 from the wireless modem 104 through the secure pipe 103.

In some embodiments, the service information may also include an amount of the data traffic service. Specifically, the control module 102 may be further configured to deduct the quota according to the internet access condition of the terminal user, and determine whether the quota is used up. And triggering to stop providing the data service for the user once the quota is used. Specifically, when the quota is used up, the control module 102 may trigger the TEE OS to issue an instruction to stop providing the data service to the user to the wireless modem 104 through the secure pipe 103.

The secure pipe 103 according to the embodiment of the present invention refers to a mechanism for securely exchanging data created between the wireless modem 104 and the REE OS, and may be embodied in the form of encrypted PDN connection, bearer, IP tunnel, or the like, or may be a private hardware Bus (Bus), which is not limited herein. Here, the wireless modem 104 is specifically a wireless modem for data services, such as a GPRS modem in 3G communications.

It is understood that by the control module 102 running in the TEE, billing for the data traffic service by the end user can be ensured that the billing operation for the data traffic service is not attacked by malware, and the billing operation performed by the control module 102 is secure and trusted. In this way, the secure and trusted charging of the user's behavior using the data service can be implemented locally at the terminal 100, avoiding frequent interaction between the terminal 100 and the service platform of the mobile virtual operator, and reducing the load on the service platform of the mobile virtual operator.

In addition, as shown in fig. 3, the common hardware resources of the terminal 100 may further include: SIM card 105 provided by MVNO. The SIM card 105 may be a hard SIM card, such as an Embedded SIM (eSIM) card, or a soft SIM card. The SIM card 105 provides SIM card data for accessing an underlying mobile operator (MNO) network. The SIM card data may include: international Mobile Subscriber identity Number, IMSI for short, authentication Key (KI), authentication and encryption algorithm, etc. For hard SIM cards, the SIM card data is written to the SIM card before the SIM card is sold. For the soft SIM card, the SIM card data itself represents the soft SIM card, and the soft SIM card issued by the MVNO to the terminal is the SIM card data.

Fig. 4 is a flowchart illustrating a data service control method according to an embodiment of the present invention. Wherein, there is a cooperative relationship between the basic mobile operator and the mobile virtual operator in fig. 4. The terminal is internally provided with a SIM card (hard SIM card or soft SIM card) provided by the mobile virtual operator for accessing the basic mobile operator, where the hard SIM card (hereinafter referred to as MVNO SIM card) provided by the mobile virtual operator may be an eSIM card or a hard SIM card similar to a common SIM card. As shown in fig. 4, the method includes:

s101, the terminal with the built-in MVNO SIM card is registered in the network of the basic mobile operator through the data on the SIM card. In a specific implementation, the registration may be triggered by powering on or restarting the terminal, or may be triggered by opening a "data link" by a user, and in an actual application, the registration may also be triggered by other manners, which is not limited in the embodiment of the present invention.

S102, the terminal sends a request for obtaining data service to the mobile virtual operator server. Specifically, the request may include identification information of the end user, which is used to indicate a mobile user applying for the data service.

Specifically, the identification information of the end user may include: the IMSI stored on the SIM card, or the account number registered by the end user in the service platform of the mobile virtual operator. It should be noted that the identification information of the end user may also be other information capable of uniquely identifying the user in the service platform of the mobile virtual operator, which is not limited herein.

In practical application, the terminal user may apply for data service from the mobile virtual operator in the following manner: first, the end user logs in the Service website of the mobile virtual operator through a data Service connection provided by Wi-Fi or a basic mobile operator, such as GPRS (General Packet Radio Service, chinese: General Packet Radio Service), and then selects a data Service to be acquired on the Service website, for example, clicking a "buy" button to apply for acquiring a selected package from the Service system of the mobile virtual operator. Secondly, the terminal user accesses the service system of the mobile virtual operator by dialing a telephone and then applies for acquiring the selected data service. In practical applications, the end user may also apply for the data service in other manners, which is not limited herein.

That is, the terminal may transmit the request for acquiring the data service to the mobile virtual operator server through Wi-Fi (Wireless Fidelity, chinese: infinitum Fidelity), or may transmit the request for acquiring the data service to the mobile virtual operator server through a phone communication link. In some possible embodiments, if the terminal is built-in with a SIM card provided by a basic mobile operator, for example a 2G SIM card for china mobile, the terminal may send the request to the mobile virtual operator server over a data service connection provided by the basic mobile operator, for example a GPRS data link. The communication mode for sending the request is not limited in the embodiment of the present invention.

S103, the mobile virtual operator server receives the request sent by the terminal, responds to the request and distributes data service for the terminal user. In a specific implementation, the mobile virtual operator may record, in a service platform, a data service allocated to the end user and identification information, such as an IMSI, of the end user included in the request, in a corresponding manner.

S104, after distributing the data service, the mobile virtual operator server returns the service information of the data service distributed to the terminal user to the terminal according to the identification information of the terminal user contained in the request. And the terminal receives the service information returned by the mobile virtual operator.

As can be seen from the embodiment of fig. 3, the terminal may receive the service information returned by the mobile virtual operator through the service module 101 running in the REE. The traffic module 101 may then call a trusted client API provided by the TEE to send the service information to the TEE. The trusted client application programming interface may be as send (info) in the embodiment of fig. 3, where "info" represents service information of the data service acquired by the user. In a specific implementation, after the TEE acquires the service information, the service information may be stored in a specified TEE memory or a specified trusted storage, so as to ensure that the service information is not maliciously tampered.

And S105, the terminal user accesses the internet through the basic mobile operator network. In a specific implementation, the terminal may communicate with the basic mobile operator network by using data on the SIM card, including IMSI, KI, authentication and encryption algorithm, etc., so as to access the internet through the basic mobile operator network.

S106, the terminal charges the terminal user according to the service information of the data service and the service condition of the terminal user to the data service in a Trusted Execution Environment (TEE). Specifically, the service information may include: and (4) charging policy. The terminal may specifically charge the terminal user in the TEE according to the charging policy and the usage.

It should be understood that the charging policy issued by the mobile virtual operator to the terminal is established by the basic mobile operator used by the terminal. For example, if the terminal user uses the network of "china mobile" to surf the internet, the charging policy issued by the mobile virtual operator to the terminal is formulated based on the "china mobile" of the mobile operator. If the terminal user uses the network of China telecom to surf the internet, the charging strategy issued by the mobile virtual operator to the terminal is formulated by the basic mobile operator China telecom. The examples are intended to illustrate embodiments of the invention and should not be construed as limiting.

In a specific implementation, when the terminal user accesses the internet, the terminal may count the usage of the data service by the terminal user through a wireless modem, for example, the traffic consumed by the terminal user, the internet access duration, and the like. The wireless modem may send the usage obtained by statistics to the TEE through a secure pipe, and please refer to relevant contents in the embodiment of fig. 3 for the definition of the secure pipe and the implementation of the secure pipe in the terminal, which is not described herein.

In some embodiments, the service information of the data traffic service may further include an amount of the data traffic service. The terminal can also deduct the quota of the data service according to the use condition of the data service by the user in a Trusted Execution Environment (TEE), judge whether the quota is used completely, and trigger to stop providing the data service for the terminal user if the quota is used completely.

In the embodiment of the present invention, the terminal may trigger to stop providing the data service to the terminal user by:

in a first implementation, the terminal triggers a modem to close a data service connection between the terminal and the base mobile operator, which may enable stopping the provision of the data service to the terminal user. Specifically, referring to the embodiment shown in fig. 3, the control module 102 running in the TEE may issue an instruction to close the data service connection to the modem through the secure pipe, and trigger the modem to close the data service connection.

In a second implementation manner, the terminal reports a result of the data service completion to the mobile virtual operator server, and triggers the mobile virtual operator to notify the basic mobile operator to stop providing the data service to the terminal user.

Optionally, as shown in S107 and S108, for the terminal user to surf the internet, the mobile virtual operator server may receive the ticket fed back by the basic mobile operator, and may also receive the charging condition reported by the terminal for the terminal user. The mobile virtual operator may verify the ticket of the basic mobile operator by using the charging condition reported by the terminal, as shown in S109. Therefore, unnecessary service cost due to wrong telephone bills generated by the basic mobile operator can be avoided, and the accuracy of the mobile virtual operator for paying communication service to the basic mobile operator is improved.

The reporting strategy adopted in S107 is different from real-time reporting, and does not need to frequently interact with the service platform of the mobile virtual operator. For example, when the consumption of the terminal user for the data service reaches a fixed threshold, for example, when the traffic consumption reaches 10M or the duration of the internet access lasts 2 hours, the terminal reports the charging condition for the terminal user to the mobile virtual operator. For another example, when the terminal user starts or finishes surfing the internet each time, the terminal reports a charging condition for the terminal user to the mobile virtual operator. It should be noted that the example is only used to explain the embodiment of the present invention, and the specific implementation of the reporting policy is not limited to the example.

By implementing the embodiment shown in fig. 4, the terminal user is billed in the TEE of the terminal according to the service information of the data service acquired from the mobile virtual operator and the usage of the data service by the terminal user, so that the billing operation for the terminal user is ensured not to be attacked by malicious software, and the billing operation is reliable. Therefore, the credible monitoring and control of the condition that the user uses the data service can be realized at the local part of the terminal, the frequent interaction between the terminal and the mobile virtual operator is avoided, and the load of a service platform of the mobile virtual operator is reduced.

Fig. 5 is a flowchart illustrating another data service control method according to an embodiment of the present invention. In the embodiment of fig. 5, the SIM card (hard SIM card or soft SIM card) provided by the mobile virtual operator for accessing the base mobile operator is not present in the terminal. As shown in fig. 5, unlike the embodiment of fig. 4, the embodiment of fig. 5 further includes:

s20i, the terminal may register in the service platform of the mobile virtual operator through the account and the password, and provide a basis for identity authentication and authentication when subsequently requesting to issue a soft SIM card to the service platform.

S202, the terminal sends a request for obtaining the soft SIM card to the mobile virtual operator server. And the mobile virtual operator server receives the request, responds to the request and issues a soft SIM card for accessing the basic mobile operator to the terminal. Specifically, the request for acquiring the soft SIM card may include an account and a password registered in the service platform by the terminal user, and is used to indicate the user requesting to acquire the soft SIM card.

The mobile virtual operator server may issue a soft SIM card to the terminal in the following manner.

In a first implementation, the mobile virtual operator server may issue a soft SIM card to the terminal according to the selection of the terminal user. The end user's selection may be embodied in the request for obtaining a soft SIM card, which may carry identification information of the target base mobile operator selected by the end user. That is, the mobile virtual operator server may issue, to the terminal, a soft SIM card for accessing the target basic mobile operator according to the identification information of the target basic mobile operator carried in the request.

For example, the service platform of the mobile virtual operator provides three soft SIM cards for accessing the networks of the three operators, i.e., "china mobile", "china unicom" and "china telecom", respectively. The terminal user logs in the service platform through the account obtained by the registration of S20i, and then selects to purchase a soft SIM card for accessing the network of 'China Mobile'. Correspondingly, the service platform issues a soft SIM card for accessing China Mobile to the terminal. For the definition of the soft SIM card and how to use the soft SIM card in the terminal, reference is made to the content of the aforementioned fig. 2, which is not described herein again.

In a second implementation manner, the mobile virtual operator server may issue a soft SIM card suitable for the geographic location to the terminal according to the geographic location of the terminal user. The soft SIM card applicable to the geographic position refers to: a soft SIM card for accessing an underlying mobile operator network at the geographic location in a partnership with the mobile virtual operator.

For example, the base mobile operator PCCW is a partner operator of the mobile virtual operator in hong kong. When the mobile virtual operator finds that the terminal user is in hong Kong, the mobile virtual operator may issue a soft SIM card for accessing PCCW to the terminal. The examples are intended to illustrate embodiments of the invention and should not be construed as limiting.

In the second implementation manner, the geographic location of the end user may be actively reported to the service platform when the end user registers in the service platform. The geographical location of the terminal user may also be analyzed by the mobile virtual operator according to information of an Access Point (AP) to which the terminal is connected. The embodiment of the present invention is not limited to how the mobile virtual operator knows the geographic location of the terminal user.

Regarding S203-S211, please refer to the embodiment of fig. 4, and for brevity of the description, the details are not repeated herein.

It should be noted that, in some embodiments, the request for acquiring the soft SIM card sent by the terminal in S202 and the request for acquiring the data service sent by the terminal in S204 may be embodied in the same user application process, where the application process may be used to request the mobile virtual operator to issue the soft SIM card, and may also be used to request the mobile virtual operator to allocate the data service to the terminal user. That is, the request for acquiring the soft SIM card and the request for acquiring the data service may be represented by the same request.

For example, the end user logs in a service website of a mobile virtual operator, then inputs the geographical location of the end user on the service website, and selects a data service desired to be purchased, and finally, the end user clicks a "purchase" button to apply for obtaining the data service from the mobile virtual operator. In response to the application of the terminal user, the mobile virtual operator may issue a soft SIM card applicable to the geographic location to the terminal, and allocate a data service to the terminal user. In an example, the user does not need to explicitly apply for the soft SIM card from the mobile virtual operator, and the user only needs to select the data traffic service that the user wants to purchase. The example is only one implementation manner of the embodiment of the present invention, and may also be different in practical applications, and should not be construed as a limitation.

Fig. 6 is a flowchart illustrating a further data service control method according to an embodiment of the present invention. In the embodiment of fig. 6, the data service provided by the mobile virtual operator does not limit the basic mobile operator network used by the end user, and the mobile virtual operator can adaptively adjust the basic mobile operator network used by the end user according to the geographical location of the end user. Therefore, the user in the dynamic moving process can be monitored and controlled reliably on the terminal side according to the condition that the user uses the data service, and the method is more flexible. As shown in fig. 6, the method includes:

s301, the terminal can be registered in the service platform of the mobile virtual operator through an account number and a password, and provides basis for identity authentication and authentication for subsequently requesting to acquire data service from the service platform.

S302, the terminal obtains data service from the mobile virtual operator. Reference may be made to S102-S104 in the embodiment of fig. 4, which is not described herein again.

S303-S304, the mobile virtual operator detecting the geographical location of the end user. Here, the geographical location where the end user is located may be an initial geographical location. And the mobile virtual operator issues the soft SIM card 1 suitable for the initial geographic position to the terminal. Correspondingly, the terminal receives the soft SIM card 1. The soft SIM card 1 is used for the access to the network of the china mobile as an example. China mobile is a partner operator of the mobile virtual operator at the initial geographical location.

Specifically, how the mobile virtual operator knows the geographic location of the end user may refer to relevant contents in the embodiment of fig. 5, which is not described herein again.

S305, after receiving the soft SIM card 1, the terminal may register in the network of the china mobile through the data on the soft SIM card 1.

S306, the terminal user accesses the internet through the network of the China Mobile.

S307, when the terminal user accesses the Internet through the China Mobile network, the terminal charges the terminal user in a Trusted Execution Environment (TEE) according to the service information of the data service and the service condition of the terminal user to the data service.

In some embodiments, the service information of the data traffic service may include an amount of the data traffic service. The terminal can also deduct the quota of the data service according to the use condition of the data service by the user in a Trusted Execution Environment (TEE), judge whether the quota is used completely, and trigger to stop providing the data service for the terminal user if the quota is used completely.

S308-S310, aiming at the terminal user to surf the internet, the mobile virtual operator can receive the bill fed back by the China Mobile and also can receive the charging condition aiming at the terminal user reported by the terminal. Then, the mobile virtual operator can check the ticket of the Chinese mobile by using the charging condition reported by the terminal. Therefore, unnecessary service cost due to wrong call bills generated by China Mobile can be avoided, and the accuracy of the mobile virtual operator for paying communication service to China Mobile is improved.

In a specific implementation, when the terminal reports the usage of the data service to the Mobile virtual operator, it needs to carry identification information of a Public Land Mobile Network (PLMN) currently used by the terminal, that is, a PLMN ID of the china Mobile, so as to inform that the usage in the Mobile virtual operator S308 is generated by the terminal user using a Network of the china Mobile.

S311-S312, the mobile virtual operator detects the geographic position of the terminal user. At this point, the end user has moved to a new geographic location, such as hong kong, as compared to the initial geographic location previously described. And the mobile virtual operator issues the soft SIM card 2 suitable for the new geographic position to the terminal. Correspondingly, the terminal receives the soft SIM card 2. For example, as shown in fig. 6, a network of PCCWs that the soft SIM card 2 can use for access is taken as an example. PCCW is a partner operator of the mobile virtual operator at the new geographic location.

S313, after receiving the soft SIM card 2, the terminal may register in the PCCW network through the data on the soft SIM card 2.

And S314, the terminal user accesses the internet through the PCCW network.

S315, when the terminal user accesses the internet through the PCCW network, the terminal charges the terminal user in a Trusted Execution Environment (TEE) according to the service information of the data service and the use condition of the terminal user to the data service.

In some embodiments, the terminal may further deduct a quota of the data service according to a usage of the data service by the user in a Trusted Execution Environment (TEE), determine whether the quota is used up, and trigger to stop providing the data service to the terminal user if the quota is used up.

And S316-S318, aiming at the terminal user to surf the internet, the mobile virtual operator can receive the bill fed back by the PCCW and also can receive the charging condition aiming at the terminal user reported by the terminal. Then, the mobile virtual operator can check the PCCW bill by using the charging condition reported by the terminal. Therefore, unnecessary service cost due to wrong call bills generated by the PCCW can be avoided, and the accuracy of the mobile virtual operator for paying the communication service to the PCCW is improved.

In a specific implementation, when the terminal reports the usage of the data service to the mobile virtual operator, the PLMN ID of the PCCW needs to be carried to inform that the usage in the mobile virtual operator S316 is generated by the network that uses the PCCW by the terminal user.

It should be noted that the basic mobile operators with which the mobile virtual operators cooperate are not limited to the china mobile and the PCCW shown in the embodiment of fig. 6. The number of base mobile operators with which the mobile virtual operators cooperate is not limited to the 2 shown in the embodiment of fig. 6.

Based on the same inventive concept, an embodiment of the present invention further provides a terminal, configured to execute the data service control method described in the foregoing embodiments of fig. 4 to 6.

Fig. 7 is a hardware architecture diagram of a terminal provided by an embodiment of the present invention. As shown in fig. 7, the terminal 100 may include: processor 110, REE memory 108 (one or more computer-readable storage media), Radio Frequency (RF) module 107, trusted memory 113, peripheral system 115. These components may communicate over one or more communication buses 114. Wherein:

two execution environments run in the processor 110: a general execution environment (REE)111 and a Trusted Execution Environment (TEE) 112. The system architecture for REE and TEE can refer to relevant contents in the embodiment of fig. 3. Not limited to that shown in FIG. 4, the general execution environment 111 and the trusted execution environment 112 may also run on two separate processors.

The Radio Frequency (RF) module 107 is used for receiving and transmitting RF signals, and communicates with other communication devices through RF signals, a communication network. In particular implementations, the Radio Frequency (RF) module 107 may include, but is not limited to: the SIM card 104, the Wi-Fi module 106, and the wireless modem 105 may further include: an antenna system, an RF transceiver, one or more amplifiers, a tuner, one or more oscillators, a storage medium, and the like.

In a specific implementation, the SIM card 104 is an MVNO SIM card provided by a mobile virtual operator. The SIM card 104 may be in the form of a soft SIM card or a hard SIM card.

In a specific implementation, the wireless modem 105 may be configured to count the internet access conditions of the user of the terminal 100, such as traffic consumption, internet access duration, and the like, when the user accesses the internet through the SIM card 104. The wireless modem 105 may communicate with the trusted execution environment 112 through the secure conduit 103. Reference is made to the embodiment of fig. 3 for the secure conduit 103.

The peripheral system 115 is mainly used to implement an interactive function between the terminal 100 and a user/external environment, and mainly includes input and output devices of the terminal 100. In particular implementations, the peripheral system 115 may include: a touch screen controller 116, a camera controller 117, an audio controller 118, and a sensor management module 119. Wherein each controller may be coupled to its respective peripheral device, such as touch screen 120, camera 121, audio circuitry 122, and sensor 123.

REE memory 108 is coupled to processor 110 for storing various software programs and/or sets of instructions running in general purpose execution environment 111, such as the client application in FIG. 3: a service module 101.

The trusted memory 113 the processor 110 is coupled to store various software programs and/or sets of instructions running in the trusted execution environment 112, such as the trusted application of FIG. 3: a control module 102.

The hardware and software resources accessible by the trusted execution environment 112 are separate from the general purpose execution environment 111. The trusted execution environment 112 provides a more secure execution space than the general-purpose execution environment 111, and can withstand software attacks such as tampering, malicious interception, obtaining root user privileges of an operating system, and the like, to which applications or services are vulnerable in the general-purpose execution environment 111. To ensure security, when the terminal 100 is powered on or restarted, the trusted execution environment 112 is started, and then the generic execution environment 111 is started. Wherein:

the general execution environment 111 is configured to send a request for acquiring a data service to a server through the radio frequency module 107, and receive service information of an allocated data service returned by the server through the radio frequency module 107;

the trusted execution environment 112 is configured to charge the terminal 100 according to the service information of the data service and the usage of the data service by the terminal when the user accesses the internet through the network of the basic mobile operator associated with the SIM card 104.

In the embodiment of the present invention, the request for acquiring the data service may include identification information of the terminal user. Specifically, the identification information of the end user may include: the IMSI stored on the SIM card, or the account number registered by the end user in the server. It should be noted that the identification information of the end user may also be other information capable of uniquely identifying the user in the server, which is not limited herein.

In this embodiment of the present invention, the service information may include: and (4) charging policy. The trusted execution environment 112 may be specifically configured to bill the end user according to the billing policy and the usage.

In some embodiments, the service information may also include an amount of the data traffic service. The trusted execution environment 112 may be further configured to deduct a quota of the data service according to the usage of the data service by the user, determine whether the quota is used up, and trigger to stop providing the data service to the end user if the quota is used up.

In a specific implementation, after the general execution environment 111 receives the service information of the distributed data service through the radio frequency module 107, the general execution environment 111 may be configured to invoke a trusted client application programming interface provided by the trusted execution environment 112 to send the service information to the trusted execution environment 112. The trusted client application programming interface may be as send (info) in the embodiment of fig. 3, where "info" represents service information of the data service acquired by the user. In a specific implementation, after obtaining the service information, the trusted execution environment 112 may store the service information in a memory of the specified trusted execution environment 112 or in a specified trusted storage, so as to ensure that the service information is not tampered with maliciously.

In a specific implementation, when the user of the terminal 100 accesses the internet, the general execution environment 111 may be configured to count, through the wireless modem 105, usage of the data service by the user of the terminal 100, such as consumed traffic, internet access duration, and the like. The modem 105 may be configured to send the usage obtained by statistics to the trusted execution environment 112 through a secure pipe, and please refer to the relevant contents in the embodiment of fig. 3 for the definition of the secure pipe and the implementation of the secure pipe in the terminal, which is not described herein.

In the embodiment of the present invention, the trusted execution environment 112 may trigger to stop providing the internet access service to the user of the terminal 100 by:

in a first implementation, the trusted execution environment 112 may be configured to issue a close command to the modem 105 via the secure pipe to trigger the modem 105 to close the data traffic connection between the terminal 100 and the base mobile operator, so that the provision of the internet service to the user of the terminal 100 may be stopped.

In a second implementation manner, the trusted execution environment 112 may report the result of the data service completion to the mobile virtual operator through the radio frequency module 107, and trigger the server to notify the basic mobile operator to stop providing the internet service to the user of the terminal 100.

In some embodiments, the SIM card 104 may be a soft SIM card issued by the server. The server may issue the soft SIM card to the terminal 100 in the following manner.

In a first implementation, the generic execution environment 111 may send a request for acquiring the soft SIM card to the server through the radio frequency module 107. The server issues a soft SIM card to the terminal 100 in response to the request. Specifically, for the specific implementation of the general execution environment 111 requesting to issue the SIM card, reference may be made to relevant contents in the embodiment in fig. 4, which is not described herein again.

In a second implementation manner, the server may issue the soft SIM card suitable for the geographical location to the terminal 100 according to the geographical location of the user of the terminal 100. The soft SIM card applicable to the geographic position refers to: a soft SIM card for accessing an underlying mobile operator network at the geographic location that has a partnership with a mobile virtual operator to which the server belongs. For how the server knows the geographical location of the end user, reference may be made to the relevant contents in the embodiment of fig. 4, which is not described herein again.

In some embodiments, the data service distributed by the server to the user of the terminal 100 may not limit the basic mobile operator network used by the user, and the server may adaptively adjust the basic mobile operator network used by the user of the terminal 100 according to the geographic location of the user of the terminal 100, which may specifically refer to the embodiment in fig. 6 and is not described herein again. Therefore, the user in the dynamic moving process can be monitored and controlled reliably on the terminal side according to the condition that the user uses the data service, and the method is more flexible.

It should be noted that, for specific implementation of the trusted execution environment 112 and the general execution environment 111 running in the processor 110, reference may be made to the contents of the embodiments in fig. 3 to 6, and details are not described here.

Fig. 8 is a schematic structural diagram of a terminal according to an embodiment of the present invention. As shown in fig. 8, there may be two operating environments in the terminal 40: the REE401 and the TEE402, the terminal 40 may include: a service module 4011 running in the REE401 and a control module 4021 running in the TEE 402. Wherein:

the business module 4011 is configured to send a request for obtaining a data business service to a server, and receive service information of the distributed data business service returned by the server through the communication module 403;

the control module 4021 is configured to charge the terminal user according to the service information of the data service and the usage of the data service by the terminal user.

In this embodiment of the present invention, the service information may include: and (4) charging policy. The control module 4021 may be specifically configured to charge the end user according to the charging policy and the usage.

In some embodiments, the service information may also include an amount of the data traffic service. The control module 4021 may also be configured to deduct an amount of the data service according to the usage of the data service by the user, determine whether the amount is used up, and trigger to stop providing the data service to the terminal user if the amount is used up.

In a specific implementation, after receiving the allocated quota of the data service, the service module 4011 may be configured to call a trusted client application programming interface provided by the TEE402 to send service information of the data service to the control module 4021 running in the TEE 402. The trusted client application programming interface may be as send (info) in the embodiment of fig. 3, where "info" represents service information of the data service acquired by the user. In a specific implementation, after acquiring the service information, the control module 4021 may store the service information in a memory of a specified TEE402 or in a specified trusted storage, so as to ensure that the service information is not tampered with maliciously.

Further, the terminal 40 may further include: the communication module 403 is configured to, when the user of the terminal 40 surfs the internet, count the usage of the allocated data service by the user of the terminal 40, such as consumed traffic, duration of surfing the internet, and the like. The communication module 403 may specifically be the wireless modem 105 in the embodiment of fig. 7.

In a specific implementation, a secure pipe is established between the communication module 403 and the TEE 402. The communication module 403 may specifically be configured to send the usage obtained by statistics to the control module 4021 running in the TEE402 through a secure pipe. For the definition of the secure pipe and its implementation in the terminal, please refer to the related contents in the embodiment of fig. 3, which is not described herein again.

In this embodiment of the present invention, the control module 4021 may trigger to stop providing the internet access service to the user of the terminal 40 by:

in a first implementation manner, the control module 4021 may be configured to issue a close instruction to the communication module 403 through a secure pipeline to trigger the communication module 403 to close a data service connection between the terminal 40 and the basic mobile operator, so that the provision of the internet access service to the user of the terminal 40 may be stopped.

In a second implementation manner, the control module 4021 may be configured to report a result of the data service completion to the mobile virtual operator server, and trigger the server to notify the basic mobile operator to stop providing the internet service to the user of the terminal 40.

In some embodiments, the SIM card in the terminal 40 may be a soft SIM card issued by the server. The server may issue the soft SIM card to the terminal 40 in the following manner.

In a first implementation manner, the service module 4011 may further be configured to send a request for obtaining the soft SIM card to the server. The server responds to the request by issuing a soft SIM card to the terminal 40. Specifically, the specific implementation of requesting to issue the SIM card may refer to the relevant contents in the embodiment in fig. 4, and details are not repeated here.

In a second implementation manner, the server may issue the soft SIM card suitable for the geographical location to the terminal 40 according to the geographical location where the user of the terminal 40 is located. The soft SIM card applicable to the geographic position refers to: a soft SIM card for accessing an underlying mobile operator network at the geographic location that has a partnership with a mobile virtual operator to which the server belongs. For how the server knows the geographical location of the end user, reference may be made to the relevant contents in the embodiment of fig. 4, which is not described herein again.

It can be understood that, for specific implementation of each module included in the terminal 40, reference may be made to the functions of the terminal in the embodiments of fig. 3 to 7, which are not described herein again.

Based on the same inventive concept, embodiments of the present invention further provide a server, configured to execute a data service control method described in the foregoing embodiments of fig. 4 to 6. The server is equivalent to the service platform of the mobile virtual carrier mentioned in the foregoing embodiments of fig. 4 to 6, and is configured to perform the functions of the mobile virtual carrier.

Fig. 9 is a hardware architecture diagram of a server provided by an embodiment of the present invention. As shown in fig. 9, the server 50 may include: a transmitter 503, a receiver 504, a memory 502 and a processor 501 (the number of the processors 501 may be one or more, and one processor is taken as an example in fig. 9). The transmitter 503, the receiver 504, the memory 502, and the processor 501 may be connected by a bus or other means (the connection by the bus is exemplified in fig. 9). Wherein:

the receiver 504 may be configured to receive a request for acquiring a data service sent by a terminal, where the request for acquiring the data service includes identification information of a terminal user;

processor 501 is configured to respond to the request for obtaining data service, and allocate data service to the end user;

the transmitter 503 may be configured to send service information of the allocated data service to the terminal according to the identification information;

the terminal is used for charging the terminal user according to the service information of the distributed data service and the use condition of the terminal user on the distributed data service in a trusted execution environment when the terminal user accesses the internet through a network of a basic mobile operator associated with an SIM card.

Specifically, the service information may include: and (4) charging policy. The terminal may specifically charge the terminal user in the trusted execution environment according to the charging policy and the usage.

In some embodiments, the service information of the data traffic service may include an amount of the data traffic service. The terminal can also be used for deducting the quota of the data service according to the using condition of the user on the data service, judging whether the quota is used up, and triggering to stop providing the data service for the terminal user if the quota is used up. For the specific implementation of the terminal, please refer to the embodiments of fig. 4 to 6, which are not described herein.

In some embodiments, the SIM card in the terminal may be a soft SIM card issued by the transmitter 503. Specifically, the mode of the processor 501 issuing the soft SIM card through the transmitter 503 may be as follows:

in a first implementation, the receiver 504 may be configured to receive a request sent by the terminal to acquire a soft SIM card. The transmitter 503 may then be configured to send the soft SIM card to the terminal in response to the request. Specifically, the specific implementation of requesting to issue the SIM card may refer to the relevant contents in the embodiment in fig. 4, and details are not repeated here.

In a second implementation manner, the transmitter 503 may be specifically configured to issue a soft SIM card suitable for the geographical location to the terminal according to the geographical location of the terminal user. The soft SIM card applicable to the geographic position refers to: a soft SIM card for accessing an underlying mobile operator network at the geographic location in a partnership with the mobile virtual operator. For how the mobile virtual operator knows the geographic location of the end user, reference may be made to relevant contents in the embodiment of fig. 4, which is not described herein again.

In some embodiments, the receiver 504 may be configured to receive the ticket fed back by the basic mobile operator, and may also be configured to receive a charging condition reported by the terminal and addressed to the terminal user. Then, the processor 501 may be specifically configured to check the ticket of the basic mobile operator according to the charging condition reported by the terminal, so as to avoid paying an unnecessary service cost due to an incorrect ticket generated by the basic mobile operator, and improve the accuracy of the mobile virtual operator in paying the communication service to the basic mobile operator.

For specific implementation of the terminal reporting the service condition of the data service, reference may be made to the embodiment in fig. 4, which is not described herein again.

It is understood that specific steps performed by the processor 501 may refer to functions related to the mobile virtual operator in the embodiments of fig. 4 to 6, and are not described herein again.

Fig. 10 is a schematic structural diagram of a server according to an embodiment of the present invention. As shown in fig. 10, the server 60 may include: an assignment module 601 and a communication module 605. Wherein:

the communication module 605 is configured to receive a request for acquiring a data service sent by a terminal, where the request for acquiring the data service includes identification information of a terminal user;

the allocation module 601 is configured to respond to the request for acquiring the data service, and allocate the data service to the terminal user;

the communication module 605 is configured to send service information of the allocated data service to the terminal according to the identification information;

Further, as shown in fig. 10, the server 60 may further include: a check module 603. Wherein: the communication module 605 may also be configured to: the bill fed back by the basic mobile operator can be received, and the charging condition aiming at the terminal user reported by the terminal can also be received. Then, the checking module 603 may check the ticket of the basic mobile operator by using the charging condition reported by the terminal, which may avoid paying unnecessary service cost due to a wrong ticket generated by the basic mobile operator, and improve the accuracy of the mobile virtual operator paying communication service to the basic mobile operator.

For specific implementation of reporting the charging condition by the terminal, reference may be made to the embodiment in fig. 4, which is not described herein again.

It is understood that the specific implementation of each module included in the processor 60 can refer to the functions of the mobile virtual operator in the embodiments of fig. 4 to 6, and will not be described herein again.

In addition, an embodiment of the present invention further provides a communication system, including: terminal equipment and server. Wherein the terminal device may be the terminal 100 shown in fig. 7, and the server may be the server 50 shown in fig. 9. The terminal device may also be the terminal 40 shown in fig. 8, and the server may be the server 60 shown in fig. 10.

It should be noted that the terminal device may also be a terminal in the embodiments corresponding to fig. 2 to 10, and the server may also be a service platform of a mobile virtual operator in the embodiments corresponding to fig. 2 to 10, which is not described herein again.

By implementing the embodiment of the invention, the terminal user is charged in the TEE of the terminal according to the service information of the data service acquired from the mobile virtual operator and the service condition of the data service by the terminal user, so that the charging operation aiming at the terminal user can be ensured not to be attacked by malicious software, and the charging operation is credible. Therefore, the credible monitoring and control of the condition that the user uses the data service can be realized at the local part of the terminal, the frequent interaction between the terminal and the mobile virtual operator is avoided, and the load of a service platform of the mobile virtual operator is reduced.

As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, optical storage, and the like) having computer-usable program code embodied therein.

The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.

Claims

1. A method for controlling data traffic, comprising:

the terminal sends a request for acquiring data service to a server of a mobile virtual operator, wherein the request comprises identification information of the terminal user; the terminal is internally provided with an SIM card which is provided by the mobile virtual operator and used for accessing a basic mobile operator; the terminal is registered in the network of the basic mobile operator through the data on the SIM card;

the terminal receives the data service distributed to the terminal user and sent by the server; the service information comprises a charging strategy formulated by the basic mobile operator;

the terminal receives the service information of the data service distributed to the terminal user returned by the server; the service information comprises a charging strategy formulated by the basic mobile operator;

the terminal carries out charging in a trusted execution environment according to the service information of the data service and the service condition of the terminal user to the data service;

the terminal also sends the charging condition aiming at the terminal user to the server of the mobile virtual operator, and the charging condition aiming at the terminal user is used for the server of the mobile virtual operator to check the bill fed back by the basic mobile operator.

2. The method of claim 1, further comprising: the terminal counts the service condition of the terminal user to the data service through a wireless modem; sending the service condition obtained by statistics to the trusted execution environment through a secure pipeline; wherein the secure pipe is to enable secure data transfer between the trusted execution environment and the wireless modem.

3. The method of claim 2, wherein the service information comprises a charging policy; the charging of the terminal in the trusted execution environment according to the service information of the data service and the service condition of the terminal user to the data service comprises the following steps: and the terminal carries out charging in the trusted execution environment according to the charging strategy and the service condition.

4. The method of claim 3, wherein the service information further includes a quota of the data traffic service; the method further comprises the following steps: and the terminal judges whether the quota is used completely or not according to the use condition in a trusted execution environment, and if the quota is used completely, the terminal is triggered to stop providing the data service for the terminal user.

5. The method of claim 4, wherein said triggering cessation of provision of said data traffic service to said end user comprises: and the terminal triggers the wireless modem to close the data service connection between the terminal and the server so as to stop providing the data service for the terminal user.

6. The method of claim 4, wherein said triggering cessation of provision of said data traffic service to said end user comprises: and the terminal reports the result of the data service use completion to the server, and triggers the server to inform a basic mobile operator associated with an SIM card of the terminal user to stop providing the data service for the terminal user.

7. The method of any of claims 1-6, wherein the end user's SIM card is a soft SIM card issued by the server.

8. The method of claim 7, further comprising: and the terminal sends a request for acquiring the soft SIM card to the server and receives the soft SIM card sent by the server in response to the request for acquiring the soft SIM card.

9. The method of claim 7, wherein the soft SIM card is a soft SIM card applicable to the geographical location sent by the server to the terminal according to the geographical location of the terminal user; the soft SIM card applicable to the geographic position refers to: a soft SIM card for accessing an underlying mobile operator network at the geographic location that has a partnership with a mobile virtual operator to which the server belongs.

10. The method of any of claims 1-6, wherein the request for obtaining data traffic services comprises identification information of the end user, wherein the identification information of the end user comprises: an international mobile subscriber identity stored on the terminal user's SIM card, or an account number registered by the terminal user in the server.

11. The method of claim 7, wherein the request for obtaining data traffic services includes identification information of the end user, wherein the identification information of the end user comprises: an international mobile subscriber identity stored on the terminal user's SIM card, or an account number registered by the terminal user in the server.

12. The method of claim 8, wherein the request for obtaining data traffic services comprises identification information of the end user, wherein the identification information of the end user comprises: an international mobile subscriber identity stored on the terminal user's SIM card, or an account number registered by the terminal user in the server.

13. The method of claim 9, wherein the request for obtaining data traffic services includes identification information of the end user, wherein the identification information of the end user includes: an international mobile subscriber identity stored on the terminal user's SIM card, or an account number registered by the terminal user in the server.

14. The method of any of claims 1-6, wherein the data traffic services assigned to the end user support the end user to surf the internet through 2 or more than 2 base mobile operators' networks.

15. The method of claim 7, wherein the data traffic services assigned to the end user support the end user to surf the internet through 2 or more than 2 underlying mobile operators' networks.

16. The method of claim 8, wherein the data traffic services assigned to the end user support the end user to surf the internet through 2 or more than 2 base mobile operators' networks.

17. The method of claim 9, wherein the data traffic services assigned to the end user support the end user to surf the internet through 2 or more than 2 base mobile operators' networks.

18. The method of claim 10, wherein the data traffic services assigned to the end user support the end user to surf the internet through 2 or more than 2 base mobile operators' networks.

19. The method of claim 11, wherein the data traffic services assigned to the end user support the end user to surf the internet through 2 or more than 2 base mobile operators' networks.

20. The method of claim 12, wherein the data traffic services assigned to the end user support the end user to surf the internet through 2 or more than 2 base mobile operators' networks.

21. The method of claim 13, wherein the data traffic services assigned to the end user support the end user to surf the internet through 2 or more than 2 base mobile operators' networks.

22. A method for controlling data traffic, comprising:

a server of a mobile virtual operator receives a request for acquiring data service sent by a terminal, wherein the request comprises identification information of a terminal user; the terminal is internally provided with an SIM card which is provided by the mobile virtual operator and used for accessing a basic mobile operator; the terminal is registered in the network of the basic mobile operator through the data on the SIM card;

responding to the request for acquiring the data service, the server distributes the data service to the terminal user and sends the service information of the distributed data service to the terminal according to the identification information; the service information comprises a charging strategy formulated by the basic mobile operator; the data service is customized by a mobile virtual operator according to communication service provided by a basic mobile operator; the terminal is used for charging the terminal user according to the service information of the distributed data service and the use condition of the terminal user to the distributed data service in a trusted execution environment;

the mobile virtual operator server receives the bill fed back by the basic mobile operator and also receives the charging condition aiming at the terminal user reported by the terminal;

and the mobile virtual operator server checks the ticket of the basic mobile operator by using the charging condition reported by the terminal.

23. The method of claim 22, wherein the server receiving a request for obtaining a data traffic service sent by a terminal comprises:

the server receives the request for acquiring the data service sent by the terminal through Wi-Fi; alternatively, the first and second electrodes may be,

the server receives the request for acquiring the data service sent by the terminal through a data service connection provided by a basic mobile operator; alternatively, the first and second electrodes may be,

and the server receives the request for acquiring the data service sent by the terminal through a telephone communication link.

24. The method of claim 22 or 23, wherein the data traffic service assigned to the end user supports the end user to surf the internet through 2 or more than 2 basic mobile operators' networks.

25. A terminal, comprising: the system comprises a processor, a radio frequency module and a SIM card, wherein two execution environments run in the processor: a general purpose execution environment and a trusted execution environment, wherein:

the universal execution environment is used for sending a request for acquiring data service to a server of a mobile virtual operator through the radio frequency module, receiving the data service distributed to the terminal user and sent by the server through the radio frequency module, and receiving service information of the distributed data service returned by the server; the request contains identification information of the end user; the terminal is internally provided with an SIM card which is provided by the mobile virtual operator and used for accessing a basic mobile operator; the terminal is registered in the network of the basic mobile operator through the data on the SIM card; the service information comprises a charging strategy formulated by the basic mobile operator; the data service is customized by a mobile virtual operator according to communication service provided by a basic mobile operator; the trusted execution environment is used for charging according to the service information of the data service and the service condition of the terminal user to the data service;

the radio frequency module is used for sending a charging condition aiming at the terminal user to a server of the mobile virtual operator, and the charging condition aiming at the terminal user is used for verifying a ticket fed back by the server of the mobile virtual operator to the basic mobile operator.

26. The terminal of claim 25, wherein the terminal further comprises: the wireless modem is used for counting the service condition of the terminal user to the data service and sending the counted service condition to the trusted execution environment through a secure pipeline; the secure pipe is established between the wireless modem and the trusted execution environment for enabling secure data transfer between the trusted execution environment and the wireless modem.

27. The terminal of claim 26, wherein the service information includes a charging policy; the trusted execution environment is specifically configured to: and charging according to the charging strategy and the service condition.

28. The terminal of claim 27, wherein the service information further includes a quota of the data traffic service; the trusted execution environment is further to: and judging whether the quota is used up according to the use condition, and if the quota is used up, triggering to stop providing the data service for the terminal user.

29. The terminal of claim 28, wherein the trusted execution environment is further configured to issue a close command to the wireless modem via the secure conduit, triggering the wireless modem to close the data traffic connection between the terminal and the base mobile operator to stop providing the data traffic service to the end user.

30. The terminal of claim 28, wherein the trusted execution environment is specifically configured to report a result of completion of use of the data service to the server via the radio frequency module, and to trigger the server to notify the base mobile operator to stop providing the data service to the terminal user.

31. The terminal of any one of claims 25-30, wherein the general execution environment is to invoke a trusted client application programming interface provided by the trusted execution environment to send service information for the data traffic service to the trusted execution environment.

32. A server, the server being a server of a mobile virtual operator, comprising: a receiver, a transmitter, and a processor, wherein:

the receiver is used for receiving a request for acquiring a data service sent by a terminal, wherein the request comprises identification information of a terminal user; the terminal is internally provided with an SIM card which is provided by the mobile virtual operator and used for accessing a basic mobile operator; the terminal is registered in the network of the basic mobile operator through the data on the SIM card;

the transmitter is used for sending the service information of the distributed data service to the terminal according to the identification information; the service information comprises a charging strategy formulated by the basic mobile operator; the data service is customized by a mobile virtual operator according to communication service provided by a basic mobile operator;

the terminal is used for charging the terminal user according to the service information of the distributed data service and the use condition of the terminal user to the distributed data service in a trusted execution environment;

the receiver is used for receiving the bill fed back by the basic mobile operator and also receiving the charging condition aiming at the terminal user reported by the terminal;

the processor is used for checking the ticket of the basic mobile operator by using the charging condition reported by the terminal.

33. The server according to claim 32, wherein the receiver is further configured to receive a charging condition sent by the terminal for the terminal user; the charging condition is sent by the terminal when the usage of the data service by the terminal user reaches a fixed threshold each time.

34. A communication system, comprising: a terminal and a server of a mobile virtual operator, wherein:

the terminal is used for sending a request for acquiring data service to the server, wherein the request comprises the identification information of the terminal user; the terminal is internally provided with an SIM card which is provided by the mobile virtual operator and used for accessing a basic mobile operator; the terminal is registered in the network of the basic mobile operator through the data on the SIM card;

the server is used for receiving the request for acquiring the data service sent by the terminal, distributing the data service of the basic mobile operator for the terminal user and sending the service information of the distributed data service to the terminal; the service information comprises a charging strategy formulated by the basic mobile operator;

the terminal is used for receiving the service information of the data service returned by the server and charging the service information of the data service according to the service information of the data service and the service condition of the terminal user to the data service in a trusted execution environment;

the terminal also sends the charging condition aiming at the terminal user to a server of the mobile virtual operator;

the mobile virtual operator server receives the charging condition aiming at the terminal user reported by the terminal and also receives a ticket fed back by the basic mobile operator;

35. The communication system of claim 34, wherein the terminal is configured to send a request for obtaining data traffic services to the server, comprising:

the terminal is specifically configured to send the request for acquiring the data service to the server through Wi-Fi; alternatively, the first and second electrodes may be,

the terminal is specifically configured to send the request for acquiring the data service to the server through a data service connection provided by a basic mobile operator; alternatively, the first and second electrodes may be,

the terminal is specifically configured to send the request for obtaining the data service to the server through a telephone communication link.

36. A communication system according to claim 34 or 35, wherein the allocated data traffic services support the end user to surf the internet via 2 or more than 2 base mobile operators' networks.