CN109963275B - Sending method and receiving method of subscription data and processing system of subscription data - Google Patents
Sending method and receiving method of subscription data and processing system of subscription data Download PDFInfo
- Publication number
- CN109963275B CN109963275B CN201711408249.6A CN201711408249A CN109963275B CN 109963275 B CN109963275 B CN 109963275B CN 201711408249 A CN201711408249 A CN 201711408249A CN 109963275 B CN109963275 B CN 109963275B
- Authority
- CN
- China
- Prior art keywords
- subscription data
- euicc
- subscription
- management platform
- cloud server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/18—Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
- H04W8/183—Processing at user equipment or user record carrier
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/18—Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
- H04W8/20—Transfer of user or subscriber data
- H04W8/205—Transfer to or from user equipment or user record carrier
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Databases & Information Systems (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Telephonic Communication Services (AREA)
- Storage Device Security (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention provides a subscription data sending method, a subscription data receiving method, a remote subscription management platform, a cloud server, an eUICC, a subscription data processing system, a storage medium and an electronic device, wherein the subscription data sending method comprises the following steps: receiving a subscription data request from an operator; acquiring first subscription data from a cloud server according to the subscription data request; and sending the first subscription data to an embedded universal integrated circuit card (eUICC) to indicate the eUICC to configure the first subscription data in the eUICC. The invention solves the problem of low efficiency of data configuration downloading and replacement in the eUICC in the related technology.
Description
Technical Field
The invention relates to the field of communication, in particular to a subscription data sending method, a subscription data receiving method, a remote subscription management platform, a cloud server, an eUICC, a subscription data processing system, a storage medium and an electronic device.
Background
Along with popularization of the internet of things technology, more and more terminals become internet of things terminals, that is, more and more Circuit boards of the terminals or direct packages such as communication modules are directly welded with smart Card chips, for example, an embedded smart Card (eUICC) embedded in an automobile, a smart meter and monitoring equipment can become the internet of things terminal. The eUICC can be an authentication tool for accessing to an operator network and a secure carrier for carrying various Applications (APP) and data as a terminal of the internet of things.
In the application scenario of the internet of things, since the smart card usually exists in the terminal of the internet of things or is welded in the terminal, the issuing place and the using place of the smart card are difficult to determine when the terminal of the internet of things is produced. On the other hand, the eUICC applied to the services of the internet of things has not only a new UICC card form or a form of user terminal equipment, but also includes an overall system established for supporting such a new form of equipment, wherein activation, deactivation management, user relationship management, remote management, service management and security management of the eUICC may all be indispensable functions in the system. In this application scenario, a service of replacing an operation configuration document after activation and activation of an internet of things smart card during use needs to be considered, where the operation configuration document is a set of files and data related to a certain mobile operator in the eUICC, generally, in an internet of things environment, one eUICC card may store configuration documents of multiple operators, and each operator configuration document corresponds to a unique user identification number. In the prior art, dynamic management of configuration files, such as downloading, deleting, and replacing, may be implemented by Over-the-Air (OTA for short).
However, since the eUICC card has limited space and a locally stored configuration file, when an operator downloads or replaces the eUICC card, the configuration file needs to be downloaded again, so that after a user deletes data of an operator on the eUICC card, when the user wants to use the data of the operator again, all related data need to be redistributed according to the newly used user, thereby causing the efficiency of configuration downloading and replacement of the embedded smart card to be low.
Aiming at the problems of low data configuration downloading and replacing efficiency in the eUICC in the related technology, no effective solution is provided at present.
Disclosure of Invention
The embodiment of the invention provides a subscription data sending method, a subscription data receiving method, a remote subscription management platform, a cloud server, an eUICC, a subscription data processing system, a storage medium and an electronic device, and at least solves the problems of low data configuration downloading and replacement efficiency in the eUICC in the related technology.
According to an embodiment of the present invention, a method for transmitting subscription data is provided, including: receiving a subscription data request from an operator; acquiring first subscription data from a cloud server according to the subscription data request; and sending the first subscription data to an embedded universal integrated circuit card (eUICC) to indicate the eUICC to configure the first subscription data in the eUICC.
Optionally, sending the first subscription data to the embedded smart card eUICC includes: receiving a download request from the operator; identifying the identification ID number of the eUICC carried in the downloading request; and when the first subscription data is determined to be matched with the eUICC according to the ID number of the eUICC, sending the first subscription data to the eUICC.
Optionally, the download request further carries a pre-registered ic card identification code ICCID.
Optionally, determining that the first subscription data matches the eUICC according to the ID number of the eUICC by: sending the ID number of the eUICC to the cloud server; receiving UICC card preset information corresponding to the ID number of the eUICC returned by the cloud server; decrypting the first subscription data by using an information decoder, and generating subscription data matched with the configuration of the operator according to a preset coding format; and under the condition that the matched subscription data is determined to be valid according to UICC card preset information corresponding to the ID number of the eUICC, sending the matched subscription data to the eUICC.
Optionally, sending the matched subscription data to the eUICC includes: sending a request for installing a new issuer security information domain ISD-P to the eUICC; after confirming that the eUICC finishes installing the new ISD-P, negotiating with the new ISD-P to generate a key; and encrypting the personal subscription data in the matched subscription data by using the secret key, and sending the encrypted personal subscription data and other data in the matched subscription data to the ISD-P.
Optionally, sending the encrypted personal subscription data to the ISD-P includes: and sending the encrypted personal subscription data to the ISD-P through a Web Service Web Service security or a security transmission channel established by a security socket layer SSL.
Optionally, after sending the first subscription data to an embedded universal integrated circuit card eUICC, the method further includes: after receiving the installation result and the state of the first subscription data sent by the eUICC, reporting the installation result and the state to the cloud server to instruct the cloud server to update the UICC card preset information corresponding to the ID number of the eUICC by using the installation result and the state.
Optionally, after sending the first subscription data to an embedded universal integrated circuit card eUICC, the method further includes: receiving an activation request from the operator requesting activation of the first subscription data in the eUICC; after determining that the first subscription data in the eUICC is allowed to be activated, sending an activation indication to the eUICC to indicate the eUICC to activate the first subscription data.
Optionally, the method further comprises: receiving a deletion request from the operator for requesting deletion of the predetermined subscription data stored in the eUICC; and sending a deletion instruction to the eUICC to instruct the eUICC to delete the predetermined subscription data under the condition that the predetermined subscription data is determined to be allowed to be deleted.
Optionally, before receiving the subscription data request from the operator, the method further comprises: receiving a registration request from a manufacturer of the eUICC, wherein the registration request carries subscription data prestored in the eUICC; encoding the pre-stored subscription data according to a preset encoding format by using a configuration information encoder; and sending the encoded pre-stored subscription data to the cloud server.
Optionally, the pre-stored subscription data at least includes the following information: the subscription data category, the application identification, the integrated circuit card identification code ICCID, the mobile subscriber number MSISDN, the subscription data state, the memory to be allocated and the management strategy.
Optionally, the preset encoding format includes one of: ASN.1, Unicode, UTF-8.
Optionally, sending the encoded pre-stored subscription data to the cloud server includes: sending a storage request for requesting to store the encoded pre-stored subscription data to the cloud server; receiving a verification request sent by the cloud server according to the storage request; and carrying out verification confirmation with the cloud server according to the verification request, and sending the encoded pre-stored subscription data to the cloud server after verification is successful.
Optionally, the method comprises at least one of: receiving a subscription data request from an operator includes: performing bidirectional authentication with the operator, and receiving the subscription data request from the operator under the condition that the authentication is passed; acquiring first subscription data from a cloud server according to the subscription data request comprises the following steps: performing bidirectional authentication with the cloud server, and acquiring the first subscription data from the cloud server according to the subscription data request under the condition that the authentication is passed; sending the first subscription data to an embedded universal integrated circuit card (eUICC) comprises: and performing bidirectional authentication with the eUICC, and sending the first subscription data to the eUICC when the authentication is passed.
Optionally, sending the first subscription data to an embedded universal integrated circuit card eUICC includes: and sending the first subscription data to the eUICC according to a first preset sequence by using a preset first counter.
Optionally, after sending the first subscription data to an embedded universal integrated circuit card eUICC, the method further includes: after determining that the eUICC fails to install the first subscription data, indicating the eUICC to rollback subscription data installation configuration to installation of subscription data which is installed before and stored in the eUICC.
According to another embodiment of the present invention, there is also provided a method for sending subscription data, including: the cloud server receives an acquisition request from a remote contract signing management platform; and the cloud server sends first subscription data to the remote subscription management platform according to the acquisition request so as to instruct the remote subscription management platform to send the first subscription data to an embedded universal integrated circuit card eUICC.
Optionally, after the cloud server sends the first subscription data to the remote subscription management platform according to the acquisition request, the method further includes: the cloud server receives an identification ID number of the eUICC from the remote subscription management platform; the cloud server determines UICC card preset information corresponding to the ID number of the eUICC; and the cloud server sends the UICC card preset information to the remote subscription management platform.
Optionally, after the cloud server sends the UICC card preset information to the remote subscription management platform, the method further includes: the cloud server receives an installation result and a state from the remote subscription management platform, wherein the installation result and the state are the installation result and the state of the eUICC on the first subscription data; and the cloud server updates UICC card preset information corresponding to the ID number of the eUICC according to the installation result and the state.
Optionally, before the cloud server receives an acquisition request from a remote subscription management platform, the method further includes: the cloud server receives the pre-stored signed data after encoding from the remote signed-up management platform, wherein the pre-stored signed data is the signed-up data which is sent to the remote signed-up management platform by the manufacturer of the eUICC and is pre-stored in the eUICC.
Optionally, the pre-stored subscription data at least includes the following information: the subscription data category, the application identification, the integrated circuit card identification code ICCID, the mobile subscriber number MSISDN, the subscription data state, the memory to be allocated and the management strategy.
Optionally, the receiving, by the cloud server, the encoded pre-stored subscription data from the remote subscription management platform includes: the cloud server receives a storage request from the remote subscription management platform, wherein the storage request is used for requesting to store the encoded pre-stored subscription data; the cloud server sends a verification request to the remote signing management platform according to the storage request; the cloud server receives verification information sent by the remote signing management platform according to the verification request; and the cloud server receives the coded pre-stored subscription data from the remote subscription management platform under the condition that the verification information passes verification.
Optionally, the receiving, by the cloud server, an acquisition request from a remote subscription management platform includes: the cloud server and the remote signing management platform perform bidirectional authentication; and the cloud server receives the acquisition request from the remote signing management platform under the condition that the bidirectional authentication is passed.
Optionally, the sending, by the cloud server, the first subscription data to the remote subscription management platform according to the acquisition request includes: and the cloud server sends the first subscription data to the remote subscription management platform according to a second preset sequence by using a preset second counter.
According to another embodiment of the present invention, there is also provided a method for receiving subscription data, including: receiving first subscription data from a remote subscription management platform, wherein the first subscription data is acquired by the remote subscription management platform from a cloud server.
Optionally, the receiving the first subscription data from the remote subscription management platform includes: receiving an installation request from the remote subscription management platform; installing a new issuer security information domain ISD-P according to the installation request; after the installation is finished, the new ISD-P is used for negotiating with the remote signing management platform to generate a key; and receiving the personal subscription data encrypted by the key and other data in the matched subscription data from the remote subscription management platform by using the new ISD-P, wherein the matched subscription data is the subscription data matched with the configuration of an operator and generated by the remote subscription management platform according to a preset coding format, and the first subscription data is decrypted by using an information decoder.
Optionally, the receiving, by the new ISD-P, the personal subscription data encrypted by the key in the matched subscription data sent by the remote subscription management platform includes: and receiving the encrypted personal subscription data through the new ISD-P through Web Service Web Service security or through a secure transmission channel established by a secure socket layer SSL.
Optionally, after receiving the first subscription data from the remote subscription management platform, the method further includes: and installing the first subscription data, and sending an installation result and a state to the remote subscription management platform.
Optionally, after the installation of the first subscription data is completed, the method further includes: receiving an activation indication from the remote subscription management platform; and activating the installed first subscription data according to the activation indication.
Optionally, after installing the first subscription data, the method further includes: receiving a rollback instruction of the remote subscription management platform after the first subscription data is failed to be installed; and returning the installation configuration of the subscription data to the installation of the subscription data which is installed before and is still stored according to the return indication.
Optionally, the method further comprises: receiving a deletion instruction from the remote subscription management platform; and deleting the stored preset subscription data according to the deletion instruction.
Optionally, the receiving the first subscription data from the remote subscription management platform includes: performing bidirectional authentication with the remote signing management platform; and receiving the first subscription data from the remote subscription management platform under the condition that the bidirectional authentication is passed.
Optionally, after receiving the first subscription data from the remote subscription management platform, the method further includes: and storing the individual subscription information in the first subscription data in a preset independent storage space.
According to another embodiment of the present invention, there is also provided a remote subscription management platform, including: a first receiving module, configured to receive a subscription data request from an operator; the acquisition module is used for acquiring first subscription data from a cloud server according to the subscription data request; a first sending module, configured to send the first subscription data to an embedded universal integrated circuit card eUICC, so as to indicate the eUICC to configure the first subscription data in the eUICC.
Optionally, the first sending module comprises: a first receiving unit, configured to receive a download request from the operator; an identification unit, configured to identify an identification ID number of the eUICC carried in the download request; and the sending unit is used for sending the first subscription data to the eUICC when the first subscription data is determined to be matched with the eUICC according to the ID number of the eUICC.
According to another embodiment of the present invention, there is also provided a cloud server, including: the second receiving module is used for receiving an acquisition request from the remote signing management platform; and the second sending module is used for sending the first subscription data to the remote subscription management platform according to the acquisition request so as to instruct the remote subscription management platform to send the first subscription data to an embedded universal integrated circuit card (eUICC).
Optionally, the cloud server further includes: a third receiving module, configured to receive an identification ID number of the eUICC from the remote subscription management platform after sending the first subscription data to the remote subscription management platform according to the acquisition request; a determining module, configured to determine UICC card preset information corresponding to the ID number of the eUICC; and the third sending module is used for sending the UICC preset information to the remote subscription management platform.
According to another embodiment of the present invention, there is also provided an eUICC, including: the fourth receiving module is configured to receive first subscription data from a remote subscription management platform, where the first subscription data is obtained by the remote subscription management platform from a cloud server.
Optionally, the fourth receiving module includes: a second receiving unit, configured to receive an installation request from the remote subscription management platform; the installation unit is used for installing a new issuer security information domain ISD-P according to the installation request; the negotiation unit is used for negotiating with the remote signing management platform by using the new ISD-P to generate a key after the installation is finished; and a fourth receiving unit, configured to receive, by using the new ISD-P, the personal subscription data encrypted by using the key and other data in the matched subscription data, where the personal subscription data and other data in the matched subscription data are sent by the remote subscription management platform, and the matched subscription data is obtained by decrypting, by using an information decoder, the first subscription data by the remote subscription management platform, and generating subscription data matched with the configuration of the operator of the eUICC according to a preset encoding format.
According to another embodiment of the present invention, there is also provided a terminal including the eUICC of any one of the above.
According to another embodiment of the present invention, there is also provided a system for processing subscription data, including: the remote contract signing management platform comprises the remote contract signing management platform, the cloud server and the terminal.
According to another embodiment of the present invention, there is also provided a storage medium having a computer program stored therein, wherein the computer program is arranged to perform the steps of any of the above method embodiments when executed.
According to another embodiment of the present invention, there is also provided an electronic device, including a memory in which a computer program is stored and a processor configured to execute the computer program to perform the steps in any of the above method embodiments.
According to the invention, because the subscription data sent to the eUICC is acquired from the cloud server, the dynamic management of the subscription data is not required to be realized through OTA, even if a certain subscription data is deleted in the eUICC, the deleted subscription data is not required to be redistributed according to a newly used user, the configuration downloading and replacing efficiency in the eUICC is effectively improved, and the problems of low data configuration downloading and replacing efficiency in the eUICC in the related technology are solved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the invention without limiting the invention. In the drawings:
fig. 1 is a flowchart of a first method for transmitting subscription data according to an embodiment of the present invention;
fig. 2 is a flowchart of a second method for transmitting subscription data according to an embodiment of the present invention;
fig. 3 is a flowchart of a method for receiving subscription data according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of the internal structure of an eUICC according to an embodiment of the present invention;
FIG. 5 is a schematic diagram of an eUICC issuer security information domain structure, according to an embodiment of the present invention;
fig. 6 is a block diagram of a remote subscription management platform according to an embodiment of the present invention;
fig. 7 is a block diagram of a cloud server according to an embodiment of the present invention;
FIG. 8 is a block diagram of the structure of an eUICC according to an embodiment of the present invention;
fig. 9 is a schematic view of subscription data downloading and replacing processes according to an embodiment of the present invention.
Detailed Description
The invention will be described in detail hereinafter with reference to the accompanying drawings in conjunction with embodiments. It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order.
Currently, euiccs, for example, telecom smart cards in mobile networks, are issued using network management area (province, city) methods according to the issuing place, the using place and the card usage. However, in the application scenario of the internet of things, since the eUICC generally exists in the terminal of the internet of things or is welded in the terminal, the issuing place and the using place of the eUICC are difficult to determine when the terminal of the internet of things is produced. In the application scenario, services such as activation of the internet of things smart card during first use and replacement of operation configuration after activation need to be considered. Therefore, new requirements of the internet of things service on smart card management, particularly number allocation, activation, deactivation, configuration replacement management and the like of the smart card in the air are problems which must be solved firstly. The usage flow of the eUICC and the usage flow of the traditional UICC card are greatly changed. The conventional UICC card needs to go through the links of production, operator selection, customization, issuance, activation, use, termination, etc. before issuing. Under the condition of the eUICC, the UICC card only needs to be personalized based on the personalization before issuing, for example, writing the ID of the UICC card, writing the basic authentication and authorization parameters of the UICC card, writing the initial subscription data or the related parameters, and after issuing, the remote subscription management platform can regenerate the new subscription data and download the new subscription data to the eUICC according to the new registration description information provided by the operator, so as to realize the selective replacement of the operator. Therefore, the subscription data customization process is changed from the inside of the card merchant company to the manufacturing and installation through the air interface, and particularly, the generation and writing of data such as a personalized key and a certificate are highly concerned by operators, card merchants and users. Meanwhile, since the eUICC can switch the subscription data, it may be installed incorrectly or activate an incomplete subscription data during use, which results in unavailability.
With the popularization of cloud computing technology, more and more enterprises and platforms sign and move services to a cloud environment, and the deployment of the enterprise and platform services on the cloud is larger and more popular by utilizing the advantages of high issuing speed, low resource cost and the like of cloud environment resources. In view of this, in the embodiment of the present invention, in order to solve the above problems in the related art, a method for downloading and changing the configuration of the eUICC based on a cloud service is provided, which is convenient for an operator to download and manage the configuration, and meanwhile, the security of the system is also improved. The invention is illustrated below with reference to examples:
example one
In an embodiment of the present invention, a method for sending subscription data is provided, as shown in fig. 1, the method includes the following steps:
step S102, receiving a contract signing data request from an operator;
step S104, acquiring first subscription data from a cloud server according to the subscription data request;
step S106, sending the first subscription data to an embedded universal integrated circuit card eUICC to indicate the eUICC to configure the first subscription data in the eUICC.
The remote subscription management platform may perform the above operations. In this embodiment, the operator may send a subscription data request (for example, a subscription data pre-generation instruction) to the remote subscription management platform, and send a range of subscription data quantity, a subscription data request, and an available International Subscriber identity Number (IMSI) that need to be predetermined to the remote subscription management platform, where the remote subscription management platform generates personal information parts such as a key and a certificate in the subscription data according to the description information, requests the cloud server to acquire the subscription data, and stores the acquired data in the remote subscription management platform to prepare downloading.
In the above embodiment, because the subscription data sent to the eUICC is obtained from the cloud server, dynamic management of the subscription data does not need to be implemented through the OTA, and even after a certain subscription data is deleted in the eUICC, the deleted subscription data does not need to be redistributed according to a newly used user, so that efficiency of configuration downloading and replacement in the eUICC is effectively improved, and the problems of low efficiency of data configuration downloading and replacement in the eUICC in the related art are solved.
In an optional embodiment, the sending the first subscription data to the embedded smart card eUICC includes: receiving a download request from an operator; identifying the identification ID number of the eUICC carried in the downloading request; and when the first subscription data is determined to be matched with the eUICC according to the ID number of the eUICC, sending the first subscription data to the eUICC. Optionally, the download request may also carry a pre-registered Integrated Circuit Card Identification (ICCID). In this embodiment, the processing in the download request may carry an ID number of the eUICC, and may also carry an ICCID pre-registered by the eUICC. After the remote subscription management platform finishes the preparation of subscription data, the operator sends a download request to the remote subscription management platform, and the remote subscription management platform identifies the ID number (EID, eUICC ID) of the user equipment card in the request and the corresponding pre-registered ICCID (this embodiment corresponds to steps S901-906 in fig. 9, where fig. 9 is a schematic diagram of a subscription data download and replacement process according to an embodiment of the present invention, and the registration information in fig. 9 corresponds to subscription data in the embodiment of the present invention).
In an optional embodiment, determining that the first subscription data matches the eUICC according to the ID number of the eUICC includes: sending the ID number of the eUICC to a cloud server; receiving UICC card preset information corresponding to the ID number of the eUICC returned by the cloud server; decrypting the first subscription data by using an information decoder, and generating subscription data matched with the configuration of an operator according to a preset coding format; and under the condition that the matched subscription data is determined to be valid according to UICC card preset information corresponding to the ID number of the eUICC, sending the matched subscription data to the eUICC. In this embodiment, before sending Information to the cloud server, the remote subscription management platform may perform two-way authentication with the cloud server, after the authentication is passed, the cloud server extracts the UICC card default Information (EIS, eUICC Information Set, eUICC card Information Set (encrypted operator configuration with the default coding format) according to the ID number of the user equipment card (e.g., the ID number of the eUICC mentioned above) and sends it to the remote subscription management platform, which decrypts the operator configuration with a configuration Information decoder and generates an installable operator configuration according to the default coding format, and determines whether the configuration is valid, (in addition, the cloud server may also determine whether the configuration is in error, if the configuration is in error, notify the remote subscription management platform of the error and generate an error identifier, the remote subscription management platform then generates a registration Information download request identification to the operator, and sends an error flag). And if the signature is valid, sending the related subscription data to the eUICC (corresponding to S907-9 in FIG. 9). The specific sending flow is as follows:
optionally, sending the matched subscription data to the eUICC includes: sending a request for installing a new issuer security information domain ISD-P to the eUICC; after confirming that the eUICC finishes installing the new ISD-P, negotiating with the new ISD-P to generate a key; and encrypting the personal subscription data in the matched subscription data by using the key, and sending the encrypted personal subscription data and other data in the matched subscription data to the ISD-P. In this embodiment, after the remote subscription management platform sends a request for installing a new ISD-P to the eUICC, the remote subscription management platform and the ISD-R in the eUICC start an authentication procedure, if the authentication is passed, an empty ISD-P is established, and the eUICC returns confirmation information to the remote subscription management platform. The remote subscription management platform establishes a share with the newly established ISD-P through a key negotiation process to transmit a key, and selects one from the generated new subscription data to prepare for sending to the eUICC. And the remote signing management platform encrypts the personal signing data by using the key negotiated with the ISD-P and sends the encrypted personal signing data to the ISD-P. The ISD-P, upon receiving the data, decrypts and installs the data using the previous key and returns the installation result and status to the remote subscription management platform (corresponding to S910-S919 in fig. 9).
In an optional embodiment, sending the encrypted personal subscription data to the ISD-P includes: and sending the encrypted personal subscription data to the ISD-P through the Web Service Web Service security or a secure transmission channel established by a secure socket layer SSL. In this embodiment, before issuing the personal subscription data (including but not limited to the key and the certificate) in the subscription data to the eUICC, the remote subscription management platform needs to perform a key agreement procedure with the eUICC to determine an encryption key, then encrypt the personal subscription data, and then transmit the encrypted key personal information through a secure transmission channel established by Web Service security or SSL.
In an optional embodiment, after sending the first subscription data to the embedded eUICC, the method further includes: after receiving the installation result and the state of the first subscription data sent by the eUICC, reporting the installation result and the state to a cloud server to instruct the cloud server to update UICC card preset information corresponding to the ID number of the eUICC by using the installation result and the state. In this embodiment, after the remote subscription management platform sends the installation result and status of the ISD-P to the cloud server, the cloud server updates its database, stores the new subscription data in the eUICC subscription data set (EIS), and sets the new subscription data in an inactive state (corresponding to S920-S921 in fig. 9).
In an optional embodiment, after sending the first subscription data to the embedded eUICC, the method further includes: receiving an activation request from an operator for requesting activation of first subscription data in the eUICC; after determining that the first subscription data in the eUICC is allowed to be activated, sending an activation indication to the eUICC to indicate the eUICC to activate the first subscription data. In this embodiment, after receiving a request from a user to apply for provisioning of new subscription data (i.e., the first subscription data), an operator sends a new subscription data activation request to a remote subscription management platform, and the remote subscription management platform determines whether rule information in a new subscription data set allows switching; if yes, signing a registration activation request to an ISD-R of the eUICC, and continuously confirming the local execution rule by the eUICC; if conflict exists, the ISD-R stops the process and informs a remote signing management platform; and if no conflict exists, the ISD-R switches the subscription data and informs the switching result to the remote subscription management platform, and the remote subscription management platform informs the operator of the switching result. Then, the operator disables the original subscription data through the remote subscription management platform, and this process also needs to perform operations after the foregoing two confirmations of rule information (corresponding to S922-S924 in fig. 9).
In an optional embodiment, the method further includes: receiving a deletion request from the operator for requesting deletion of the predetermined subscription data stored in the eUICC; and sending a deletion instruction to the eUICC to instruct the eUICC to delete the predetermined subscription data under the condition that the predetermined subscription data is determined to be allowed to be deleted.
In an optional embodiment, before receiving the subscription data request from the operator, the method further includes: receiving a registration request from a manufacturer of the eUICC, wherein the registration request carries subscription data prestored in the eUICC; encoding pre-stored subscription data according to a preset encoding format by using a configuration information encoder; and sending the encoded pre-stored subscription data to a cloud server. That is to say, in this embodiment, after the eUICC is manufactured by the eUICC card manufacturer, the card manufacturer will first send the subscription data pre-stored in the eUICC card to the remote subscription management platform for registration.
In an optional embodiment, the pre-stored subscription data at least includes the following information: the subscription data category, the application identification, the integrated circuit card identification code ICCID, the mobile subscriber number MSISDN, the subscription data state, the memory to be allocated and the management strategy.
In an alternative embodiment, the preset encoding format includes one of the following: ASN.1, Unicode, UTF-8.
In an optional embodiment, sending the encoded pre-stored subscription data to the cloud server includes: sending a storage request for requesting to store the encoded pre-stored subscription data to the cloud server; receiving a verification request sent by the cloud server according to the storage request; and carrying out verification confirmation with the cloud server according to the verification request, and sending the encoded pre-stored subscription data to the cloud server after verification is successful.
It should be noted that, the communication among the operator, the remote subscription management platform, the cloud service, and the eUICC first performs bidirectional authentication of the identity, and then the communication can be performed after the identity is confirmed to be correct. In an alternative embodiment, the method comprises at least one of: receiving a subscription data request from an operator includes: performing bidirectional authentication with an operator, and receiving the subscription data request command from the operator under the condition that the authentication is passed; acquiring the first subscription data from the cloud server according to the subscription data request comprises: performing bidirectional authentication with a cloud server, and acquiring first subscription data from the cloud server according to a subscription data request under the condition that the authentication is passed; the sending the first subscription data to the embedded universal integrated circuit card eUICC comprises the following steps: and performing bidirectional authentication with the eUICC, and sending the first subscription data to the eUICC under the condition that the authentication is passed.
In an optional embodiment, sending the first subscription data to an embedded universal integrated circuit card eUICC includes: and sending the first subscription data to the eUICC according to a first preset sequence by using a preset first counter. In this embodiment, when the remote subscription management platform and the cloud server perform data transmission, counters are set inside the remote subscription management platform and the cloud server, the remote subscription management platform and the cloud server send instructions according to a certain sequence and do not allow the same messages to be repeatedly sent when sending the instructions, receiving ends such as the remote subscription management platform and the cloud server maintain their own counters, and the counters can participate in authentication calculation as parameters.
In an optional embodiment, after sending the first subscription data to the embedded eUICC, the method further includes: and after determining that the eUICC fails to install the first subscription data, indicating the eUICC to return the subscription data installation configuration to the installation of the subscription data which is installed before and stored in the eUICC. In this embodiment, before installation, the remote subscription management platform and the eUICC confirm whether installation can be performed for multiple times according to a certain rule, and if installation cannot be completed, the remote subscription management platform and the eUICC automatically rollback to initial subscription data, where the initial subscription data may be subscription data that has been installed before and is still stored in the eUICC.
As can be seen from the foregoing embodiments, the remote subscription management platform is mainly responsible for generating the subscription information available for downloading according to the needs of the operator and the certificate information provided by the certificate issuer, including personalized information (including but not limited to key information and authentication certificate) and non-personalized information; these data are then transmitted and installed on the embedded UICC card.
When the manufacturer of the eUICC makes a card, some initial subscription data needs to be preloaded into the eUICC card, which includes, but is not limited to, the following information: identity authentication certificate provided by the certificate issuer, IMSI provided by the operator, ICCID. After the eUICC card is manufactured, the manufacturer backs up the initial information to the cloud server, and in addition, the manufacturer provides a signing data generation tool for the remote signing management platform, so that the remote signing management platform can generate new signing data by itself.
Example two
In the embodiment of the present invention, a method for sending subscription data is further provided, as shown in fig. 2, including the following steps:
step S202, a cloud server receives an acquisition request from a remote contract-signing management platform;
step S204, the cloud server sends the first subscription data to the remote subscription management platform according to the acquisition request, so as to instruct the remote subscription management platform to send the first subscription data to the embedded universal integrated circuit card eUICC.
The steps in the above embodiments are performed by the cloud server. In the above embodiment, because the subscription data sent to the eUICC is obtained from the cloud server, dynamic management of the subscription data does not need to be implemented through the OTA, and even after a certain subscription data is deleted in the eUICC, the deleted subscription data does not need to be redistributed according to a newly used user, so that efficiency of configuration downloading and replacement in the eUICC is effectively improved, and the problems of low efficiency of data configuration downloading and replacement in the eUICC in the related art are solved.
In an optional embodiment, after the cloud server sends the first subscription data to the remote subscription management platform according to the acquisition request, the method further includes: the cloud server receives an identification ID number of the eUICC from a remote subscription management platform; the cloud server determines UICC card preset information corresponding to the ID number of the eUICC; and the cloud server sends the UICC card preset information to the remote subscription management platform.
In an optional embodiment, after the cloud server sends the UICC card preset information to the remote subscription management platform, the method further includes: the cloud server receives an installation result and a state from the remote subscription management platform, wherein the installation result and the state are the installation result and the state of the eUICC to the first subscription data; and the cloud server updates the UICC card preset information corresponding to the ID number of the eUICC according to the installation result and the state.
In an optional embodiment, before the cloud server receives the acquisition request from the remote subscription management platform, the method further includes: the cloud server receives the pre-stored subscription data after the code from the remote subscription management platform, wherein the pre-stored subscription data is the subscription data which is sent to the remote subscription management platform by the manufacturer of the eUICC and is pre-stored in the eUICC.
In an optional embodiment, the pre-stored subscription data at least includes the following information: the subscription data category, the application identification, the integrated circuit card identification code ICCID, the mobile subscriber number MSISDN, the subscription data state, the memory to be allocated and the management strategy.
In an optional embodiment, the receiving, by the cloud server, the encoded pre-stored subscription data from the remote subscription management platform includes: the cloud server receives a storage request from a remote contract signing management platform, wherein the storage request is used for requesting to store the encoded pre-stored contract signing data; the cloud server sends a verification request to the remote signing management platform according to the storage request; the cloud server receives verification information sent by the remote signing management platform according to the verification request; and the cloud server receives the coded and pre-stored subscription data from the remote subscription management platform under the condition that the verification information passes verification.
In an optional embodiment, the receiving, by the cloud server, the acquisition request from the remote subscription management platform includes: the cloud server performs bidirectional authentication with the remote signing management platform; the cloud server receives an acquisition request from a remote signing management platform under the condition that the bidirectional authentication is passed.
In an optional embodiment, the sending, by the cloud server, the first subscription data to the remote subscription management platform according to the acquisition request includes: and the cloud server sends the first subscription data to the remote subscription management platform according to a second preset sequence by using a preset second counter.
As can be seen from the foregoing embodiment, the cloud server is mainly configured to store the encrypted and encoded operator configuration data and establish a secure transmission channel with the remote subscription management platform after receiving a download instruction of the operator or the remote subscription management platform, so as to complete transmission of the operator configuration subscription data. Each embedded UICC card needs to be registered in one cloud service for the first time, but the registered cloud service can be switched later, so that related subscription data needs to be transmitted among different cloud services.
EXAMPLE III
In the embodiment of the present invention, a method for receiving subscription data is further provided, as shown in fig. 3, including the following steps:
step S302, receiving first subscription data from the remote subscription management platform, where the first subscription data is obtained by the remote subscription management platform from the cloud server.
Wherein, it may be eUICC to perform the above operations. In the above embodiment, because the subscription data sent to the eUICC is obtained from the cloud server, dynamic management of the subscription data does not need to be implemented through the OTA, and even after a certain subscription data is deleted in the eUICC, the deleted subscription data does not need to be redistributed according to a newly used user, so that efficiency of configuration downloading and replacement in the eUICC is effectively improved, and the problems of low efficiency of data configuration downloading and replacement in the eUICC in the related art are solved.
In an alternative embodiment, receiving the first subscription data from the remote subscription management platform comprises: receiving an installation request from a remote signing management platform; installing a new issuer security information domain ISD-P according to the installation request; after the installation is finished, the new ISD-P is used for negotiating with a remote signing management platform to generate a key; and receiving the personal subscription data encrypted by the key and other data in the matched subscription data from the remote subscription management platform by using a new ISD-P, wherein the matched subscription data is the subscription data matched with the configuration of the operator of the eUICC by the remote subscription management platform through decrypting the first subscription data by using an information decoder and generating the subscription data matched with the configuration of the operator of the eUICC according to a preset coding format.
In an optional embodiment, the receiving, by the new ISD-P, the personal subscription data encrypted with the key in the matched subscription data sent by the remote subscription management platform includes: and receiving the encrypted personal subscription data through the Web Service security of the Web Service or a secure transmission channel established by a Secure Socket Layer (SSL) by using the new ISD-P.
In an optional embodiment, after receiving the first subscription data from the remote subscription management platform, the method further includes: and installing the first subscription data, and sending an installation result and a state to the remote subscription management platform.
In an optional embodiment, after the installing completes the first subscription data, the method further includes: receiving an activation instruction from a remote subscription management platform; and activating the installed first subscription data according to the activation indication.
In an optional embodiment, after installing the first subscription data, the method further includes: receiving a backspacing indication of a remote subscription management platform after the first subscription data is failed to be installed; and returning the installation configuration of the subscription data to the installation of the subscription data which is installed before and is still stored according to the return indication.
In an optional embodiment, the method further includes: receiving a deletion instruction from a remote subscription management platform; and deleting the stored preset subscription data according to the deletion instruction.
In an alternative embodiment, receiving the first subscription data from the remote subscription management platform comprises: performing bidirectional authentication with a remote signing management platform; and receiving first subscription data from the remote subscription management platform under the condition that the bidirectional authentication is passed.
In an optional embodiment, after receiving the first subscription data from the remote subscription management platform, the method further includes: and storing the individual subscription information in the first subscription data in a preset separate storage space. Alternatively, the separate independent space may be a hardware security module or the like.
In the above embodiments, the eUICC or the M2M device in which the eUICC is located may be set to read or modify the critical personal information data (i.e., personal subscription data) without permission, thereby ensuring the security of the subscription data.
The eUICC is a smart card with an operating system (COS), and includes a certificate security domain, an issuer security root domain, and a plurality of issuer security information domains, the internal structure of the eUICC may specifically refer to fig. 4, and the structure of the eUICC issuer security information domain may specifically refer to fig. 5. The certificate security domain stores a private key, a related certificate, a root public key of the CI and a key group for certificate replacement, and has a higher security level; the issuer security root domain is responsible for executing the platform management instruction sent by the remote subscription management platform and executing the key establishment protocol when the remote subscription management platform is switched. The issuer security information domain represents a subscription data of the operator, and comprises a file system, a network access application, a control authorization security domain, a supplement security domain, a policy rule and an operator security domain.
Through the above description of the embodiments, those skilled in the art can clearly understand that the method according to the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but the former is a better implementation mode in many cases. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, or a network device) to execute the method according to the embodiments of the present invention.
Example four
In this embodiment, a remote subscription management platform, a cloud server, and an eUICC are further provided, and each device is respectively configured to implement the first to third embodiments, which have already been described and are not described again. As used below, the term "module" may be a combination of software and/or hardware that implements a predetermined function. Although the means described in the embodiments below are preferably implemented in software, an implementation in hardware, or a combination of software and hardware is also possible and contemplated.
Fig. 6 is a block diagram of a remote subscription management platform according to an embodiment of the present invention, and as shown in fig. 6, the remote subscription management platform includes the following modules:
a first receiving module 62, configured to receive a subscription data request from an operator;
an obtaining module 64, connected to the first receiving module 62, configured to obtain first subscription data from a cloud server according to the subscription data request;
a first sending module 66, connected to the obtaining module 64, configured to send the first subscription data to an embedded universal integrated circuit card eUICC, so as to instruct the eUICC to configure the first subscription data in the eUICC.
In an alternative embodiment, the first sending module 66 includes: a first receiving unit for receiving a download request from an operator; the identification unit is used for identifying the identification ID number of the eUICC carried in the downloading request; and the sending unit is used for sending the first subscription data to the eUICC when the first subscription data is determined to be matched with the eUICC according to the ID number of the eUICC.
It should be noted that specific functions of each module in the remote subscription management platform and other functions of the remote subscription management platform may specifically refer to descriptions in each optional embodiment in the first embodiment, and are not described herein again.
Fig. 7 is a block diagram of a cloud server according to an embodiment of the present invention, and as shown in fig. 7, the cloud server includes the following modules:
a second receiving module 72, configured to receive an acquisition request from a remote subscription management platform;
a second sending module 74, connected to the second receiving module 72, configured to send the first subscription data to the remote subscription management platform according to the obtaining request, so as to instruct the remote subscription management platform to send the first subscription data to the embedded eUICC.
In an optional embodiment, the cloud server further includes: a third receiving module, configured to receive, after sending the first subscription data to the remote subscription management platform according to the acquisition request, an identification ID number of the eUICC from the remote subscription management platform; the determining module is used for determining UICC card preset information corresponding to the ID number of the eUICC; and the third sending module is used for sending the UICC preset information to the remote subscription management platform.
It should be noted that specific functions of the modules in the cloud server and other functions of the cloud server may be specifically referred to in the descriptions of the optional embodiments in embodiment two, and are not described herein again.
Fig. 8 is a block diagram of an eUICC according to an embodiment of the present invention, and as shown in fig. 8, the eUICC includes the following modules:
the fourth receiving module 82 is configured to receive the first subscription data from the remote subscription management platform, where the first subscription data is obtained by the remote subscription management platform from the cloud server.
In an alternative embodiment, the fourth receiving module 82 includes: the second receiving unit is used for receiving an installation request from the remote contract signing management platform; the installation unit is used for installing a new issuer security information domain ISD-P according to the installation request; the negotiation unit is used for negotiating with the remote signing management platform by using a new ISD-P to generate a key after the installation is finished; and a fourth receiving unit, configured to receive, by using a new ISD-P, the personal subscription data encrypted by using the key and other data in the matched subscription data, from the matched subscription data sent by the remote subscription management platform, where the matched subscription data is obtained by decrypting, by using the information decoder, the first subscription data by the remote subscription management platform, and generating, according to a preset encoding format, subscription data matched with the configuration of the operator of the eUICC.
It should be noted that specific functions of each module in the eUICC and other functions of the eUICC may specifically refer to descriptions in each optional embodiment in embodiment three, which are not described herein again.
In an optional embodiment, there is also provided a terminal comprising the eUICC of any one of the above. Optionally, the eUICC or the terminal is configured to read or modify the key personal information data (i.e., the personal subscription data in the subscription data) without permission. Alternatively, the eUICC can be plugged into the terminal or soldered directly into the terminal.
In an optional embodiment, there is further provided a system for processing subscription data, including: the remote contract signing management platform comprises the remote contract signing management platform, the cloud server and the terminal. For specific functions of the remote subscription management platform, the cloud server, and the terminal, reference is made to the foregoing description, which is not repeated herein.
EXAMPLE five
Embodiments of the present invention also provide a storage medium having a computer program stored therein, wherein the computer program is arranged to perform the steps of any of the above method embodiments when executed.
Alternatively, in the present embodiment, the storage medium may be configured to store a computer program for executing the steps of:
s1, receiving a contract signing data request from an operator;
s2, acquiring first subscription data from the cloud server according to the subscription data request;
s3, sending the first subscription data to an eUICC, so as to indicate the eUICC to configure the first subscription data in the eUICC.
Alternatively, in the present embodiment, the storage medium may be configured to store a computer program for executing the steps of:
s1, receiving an acquisition request from the remote signing management platform;
and S2, sending the first subscription data to the remote subscription management platform according to the acquisition request, so as to instruct the remote subscription management platform to send the first subscription data to the eUICC.
Alternatively, in the present embodiment, the storage medium may be configured to store a computer program for executing the steps of:
s1, receiving first subscription data from the remote subscription management platform, where the first subscription data is obtained by the remote subscription management platform from the cloud server.
Optionally, in this embodiment, the storage medium may include, but is not limited to: various media capable of storing computer programs, such as a usb disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic disk, or an optical disk.
Embodiments of the present invention also provide an electronic device comprising a memory having a computer program stored therein and a processor arranged to perform the steps of any of the above method embodiments by means of the computer program.
Optionally, in this embodiment, the processor may be configured to execute the following steps by a computer program:
s1, receiving a contract signing data request from an operator;
s2, acquiring first subscription data from the cloud server according to the subscription data request;
s3, sending the first subscription data to an eUICC, so as to indicate the eUICC to configure the first subscription data in the eUICC.
Optionally, in this embodiment, the processor may be configured to execute the following steps by a computer program:
s1, receiving an acquisition request from the remote signing management platform;
and S2, sending the first subscription data to the remote subscription management platform according to the acquisition request, so as to instruct the remote subscription management platform to send the first subscription data to the eUICC.
Optionally, in this embodiment, the processor may be configured to execute the following steps by a computer program:
s1, receiving first subscription data from the remote subscription management platform, where the first subscription data is obtained by the remote subscription management platform from the cloud server.
Optionally, the specific examples in this embodiment may refer to the examples described in the above embodiments and optional implementation manners, and this embodiment is not described herein again.
The following explains the terms that the present invention may relate to:
customer: paying parties, law responsible persons or entities.
Equipment: the device in which the embedded UICC and communication module are embedded during assembly. For example: smart meters, automobiles, and cameras.
Embedded mobile device: the device with embedded 3GPP network access capability is not the mainstream mobile network device traditionally considered. Such as cameras, automobiles, and notebook computers.
Embedded uicc (euicc): UICCs which are not easy to contact or replace cannot be deleted or replaced in the terminal, and subscription change can be safely carried out.
Profile: configuration, a collection of file structures, data, and applications configured or present on the eUICC.
Profile enablement: the status of the Profile, its files and/or applications (e.g. NAA) are selected via the UICC-terminal interface.
eUICC vendor/eUICC card vendor: eUICC modules and vendors of fixed software (e.g., firmware and operating systems). The UICC physical size and shape is specified. Following ISO 7816-1.
A master device: the device in which the module is embedded during assembly. For example: instruments, cars, cameras.
ICCID: a unique number of UICC hardware stored on the UICC and engraved on the hardware. Following the definition of E.118, etc. of ITU-T.
IMSI: the unique identifier of the SIM application, issued and owned by the mobile operator, supports the device's access to the network and use of services.
M2M: the services provided are for example smart meters without a user interface. The services provided by the MNO generally operate independently, and the services provided by the service providers tend to be limited.
Mobile network operator MNO: an entity that provides communication services to customers through a mobile network infrastructure.
Network access application NAA: an application providing network access authorization on the UICC is saved. Such as a USIM application.
Network access credentials: also known as network access certificates, ITU e.212[ i.1] networks validate the required data. Possibly including data such as Ki/K and IMSI stored in the NAA.
Activation of Profile: a Profile containing one or more network access applications and associated network access credentials.
Strategy: the behavior of the eUICC and/or entities participating in the remote management of the eUICC is managed as a rule set.
The policy control function: policy rules are defined, updated or deleted to perform the function of the policy.
The policy execution function: policy rules are executed to implement the functionality of the policy.
Policy rules: atomic operations and execution conditions of the policy are defined.
Profile access credentials: data that exists within the profile so that external entities can establish secure communications for the purpose of managing the profile's structure and data.
Profile manages credentials: data residing within the eUICC such that secure communications can be established between the external entity and the eUICC in order to manage loading, enabling, disabling, and deleting of profiles on the eUICC.
Configuring Profile: a profile containing one or more network access applications and associated network access credentials that, when installed on the eUICC, allows access to a communication network, providing only transport capabilities between the eUICC and a remote subscription management platform for eUICC management and profile management.
Configuring a contract: sign up and its associated configuration profile, which allows the device to access the mobile network with the aim of managing the activation profile on the eUICC.
Role: roles are entities that represent logical grouping functions.
Remote contract signing management platform: the remote contract signing management platform mainly has two functions: preparing activation and configuration of profile and performing security configuration on the eUICC; direct management activation and configuration of profile on the eUICC is performed securely.
The Profile reservation means that the MNO initiates a Profile reservation request to the remote subscription management platform, and the remote subscription management platform generates a Profile according to information (Profile type, number, IMSI, and the like) provided by the MNO.
The Profile establishment refers to the establishment of a general part of the Profile by the remote subscription management platform, and the actual Profile of a specific eUICC is established together with eUICC specific data.
The generation of credentials and keys refers to the MNO and the remote subscription management platform creating the actual credentials and key values that would be contained in the Profile of the eUICC specific version in a secure, guaranteed SAS environment. Not including the credentials of the Profile management.
Profile provisioning refers to the remote subscription management platform combining the generic eUICC Profile with specific eUICC data, including credentials and key information, for a specific eUICC, the result (likely) will be encrypted.
The Profile transmission refers to a process of physically transmitting the Profile to the eUICC by the remote subscription management platform.
The eUICC authentication refers to a process of verifying the eUICC by the remote subscription management platform and the eUICC OS.
Profile loading is the process of the remote subscription management platform to configure (physically/electronically) the Profile into the eUICC (volatile or non-volatile) memory.
Profile installation refers to that a remote subscription management platform creates a Profile and a naa(s) instance in an eUICC memory.
Profile management refers to the general description of all the different Profile management functions of the remote subscription management platform, which is intended to focus on the whole and not on the actual content. For example: profile activation or deletion.
The Profile activation refers to the remote subscription management platform activating the Profile installed in the memory of the eUICC, so that the M2M device may select the naa(s) file.
Profile deactivation means that the remote subscription management platform deactivates the Profile already installed in the eUICC memory, so the M2M device will not select the naa(s) file.
Profile deletion refers to the process by which the remote subscription management platform permanently removes (physically/electronically) a particular Profile that was previously loaded and may be installed on the eUICC.
The policy rule setting means that the MNO and the remote subscription management platform set an execution condition of a specific command or a related operation of Profile management. Policy rules are actions and conditions that define policy enforcement.
Policy enforcement refers to the remote subscription management platform and the eUICC OS evaluating the enforcement conditions of the policy rules and the decision to enforce the policy rules based on the evaluation commands.
Policy control refers to effective management of policy rules of a remote subscription management platform, or verifying whether policy rules of an MNO are executed correctly
The operator cooperation is described as follows: there are the following three cases that,
1. SIM locking
The user is currently signed up with operator a (MNO a) and the bound SIM card cannot be transferred within six months, but the user forgets to sign up with MNO a and tries to sign up with operator B (MNO B) during SIM card binding, MNO B queries whether it is allowed to install its Profile into the eUICC card, but the PCF defined by MNO uicc a Profile prohibits its installation of MNO B Profile (since SIM card lock is defined in PCF), MNO B obtains the eUICC card as still locked information with MNO a.
2. Collaboration agreements exist between operators
The SIM card of the user is not locked, the terminal is owned by the user, the operator Profile activated on the eUICC card comes from the operator A (MNO A), the user wants to transfer the network to the operator B (MNO B), and sends a network transfer request to the MNO B, because a cooperation agreement is signed between the MNO A and the MNO B, the MNO B obtains authorization to activate the MNO B Profile in the eUICC card of the user (by exchanging relevant information in the server of the operators of both sides), the process is realized by the principle and the execution mechanism thereof, after the network transfer is realized, the operator Profile activated in the eUICC card of the user belongs to the MNO B, the user can use the MNO B network service, and meanwhile, the PCF executor in the eUICC executes the PCF principle of the MNO B.
3. There is no collaboration agreement between operators
The method comprises the steps that the currently activated operator Profile in a user eUICC belongs to an MNO A, a user SIM card is not locked, a terminal is owned by a user, the user wants to switch to an operator C (MNO C), and sends a network switching request to the MNO C, and because a cooperation agreement is not signed between the MNO A and the MNO C, the MNO C does not obtain authorization to install the MNO C Profile in the user eUICC, the network switching of the user is realized through a PCF principle and an execution mechanism thereof.
It will be apparent to those skilled in the art that the modules or steps of the present invention described above may be implemented by a general purpose computing device, they may be centralized on a single computing device or distributed across a network of multiple computing devices, and alternatively, they may be implemented by program code executable by a computing device, such that they may be stored in a storage device and executed by a computing device, and in some cases, the steps shown or described may be performed in an order different than that described herein, or they may be separately fabricated into individual integrated circuit modules, or multiple ones of them may be fabricated into a single integrated circuit module. Thus, the present invention is not limited to any specific combination of hardware and software.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the principle of the present invention should be included in the protection scope of the present invention.
Claims (39)
1. A method for transmitting subscription data, comprising:
receiving a subscription data request from an operator;
acquiring first subscription data from a cloud server according to the subscription data request;
sending the first subscription data to an embedded universal integrated circuit card (eUICC) to indicate the eUICC to configure the first subscription data in the eUICC;
wherein, prior to receiving a subscription data request from an operator, the method further comprises:
receiving a registration request from a manufacturer of the eUICC, wherein the registration request carries subscription data prestored in the eUICC;
encoding the pre-stored subscription data according to a preset encoding format by using a configuration information encoder;
sending the encoded pre-stored subscription data to the cloud server;
wherein, sending the encoded pre-stored subscription data to the cloud server comprises:
sending a storage request for requesting to store the encoded pre-stored subscription data to the cloud server;
receiving a verification request sent by the cloud server according to the storage request;
and carrying out verification confirmation with the cloud server according to the verification request, and sending the encoded pre-stored subscription data to the cloud server after verification is successful.
2. The method of claim 1, wherein sending the first subscription data to an embedded smart card eUICC comprises:
receiving a download request from the operator;
identifying the identification ID number of the eUICC carried in the downloading request;
and when the first subscription data is determined to be matched with the eUICC according to the ID number of the eUICC, sending the first subscription data to the eUICC.
3. The method of claim 2, wherein the download request further carries a pre-registered ic card identification (ICCID).
4. The method of claim 2, wherein determining that the first subscription data matches the eUICC based on the eUICC's ID number by:
sending the ID number of the eUICC to the cloud server;
receiving UICC card preset information corresponding to the ID number of the eUICC returned by the cloud server;
decrypting the first subscription data by using an information decoder, and generating subscription data matched with the configuration of the operator according to a preset coding format;
and under the condition that the matched subscription data is determined to be valid according to UICC card preset information corresponding to the ID number of the eUICC, sending the matched subscription data to the eUICC.
5. The method of claim 4, wherein sending the matched subscription data to the eUICC comprises:
sending a request for installing a new issuer security information domain ISD-P to the eUICC;
after confirming that the eUICC finishes installing the new ISD-P, negotiating with the new ISD-P to generate a key;
and encrypting the personal subscription data in the matched subscription data by using the secret key, and sending the encrypted personal subscription data and other data in the matched subscription data to the ISD-P.
6. The method of claim 5, wherein sending the encrypted personal subscription data to the ISD-P comprises:
and sending the encrypted personal subscription data to the ISD-P through a Web Service Web Service security or a security transmission channel established by a security socket layer SSL.
7. The method of claim 4, wherein after sending the first subscription data to an embedded universal integrated circuit card (eUICC), the method further comprises:
after receiving the installation result and the state of the first subscription data sent by the eUICC, reporting the installation result and the state to the cloud server to instruct the cloud server to update the UICC card preset information corresponding to the ID number of the eUICC by using the installation result and the state.
8. The method of claim 1, wherein after sending the first subscription data to an embedded universal integrated circuit card (eUICC), the method further comprises:
receiving an activation request from the operator requesting activation of the first subscription data in the eUICC;
after determining that the first subscription data in the eUICC is allowed to be activated, sending an activation indication to the eUICC to indicate the eUICC to activate the first subscription data.
9. The method of claim 1, further comprising:
receiving a deletion request from the operator for requesting deletion of the predetermined subscription data stored in the eUICC;
and sending a deletion instruction to the eUICC to instruct the eUICC to delete the predetermined subscription data under the condition that the predetermined subscription data is determined to be allowed to be deleted.
10. The method of claim 1, wherein the pre-stored subscription data comprises at least the following information:
the subscription data category, the application identification, the integrated circuit card identification code ICCID, the mobile subscriber number MSISDN, the subscription data state, the memory to be allocated and the management strategy.
11. The method according to claim 1 or 4, wherein the predetermined encoding format comprises one of:
ASN.1,Unicode,UTF-8。
12. the method of claim 1, comprising at least one of:
receiving a subscription data request from an operator includes: performing bidirectional authentication with the operator, and receiving the subscription data request from the operator under the condition that the authentication is passed;
acquiring first subscription data from a cloud server according to the subscription data request comprises the following steps: performing bidirectional authentication with the cloud server, and acquiring the first subscription data from the cloud server according to the subscription data request under the condition that the authentication is passed;
sending the first subscription data to an embedded universal integrated circuit card (eUICC) comprises: and performing bidirectional authentication with the eUICC, and sending the first subscription data to the eUICC when the authentication is passed.
13. The method of claim 1, wherein sending the first subscription data to an embedded universal integrated circuit card (eUICC) comprises:
and sending the first subscription data to the eUICC according to a first preset sequence by using a preset first counter.
14. The method of claim 1, wherein after sending the first subscription data to an embedded universal integrated circuit card (eUICC), the method further comprises:
after determining that the eUICC fails to install the first subscription data, indicating the eUICC to rollback subscription data installation configuration to installation of subscription data which is installed before and stored in the eUICC.
15. A method for transmitting subscription data, comprising:
the cloud server receives an acquisition request from a remote contract signing management platform;
the cloud server sends first subscription data to the remote subscription management platform according to the acquisition request so as to instruct the remote subscription management platform to send the first subscription data to an embedded universal integrated circuit card (eUICC);
before the cloud server receives an acquisition request from a remote subscription management platform, the method further includes:
the cloud server receives the pre-stored signed data after encoding from the remote signed management platform, wherein the pre-stored signed data is the signed data which is sent to the remote signed management platform by the manufacturer of the eUICC and is pre-stored in the eUICC;
the receiving, by the cloud server, the encoded pre-stored subscription data from the remote subscription management platform includes:
the cloud server receives a storage request from the remote subscription management platform, wherein the storage request is used for requesting to store the encoded pre-stored subscription data;
the cloud server sends a verification request to the remote signing management platform according to the storage request;
the cloud server receives verification information sent by the remote signing management platform according to the verification request;
and the cloud server receives the coded pre-stored subscription data from the remote subscription management platform under the condition that the verification information passes verification.
16. The method of claim 15, wherein after the cloud server sends the first subscription data to the remote subscription management platform according to the acquisition request, the method further comprises:
the cloud server receives an identification ID number of the eUICC from the remote subscription management platform;
the cloud server determines UICC card preset information corresponding to the ID number of the eUICC;
and the cloud server sends the UICC card preset information to the remote subscription management platform.
17. The method of claim 16, wherein after the cloud server sends the UICC card provisioning information to the remote subscription management platform, the method further comprises:
the cloud server receives an installation result and a state from the remote subscription management platform, wherein the installation result and the state are the installation result and the state of the eUICC on the first subscription data;
and the cloud server updates UICC card preset information corresponding to the ID number of the eUICC according to the installation result and the state.
18. The method of claim 15, wherein the pre-stored subscription data comprises at least the following information:
the subscription data category, the application identification, the integrated circuit card identification code ICCID, the mobile subscriber number MSISDN, the subscription data state, the memory to be allocated and the management strategy.
19. The method of claim 15, wherein the cloud server receiving the acquisition request from the remote subscription management platform comprises:
the cloud server and the remote signing management platform perform bidirectional authentication;
and the cloud server receives the acquisition request from the remote signing management platform under the condition that the bidirectional authentication is passed.
20. The method of claim 15, wherein the cloud server sending first subscription data to the remote subscription management platform according to the acquisition request comprises:
and the cloud server sends the first subscription data to the remote subscription management platform according to a second preset sequence by using a preset second counter.
21. A method for receiving subscription data, comprising:
receiving first subscription data from a remote subscription management platform, wherein the first subscription data is acquired by the remote subscription management platform from a cloud server;
the method further comprises the step of sending subscription data pre-stored in an eUICC carrying an embedded universal integrated circuit card to the remote subscription management platform to indicate the remote subscription management platform to execute the following operations:
encoding the pre-stored subscription data according to a preset encoding format by using a configuration information encoder;
sending the encoded pre-stored subscription data to the cloud server;
wherein, sending the encoded pre-stored subscription data to the cloud server comprises:
sending a storage request for requesting to store the encoded pre-stored subscription data to the cloud server;
receiving a verification request sent by the cloud server according to the storage request;
and carrying out verification confirmation with the cloud server according to the verification request, and sending the encoded pre-stored subscription data to the cloud server after verification is successful.
22. The method of claim 21, wherein receiving the first subscription data from the remote subscription management platform comprises:
receiving an installation request from the remote subscription management platform;
installing a new issuer security information domain ISD-P according to the installation request;
after the installation is finished, the new ISD-P is used for negotiating with the remote signing management platform to generate a key;
and receiving the personal subscription data encrypted by the key and other data in the matched subscription data from the remote subscription management platform by using the new ISD-P, wherein the matched subscription data is the subscription data matched with the configuration of an operator and generated by the remote subscription management platform according to a preset coding format, and the first subscription data is decrypted by using an information decoder.
23. The method of claim 22, wherein receiving, by the new ISD-P, the personal subscription data encrypted with the key from the matching subscription data sent by the remote subscription management platform comprises:
and receiving the encrypted personal subscription data through the new ISD-P through Web Service Web Service security or through a secure transmission channel established by a secure socket layer SSL.
24. The method of claim 21, wherein after receiving the first subscription data from the remote subscription management platform, the method further comprises:
and installing the first subscription data, and sending an installation result and a state to the remote subscription management platform.
25. The method of claim 24, wherein after installing the first subscription data, the method further comprises:
receiving an activation indication from the remote subscription management platform;
and activating the installed first subscription data according to the activation indication.
26. The method of claim 24, wherein after installing the first subscription data, the method further comprises:
receiving a rollback instruction of the remote subscription management platform after the first subscription data is failed to be installed;
and returning the installation configuration of the subscription data to the installation of the subscription data which is installed before and is still stored according to the return indication.
27. The method of claim 21, further comprising:
receiving a deletion instruction from the remote subscription management platform;
and deleting the stored preset subscription data according to the deletion instruction.
28. The method of claim 21, wherein receiving the first subscription data from the remote subscription management platform comprises:
performing bidirectional authentication with the remote signing management platform;
and receiving the first subscription data from the remote subscription management platform under the condition that the bidirectional authentication is passed.
29. The method of claim 21, wherein after receiving the first subscription data from the remote subscription management platform, the method further comprises:
and storing the individual subscription information in the first subscription data in a preset independent storage space.
30. A remote subscription management platform, comprising:
a first receiving module, configured to receive a subscription data request from an operator;
the acquisition module is used for acquiring first subscription data from a cloud server according to the subscription data request;
a first sending module, configured to send the first subscription data to an embedded universal integrated circuit card eUICC, so as to instruct the eUICC to configure the first subscription data in the eUICC;
the platform is further configured to receive a registration request from a manufacturer of the eUICC, where the registration request carries subscription data pre-stored in the eUICC;
encoding the pre-stored subscription data according to a preset encoding format by using a configuration information encoder;
sending the encoded pre-stored subscription data to the cloud server;
wherein, sending the encoded pre-stored subscription data to the cloud server comprises:
sending a storage request for requesting to store the encoded pre-stored subscription data to the cloud server;
receiving a verification request sent by the cloud server according to the storage request;
and carrying out verification confirmation with the cloud server according to the verification request, and sending the encoded pre-stored subscription data to the cloud server after verification is successful.
31. The remote subscription management platform of claim 30, wherein said first sending module comprises:
a first receiving unit, configured to receive a download request from the operator;
an identification unit, configured to identify an identification ID number of the eUICC carried in the download request;
and the sending unit is used for sending the first subscription data to the eUICC when the first subscription data is determined to be matched with the eUICC according to the ID number of the eUICC.
32. A cloud server, comprising:
the second receiving module is used for receiving an acquisition request from the remote signing management platform;
a second sending module, configured to send first subscription data to the remote subscription management platform according to the acquisition request, so as to instruct the remote subscription management platform to send the first subscription data to an embedded universal integrated circuit card eUICC;
the cloud server is further configured to receive pre-stored subscription data after encoding from the remote subscription management platform, where the pre-stored subscription data is subscription data pre-stored in the eUICC and sent to the remote subscription management platform by the manufacturer of the eUICC;
the receiving, by the cloud server, the encoded pre-stored subscription data from the remote subscription management platform includes:
the cloud server receives a storage request from the remote subscription management platform, wherein the storage request is used for requesting to store the encoded pre-stored subscription data;
the cloud server sends a verification request to the remote signing management platform according to the storage request;
the cloud server receives verification information sent by the remote signing management platform according to the verification request;
and the cloud server receives the coded pre-stored subscription data from the remote subscription management platform under the condition that the verification information passes verification.
33. The cloud server of claim 32, further comprising:
a third receiving module, configured to receive an identification ID number of the eUICC from the remote subscription management platform after sending the first subscription data to the remote subscription management platform according to the acquisition request;
a determining module, configured to determine UICC card preset information corresponding to the ID number of the eUICC;
and the third sending module is used for sending the UICC preset information to the remote subscription management platform.
34. An eUICC, comprising:
the fourth receiving module is used for receiving first subscription data from a remote subscription management platform, wherein the first subscription data is acquired by the remote subscription management platform from a cloud server;
the eUICC is further configured to send subscription data pre-stored in the eUICC to the remote subscription management platform, so as to instruct the remote subscription management platform to perform the following operations:
encoding the pre-stored subscription data according to a preset encoding format by using a configuration information encoder;
sending the encoded pre-stored subscription data to the cloud server;
wherein, sending the encoded pre-stored subscription data to the cloud server comprises:
sending a storage request for requesting to store the encoded pre-stored subscription data to the cloud server;
receiving a verification request sent by the cloud server according to the storage request;
and carrying out verification confirmation with the cloud server according to the verification request, and sending the encoded pre-stored subscription data to the cloud server after verification is successful.
35. The eUICC of claim 34, wherein the fourth receiving module comprises:
a second receiving unit, configured to receive an installation request from the remote subscription management platform;
the installation unit is used for installing a new issuer security information domain ISD-P according to the installation request;
the negotiation unit is used for negotiating with the remote signing management platform by using the new ISD-P to generate a key after the installation is finished;
and a fourth receiving unit, configured to receive, by using the new ISD-P, the personal subscription data encrypted by using the key and other data in the matched subscription data, where the personal subscription data and other data in the matched subscription data are sent by the remote subscription management platform, and the matched subscription data is obtained by decrypting, by using an information decoder, the first subscription data by the remote subscription management platform, and generating subscription data matched with the configuration of the operator of the eUICC according to a preset encoding format.
36. A terminal characterized by comprising the eUICC as recited in claim 34 or 35.
37. A system for processing subscription data, comprising: a remote subscription management platform as claimed in claim 30 or 31, a cloud server as claimed in claim 32 or 33, and a terminal as claimed in claim 36.
38. A storage medium having a computer program stored thereon, wherein the computer program is arranged to, when executed by a processor, perform the method of any of claims 1 to 14, or perform the method of any of claims 15 to 20, or perform the method of any of claims 21 to 29.
39. An electronic apparatus comprising a memory and a processor, wherein the memory has stored therein a computer program, and wherein the processor is arranged to execute the computer program to perform the method of any of claims 1 to 14, or to perform the method of any of claims 15 to 20, or to perform the method of any of claims 21 to 29.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711408249.6A CN109963275B (en) | 2017-12-22 | 2017-12-22 | Sending method and receiving method of subscription data and processing system of subscription data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711408249.6A CN109963275B (en) | 2017-12-22 | 2017-12-22 | Sending method and receiving method of subscription data and processing system of subscription data |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109963275A CN109963275A (en) | 2019-07-02 |
| CN109963275B true CN109963275B (en) | 2022-01-28 |
Family
ID=67019667
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711408249.6A Active CN109963275B (en) | 2017-12-22 | 2017-12-22 | Sending method and receiving method of subscription data and processing system of subscription data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109963275B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110535814A (en) * | 2018-05-25 | 2019-12-03 | 中兴通讯股份有限公司 | A kind of methods, devices and systems managing publisher's safety information domain |
| CN110536284B (en) * | 2019-07-03 | 2020-09-01 | 深圳杰睿联科技有限公司 | eSIM management method and system based on Internet of things |
| CN112733133B (en) * | 2019-10-14 | 2024-04-19 | 中国移动通信有限公司研究院 | Access control method, device and storage medium for embedded universal integrated circuit card |
| WO2023122917A1 (en) * | 2021-12-27 | 2023-07-06 | 北京小米移动软件有限公司 | Information processing method and apparatus, communication device, and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104703170A (en) * | 2013-12-05 | 2015-06-10 | 华为终端有限公司 | Methods and equipment for downloading file of operator |
| CN106412871A (en) * | 2016-10-31 | 2017-02-15 | 努比亚技术有限公司 | Method of realizing communication processing and terminal |
| CN106899540A (en) * | 2015-12-17 | 2017-06-27 | 中国电信股份有限公司 | The update method of user contracting data, management system, eUICC and terminal |
| CN106937274A (en) * | 2017-05-12 | 2017-07-07 | 东信和平科技股份有限公司 | A kind of Profile changing methods and device based on EUICC |
-
2017
- 2017-12-22 CN CN201711408249.6A patent/CN109963275B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104703170A (en) * | 2013-12-05 | 2015-06-10 | 华为终端有限公司 | Methods and equipment for downloading file of operator |
| CN106899540A (en) * | 2015-12-17 | 2017-06-27 | 中国电信股份有限公司 | The update method of user contracting data, management system, eUICC and terminal |
| CN106412871A (en) * | 2016-10-31 | 2017-02-15 | 努比亚技术有限公司 | Method of realizing communication processing and terminal |
| CN106937274A (en) * | 2017-05-12 | 2017-07-07 | 东信和平科技股份有限公司 | A kind of Profile changing methods and device based on EUICC |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109963275A (en) | 2019-07-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10362485B2 (en) | Delegated profile and policy management | |
| US10334443B2 (en) | Method for configuring profile of subscriber authenticating module embedded and installed in terminal device, and apparatus using same | |
| US10178242B2 (en) | Enterprise gateway to mobile operator | |
| US10911939B2 (en) | Embedded universal integrated circuit card profile management method and apparatus | |
| US9419970B2 (en) | Electronic access client distribution apparatus and methods | |
| CN109963275B (en) | Sending method and receiving method of subscription data and processing system of subscription data | |
| EP3337219B1 (en) | Carrier configuration processing method, device and system, and computer storage medium | |
| US20140134981A1 (en) | Method for changing mno in embedded sim on basis of special privilege, and embedded sim and recording medium therefor | |
| CN113273155B (en) | Method and apparatus for managing binding of intelligent security platform | |
| EP3824594B1 (en) | Apparatus and method for ssp device and server to negotiate digital certificates | |
| WO2018209986A1 (en) | Method and device for downloading euicc subscription data | |
| KR20200101257A (en) | Method and apparatus for device change in mobile communication system | |
| JP7384920B2 (en) | Method of providing subscription profile, subscriber identity module, and subscription server | |
| JP7208080B2 (en) | Automatic activation and onboarding of connected equipment | |
| KR20130141371A (en) | Methods for backup and restoration of profile in euicc environment and devices therefor | |
| US20220278985A1 (en) | Method and device for transferring bundle between devices | |
| WO2019223524A1 (en) | Method, apparatus and system for managing issuer security information domain | |
| CN116097636A (en) | Apparatus and method for linking or profile transfer between devices | |
| KR20210020770A (en) | Apparatus, and methods for secure device to device bundle transfer | |
| KR20210034475A (en) | Apparatus and methods for mutual authentication during device to device bundle or profile transfer | |
| KR20210110145A (en) | Apparatus and methods for remote management and verifying remote management authorization | |
| KR20210116169A (en) | Apparatus and methods for device to device bundle or profile online transfer | |
| CN114830702A (en) | Method for managing profiles for accessing a communication network | |
| CN114731505A (en) | Method and apparatus for setting state of packet after packet transmission between devices | |
| CN114731283A (en) | Mutual device-to-device authentication method and device during device-to-device bundle or profile transfer |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |