CN115499821A - eSIM signing method and device - Google Patents

eSIM signing method and device Download PDF

Info

Publication number
CN115499821A
CN115499821A CN202210880582.1A CN202210880582A CN115499821A CN 115499821 A CN115499821 A CN 115499821A CN 202210880582 A CN202210880582 A CN 202210880582A CN 115499821 A CN115499821 A CN 115499821A
Authority
CN
China
Prior art keywords
data
user
subscription data
esim
subscription
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210880582.1A
Other languages
Chinese (zh)
Inventor
张亚南
王茜
宋继高
王炫中
高金钊
包一萌
李竹天
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Zhongdian Feihua Communication Co Ltd
Original Assignee
Beijing Zhongdian Feihua Communication Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Zhongdian Feihua Communication Co Ltd filed Critical Beijing Zhongdian Feihua Communication Co Ltd
Priority to CN202210880582.1A priority Critical patent/CN115499821A/en
Publication of CN115499821A publication Critical patent/CN115499821A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • H04W8/183Processing at user equipment or user record carrier
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/50Service provisioning or reconfiguring
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/26Network addressing or numbering for mobility support
    • H04W8/265Network addressing or numbering for mobility support for initial activation of new user

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Databases & Information Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Telephonic Communication Services (AREA)

Abstract

An eSIM signing method and device, the method pre-registers the signing data pre-stored inside; sending a subscription data pre-generation instruction, wherein the pre-generation instruction comprises subscription description information, generating subscription data according to the subscription description information, and storing the generated subscription data for a user to download; judging whether the user eSIM card is allowed to download the generated subscription data or not according to the bidirectional authentication result; establishing a shared transmission key through a key negotiation process, and selecting one subscription data to prepare and send to the user eSIM card; and receiving an activation opening request of new subscription data of a user, confirming whether the strategy information in the new subscription data set allows switching, and signing a registration activation request to the user eSIM card if the switching is allowed. The method and the system can flexibly select the operator network through the eSIM number writing in the air, can reduce the operation cost, improve the operation efficiency, upgrade the service guarantee, improve the service quality and improve the satisfaction degree of customers.

Description

eSIM signing method and device
Technical Field
The disclosure belongs to the technical field of aerial number writing, and particularly relates to an eSIM (embedded subscriber identity Module) signing method and device.
Background
The eSIM, namely the EmbededSIM, refers to an embedded SIM card, and is essentially to transfer card data in the SIM card from an originally stored UICC circuit (i.e., a traditional SIM card) to a piece of hardware of a terminal device.
With the popularization and driving of the internet of things technology, more and more traditional goods (such as automobiles, intelligent meters, monitoring equipment and the like) are embedded into the sensor and the communication module to become the internet of things terminal. The main reason why the eSIM is cooled down is that the conventional physical SIM card does not exist, and the physical SIM card is the only link between the user and the operator, and if the physical SIM card is absent, the operator cannot manage through its own SIM card pair.
With the advent of the 5G era, the industry of the Internet of things is greatly developed, communication is not limited to connection between people, but also means interconnection of everything, and therefore operators have to choose to accept changes. How to open the batch service and renew the service after the eSIM equipment leaves the factory and change the subscription has practical significance.
Disclosure of Invention
In view of this, an object of the present disclosure is to provide an eSIM subscription method and apparatus, which implement service processing of an eSIM to match an optimal operator network for a user.
Based on the above purpose, a first aspect of the present disclosure provides an eSIM subscription method, including:
pre-registering subscription data pre-stored in the eSIM, wherein the pre-registered subscription data comprises a data category, an application identifier, an identification number, an MSISDN, a data state, a memory to be allocated and a management strategy;
sending a subscription data pre-generation instruction, wherein the pre-generation instruction comprises subscription description information, generating subscription data according to the subscription description information, and storing the generated subscription data for a user to download;
identifying the ID number of the user eSIM card in the user downloading request and the corresponding pre-registered signing data, extracting preset information according to the ID number of the user eSIM card to perform bidirectional authentication, and judging whether the signing data generated by downloading the user eSIM card is allowed or not according to a bidirectional authentication result;
if the user eSIM card is allowed to download the generated signing data, establishing a shared transmission key through a key negotiation process, selecting one signing data from the generated signing data for ready transmission to the user eSIM card, completing decryption and installation of the user eSIM card, and feeding back a decryption result and an installation result;
the signing data after decryption and installation are placed in a signing data set of the eSIM card of the user and are in an inactivated state;
receiving an activation opening request of new subscription data of a user, confirming whether the strategy information in the new subscription data set allows switching, and signing a registration activation request to an eSIM card of the user if the switching is allowed;
the method comprises the steps of obtaining the geographic position of the user eSIM card equipment, detecting the signal quality of mobile networks of different operators where the eSIM card equipment is located, and matching the optimal operator network to carry out eSIM remote card calling.
As an optimal scheme of an eSIM subscription method, the subscription description information includes the number of subscription data, the requirements of the subscription data, and the available IMSI range; and generating personal information including a secret key and a certificate in the subscription data according to the subscription description information.
As a preferred scheme of the eSIM subscription method, if the user eSIM card is allowed to download the generated subscription data, the subscription data installation request is signed, an empty subscription data file is created, and a shared transmission key is established through a key agreement flow after confirmation information is returned.
As a preferred scheme of the eSIM subscription method, the user eSIM card performs local execution strategy to confirm registration activation, stops the registration activation process if the local execution strategy conflicts, performs subscription data switching if the local execution strategy does not conflict, and feeds back a subscription data switching result.
As an optimal scheme of the eSIM subscription method, after the subscription data is switched to a result, if the original subscription data is not enabled any more, the original subscription data in the eSIM card of the user is deleted.
A second aspect of the present disclosure provides an eSIM signing apparatus, including:
the system comprises a pre-registration module, a pre-registration module and a management module, wherein the pre-registration module is used for pre-registering subscription data pre-stored in an eSIM (embedded subscriber identity module), and the pre-registered subscription data comprises a data category, an application identifier, an identification number, an MSISDN (Mobile station identifier), a data state, a memory required to be allocated and a management strategy;
the new signing data generation module is used for sending a signing data pre-generation instruction, wherein the pre-generation instruction comprises signing description information, generating signing data according to the signing description information, and storing the generated signing data for a user to download;
the system comprises a bidirectional authentication module, a data processing module and a data processing module, wherein the bidirectional authentication module is used for identifying the ID number of the user eSIM card in a user downloading request and the corresponding pre-registered subscription data, extracting preset information according to the ID number of the user eSIM card to perform bidirectional authentication, and judging whether the user eSIM card is allowed to download the generated subscription data or not according to a bidirectional authentication result;
the key agreement module is used for establishing a shared transmission key through a key agreement process if the user eSIM card is allowed to download the generated signing data;
the decryption installation module is used for selecting one subscription data from the generated subscription data to be sent to the user eSIM card, completing decryption and installation of the user eSIM card, and feeding back a decryption result and an installation result;
the signing data storage module is used for placing the signing data after decryption and installation in a signing data set of the eSIM card of the user and keeping the signing data set in an inactivated state;
the activation processing module is used for receiving an activation request for opening new subscription data of a user, confirming whether the strategy information in the new subscription data set allows switching or not, and signing a registration activation request to the user eSIM card if the switching is allowed;
and the remote card-calling module is used for acquiring the geographic position of the eSIM card equipment of the user, detecting the signal quality of mobile networks of different operators at the position of the eSIM card equipment, and matching the optimal operator network to carry out the eSIM remote card calling.
As a preferred scheme of the eSIM subscription device, the subscription description information of the new subscription data generation module includes a subscription data number, a subscription data requirement, and an available IMSI range; and generating personal information including a secret key and a certificate in the subscription data according to the subscription description information.
As an optimal solution for the eSIM subscription device, in the key agreement module, if the user eSIM card is allowed to download the generated subscription data, the signing data installation request is signed, an empty subscription data file is created, and a shared transmission key is established through a key agreement flow after confirmation information is returned.
As a preferred scheme of the eSIM subscription device, in the activation processing module, the eSIM card of the user performs local execution policy to confirm registration activation, if the local execution policy has conflict, the registration activation process is stopped, and if the local execution policy has no conflict, subscription data switching is performed, and a subscription data switching result is fed back.
As a preferred scheme of the eSIM subscription device, the eSIM subscription device further includes an old subscription data processing module, configured to delete the original subscription data in the eSIM card of the user if the original subscription data is no longer enabled after the subscription data is switched to the result.
A third aspect of the present disclosure provides an electronic device, including a memory, a processor, and a computer program stored on the memory and executable on the processor, where the processor implements the eSIM subscription method of the first aspect when executing the program.
A fourth aspect of the present disclosure proposes a non-transitory computer-readable storage medium storing computer instructions for causing a computer to execute a method of implementing an eSIM subscription of the first aspect.
As can be seen from the above, the method and the system can flexibly select the operator network through the number writing over the air of the eSIM, so that the operation cost can be reduced, the operation efficiency can be improved, the service guarantee can be upgraded, the service quality can be improved, and the satisfaction degree of a customer can be improved; this disclosure can satisfy a series of characteristics and demand of thing networking business: the performance of the chip can be improved, a wider temperature range is met, the data storage time and the erasing times are prolonged, and the stolen risk of the pluggable SIM card is avoided; the management workload and the safety risk of the intermediate link are reduced, the working efficiency and the management level are improved, and the management cost is reduced; by remotely configuring an eSIM card over the air, re-downloading and activating a subscription, the operation and maintenance level of a service terminal is improved on the premise of not obviously increasing workload, and the online rate of the terminal is improved; the method can ensure the convenience of opening and the reliability of connection, greatly shorten the period of opening and debugging and reduce the complexity of system deployment.
Drawings
In order to more clearly illustrate the technical solutions in the present disclosure or related technologies, the drawings needed to be used in the description of the embodiments or related technologies are briefly introduced below, and it is obvious that the drawings in the following description are only embodiments of the present disclosure, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
Fig. 1 is a schematic diagram of an eSIM subscription method according to an embodiment of the disclosure;
fig. 2 is a schematic diagram of an eSIM signing apparatus according to an embodiment of the present disclosure;
fig. 3 is a schematic structural diagram of an electronic device according to an embodiment of the disclosure.
Detailed Description
For the purpose of promoting a better understanding of the objects, aspects and advantages of the present disclosure, reference is made to the following detailed description taken in conjunction with the accompanying drawings.
It is to be noted that technical terms or scientific terms used in the embodiments of the present disclosure should have a general meaning as understood by those having ordinary skill in the art to which the present disclosure belongs, unless otherwise defined. The use of "first," "second," and similar terms in the embodiments of the disclosure is not intended to indicate any order, quantity, or importance, but rather is used to distinguish one element from another. The word "comprising" or "comprises", and the like, means that the element or item listed before the word covers the element or item listed after the word and its equivalents, but does not exclude other elements or items.
At present, the adaptability of a common SIM card in a severe environment is poor, and the requirements of a plurality of application scenes of the Internet of things on the environment characteristics cannot be met. With the popularization drive of the internet of things technology, more and more traditional commodities (such as automobiles, intelligent meters, monitoring equipment and the like) are embedded into the sensors and the communication modules, and become the internet of things terminal. The main reason why the eSIM is cooled down is that the conventional physical SIM card does not exist, and the physical SIM card is the only link between the user and the operator, and if the physical SIM card is absent, the operator cannot manage through its own SIM card pair.
With the advent of the 5G era, the Internet of things industry is greatly developed, communication is not limited to connection between people, but also means interconnection of everything, and therefore operators have to choose to accept changes. How to open the batch service and renew the service after the eSIM equipment leaves the factory and change the subscription has practical significance.
In view of this, the embodiments of the present disclosure provide an eSIM subscription method and apparatus to implement service processing, service provisioning, service expiration continuation, and subscription change of an eSIM, so as to match an optimal operator network for a user.
Referring to fig. 1, an embodiment of the present disclosure provides an eSIM subscription method, including the following steps:
s1, pre-registering subscription data pre-stored in an eSIM (embedded subscriber identity Module), wherein the pre-registered subscription data comprises a data type, an application identifier, an identification number, an MSISDN (Mobile station identifier), a data state, a memory to be allocated and a management strategy;
s2, sending a subscription data pre-generation instruction, wherein the pre-generation instruction comprises subscription description information, generating subscription data according to the subscription description information, and storing the generated subscription data for a user to download;
s3, identifying the ID number of the user eSIM card in the user downloading request and the corresponding pre-registered subscription data, extracting preset information according to the ID number of the user eSIM card to perform bidirectional authentication, and judging whether the user eSIM card is allowed to download the generated subscription data according to a bidirectional authentication result;
s4, if the user eSIM card is allowed to download the generated subscription data, establishing a shared transmission key through a key negotiation process, selecting one subscription data from the generated subscription data to prepare and send to the user eSIM card, and completing decryption and installation of the user eSIM card and feeding back a decryption result and an installation result;
s5, placing the decrypted and installed subscription data in a subscription data set of the eSIM card of the user and keeping the subscription data set in an inactivated state;
s6, receiving an activation request for opening new subscription data of a user, confirming whether the strategy information in the new subscription data set allows switching, and if the switching is allowed, signing a registration activation request to the eSIM card of the user;
s7, acquiring the geographical position of the user eSIM card equipment, detecting the signal quality of mobile networks of different operators at the position of the eSIM card equipment, and matching the optimal operator network to carry out eSIM remote card calling.
In this embodiment, after the eSIM is manufactured, a manufacturer first needs to register the subscription data pre-stored in the eSIM at the data preparation terminal, where the subscription data includes a subscription data category, an application identifier, an ICCID, an MSISDN, a subscription data state, a memory to be allocated, a management policy, and the like.
When the operator needs to update the subscription data of the eSIM, a subscription data pre-generation instruction is sent to the data preparation terminal. The operator informs the data preparation terminal of the required signing data quantity, signing data requirements and available IMSI range, the data preparation terminal automatically generates personal information such as keys and certificates in the signing data according to the description information, and stores the signing data in the data preparation terminal for downloading.
In this embodiment, if the user eSIM card is allowed to download the generated subscription data, the subscription data installation request is signed, an empty subscription data file is created, and a shared transmission key is established through a key agreement process after confirmation information is returned.
Specifically, after the data preparation terminal completes the preparation of the subscription data, the operator sends a download request to the data preparation terminal, and the data preparation terminal identifies the ID number (EID) of the user equipment card in the request and the corresponding pre-registered routing equipment identification number. After the data preparation terminal is authenticated with the registered routing equipment in a bidirectional way, the routing equipment extracts the preset information (EIS) of the SIM card according to the ID number of the user equipment card and sends the extracted information to the data preparation terminal so as to confirm whether the eSIM is suitable for downloading the subscription data. If so, the data preparation terminal signs an install new ISD-P request to the routing device. And then, the routing equipment and the ISD-R in the eSIM complete authentication, an empty ISD-P is firstly created, and confirmation information is returned to the data preparation terminal. And the data preparation terminal and the newly established ISD-P establish a shared transmission key through a key negotiation process, and select one from the generated new subscription data to be sent to the eSIM card.
In order to ensure the security, the personal subscription data in the private key is encrypted by using the key negotiated with the ISD-P and then is sent to the ISD-P. And after receiving the ISD-P and completing decryption and installation, returning an installation result and a state to the data preparation terminal. And finally, the data preparation terminal sends the installation result and the state of the ISD-P to the routing equipment, the routing equipment updates the database of the routing equipment, and places the new subscription data in an eSIM subscription data set (EIS) and is in an inactivated state.
In this embodiment, the eSIM card of the user performs local execution policy to confirm registration activation, stops the registration activation process if the local execution policy has a conflict, and performs subscription data switching and feeds back a subscription data switching result if the local execution policy has no conflict. And after the signing data are switched to be achievements, if the original signing data are not started, deleting the original signing data in the eSIM card of the user.
Specifically, when the user confirms to open the new subscription data, the operator sends a new subscription data activation request to the routing device, and the routing device confirms whether the policy information in the new subscription data set allows switching; if yes, signing a registration activation request to the ISD-R of the eSIM, and continuously confirming the local execution strategy by the eSIM; if there is a conflict, the ISD-R stops the process and informs the routing device; if no conflict exists, the ISD-R carries out subscription data switching and informs the switching result to the routing equipment, and the routing equipment informs the operator of the switching result. Then, the operator disables the original subscription data through the routing device, and similarly, the operator needs to perform the operation after two times of confirmation of the policy information.
When the operator determines that a certain subscription data is not enabled any more and is to be completely deleted, the deletion of the subscription data in the eSIM card can be continued.
In the embodiment, the eSIM remote card debugging can be performed by detecting the signal quality of the local different operators mobile network of the node, the optimal operator network is matched, the opening convenience and the connection reliability are ensured, the period of opening and debugging is shortened, and the complexity of system deployment is reduced.
To sum up, the method performs pre-registration on the subscription data pre-stored in the eSIM, where the pre-registered subscription data includes a data category, an application identifier, an identification number, an MSISDN, a data state, a memory to be allocated, and a management policy; sending a subscription data pre-generation instruction, wherein the pre-generation instruction comprises subscription description information, generating subscription data according to the subscription description information, and storing the generated subscription data for a user to download; identifying the ID number of the user eSIM card in the user downloading request and the corresponding pre-registered subscription data, extracting preset information according to the ID number of the user eSIM card to perform bidirectional authentication, and judging whether the subscription data generated by downloading the user eSIM card is allowed or not according to a bidirectional authentication result; if the user eSIM card is allowed to download the generated signing data, establishing a shared transmission key through a key negotiation process, selecting one signing data from the generated signing data for ready transmission to the user eSIM card, completing decryption and installation of the user eSIM card, and feeding back a decryption result and an installation result; the decrypted and installed signing data are placed in a signing data set of the user eSIM card and are in an inactivated state; receiving an activation opening request of new subscription data of a user, confirming whether the strategy information in the new subscription data set allows switching, and signing a registration activation request to the user eSIM card if the switching is allowed; the method comprises the steps of obtaining the geographic position of the user eSIM card equipment, detecting the signal quality of mobile networks of different operators where the eSIM card equipment is located, and matching the optimal operator network to carry out eSIM remote card calling. The method can flexibly select the operator network through the eSIM number writing in the air, can reduce the operation cost, improve the operation efficiency, upgrade the service guarantee, improve the service quality and improve the satisfaction degree of customers; this disclosure can satisfy a series of characteristics and demand of thing networking business: the performance of the chip can be improved, a wider temperature range is met, the data storage time and the erasing times are prolonged, and the stolen risk of the pluggable SIM card is avoided; the management workload and the safety risk of the intermediate link are reduced, the working efficiency and the management level are improved, and the management cost is reduced; by means of remotely configuring an over-the-air card writing, re-downloading and signature activation by the eSIM, the operation and maintenance level of a service terminal is improved on the premise of not obviously increasing workload, and the online rate of the terminal is improved; the method can ensure the convenience of opening and the reliability of connection, greatly shorten the period of opening and debugging and reduce the complexity of system deployment.
It should be noted that the method of the embodiment of the present application may be executed by a single device, such as a computer or a server. The method of the embodiment can also be applied to a distributed scene and is completed by the mutual cooperation of a plurality of devices. In this distributed scenario, one device of the multiple devices may only perform one or more steps of the method of the embodiment of the present application, and the multiple devices interact with each other to complete the method.
It should be noted that the above describes some embodiments of the present application. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments described above and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
Referring to fig. 2, based on the same inventive concept, corresponding to any of the above-described embodiments of the system, the present disclosure further provides an eSIM signing apparatus, including:
the system comprises a pre-registration module 1, a pre-registration module and a management module, wherein the pre-registration module is used for pre-registering subscription data pre-stored in an eSIM (embedded subscriber identity module), and the pre-registered subscription data comprises a data type, an application identifier, an identification number, an MSISDN (Mobile station identifier), a data state, a memory to be allocated and a management strategy;
the new subscription data generation module 2 is used for sending a subscription data pre-generation instruction, wherein the pre-generation instruction comprises subscription description information, generating subscription data according to the subscription description information, and storing the generated subscription data for a user to download;
the bidirectional authentication module 3 is used for identifying the ID number of the user eSIM card in the user download request and the corresponding pre-registered subscription data, extracting preset information according to the ID number of the user eSIM card to perform bidirectional authentication, and judging whether the subscription data generated by downloading the user eSIM card is allowed or not according to a bidirectional authentication result;
the key agreement module 4 is used for establishing a shared transmission key through a key agreement process if the user eSIM card is allowed to download the generated signing data;
the decryption installation module 5 is used for selecting one subscription data from the generated subscription data to prepare and send the subscription data to the user eSIM card, and the user eSIM card completes decryption and installation and carries out decryption and installation result feedback;
the contract data storage module 6 is used for placing the contract data after decryption and installation in a contract data set of the user eSIM card and keeping the contract data set in an inactivated state;
the activation processing module 7 is used for receiving an activation request for opening new subscription data of a user, confirming whether the policy information in the new subscription data set allows switching, and signing a registration activation request to the user eSIM card if the switching is allowed;
and the remote card-adjusting module 8 is used for acquiring the geographic position of the user eSIM card equipment, detecting the signal quality of mobile networks of different operators at the position of the eSIM card equipment, and matching the optimal operator network to perform eSIM remote card adjustment.
In this embodiment, the subscription description information of the new subscription data generation module 2 includes the number of subscription data, the subscription data requirement, and the available IMSI range; and generating personal information including a secret key and a certificate in the subscription data according to the subscription description information.
In this embodiment, in the key agreement module 4, if the user eSIM card is allowed to download the generated subscription data, the signing data installation request is signed, an empty subscription data file is created, and a shared transmission key is established through a key agreement process after confirmation information is returned.
In this embodiment, in the activation processing module 7, the eSIM card of the user performs local execution policy to confirm registration activation, and if there is a conflict in the local execution policy, the registration activation process is stopped, and if there is no conflict in the local execution policy, subscription data switching is performed, and a subscription data switching result is fed back.
In this embodiment, the system further includes an old subscription data processing module 9, configured to delete the original subscription data in the eSIM card of the user after the subscription data is switched to the result, if the original subscription data is no longer enabled.
For convenience of description, the above devices are described as being divided into various modules by functions, which are described separately. Of course, the functionality of the various modules may be implemented in the same one or more pieces of software and/or hardware in practicing the present disclosure.
The apparatus of the foregoing embodiment is used to implement the corresponding eSIM subscription method in any of the foregoing embodiments, and has the beneficial effects of the corresponding method embodiment, which are not described herein again.
Based on the same inventive concept, corresponding to any of the above-described embodiments, the present disclosure further provides an electronic device, which includes a memory, a processor, and a computer program stored on the memory and executable on the processor, and when the processor executes the program, the eSIM subscription method according to any of the above-described embodiments is implemented.
Fig. 3 is a schematic diagram illustrating a more specific hardware structure of an electronic device according to this embodiment, where the electronic device may include: a processor 1010, a memory 1020, an input/output interface 1030, a communication interface 1040, and a bus 1050. Wherein the processor 1010, memory 1020, input/output interface 1030, and communication interface 1040 are communicatively coupled to each other within the device via bus 1050.
The processor 1010 may be implemented by a general-purpose CPU (Central Processing Unit), a microprocessor, an Application Specific Integrated Circuit (ASIC), or one or more Integrated circuits, and is configured to execute related programs to implement the technical solutions provided in the embodiments of the present disclosure.
The Memory 1020 may be implemented in the form of a ROM (Read Only Memory), a RAM (Random Access Memory), a static Memory device, a dynamic Memory device, or the like. The memory 1020 may store an operating system and other application programs, and when the technical solution provided by the embodiments of the present specification is implemented by software or firmware, the relevant program codes are stored in the memory 1020 and called to be executed by the processor 1010.
The input/output interface 1030 is used for connecting an input/output module to input and output information. The i/o module may be configured as a component in a device (not shown) or may be external to the device to provide a corresponding function. Wherein the input devices may include a keyboard, mouse, touch screen, microphone, various sensors, etc., and the output devices may include a display, speaker, vibrator, indicator light, etc.
The communication interface 1040 is used for connecting a communication module (not shown in the drawings) to implement communication interaction between the present apparatus and other apparatuses. The communication module can realize communication in a wired mode (for example, USB, network cable, etc.), and can also realize communication in a wireless mode (for example, mobile network, WIFI, bluetooth, etc.).
The bus 1050 includes a path to transfer information between various components of the device, such as the processor 1010, memory 1020, input/output interface 1030, and communication interface 1040.
It should be noted that although the above-mentioned device only shows the processor 1010, the memory 1020, the input/output interface 1030, the communication interface 1040 and the bus 1050, in a specific implementation, the device may also include other components necessary for normal operation. In addition, those skilled in the art will appreciate that the above-described apparatus may also include only the components necessary to implement the embodiments of the present disclosure, and need not include all of the components shown in the figures.
The electronic device of the foregoing embodiment is configured to implement the corresponding eSIM subscription method in any one of the foregoing embodiments, and has the beneficial effects of the corresponding method embodiment, which are not described herein again.
Based on the same inventive concept, corresponding to any of the above-described embodiment methods, the present disclosure also provides a non-transitory computer-readable storage medium storing computer instructions for causing the computer to execute the eSIM subscription method according to any of the above embodiments.
Computer-readable media of the present embodiments, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device.
The computer instructions stored in the storage medium of the foregoing embodiment are used to enable the computer to execute the eSIM subscription method according to any one of the foregoing embodiments, and have the beneficial effects of corresponding method embodiments, which are not described herein again.
Those of ordinary skill in the art will understand that: the discussion of any embodiment above is meant to be exemplary only, and is not intended to intimate that the scope of the disclosure, including the claims, is limited to these examples; within the idea of the present disclosure, also technical features in the above embodiments or in different embodiments may be combined, steps may be implemented in any order, and there are many other variations of the different aspects of the embodiments of the present disclosure as described above, which are not provided in detail for the sake of brevity.
In addition, well-known power/ground connections to Integrated Circuit (IC) chips and other components may or may not be shown within the provided figures for simplicity of illustration and discussion, and so as not to obscure the embodiments of the disclosure. Furthermore, devices may be shown in block diagram form in order to avoid obscuring embodiments of the present disclosure, and this also takes into account the fact that specifics with respect to implementation of such block diagram devices are highly dependent upon the platform within which the embodiments of the present disclosure are to be implemented (i.e., specifics should be well within purview of one skilled in the art). Where specific details (e.g., circuits) are set forth in order to describe example embodiments of the disclosure, it should be apparent to one skilled in the art that the embodiments of the disclosure can be practiced without, or with variation of, these specific details. Accordingly, the description is to be regarded as illustrative instead of restrictive.
While the present disclosure has been described in conjunction with specific embodiments thereof, many alternatives, modifications, and variations of these embodiments will be apparent to those of ordinary skill in the art in light of the foregoing description. For example, other memory architectures, such as Dynamic RAM (DRAM), may use the discussed embodiments.
The disclosed embodiments are intended to embrace all such alternatives, modifications and variances which fall within the broad scope of the appended claims. Therefore, any omissions, modifications, equivalents, improvements, and the like that may be made within the spirit and principles of the embodiments of the disclosure are intended to be included within the scope of the disclosure.

Claims (10)

1. An eSIM subscription method, comprising:
pre-registering subscription data pre-stored in the eSIM, wherein the pre-registered subscription data comprises a data category, an application identifier, an identification number, an MSISDN, a data state, a memory to be allocated and a management strategy;
sending a subscription data pre-generation instruction, wherein the pre-generation instruction comprises subscription description information, generating subscription data according to the subscription description information, and storing the generated subscription data for a user to download;
identifying the ID number of the user eSIM card in the user downloading request and the corresponding pre-registered subscription data, extracting preset information according to the ID number of the user eSIM card to perform bidirectional authentication, and judging whether the subscription data generated by downloading the user eSIM card is allowed or not according to a bidirectional authentication result;
if the user eSIM card is allowed to download the generated signing data, establishing a shared transmission key through a key negotiation process, selecting one signing data from the generated signing data for ready transmission to the user eSIM card, completing decryption and installation of the user eSIM card, and feeding back a decryption result and an installation result;
the decrypted and installed signing data are placed in a signing data set of the user eSIM card and are in an inactivated state;
receiving an activation opening request of new subscription data of a user, confirming whether the strategy information in the new subscription data set allows switching, and signing a registration activation request to the user eSIM card if the switching is allowed;
the method comprises the steps of obtaining the geographic position of the user eSIM card equipment, detecting the signal quality of mobile networks of different operators where the eSIM card equipment is located, and matching the optimal operator network to carry out eSIM remote card calling.
2. The method of claim 1, wherein the subscription profile comprises subscription data quantity, subscription data requirements, and available IMSI range; and generating personal information including a secret key and a certificate in the subscription data according to the subscription description information.
3. The eSIM signing method according to claim 1, wherein if the subscriber eSIM card is allowed to download the generated signing data, the request for installing the signing data is signed, an empty signing data file is created, and a shared transmission key is established through a key agreement procedure after confirmation information is returned.
4. The eSIM subscription method of claim 1, wherein the eSIM card of the user performs local execution policy validation registration activation, stops the registration activation process if the local execution policy has a conflict, and performs subscription data switching and feeds back a subscription data switching result if the local execution policy has no conflict.
5. The eSIM signing method of claim 4, wherein after the switching of the subscription data is successful, the original subscription data in the eSIM card of the user is deleted if the original subscription data is no longer enabled.
6. An eSIM signing apparatus, comprising:
the system comprises a pre-registration module, a pre-registration module and a management module, wherein the pre-registration module is used for pre-registering subscription data pre-stored in an eSIM (embedded subscriber identity module), and the pre-registered subscription data comprises a data type, an application identifier, an identification number, an MSISDN (Mobile station identifier), a data state, a memory to be allocated and a management strategy;
the new subscription data generation module is used for sending a subscription data pre-generation instruction, wherein the pre-generation instruction comprises subscription description information, generating subscription data according to the subscription description information, and storing the generated subscription data for a user to download;
the system comprises a bidirectional authentication module, a data processing module and a data processing module, wherein the bidirectional authentication module is used for identifying the ID number of the user eSIM card in a user downloading request and the corresponding pre-registered subscription data, extracting preset information according to the ID number of the user eSIM card to perform bidirectional authentication, and judging whether the user eSIM card is allowed to download the generated subscription data or not according to a bidirectional authentication result;
the key agreement module is used for establishing a shared transmission key through a key agreement process if the user eSIM card is allowed to download the generated signing data;
the decryption installation module is used for selecting one subscription data from the generated subscription data to be sent to the user eSIM card, completing decryption and installation of the user eSIM card, and feeding back a decryption result and an installation result;
the signing data storage module is used for placing the signing data after decryption and installation in a signing data set of the user eSIM card and is in an inactivated state;
the activation processing module is used for receiving an activation request for opening new subscription data of a user, confirming whether the strategy information in the new subscription data set allows switching or not, and signing a registration activation request to the user eSIM card if the switching is allowed;
and the remote card-calling module is used for acquiring the geographic position of the eSIM card equipment of the user, detecting the signal quality of mobile networks of different operators at the position of the eSIM card equipment, and matching the optimal operator network to carry out the eSIM remote card calling.
7. The eSIM subscription device of claim 6, wherein the subscription profile of the new subscription data generation module includes a subscription data quantity, a subscription data requirement, and an available IMSI range; and generating personal information including a secret key and a certificate in the subscription data according to the subscription description information.
8. The eSIM signing device according to claim 6, wherein in the key agreement module, if the user eSIM card is allowed to download the generated signing data, the signing data installation request is signed, an empty signing data file is created, and a shared transmission key is established through a key agreement procedure after confirmation information is returned.
9. The eSIM subscription device of claim 6, wherein, in the activation processing module, the eSIM card of the user performs local execution policy validation registration activation, and stops the registration activation process if the local execution policy has a conflict, and performs subscription data switching and feeds back a subscription data switching result if the local execution policy has no conflict.
10. The eSIM subscription device of claim 9, further comprising an old subscription data processing module, configured to delete original subscription data in the eSIM card of the subscriber if the original subscription data is no longer enabled after switching results of the subscription data.
CN202210880582.1A 2022-07-25 2022-07-25 eSIM signing method and device Pending CN115499821A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210880582.1A CN115499821A (en) 2022-07-25 2022-07-25 eSIM signing method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210880582.1A CN115499821A (en) 2022-07-25 2022-07-25 eSIM signing method and device

Publications (1)

Publication Number Publication Date
CN115499821A true CN115499821A (en) 2022-12-20

Family

ID=84466654

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210880582.1A Pending CN115499821A (en) 2022-07-25 2022-07-25 eSIM signing method and device

Country Status (1)

Country Link
CN (1) CN115499821A (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070271603A1 (en) * 2002-05-10 2007-11-22 Axalto (Beijing) Smart Cards Technology Co., Ltd. Method And System Of Replacing Smart Card
CN108012259A (en) * 2017-12-15 2018-05-08 恒宝股份有限公司 The method and system of the subscription data of switching eSIM cards in real time
CN108235306A (en) * 2016-12-14 2018-06-29 中兴通讯股份有限公司 The number distributing in air method and device of smart card
CN108966208A (en) * 2017-05-19 2018-12-07 中兴通讯股份有限公司 The method for down loading and device of eUICC subscription data
WO2019196616A1 (en) * 2018-04-13 2019-10-17 中兴通讯股份有限公司 Operator profile download method, apparatus, and system
CN111107598A (en) * 2019-12-28 2020-05-05 深圳市嘉创信息技术服务有限公司 Method for automatically switching communication module network operators
CN111148167A (en) * 2019-03-18 2020-05-12 广东小天才科技有限公司 Operator network switching method of wearable device and wearable device
CN113840346A (en) * 2021-11-23 2021-12-24 荣耀终端有限公司 Operator switching method and related equipment

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070271603A1 (en) * 2002-05-10 2007-11-22 Axalto (Beijing) Smart Cards Technology Co., Ltd. Method And System Of Replacing Smart Card
CN108235306A (en) * 2016-12-14 2018-06-29 中兴通讯股份有限公司 The number distributing in air method and device of smart card
CN108966208A (en) * 2017-05-19 2018-12-07 中兴通讯股份有限公司 The method for down loading and device of eUICC subscription data
CN108012259A (en) * 2017-12-15 2018-05-08 恒宝股份有限公司 The method and system of the subscription data of switching eSIM cards in real time
WO2019196616A1 (en) * 2018-04-13 2019-10-17 中兴通讯股份有限公司 Operator profile download method, apparatus, and system
CN111148167A (en) * 2019-03-18 2020-05-12 广东小天才科技有限公司 Operator network switching method of wearable device and wearable device
CN111107598A (en) * 2019-12-28 2020-05-05 深圳市嘉创信息技术服务有限公司 Method for automatically switching communication module network operators
CN113840346A (en) * 2021-11-23 2021-12-24 荣耀终端有限公司 Operator switching method and related equipment

Similar Documents

Publication Publication Date Title
US10387134B2 (en) Method and device for downloading profile of operator
US10999273B2 (en) Method and apparatus for installing profile for eUICC
CN109314855B (en) Method for enabling migration of subscriptions
EP3429243B1 (en) Remote management method and device
US10911939B2 (en) Embedded universal integrated circuit card profile management method and apparatus
EP3337219B1 (en) Carrier configuration processing method, device and system, and computer storage medium
US11282056B2 (en) Method, servers and system for downloading an updated profile
CN111935704B (en) Profile downloading method, device and equipment
CN107623908B (en) Card issuing method and user identification module card
US11838752B2 (en) Method and apparatus for managing a profile of a terminal in a wireless communication system
US20220038894A1 (en) Apparatus and method for ssp device and server to negotiate digital certificates
US11832348B2 (en) Data downloading method, data management method, and terminal
US20240129727A1 (en) Method and apparatus for managing event for smart secure platform
US11012830B2 (en) Automated activation and onboarding of connected devices
CN115499821A (en) eSIM signing method and device
JP6640949B2 (en) Connection information transmitting device, method and program
WO2019229188A1 (en) Subscriber access to wireless networks
KR20140001264A (en) Mobile device sales kiosk and mobile device sales system
US20230078765A1 (en) Method and system for automated secure device registration and provisioning over cellular or wireless network
US20220278985A1 (en) Method and device for transferring bundle between devices
CN114363891B (en) Method capable of migrating subscriptions
CN115175185A (en) RCS identity authentication terminal, system, method, device, equipment and medium
KR20230170020A (en) How to personalize your secure element
CN116097636A (en) Apparatus and method for linking or profile transfer between devices
KR100658917B1 (en) Method for updating data call-related item following otasp in mobile communication terminal

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination