WO2018209986A1 - Method and device for downloading euicc subscription data - Google Patents

Method and device for downloading euicc subscription data Download PDF

Info

Publication number
WO2018209986A1
WO2018209986A1 PCT/CN2018/071950 CN2018071950W WO2018209986A1 WO 2018209986 A1 WO2018209986 A1 WO 2018209986A1 CN 2018071950 W CN2018071950 W CN 2018071950W WO 2018209986 A1 WO2018209986 A1 WO 2018209986A1
Authority
WO
WIPO (PCT)
Prior art keywords
subscription data
euicc
isd
key
service platform
Prior art date
Application number
PCT/CN2018/071950
Other languages
French (fr)
Chinese (zh)
Inventor
吴传喜
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2018209986A1 publication Critical patent/WO2018209986A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/037Protecting confidentiality, e.g. by encryption of the control plane, e.g. signalling traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • H04W8/20Transfer of user or subscriber data
    • H04W8/205Transfer to or from user equipment or user record carrier
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/047Key management, e.g. using generic bootstrapping architecture [GBA] without using a trusted network node as an anchor
    • H04W12/0471Key exchange
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • H04W8/20Transfer of user or subscriber data

Definitions

  • the present disclosure relates to the field of communications, and in particular, to a method and an apparatus for downloading eUICC subscription data.
  • the Internet of Things is called the third wave of the world information industry after the computer and the Internet. It represents the development direction of the next generation of information technology.
  • the United States, the European Union, China and other countries have introduced the development plan of the Internet of Things, and the related technology and industry prospective layout.
  • eUICC embedded Universal Integrated Circuit Card
  • more and more traditional products such as automobiles, smart watches, and monitoring devices are embedded in an embedded Universal Integrated Circuit Card (eUICC, which will be referred to as eUICC for short), that is, the smart card chip is directly soldered.
  • eUICC embedded Universal Integrated Circuit Card
  • eUICC As an authentication tool for IoT terminals to access carrier networks, and as a security carrier for carrying various applications (APP, hereinafter referred to as applications) and data, eUICC has become a key core technology for the development of the Internet of Things.
  • eUICC applied to the Internet of Things business is not only a new UICC card form or user terminal device form, but also an overall system established to support this new form of device, in which eUICC activation, deactivation management, user relationship Management, remote management, business management, and security management are all likely to be essential features in the system. So how to ensure data security is the core issue of eUICC card.
  • the SIM card manufacturer is responsible for the production of operator data and writes the data directly to the SIM card on the production line.
  • the security focus of this model is the security of the production process and the card hardware itself.
  • the GSMA has developed the SAS standard to certify the manufacturer; for the card hardware, the operator generally requires the SIM card to meet the security level of the CC certification standard EAL4+.
  • the telecommunications smart card in the current mobile network adopts a network management area (provincial, prefecture) method according to the place of issue, the place of use, and the use of the card.
  • network management area provincial, prefecture
  • the smart card since the smart card is usually present in the Internet of Things terminal or soldered in the terminal, the place of its issuance and the place of use are difficult to determine when the IoT terminal is produced.
  • eUICC is pre-installed in the terminal device, which does not contain carrier data; after the user starts using the device, it passes the public network.
  • the profile data is downloaded and installed in the eUICC by writing in the air. Due to the need to transmit over the public network, eUICC's security concerns are more important than the manufacturing process and eUICC security. The more important is the security of the data download process, although various technical means are defined for the exclusion of the relevant standards. Security threats, but according to the current situation, there are still many problems.
  • a certificate security domain, an issuer security domain root (ISD-R), and an issuer security domain profile (ISS-P) are established on the e_UICC card.
  • Personalized data When an ISD-P is contracted with an operator MNO (Mobile Network Operator), ISD-P, MNO, and SM-DP+ establish their correspondence. At this stage, there are great security risks in the management of ISD-P.
  • MNO Mobile Network Operator
  • the embodiment of the present disclosure provides a method and an apparatus for downloading eUICC subscription data, so as to at least solve the technical problem that the management of the ISD-P in the related art has a large security risk.
  • a method for downloading eUICC subscription data including: receiving a download request of an operator after the network service platform completes subscription data preparation; and determining, by the download request, that the Whether the eUICC meets the download condition of the subscription data; if the download condition is met, the request for instructing to install the issuer security information domain ISD-P is sent to the discovery server DS, wherein the ISD-P corresponds to the subscription data .
  • the subscription data preparation is completed by the network service platform: generating, according to the operator's instruction, the following information to be scheduled to generate subscription information in the subscription data: the number of subscription data, the subscription data requirement, and the available international mobile subscriber identity ( The International Mobile Subscriber Identification (IMSI) scope is stored; the subscription data is stored in the network service platform.
  • IMSI International Mobile Subscriber Identification
  • determining whether the eUICC meets the downloading condition of the subscription data comprises: the network service platform performs bidirectional authentication with the registered discovery server DS; after the authentication is passed, the receiving the DS is sent according to the ID number of the user equipment card. And eUICC card preset information; confirming, according to the eUICC card preset information, whether the eUICC meets a download condition for downloading the subscription data.
  • the method further includes: receiving confirmation information of the DS, wherein the confirmation information is used to indicate that the DS agrees to install the ISD.
  • -P request and establish an empty ISD-P ; establish a shared channel for transporting the key through the key negotiation process with the empty ISD-P, and select a corresponding to the download request from the preset subscription data
  • the contract data is sent to eUICC.
  • the method further includes: using the key negotiated with the ISD-P to subscribe to the subscription data.
  • the personal subscription data in the encryption is encrypted.
  • the method further includes: establishing a secure transmission channel to the DS request; The channel transmits the encrypted personal subscription data to the ISD-P on the eUICC.
  • the method further includes: receiving an installation result of the ISD-P feedback, where The installation result is generated by the ISD-P decrypting and installing the personal subscription data using the key.
  • the method further includes: sending the installation result to the DS, and instructing the DS to update the database, and installing the completed ISD
  • the subscription data corresponding to -P is set to an inactive state.
  • the method further includes: receiving a request for applying for opening the subscription data; and activating the subscription data according to a preset policy of the DS.
  • the method further includes deleting the subscription data when the operator determines that the subscription data is no longer enabled.
  • the following entities are configured with digital certificates of the same root: the network service platform, the DS, the eUICC, and the manufacturer of the eUICC.
  • the digital certificate supports an undo mechanism.
  • the child node of the root key of the digital certificate includes: a private key of the eUICC manufacturer, a private key of the network service platform, a private key of the DS, and a grandchild node of the root key Including: the private key of the eUICC.
  • any two entities are: the communication mechanism between the network service platform, the DS, the eUICC, and the server of the operator includes: performing two-way authentication of the identity and confirming that the identity is correct before performing communication .
  • the communication mechanism further includes: the requesting party authenticates the requested party, the requesting party checks the public key certificate of the requested party; and the requesting party checks the public key certificate of the requested party;
  • the requesting party includes at least one of the following: the network service platform, the DS, the eUICC, the server of the operator;
  • the requested party includes at least one of the following: the network service platform, the DS, The eUICC, the server of the operator.
  • the communication mechanism further includes: after the communication parties negotiate a set of the minimum public secret tools, perform end-to-end authentication.
  • the end-to-end authentication uses a forward security mechanism.
  • the subscription data corresponds to an AES random key
  • the AES random key is used to encrypt the subscription data
  • the method further includes: before the downloading the subscription data, negotiating with the eUICC to generate a first session key for encrypting the AES random key, when downloading the subscription data, The eUICC negotiation generates a second session key for encrypting the subscription data.
  • the network service platform includes: an enhanced user management data preparation SM-DP+.
  • a device for downloading eUICC subscription data which is applied to a network service platform, and includes: a receiving module, configured to receive an operator download after the network service platform completes subscription data preparation. a requesting, determining, configured to determine, according to the triggering of the download request, whether the eUICC meets a download condition of the subscription data; and the indicating module, configured to send to the discovery server DS, if the download condition is met A request to install an issuer security information domain ISD-P, wherein the ISD-P corresponds to the subscription data.
  • a storage medium is also provided.
  • the storage medium is arranged to store program code for performing the following steps when executed by the processor:
  • a request for instructing installation of the issuer security information domain ISD-P is sent to the discovery server DS, wherein the ISD-P corresponds to the subscription data.
  • an apparatus comprising a processor and a memory storing the processor-executable instructions that, when executed by the processor, perform the method as described above.
  • the download request of the operator is received; under the trigger of the download request, it is determined whether the eUICC meets the download condition of the subscription data; and if the download condition is met, the discovery server DS Sending a request for instructing to install the issuer security information domain ISD-P, wherein the ISD-P corresponds to the subscription data, and the management of the ISD-P in the related technology is solved by providing security management of the issuer security information domain.
  • FIG. 1 is a schematic diagram of a network architecture according to an embodiment of the present disclosure
  • FIG. 2 is a flowchart of a method of downloading eUICC subscription data according to an embodiment of the present disclosure
  • FIG. 3 is a structural block diagram of an apparatus for downloading eUICC subscription data according to an embodiment of the present disclosure
  • FIG. 4 is a schematic diagram of process management of an eUICC issuer security information domain according to an embodiment of the present disclosure
  • FIG. 5 is a flowchart of an eUICC issuer security information domain management process according to an embodiment of the present disclosure
  • FIG. 6 is a schematic diagram of a certificate link in an embodiment of the present disclosure.
  • FIG. 1 is a schematic diagram of a network architecture according to an embodiment of the present disclosure.
  • the network architecture describes a technical system including a management platform, a terminal, an eUICC, and related supporting facilities, and participates in the network architecture.
  • the various roles of the system including:
  • eUICC embedded UICC
  • the hardware carrier of the profile Compared with the traditional UICC card, the software/hardware structure is more complicated and can dynamically load carrier data. Multiple profiles belonging to different operators can be loaded (stored) on the same eUICC at the same time, but only one can be in use (active state) at the same time.
  • SM-DP+ A network service platform responsible for producing, storing, and providing profiles. SM-DP+ requires the necessary software/hardware capabilities to ensure the security of the profile.
  • Terminal An entity that needs to access a mobile network.
  • the eUICC is preset in the terminal, and the terminal is also responsible for downloading the profile from the SM-DP+ and writing it to the eUICC.
  • the terminal is operated by the user.
  • Discovery Server DS Assists the terminal in addressing the SM-DP+.
  • Certificate Issuer CA A standard PKI certificate authority that issues trusted digital certificates to parties within the system.
  • FIG. 2 is a flowchart of a method for downloading eUICC subscription data according to an embodiment of the present disclosure. As shown in FIG. 2, the process includes The following steps:
  • Step S202 after the network service platform completes the subscription data preparation, receiving the download request of the operator;
  • Step S204 under the trigger of the download request, determine whether the eUICC meets the download condition of the subscription data
  • Step S206 if the download condition is met, a request for instructing to install the issuer security information domain ISD-P is sent to the discovery server DS, wherein the ISD-P corresponds to the subscription data.
  • the network service platform After the completion of the subscription data preparation by the network service platform, the network service platform receives the download request of the operator; under the trigger of the download request, determines whether the eUICC meets the download condition of the subscription data; and if the download condition is met, the discovery server DS Sending a request for instructing to install the issuer security information domain ISD-P, wherein the ISD-P corresponds to the subscription data, and the management of the ISD-P in the related technology is solved by providing security management of the issuer security information domain.
  • the execution entity of the foregoing step may be a network service platform, and the network service platform includes: SIM Manager-Data Preparation+ (SM-DP+ for short), but is not limited thereto.
  • SIM Manager-Data Preparation+ SM-DP+ for short
  • the subscription data preparation is completed by the network service platform: generating the subscription information in the subscription data by using the following information to be scheduled according to the instruction of the operator: the number of subscription data, the subscription data requirement The available IMSI range; the subscription data is stored in the network service platform.
  • determining whether the eUICC meets the downloading condition of the subscription data includes:
  • the network service platform performs two-way authentication with the registered discovery server DS.
  • the solution of the embodiment may further include the following steps:
  • S21 Receive confirmation information of the DS, where the confirmation information is used to identify that the DS agrees to install the ISD-P request and establish an empty ISD-P;
  • S23 Encrypt the personal subscription data in the subscription data by using a key negotiated with the ISD-P.
  • S26 Receive an installation result of the ISD-P feedback, where the installation result is generated by decrypting and installing the personal subscription data by using the ISD-P key.
  • S27 Send the installation result to the DS, and instruct the DS to update the database, and set the subscription data corresponding to the installed ISD-P to an inactive state.
  • the method further includes:
  • the method further includes:
  • the following entities are all configured with digital certificates of the same root: network service platform, DS, eUICC, and manufacturer of eUICC.
  • the digital certificate supports the revocation mechanism.
  • the digital certificate conforms to the tree structure of the binary tree
  • the child nodes of the root key include: a private key of the eUICC manufacturer, a private key of the network service platform, a private key of the DS, and a grandchild node of the root key includes:
  • the private key of the eUICC, the private key of the eUICC is a child of the private key of the eUICC manufacturer.
  • any two entities below: the communication mechanism between the network service platform, the DS, the eUICC, and the server of the operator include: performing two-way authentication of the identity and confirming that the identity is correct before performing communication.
  • the communication mechanism further includes: the requesting party authenticates the requested party, the requesting party checks the public key certificate of the requested party; and the requesting party checks the public key certificate of the requested party; wherein the requesting party includes the following At least one of: a network service platform, a DS, an eUICC, an operator's server; the requested party includes at least one of the following: a network service platform, a DS, an eUICC, and an operator's server.
  • the communication mechanism also includes: the communication parties perform end-to-end authentication after negotiating a set of the minimum public secret tools. End-to-end authentication uses forward security mechanisms.
  • the subscription data corresponds to an AES random key
  • the AES random key is used to encrypt the subscription data
  • the optional implementation manner of this embodiment further includes: before the downloading the subscription data, negotiating with the eUICC to generate a first session key for encrypting the AES random key, when downloading the subscription data, The eUICC negotiation generates a second session key for encrypting the subscription data.
  • a device for downloading the eUICC subscription data is provided, and the device is used to implement the foregoing embodiments and preferred embodiments, and details are not described herein.
  • the term "module” may implement a combination of software and/or hardware of a predetermined function.
  • the apparatus described in the following embodiments is preferably implemented in software, hardware, or a combination of software and hardware, is also possible and contemplated.
  • FIG. 3 is a structural block diagram of an apparatus for downloading eUICC subscription data according to an embodiment of the present disclosure, which is applied to a network service platform, which may be an enhanced user management data preparation SM-DP+, as shown in FIG. include:
  • the receiving module 30 is configured to receive a download request of the operator after the network service platform completes the subscription data preparation;
  • the determining module 32 is configured to determine, according to a trigger of the download request, whether the eUICC meets the download condition of the subscription data;
  • the indication module 34 is configured to send a request for instructing to install the issuer security information domain ISD-P to the discovery server DS, wherein the ISD-P corresponds to the subscription data, if the download condition is met.
  • the receiving module completes the subscription data preparation by using the network service platform in the following manner: according to the instruction of the operator, generating the subscription information in the subscription data by the following information to be scheduled: the number of the contracted data, the contract data request, and the available international mobile user identification Code IMSI range; store the subscription data in the network service platform.
  • the determining, by the determining module, whether the eUICC meets the downloading condition of the subscription data includes: performing bidirectional authentication with the registered discovery server DS; and after receiving the authentication, receiving the eUICC card preset information sent by the DS according to the ID number of the user equipment card. According to the eUICC card preset information, it is confirmed whether the eUICC meets the download condition of downloading the subscription data.
  • the apparatus of this embodiment further includes: a second receiving module, configured to: after the indication module sends a request for instructing to install the ISD-P to the discovery server DS, receive the confirmation information of the DS, where the confirmation information is used for Characterizing that the DS agrees to install the ISD-P request and establishes an empty ISD-P; the transmitting module is configured to establish a shared channel for transporting the key through the key negotiation process with the empty ISD-P, and from the preset subscription data The subscription data corresponding to the download request is selected and sent to the eUICC.
  • a second receiving module configured to: after the indication module sends a request for instructing to install the ISD-P to the discovery server DS, receive the confirmation information of the DS, where the confirmation information is used for Characterizing that the DS agrees to install the ISD-P request and establishes an empty ISD-P; the transmitting module is configured to establish a shared channel for transporting the key through the key negotiation process with the empty ISD-P, and from
  • the apparatus in this embodiment further includes: an encryption module, configured to use the secret negotiated with the ISD-P after the transport module and the empty ISD-P establish a shared channel for transporting the key through a key negotiation process.
  • the key encrypts the personal subscription data in the subscription data.
  • the apparatus of this embodiment further includes: an application module, configured to: after the encryption module uses the key negotiated with the ISD-P to encrypt the subscription information in the subscription data, apply to the DS to establish a secure transmission channel; and send the module. And for transmitting the encrypted personal subscription data to the ISD-P on the eUICC through the secure transmission channel.
  • an application module configured to: after the encryption module uses the key negotiated with the ISD-P to encrypt the subscription information in the subscription data, apply to the DS to establish a secure transmission channel; and send the module. And for transmitting the encrypted personal subscription data to the ISD-P on the eUICC through the secure transmission channel.
  • the apparatus of this embodiment further includes: a second receiving module, configured to: after the sending module sends the encrypted personal subscription data to the ISD-P on the eUICC through the secure transmission channel, receive the installation of the ISD-P feedback As a result, the installation result is generated by the ISD-P using the key to decrypt and install the personal subscription data.
  • a second receiving module configured to: after the sending module sends the encrypted personal subscription data to the ISD-P on the eUICC through the secure transmission channel, receive the installation of the ISD-P feedback As a result, the installation result is generated by the ISD-P using the key to decrypt and install the personal subscription data.
  • the apparatus of this embodiment further includes: a second indication module, configured to send the installation result to the DS after receiving the installation result of the ISD-P feedback, and instruct the DS to update the database, and the installation is completed.
  • the subscription data corresponding to the ISD-P is set to an inactive state.
  • the apparatus of this embodiment further includes: a third receiving module, configured to: after sending the installation result to the DS, receive a request for applying for opening subscription data; and an activation module, configured to activate according to a preset policy of the DS Signing data.
  • a third receiving module configured to: after sending the installation result to the DS, receive a request for applying for opening subscription data
  • an activation module configured to activate according to a preset policy of the DS Signing data.
  • the apparatus of this embodiment further includes: after the installation result is sent to the DS, the deleting module is configured to delete the subscription data when the operator determines that the subscription data is no longer enabled.
  • the following entities are all configured with digital certificates of the same root: network service platform, DS, eUICC, and manufacturer of eUICC.
  • the digital certificate supports the revocation mechanism.
  • the child node of the root key of the digital certificate includes: a private key of the eUICC manufacturer, a private key of the network service platform, a private key of the DS, and a grandchild node of the root key includes: a private key of the eUICC.
  • any two entities below: the communication mechanism between the network service platform, the DS, the eUICC, and the server of the operator include: performing two-way authentication of the identity and confirming that the identity is correct before performing communication.
  • the communication mechanism further includes: the requesting party authenticates the requested party, the requesting party checks the public key certificate of the requested party; and the requesting party checks the public key certificate of the requested party; wherein, the requesting party
  • the server includes at least one of the following: a network service platform, a DS, an eUICC, and an operator's server; the requested party includes at least one of the following: a network service platform, a DS, an eUICC, and an operator's server.
  • the communication mechanism further includes: after the communication parties negotiate a set of the minimum public secret tools, perform end-to-end authentication, and the end-to-end authentication adopts a forward security mechanism.
  • the subscription data corresponds to an AES random key
  • the AES random key is used to encrypt the subscription data
  • the first session key for encrypting the AES random key is generated in negotiation with the eUICC, and when the subscription data is downloaded, the eUICC is negotiated to generate the encryption for the subscription data.
  • the second session key is generated in negotiation with the eUICC, and when the subscription data is downloaded, the eUICC is negotiated to generate the encryption for the subscription data. The second session key.
  • each of the above modules may be implemented by software or hardware.
  • the foregoing may be implemented by, but not limited to, the foregoing modules are all located in the same processor; or, the above modules are in any combination.
  • the forms are located in different processors.
  • the eUICC card of this embodiment is a smart card with an operating system, and internally includes a certificate security domain, a publisher security root domain, and a plurality of issuer security information domains.
  • the certificate security domain stores the private key, the related certificate, the root public key of the CI, and the key group used for certificate replacement, and the security level is high; the issuer security root domain is responsible for executing the platform management instruction sent by the discovery server DS.
  • the issuer security information domain represents a contract data of the operator, including the file system, network access application, control authorization security domain, supplementary security domain, policy rules, and carrier security domain.
  • FIG. 4 is a schematic diagram of process management of an eUICC issuer security information domain according to an embodiment of the present disclosure.
  • the method corresponding to the eUICC card control method includes the following steps:
  • the subscription data is stored in the SM-DP+, and after receiving the download request from the operator, if the download condition is met (SM-DP+ and the registered discovery server DS perform two-way authentication, after the authentication is passed, the server is found.
  • the DS extracts the UICC card preset information (EIS, eUICC Information Set, eUICC card information set) according to the ID number of the user equipment card, and sends it to the SM-DP+ to confirm whether the eUICC is suitable for downloading the subscription data.
  • DP+ sends a signature to the discovery server DS to install a new ISD-P request.
  • the ISD-R in the server DS and the eUICC is found to start the authentication process. If the authentication is passed, an empty ISD-P is established, and the confirmation information is returned to the SM-DP+.
  • the SM-DP+ establishes a share with the newly established ISD-P through a key agreement process to transmit a key, and selects a qualified preparation from the newly generated subscription data to send to the eUICC.
  • the SM-DP+ encrypts the personal subscription data using the key negotiated with the ISD-P.
  • the SM-DP+ Before transmitting the foregoing contract data, the SM-DP+ first applies to the discovery server DS to establish a secure transport channel, and sends the encrypted personal subscription data to the ISD-P on the eUICC through the secure transport channel.
  • the ISD-P After receiving the data, the ISD-P decrypts and installs the data using the key described above, and returns the installation result and status to the SM-DP+.
  • the SM-DP+ sends the installation result and status of the ISD-P to the discovery server DS, and the server DS updates the database, stores the new subscription data in the eUICC subscription data set (EIS), and sets the new one.
  • the contract data (newly installed ISD-P) is inactive.
  • the operator after receiving the new subscription data from the user (or the operator), the operator sends a new subscription data activation request to the discovery server DS, and the discovery server DS confirms whether the rule information in the new subscription data set is allowed to be switched. If allowed, sign a registration activation request to the ISD-R of the eUICC, the eUICC continues to confirm the local execution rules; if there is a conflict, the ISD-R stops the process and informs the discovery server DS; if there is no conflict, the ISD-R The contract data is switched, and the handover result is sent to the discovery server DS, and the server DS is notified to notify the operator of the handover result.
  • the operator deactivates the original subscription data through the discovery server DS, and the process also uses the confirmation of the two rule information before performing the operation. (deactivation process)
  • the deletion of the subscription data in the eUICC card may be performed. (Delete the process to write another sovereign)
  • the components in the system, the SM-DP+, the discovery server DS, the card manufacturer, and the eUICC need to be configured with the same digital certificate for signature authentication and key agreement, and the digital certificate needs to support the revocation mechanism.
  • FIG. 5 is a flowchart of the eUICC issuer security information domain management process of the embodiment of the present disclosure.
  • FIG. 6 is a schematic diagram of a certificate link according to an embodiment of the present disclosure; illustrating a relationship between certificates at various levels.
  • the communication between the SM-DP+, the discovery server DS, the eUICC, and any two entities of the operator first performs mutual authentication of the identity, and then confirms that the identity is correct, and then the communication is performed.
  • the premise of the authentication is that the two parties have the same root certificate. The authentication steps are as follows.
  • the requesting party authenticates the requested party, and the requesting party checks the public key certificate of the requested party; the requesting party checks the public key certificate of the requested party; optionally, the requesting party may be the SM-DP+, the discovery server DS , eUICC, operator; the requested party can be SM-DP+, discovery server DS, eUICC, carrier;
  • the following steps are performed before the communication between the SM-DP+, the discovery server DS, the eUICC, and any two entities of the operator;
  • the communication parties negotiate a set of minimum public secret tools, and then perform end-to-end authentication.
  • the end-to-end authentication uses forward security mechanism Forward Secrecy.
  • an AES random key is generated at the same time, and the profile encryption is encrypted by using the random key; before downloading, the SM-DP+ and the eUICC first negotiate to generate a session key, and the session key is only used for encryption.
  • the above-mentioned random key when downloading the profile, the SM-DP+ negotiates with the eUICC to generate a session key, and uses the session key to encrypt the profile to ensure the security of the profile data.
  • an eUICC management method is provided, that is, the security management of the issuer security information domain is provided, thereby improving the system. safety.
  • Embodiments of the present disclosure also provide a storage medium.
  • the foregoing storage medium may be configured to store program code for performing the following steps:
  • a request for instructing to install the issuer security information domain ISD-P is sent to the discovery server DS, wherein the ISD-P corresponds to the subscription data.
  • the foregoing storage medium may include, but is not limited to, a USB flash drive, a Read-Only Memory (ROM), a Random Access Memory (RAM), a mobile hard disk, and a magnetic memory.
  • ROM Read-Only Memory
  • RAM Random Access Memory
  • a mobile hard disk e.g., a hard disk
  • magnetic memory e.g., a hard disk
  • the processor performs a download request of the operator after the network service platform completes the subscription data preparation;
  • the processor executes, according to the stored program code in the storage medium, whether the eUICC meets the download condition of the subscription data, triggered by the download request;
  • the processor executes, according to the stored program code in the storage medium, a request for instructing to install the issuer security information domain ISD-P to the discovery server DS, if the download condition is met, Among them, ISD-P corresponds to the contract data.
  • modules or steps of the present disclosure described above can be implemented by a general-purpose computing device that can be centralized on a single computing device or distributed across a network of multiple computing devices. Alternatively, they may be implemented by program code executable by the computing device such that they may be stored in the storage device by the computing device and, in some cases, may be different from the order herein.
  • the steps shown or described are performed, or they are separately fabricated into individual integrated circuit modules, or a plurality of modules or steps thereof are fabricated as a single integrated circuit module. As such, the disclosure is not limited to any specific combination of hardware and software.
  • the method and device for downloading eUICC subscription data according to an embodiment of the present disclosure, after the network service platform completes the subscription data preparation, receives the download request of the operator; and, under the trigger of the download request, determines whether the eUICC meets the download condition of the subscription data; When the download condition is met, a request for instructing installation of the issuer security information domain ISD-P is sent to the discovery server DS, wherein the ISD-P corresponds to the subscription data.
  • the downloading method and device solve the technical problem that the management of the ISD-P has a large security risk in the related technology by providing security management of the issuer security information domain, thereby improving the security of the system.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The present disclosure provides a method and a device for downloading eUICC subscription data. Said method comprises: receiving, after finishing subscription data reparation on a network service platform, a download request of an operator; triggered by the download request, determining whether the eUICC satisfies a condition for downloading subscription data; if the download condition is satisfied, sending to a discovery server (DS) a request for instructing the installation of an issuer security information domain (ISD-P), the ISD-P corresponding to the subscription data. The present disclosure solves the technical problem of great potential security risks in ISD-P management in the related art.

Description

eUICC签约数据的下载方法及装置Method and device for downloading eUICC subscription data
相关申请的交叉引用Cross-reference to related applications
本申请要求于2017年05月19日递交的中国专利申请第201710362982.2号的优先权,在此全文引用上述中国专利申请公开的内容以作为本申请的一部分。The present application claims priority to Chinese Patent Application No. 201710362982.2 filed on May 19, 2017, the entire disclosure of which is hereby incorporated by reference.
技术领域Technical field
本公开涉及通信领域,具体而言,涉及一种eUICC签约数据的下载方法及装置。The present disclosure relates to the field of communications, and in particular, to a method and an apparatus for downloading eUICC subscription data.
背景技术Background technique
物联网被称为继计算机、互联网之后,世界信息产业的第三次浪潮,代表了下一代信息技术发展方向,美国、欧盟、中国等国纷纷出台物联网发展规划,进行相关技术和产业前瞻布局。随着物联网技术的普及,越来越多传统商品如汽车、智能表具、监控设备等被嵌入一种嵌入式智能卡(embedded Universal Integrated Circuit Card,eUICC,以下将eUICC简称智能卡),即将智能卡芯片直接焊接在终端的电路板或直接封装如通信模块,成为物联网终端。The Internet of Things is called the third wave of the world information industry after the computer and the Internet. It represents the development direction of the next generation of information technology. The United States, the European Union, China and other countries have introduced the development plan of the Internet of Things, and the related technology and industry prospective layout. . With the popularization of the Internet of Things technology, more and more traditional products such as automobiles, smart watches, and monitoring devices are embedded in an embedded Universal Integrated Circuit Card (eUICC, which will be referred to as eUICC for short), that is, the smart card chip is directly soldered. On the terminal's circuit board or directly packaged as a communication module, it becomes an IoT terminal.
eUICC作为物联网终端接入运营商网络的鉴权工具,以及承载各种应用程序(APP,以下简称应用)、数据的安全载体,已经成为物联网发展的关键核心技术。应用于物联网业务的eUICC已不仅仅是一种新的UICC卡形态或用户终端设备形态,还包括为支持这种新形态设备而建立的整体系统,其中eUICC的激活、去激活管理、用户关系管理、远程管理、业务管理和安全管理可能都将是该系统中必不可少的功能。因此如何保证数据安全是eUICC卡的核心问题。传统模式中,SIM卡制造商负责运营商数据的生产,在生产线上将数据直接写入SIM卡。这一模式的安全关注点在于生产环节和卡硬件本身的安全性。对于生产环节,GSMA制定了SAS标准对生产商进行认证;对于卡硬件,运营商普遍要求SIM卡达到CC认证标准EAL4+以上的安全级别。As an authentication tool for IoT terminals to access carrier networks, and as a security carrier for carrying various applications (APP, hereinafter referred to as applications) and data, eUICC has become a key core technology for the development of the Internet of Things. eUICC applied to the Internet of Things business is not only a new UICC card form or user terminal device form, but also an overall system established to support this new form of device, in which eUICC activation, deactivation management, user relationship Management, remote management, business management, and security management are all likely to be essential features in the system. So how to ensure data security is the core issue of eUICC card. In the traditional mode, the SIM card manufacturer is responsible for the production of operator data and writes the data directly to the SIM card on the production line. The security focus of this model is the security of the production process and the card hardware itself. For the production process, the GSMA has developed the SAS standard to certify the manufacturer; for the card hardware, the operator generally requires the SIM card to meet the security level of the CC certification standard EAL4+.
此外,当前移动网络中电信智能卡根据发行地、使用地以及卡片用途不同,发行采用网络管理区域(省、地市)方法。但在物联网应用场景下,由于智能卡通常存在于物联网终端中或者焊接在终端中,其发行地及使用地很难在物联网终端生产时确定。在此种应用场景下,需考虑物联网智能卡的首次使用时激活、激活后更换运营配置等业务。因此,物联网业务对智能卡管理提出的新的需求,同时由于eUICC的使用流程与传统UICC卡使 用流程发生了较大的改变。传统UICC卡在发行前需要经过生产、选择运营商、定制、发行、激活、使用、终止等环节。因此,eUICC的核心思想在于将卡硬件eUICC的生产与运营商数据(Profile)的生产制造进行分离:eUICC预先置入终端设备,其中不包含运营商数据;用户在开始使用设备后,通过公网以空中写号方式将Profile数据下载,安装到eUICC中。由于需要经过公网传输,eUICC的安全关注点除生产制造环节和eUICC安全性之外,更为重要的是数据下载过程的安全,尽管相关标准中中为此定义了多种技术手段用于排除安全威胁,但是据目前情况看,仍然存在很多问题。In addition, the telecommunications smart card in the current mobile network adopts a network management area (provincial, prefecture) method according to the place of issue, the place of use, and the use of the card. However, in the application scenario of the Internet of Things, since the smart card is usually present in the Internet of Things terminal or soldered in the terminal, the place of its issuance and the place of use are difficult to determine when the IoT terminal is produced. In this application scenario, you need to consider services such as activation, activation, and replacement of operational configurations when the IoT smart card is used for the first time. Therefore, the new requirements of the IoT service for smart card management have been greatly changed due to the eUICC usage process and the traditional UICC card usage process. Traditional UICC cards need to be produced, selected, customized, distributed, activated, used, terminated, etc. before release. Therefore, the core idea of eUICC is to separate the production of card hardware eUICC from the production of operator data: eUICC is pre-installed in the terminal device, which does not contain carrier data; after the user starts using the device, it passes the public network. The profile data is downloaded and installed in the eUICC by writing in the air. Due to the need to transmit over the public network, eUICC's security concerns are more important than the manufacturing process and eUICC security. The more important is the security of the data download process, although various technical means are defined for the exclusion of the relevant standards. Security threats, but according to the current situation, there are still many problems.
在本公开的相关技术中,e_UICC卡上建立有证书安全域、发行者安全根域(Issuer Security Domain Root简称ISD-R)、发行者安全信息域(Issuer Security Domain Profile,简称为ISD-P)等多级安全域,其中ISD-P可以有多个;多个ISD-P域是相互隔离的,每个ISD-P包含了运营商文件系统、网络接入应用、补充安全域、策略控制规则等个人化数据。当一个ISD-P与一个运营商MNO(Mobile Network Operator,移动网络运营商)签约后,ISD-P、MNO、SM-DP+就建立了它们之间的对应关系。现阶段,对ISD-P的管理存在有很大的安全隐患。In the related art of the present disclosure, a certificate security domain, an issuer security domain root (ISD-R), and an issuer security domain profile (ISS-P) are established on the e_UICC card. A multi-level security domain, in which multiple ISD-Ps can exist; multiple ISD-P domains are isolated from each other, and each ISD-P includes a carrier file system, a network access application, a supplementary security domain, and a policy control rule. Personalized data. When an ISD-P is contracted with an operator MNO (Mobile Network Operator), ISD-P, MNO, and SM-DP+ establish their correspondence. At this stage, there are great security risks in the management of ISD-P.
针对相关技术中存在的上述问题,目前尚未发现有效的解决方案。In view of the above problems in the related art, no effective solution has been found yet.
发明内容Summary of the invention
本公开实施例提供了一种eUICC签约数据的下载方法及装置,以至少解决相关技术中对ISD-P的管理存在安全隐患较大的技术问题。The embodiment of the present disclosure provides a method and an apparatus for downloading eUICC subscription data, so as to at least solve the technical problem that the management of the ISD-P in the related art has a large security risk.
根据本公开的一个实施例,提供了一种eUICC签约数据的下载方法,包括:在网络服务平台完成签约数据准备后,接收运营商的下载请求;在所述下载请求的触发下,判断所述eUICC是否符合签约数据的下载条件;在符合所述下载条件的情况下,向发现服务器DS发送用于指示安装发行者安全信息域ISD-P的请求,其中,ISD-P与所述签约数据对应。According to an embodiment of the present disclosure, a method for downloading eUICC subscription data is provided, including: receiving a download request of an operator after the network service platform completes subscription data preparation; and determining, by the download request, that the Whether the eUICC meets the download condition of the subscription data; if the download condition is met, the request for instructing to install the issuer security information domain ISD-P is sent to the discovery server DS, wherein the ISD-P corresponds to the subscription data .
可选地,通过以下方式网络服务平台完成签约数据准备:根据运营商的指令,将待预定的以下信息生成签约数据中的签约信息:签约数据数量、签约数据要求、可用国际移动用户识别码(International Mobile Subscriber Identification,简称为IMSI)范围;将所述签约数据存储在所述网络服务平台中。Optionally, the subscription data preparation is completed by the network service platform: generating, according to the operator's instruction, the following information to be scheduled to generate subscription information in the subscription data: the number of subscription data, the subscription data requirement, and the available international mobile subscriber identity ( The International Mobile Subscriber Identification (IMSI) scope is stored; the subscription data is stored in the network service platform.
可选地,判断所述eUICC是否符合签约数据的下载条件包括:网络服务平台与注册的发现服务器DS进行双向鉴权;在鉴权通过后,接收所述DS依据用户设备卡的ID号发送的eUICC卡预设信息;依据所述eUICC卡预设信息确认所述eUICC是否符合下载所述签约数据的下载条件。Optionally, determining whether the eUICC meets the downloading condition of the subscription data comprises: the network service platform performs bidirectional authentication with the registered discovery server DS; after the authentication is passed, the receiving the DS is sent according to the ID number of the user equipment card. And eUICC card preset information; confirming, according to the eUICC card preset information, whether the eUICC meets a download condition for downloading the subscription data.
可选地,在向发现服务器DS发送用于指示安装ISD-P的请求之后,所述方法还包括: 接收所述DS的确认信息,其中,所述确认信息用于表征所述DS同意安装ISD-P的请求并建立空的ISD-P;与所述空的ISD-P通过密钥协商流程建立用于传输密钥的共享信道,并从预设的签约数据中选择与所述下载请求对应的签约数据发送给eUICC。Optionally, after the request for instructing to install the ISD-P is sent to the discovery server DS, the method further includes: receiving confirmation information of the DS, wherein the confirmation information is used to indicate that the DS agrees to install the ISD. -P request and establish an empty ISD-P; establish a shared channel for transporting the key through the key negotiation process with the empty ISD-P, and select a corresponding to the download request from the preset subscription data The contract data is sent to eUICC.
可选地,与所述空的ISD-P通过密钥协商流程建立用于传输密钥的共享信道之后,所述方法还包括:使用与所述ISD-P协商的密钥对所述签约数据中的个人签约数据进行加密。Optionally, after the shared ISD-P establishes a shared channel for transporting a key by using a key negotiation process, the method further includes: using the key negotiated with the ISD-P to subscribe to the subscription data. The personal subscription data in the encryption is encrypted.
可选地,在使用与所述ISD-P协商的密钥对所述签约数据中的签约信息进行加密之后,所述方法还包括:向所述DS申请建立安全传输信道;通过所述安全传输信道将加密后的个人签约数据发送给所述eUICC上的ISD-P。Optionally, after encrypting the subscription information in the subscription data by using a key negotiated with the ISD-P, the method further includes: establishing a secure transmission channel to the DS request; The channel transmits the encrypted personal subscription data to the ISD-P on the eUICC.
可选地,在通过所述安全传输信道将加密后的个人签约数据发送给所述eUICC上的ISD-P之后,所述方法还包括:接收所述ISD-P反馈的安装结果,其中,所述安装结果是所述ISD-P使用所述密钥对所述个人签约数据进行解密和安装后生成的。Optionally, after the encrypted personal subscription data is sent to the ISD-P on the eUICC through the secure transmission channel, the method further includes: receiving an installation result of the ISD-P feedback, where The installation result is generated by the ISD-P decrypting and installing the personal subscription data using the key.
可选地,在接收所述ISD-P反馈的安装结果之后,所述方法还包括:将所述安装结果发送给所述DS,并指示所述DS对数据库进行更新,将与安装完成的ISD-P对应的所述签约数据设置为未激活状态。Optionally, after receiving the installation result of the ISD-P feedback, the method further includes: sending the installation result to the DS, and instructing the DS to update the database, and installing the completed ISD The subscription data corresponding to -P is set to an inactive state.
可选地,在将所述安装结果发送给所述DS之后,所述方法还包括:接收用于申请开通所述签约数据的请求;根据所述DS的预设策略激活所述签约数据。Optionally, after the sending result is sent to the DS, the method further includes: receiving a request for applying for opening the subscription data; and activating the subscription data according to a preset policy of the DS.
可选地,在将所述安装结果发送给所述DS之后,所述方法还包括:在运营商确定对所述签约数据不再启用时,删除所述签约数据。Optionally, after the sending result is sent to the DS, the method further includes deleting the subscription data when the operator determines that the subscription data is no longer enabled.
可选地,以下实体均配置同根的数字证书:所述网络服务平台,所述DS,所述eUICC,所述eUICC的制造商。Optionally, the following entities are configured with digital certificates of the same root: the network service platform, the DS, the eUICC, and the manufacturer of the eUICC.
可选地,所述的数字证书支持撤销机制。Optionally, the digital certificate supports an undo mechanism.
可选地,所述数字证书的根密钥的子节点包括:所述eUICC生产商的私钥,所述网络服务平台的私钥,所述DS的私钥,所述根密钥的孙子节点包括:所述eUICC的私钥。Optionally, the child node of the root key of the digital certificate includes: a private key of the eUICC manufacturer, a private key of the network service platform, a private key of the DS, and a grandchild node of the root key Including: the private key of the eUICC.
可选地,以下任意两个实体:所述网络服务平台、所述DS、所述eUICC、所述运营商的服务器之间的通信机制包括:进行身份的双向认证并确认身份正确后再进行通信。Optionally, any two entities are: the communication mechanism between the network service platform, the DS, the eUICC, and the server of the operator includes: performing two-way authentication of the identity and confirming that the identity is correct before performing communication .
可选地,所述通信机制还包括:请求方对被请求方进行认证,请求方对被请求方的公钥证书进行检验;请求方对被请求方的公钥证书进行检验;其中,所述请求方包括以下至少之一:所述网络服务平台、所述DS、所述eUICC、所述运营商的服务器;所述被请求方包括以下至少之一:所述网络服务平台、所述DS、所述eUICC、所述运营商的服务器。Optionally, the communication mechanism further includes: the requesting party authenticates the requested party, the requesting party checks the public key certificate of the requested party; and the requesting party checks the public key certificate of the requested party; The requesting party includes at least one of the following: the network service platform, the DS, the eUICC, the server of the operator; the requested party includes at least one of the following: the network service platform, the DS, The eUICC, the server of the operator.
可选地,所述通信机制还包括:通信双方在协商一套最小的公共机密工具集之后,再进行端到端的认证。Optionally, the communication mechanism further includes: after the communication parties negotiate a set of the minimum public secret tools, perform end-to-end authentication.
可选地,所述端到端的认证采用前向安全机制。Optionally, the end-to-end authentication uses a forward security mechanism.
可选地,所述签约数据对应一个AES随机密钥,所述AES随机密钥用于对所述签约 数据进行加密。Optionally, the subscription data corresponds to an AES random key, and the AES random key is used to encrypt the subscription data.
可选地,所述方法还包括:在下载所述签约数据之前,与所述eUICC协商生成用于加密所述AES随机密钥的第一会话秘钥,在下载所述签约数据时,与所述eUICC协商生成用于对所述签约数据进行加密的第二会话秘钥。Optionally, the method further includes: before the downloading the subscription data, negotiating with the eUICC to generate a first session key for encrypting the AES random key, when downloading the subscription data, The eUICC negotiation generates a second session key for encrypting the subscription data.
可选地,所述网络服务平台包括:增强型用户管理数据准备SM-DP+。Optionally, the network service platform includes: an enhanced user management data preparation SM-DP+.
根据本公开的另一个实施例,提供了一种eUICC签约数据的下载装置,应用于网络服务平台,包括:接收模块,设置为在所述网络服务平台完成签约数据准备后,接收运营商的下载请求;判断模块,设置为在所述下载请求的触发下,判断所述eUICC是否符合签约数据的下载条件;指示模块,设置为在符合所述下载条件的情况下,向发现服务器DS发送用于指示安装发行者安全信息域ISD-P的请求,其中,ISD-P与所述签约数据对应。According to another embodiment of the present disclosure, a device for downloading eUICC subscription data is provided, which is applied to a network service platform, and includes: a receiving module, configured to receive an operator download after the network service platform completes subscription data preparation. a requesting, determining, configured to determine, according to the triggering of the download request, whether the eUICC meets a download condition of the subscription data; and the indicating module, configured to send to the discovery server DS, if the download condition is met A request to install an issuer security information domain ISD-P, wherein the ISD-P corresponds to the subscription data.
根据本公开的又一个实施例,还提供了一种存储介质。该存储介质设置为存储用于被处理器运行时执行以下步骤的程序代码:According to still another embodiment of the present disclosure, a storage medium is also provided. The storage medium is arranged to store program code for performing the following steps when executed by the processor:
在网络服务平台完成签约数据准备后,接收运营商的下载请求;After the network service platform completes the subscription data preparation, receiving the download request of the operator;
在所述下载请求的触发下,判断所述eUICC是否符合签约数据的下载条件;Determining, by the trigger of the download request, whether the eUICC meets a download condition of the subscription data;
在符合所述下载条件的情况下,向发现服务器DS发送用于指示安装发行者安全信息域ISD-P的请求,其中,ISD-P与所述签约数据对应。In case the download condition is met, a request for instructing installation of the issuer security information domain ISD-P is sent to the discovery server DS, wherein the ISD-P corresponds to the subscription data.
根据本公开的又一个实施例,还提供了一种装置,包括处理器以及存储有所述处理器可执行指令的存储器,当所述指令被处理器执行时,执行如上所述的方法。According to still another embodiment of the present disclosure, there is also provided an apparatus comprising a processor and a memory storing the processor-executable instructions that, when executed by the processor, perform the method as described above.
通过本公开,在网络服务平台完成签约数据准备后,接收运营商的下载请求;在下载请求的触发下,判断eUICC是否符合签约数据的下载条件;在符合下载条件的情况下,向发现服务器DS发送用于指示安装发行者安全信息域ISD-P的请求,其中,ISD-P与签约数据对应,通过对发行者安全信息域的提供安全的管理,解决了相关技术中对ISD-P的管理存在安全隐患较大的技术问题,从而提高了系统的安全性。Through the disclosure, after the network service platform completes the subscription data preparation, the download request of the operator is received; under the trigger of the download request, it is determined whether the eUICC meets the download condition of the subscription data; and if the download condition is met, the discovery server DS Sending a request for instructing to install the issuer security information domain ISD-P, wherein the ISD-P corresponds to the subscription data, and the management of the ISD-P in the related technology is solved by providing security management of the issuer security information domain. There are technical problems with large security risks, which improves the security of the system.
附图说明DRAWINGS
此处所说明的附图用来提供对本公开的进一步理解,构成本申请的一部分,本公开的示意性实施例及其说明用于解释本公开,并不构成对本公开的不当限定。在附图中:The drawings described herein are provided to provide a further understanding of the present disclosure, which is a part of the present disclosure, and the description of the present disclosure and the description thereof are not intended to limit the disclosure. In the drawing:
图1为本公开实施例的网络架构示意图;FIG. 1 is a schematic diagram of a network architecture according to an embodiment of the present disclosure;
图2是根据本公开实施例的eUICC签约数据的下载方法的流程图;2 is a flowchart of a method of downloading eUICC subscription data according to an embodiment of the present disclosure;
图3是根据本公开实施例的eUICC签约数据的下载装置的结构框图;3 is a structural block diagram of an apparatus for downloading eUICC subscription data according to an embodiment of the present disclosure;
图4是本公开实施例的eUICC发行者安全信息域流程管理示意图;4 is a schematic diagram of process management of an eUICC issuer security information domain according to an embodiment of the present disclosure;
图5是本公开实施例的eUICC发行者安全信息域管理过程流程图;5 is a flowchart of an eUICC issuer security information domain management process according to an embodiment of the present disclosure;
图6是本公开实施例的证书链路示意图。6 is a schematic diagram of a certificate link in an embodiment of the present disclosure.
具体实施方式detailed description
下文中将参考附图并结合实施例来详细说明本公开。需要说明的是,在不冲突的情况下,本申请中的实施例及实施例中的特征可以相互组合。The present disclosure will be described in detail below with reference to the drawings in conjunction with the embodiments. It should be noted that the embodiments in the present application and the features in the embodiments may be combined with each other without conflict.
需要说明的是,本公开的说明书和权利要求书及上述附图中的术语“第一”、“第二”等是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。It is to be understood that the terms "first", "second", and the like in the specification and claims of the present disclosure are used to distinguish similar objects, and are not necessarily used to describe a particular order or order.
实施例1Example 1
本申请实施例可以运行于图1所示的网络架构上,图1为本公开实施例的网络架构示意图,该网络架构描述了包含管理平台、终端、eUICC以及相关配套设施的技术体系以及参与该体系的各个角色,包括:The embodiment of the present application can be run on the network architecture shown in FIG. 1. FIG. 1 is a schematic diagram of a network architecture according to an embodiment of the present disclosure. The network architecture describes a technical system including a management platform, a terminal, an eUICC, and related supporting facilities, and participates in the network architecture. The various roles of the system, including:
Profile:运营商向用户提供服务所需的卡数据和卡应用的集合,后续根据需要可以通过空中下载的方式安装到eUICC上。Profile: The set of card data and card applications required by the operator to provide services to the user, which can be installed on the eUICC by over-the-air download as needed.
eUICC(嵌入式UICC):Profile的硬件载体,与传统的UICC卡相比,软/硬件构成更为复杂,可以动态加载运营商数据。同一张eUICC上可以同时加载(存储)属于不同运营商的多个Profile,但同一时间只有一个能处于使用状态(激活状态)。eUICC (embedded UICC): The hardware carrier of the profile. Compared with the traditional UICC card, the software/hardware structure is more complicated and can dynamically load carrier data. Multiple profiles belonging to different operators can be loaded (stored) on the same eUICC at the same time, but only one can be in use (active state) at the same time.
SM-DP+:负责生产、存储、提供Profile的网络服务平台。SM-DP+需具备必要的软/硬件能力以确保Profile的安全。SM-DP+: A network service platform responsible for producing, storing, and providing profiles. SM-DP+ requires the necessary software/hardware capabilities to ensure the security of the profile.
终端:需要接入移动网络的实体。eUICC预置在终端中,终端也负责从SM-DP+下载Profile并写入eUICC。终端由用户进行操作。Terminal: An entity that needs to access a mobile network. The eUICC is preset in the terminal, and the terminal is also responsible for downloading the profile from the SM-DP+ and writing it to the eUICC. The terminal is operated by the user.
发现服务器DS:协助终端对SM-DP+进行寻址。Discovery Server DS: Assists the terminal in addressing the SM-DP+.
证书发行者CA:标准PKI证书权威机构,为体系内的通信各方颁发可信数字证书。Certificate Issuer CA: A standard PKI certificate authority that issues trusted digital certificates to parties within the system.
在本实施例中提供了一种运行于上述网络架构的eUICC签约数据的下载方法,图2是根据本公开实施例的eUICC签约数据的下载方法的流程图,如图2所示,该流程包括如下步骤:In this embodiment, a method for downloading eUICC subscription data running in the network architecture is provided. FIG. 2 is a flowchart of a method for downloading eUICC subscription data according to an embodiment of the present disclosure. As shown in FIG. 2, the process includes The following steps:
步骤S202,在网络服务平台完成签约数据准备后,接收运营商的下载请求;Step S202, after the network service platform completes the subscription data preparation, receiving the download request of the operator;
步骤S204,在下载请求的触发下,判断eUICC是否符合签约数据的下载条件;Step S204, under the trigger of the download request, determine whether the eUICC meets the download condition of the subscription data;
步骤S206,在符合下载条件的情况下,向发现服务器DS发送用于指示安装发行者安全信息域ISD-P的请求,其中,ISD-P与签约数据对应。Step S206, if the download condition is met, a request for instructing to install the issuer security information domain ISD-P is sent to the discovery server DS, wherein the ISD-P corresponds to the subscription data.
通过上述步骤,在网络服务平台完成签约数据准备后,接收运营商的下载请求;在下载请求的触发下,判断eUICC是否符合签约数据的下载条件;在符合下载条件的情况下,向发现服务器DS发送用于指示安装发行者安全信息域ISD-P的请求,其中,ISD-P与签约数据对应,通过对发行者安全信息域的提供安全的管理,解决了相关技术中对ISD-P的管理存在安全隐患较大的技术问题,从而提高了系统的安全性。After the completion of the subscription data preparation by the network service platform, the network service platform receives the download request of the operator; under the trigger of the download request, determines whether the eUICC meets the download condition of the subscription data; and if the download condition is met, the discovery server DS Sending a request for instructing to install the issuer security information domain ISD-P, wherein the ISD-P corresponds to the subscription data, and the management of the ISD-P in the related technology is solved by providing security management of the issuer security information domain. There are technical problems with large security risks, which improves the security of the system.
可选地,上述步骤的执行主体可以为网络服务平台,网络服务平台包括:增强型用户管理数据准备(SIM Manager-Data Preparation+,简称为SM-DP+),但不限于此。Optionally, the execution entity of the foregoing step may be a network service platform, and the network service platform includes: SIM Manager-Data Preparation+ (SM-DP+ for short), but is not limited thereto.
在根据本实施例的可选实施方式中,通过以下方式网络服务平台完成签约数据准备: 根据运营商的指令,将待预定的以下信息生成签约数据中的签约信息:签约数据数量、签约数据要求、可用IMSI范围;将签约数据存储在网络服务平台中。In an optional implementation manner of the present embodiment, the subscription data preparation is completed by the network service platform: generating the subscription information in the subscription data by using the following information to be scheduled according to the instruction of the operator: the number of subscription data, the subscription data requirement The available IMSI range; the subscription data is stored in the network service platform.
在根据本实施例的可选实施方式中,判断eUICC是否符合签约数据的下载条件包括:In an optional implementation manner according to this embodiment, determining whether the eUICC meets the downloading condition of the subscription data includes:
S11,网络服务平台与注册的发现服务器DS进行双向鉴权;S11. The network service platform performs two-way authentication with the registered discovery server DS.
S12,在鉴权通过后,接收DS依据用户设备卡的ID号发送的eUICC卡预设信息;S12. After the authentication is passed, the preset information of the eUICC card sent by the DS according to the ID number of the user equipment card is received;
S13,依据eUICC卡预设信息确认eUICC是否符合下载签约数据的下载条件。S13. Confirm whether the eUICC meets the download condition of downloading the subscription data according to the eUICC card preset information.
可选的,在向发现服务器DS发送用于指示安装ISD-P的请求之后,本实施例的方案还可以包括以下步骤:Optionally, after the request for the installation of the ISD-P is sent to the discovery server DS, the solution of the embodiment may further include the following steps:
S21,接收DS的确认信息,其中,确认信息用于表征DS同意安装ISD-P的请求并建立空的ISD-P;S21: Receive confirmation information of the DS, where the confirmation information is used to identify that the DS agrees to install the ISD-P request and establish an empty ISD-P;
S22,与空的ISD-P通过密钥协商流程建立用于传输密钥的共享信道,并从预设的签约数据中选择与下载请求对应的签约数据发送给eUICC。S22. Establish a shared channel for transmitting a key by using an empty ISD-P through a key agreement process, and select, from the preset subscription data, the subscription data corresponding to the download request to send to the eUICC.
S23,使用与ISD-P协商的密钥对签约数据中的个人签约数据进行加密。S23: Encrypt the personal subscription data in the subscription data by using a key negotiated with the ISD-P.
S24,向DS申请建立安全传输信道;S24. Apply to the DS to establish a secure transmission channel.
S25,通过安全传输信道将加密后的个人签约数据发送给eUICC上的ISD-P。S25. Send the encrypted personal subscription data to the ISD-P on the eUICC through the secure transmission channel.
S26,接收ISD-P反馈的安装结果,其中,安装结果是ISD-P使用密钥对个人签约数据进行解密和安装后生成的。S26. Receive an installation result of the ISD-P feedback, where the installation result is generated by decrypting and installing the personal subscription data by using the ISD-P key.
S27,将安装结果发送给DS,并指示DS对数据库进行更新,将与安装完成的ISD-P对应的签约数据设置为未激活状态。S27: Send the installation result to the DS, and instruct the DS to update the database, and set the subscription data corresponding to the installed ISD-P to an inactive state.
至此,确认签约数据安装完成,可以依此运营商或用户的需要对其进行激活和其他处理操作。At this point, confirm that the contract data is installed and can be activated and other processing operations according to the needs of the operator or user.
可选的,在将安装结果发送给DS之后,方法还包括:Optionally, after the installation result is sent to the DS, the method further includes:
S31,接收用于申请开通签约数据的请求;S31. Receive a request for applying for opening the contract data.
S32,根据DS的预设策略激活签约数据。S32. Activate subscription data according to a preset policy of the DS.
可选的,在将安装结果发送给DS之后,方法还包括:Optionally, after the installation result is sent to the DS, the method further includes:
S41,在运营商确定对签约数据不再启用时,删除签约数据。S41: Delete the subscription data when the operator determines that the subscription data is no longer enabled.
在本实施例中,以下实体均配置同根的数字证书:网络服务平台,DS,eUICC,eUICC的制造商。的数字证书支持撤销机制。In this embodiment, the following entities are all configured with digital certificates of the same root: network service platform, DS, eUICC, and manufacturer of eUICC. The digital certificate supports the revocation mechanism.
在本实施例中,数字证书符合二叉树的树形结构,根密钥的子节点包括:eUICC生产商的私钥,网络服务平台的私钥,DS的私钥,根密钥的孙子节点包括:eUICC的私钥,eUICC的私钥是eUICC生产商的私钥的子节点。In this embodiment, the digital certificate conforms to the tree structure of the binary tree, and the child nodes of the root key include: a private key of the eUICC manufacturer, a private key of the network service platform, a private key of the DS, and a grandchild node of the root key includes: The private key of the eUICC, the private key of the eUICC is a child of the private key of the eUICC manufacturer.
在本实施例中,以下任意两个实体:网络服务平台、DS、eUICC、运营商的服务器之间的通信机制包括:进行身份的双向认证并确认身份正确后再进行通信。In this embodiment, any two entities below: the communication mechanism between the network service platform, the DS, the eUICC, and the server of the operator include: performing two-way authentication of the identity and confirming that the identity is correct before performing communication.
可选的,通信机制还包括:请求方对被请求方进行认证,请求方对被请求方的公钥证书进行检验;请求方对被请求方的公钥证书进行检验;其中,请求方包括以下至少之一: 网络服务平台、DS、eUICC、运营商的服务器;被请求方包括以下至少之一:网络服务平台、DS、eUICC、运营商的服务器。通信机制还包括:通信双方在协商一套最小的公共机密工具集之后,再进行端到端的认证。端到端的认证采用前向安全机制。Optionally, the communication mechanism further includes: the requesting party authenticates the requested party, the requesting party checks the public key certificate of the requested party; and the requesting party checks the public key certificate of the requested party; wherein the requesting party includes the following At least one of: a network service platform, a DS, an eUICC, an operator's server; the requested party includes at least one of the following: a network service platform, a DS, an eUICC, and an operator's server. The communication mechanism also includes: the communication parties perform end-to-end authentication after negotiating a set of the minimum public secret tools. End-to-end authentication uses forward security mechanisms.
可选的,签约数据对应一个AES随机密钥,AES随机秘钥用于对签约数据进行加密。Optionally, the subscription data corresponds to an AES random key, and the AES random key is used to encrypt the subscription data.
本实施例的可选实施方式还包括:在下载所述签约数据之前,与所述eUICC协商生成用于加密所述AES随机密钥的第一会话秘钥,在下载所述签约数据时,与所述eUICC协商生成用于对所述签约数据进行加密的第二会话秘钥。The optional implementation manner of this embodiment further includes: before the downloading the subscription data, negotiating with the eUICC to generate a first session key for encrypting the AES random key, when downloading the subscription data, The eUICC negotiation generates a second session key for encrypting the subscription data.
通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到根据上述实施例的方法可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件,但很多情况下前者是更佳的实施方式。基于这样的理解,本公开的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质(如ROM/RAM、磁碟、光盘)中,包括若干指令用以使得一台终端设备(可以是手机,计算机,服务器,或者网络设备等)执行本公开各个实施例所述的方法。Through the description of the above embodiments, those skilled in the art can clearly understand that the method according to the above embodiment can be implemented by means of software plus a necessary general hardware platform, and of course, by hardware, but in many cases, the former is A better implementation. Based on such understanding, portions of the technical solutions of the present disclosure that contribute substantially or to the prior art may be embodied in the form of a software product stored in a storage medium (eg, ROM/RAM, disk, The optical disc includes a number of instructions for causing a terminal device (which may be a cell phone, a computer, a server, or a network device, etc.) to perform the methods described in various embodiments of the present disclosure.
实施例2Example 2
在本实施例中还提供了一种eUICC签约数据的下载装置,该装置用于实现上述实施例及优选实施方式,已经进行过说明的不再赘述。如以下所使用的,术语“模块”可以实现预定功能的软件和/或硬件的组合。尽管以下实施例所描述的装置较佳地以软件来实现,但是硬件,或者软件和硬件的组合的实现也是可能并被构想的。In this embodiment, a device for downloading the eUICC subscription data is provided, and the device is used to implement the foregoing embodiments and preferred embodiments, and details are not described herein. As used below, the term "module" may implement a combination of software and/or hardware of a predetermined function. Although the apparatus described in the following embodiments is preferably implemented in software, hardware, or a combination of software and hardware, is also possible and contemplated.
图3是根据本公开实施例的eUICC签约数据的下载装置的结构框图,应用在网络服务平台,所述网络服务平台可以是增强型用户管理数据准备SM-DP+,如图3所示,该装置包括:3 is a structural block diagram of an apparatus for downloading eUICC subscription data according to an embodiment of the present disclosure, which is applied to a network service platform, which may be an enhanced user management data preparation SM-DP+, as shown in FIG. include:
接收模块30,用于在网络服务平台完成签约数据准备后,接收运营商的下载请求;The receiving module 30 is configured to receive a download request of the operator after the network service platform completes the subscription data preparation;
判断模块32,用于在下载请求的触发下,判断eUICC是否符合签约数据的下载条件;The determining module 32 is configured to determine, according to a trigger of the download request, whether the eUICC meets the download condition of the subscription data;
指示模块34,用于在符合下载条件的情况下,向发现服务器DS发送用于指示安装发行者安全信息域ISD-P的请求,其中,ISD-P与签约数据对应。The indication module 34 is configured to send a request for instructing to install the issuer security information domain ISD-P to the discovery server DS, wherein the ISD-P corresponds to the subscription data, if the download condition is met.
可选的,接收模块通过以下方式网络服务平台完成签约数据准备:根据运营商的指令,将待预定的以下信息生成签约数据中的签约信息:签约数据数量、签约数据要求、可用国际移动用户识别码IMSI范围;将签约数据存储在网络服务平台中。Optionally, the receiving module completes the subscription data preparation by using the network service platform in the following manner: according to the instruction of the operator, generating the subscription information in the subscription data by the following information to be scheduled: the number of the contracted data, the contract data request, and the available international mobile user identification Code IMSI range; store the subscription data in the network service platform.
可选的,判断模块判断eUICC是否符合签约数据的下载条件包括:与注册的发现服务器DS进行双向鉴权;在鉴权通过后,接收DS依据用户设备卡的ID号发送的eUICC卡预设信息;依据eUICC卡预设信息确认eUICC是否符合下载签约数据的下载条件。Optionally, the determining, by the determining module, whether the eUICC meets the downloading condition of the subscription data includes: performing bidirectional authentication with the registered discovery server DS; and after receiving the authentication, receiving the eUICC card preset information sent by the DS according to the ID number of the user equipment card. According to the eUICC card preset information, it is confirmed whether the eUICC meets the download condition of downloading the subscription data.
可选的,本实施例的装置还包括:第二接收模块,用于在指示模块向发现服务器DS发送用于指示安装ISD-P的请求之后,接收DS的确认信息,其中,确认信息用于表征DS同意安装ISD-P的请求并建立空的ISD-P;传送模块,用于与空的ISD-P通过密钥协商流程建立用于传输密钥的共享信道,并从预设的签约数据中选择与下载请求对应的签约数据 发送给eUICC。Optionally, the apparatus of this embodiment further includes: a second receiving module, configured to: after the indication module sends a request for instructing to install the ISD-P to the discovery server DS, receive the confirmation information of the DS, where the confirmation information is used for Characterizing that the DS agrees to install the ISD-P request and establishes an empty ISD-P; the transmitting module is configured to establish a shared channel for transporting the key through the key negotiation process with the empty ISD-P, and from the preset subscription data The subscription data corresponding to the download request is selected and sent to the eUICC.
可选的,本实施例的装置还包括:加密模块,用于在传送模块与空的ISD-P通过密钥协商流程建立用于传输密钥的共享信道之后,使用与ISD-P协商的密钥对签约数据中的个人签约数据进行加密。Optionally, the apparatus in this embodiment further includes: an encryption module, configured to use the secret negotiated with the ISD-P after the transport module and the empty ISD-P establish a shared channel for transporting the key through a key negotiation process. The key encrypts the personal subscription data in the subscription data.
可选的,本实施例的装置还包括:申请模块,用于在加密模块使用与ISD-P协商的密钥对签约数据中的签约信息进行加密之后,向DS申请建立安全传输信道;发送模块,用于通过安全传输信道将加密后的个人签约数据发送给eUICC上的ISD-P。Optionally, the apparatus of this embodiment further includes: an application module, configured to: after the encryption module uses the key negotiated with the ISD-P to encrypt the subscription information in the subscription data, apply to the DS to establish a secure transmission channel; and send the module. And for transmitting the encrypted personal subscription data to the ISD-P on the eUICC through the secure transmission channel.
可选的,本实施例的装置还包括:第二接收模块,用于在发送模块通过安全传输信道将加密后的个人签约数据发送给eUICC上的ISD-P之后,接收ISD-P反馈的安装结果,其中,安装结果是ISD-P使用密钥对个人签约数据进行解密和安装后生成的。Optionally, the apparatus of this embodiment further includes: a second receiving module, configured to: after the sending module sends the encrypted personal subscription data to the ISD-P on the eUICC through the secure transmission channel, receive the installation of the ISD-P feedback As a result, the installation result is generated by the ISD-P using the key to decrypt and install the personal subscription data.
可选的,本实施例的装置还包括:第二指示模块,用于在接收ISD-P反馈的安装结果之后,将安装结果发送给DS,并指示DS对数据库进行更新,将与安装完成的ISD-P对应的签约数据设置为未激活状态。Optionally, the apparatus of this embodiment further includes: a second indication module, configured to send the installation result to the DS after receiving the installation result of the ISD-P feedback, and instruct the DS to update the database, and the installation is completed. The subscription data corresponding to the ISD-P is set to an inactive state.
可选的,本实施例的装置还包括:第三接收模块,用于在将安装结果发送给DS之后,接收用于申请开通签约数据的请求;激活模块,用于根据DS的预设策略激活签约数据。Optionally, the apparatus of this embodiment further includes: a third receiving module, configured to: after sending the installation result to the DS, receive a request for applying for opening subscription data; and an activation module, configured to activate according to a preset policy of the DS Signing data.
可选的,本实施例的装置还包括:在将安装结果发送给DS之后,删除模块,用于在运营商确定对签约数据不再启用时,删除签约数据。Optionally, the apparatus of this embodiment further includes: after the installation result is sent to the DS, the deleting module is configured to delete the subscription data when the operator determines that the subscription data is no longer enabled.
在本实施例中,以下实体均配置同根的数字证书:网络服务平台,DS,eUICC,eUICC的制造商。的数字证书支持撤销机制。In this embodiment, the following entities are all configured with digital certificates of the same root: network service platform, DS, eUICC, and manufacturer of eUICC. The digital certificate supports the revocation mechanism.
在本实施例中,数字证书的根密钥的子节点包括:eUICC生产商的私钥,网络服务平台的私钥,DS的私钥,根密钥的孙子节点包括:eUICC的私钥。In this embodiment, the child node of the root key of the digital certificate includes: a private key of the eUICC manufacturer, a private key of the network service platform, a private key of the DS, and a grandchild node of the root key includes: a private key of the eUICC.
在本实施例中,以下任意两个实体:网络服务平台、DS、eUICC、运营商的服务器之间的通信机制包括:进行身份的双向认证并确认身份正确后再进行通信。In this embodiment, any two entities below: the communication mechanism between the network service platform, the DS, the eUICC, and the server of the operator include: performing two-way authentication of the identity and confirming that the identity is correct before performing communication.
在本实施例中,通信机制还包括:请求方对被请求方进行认证,请求方对被请求方的公钥证书进行检验;请求方对被请求方的公钥证书进行检验;其中,请求方包括以下至少之一:网络服务平台、DS、eUICC、运营商的服务器;被请求方包括以下至少之一:网络服务平台、DS、eUICC、运营商的服务器。In this embodiment, the communication mechanism further includes: the requesting party authenticates the requested party, the requesting party checks the public key certificate of the requested party; and the requesting party checks the public key certificate of the requested party; wherein, the requesting party The server includes at least one of the following: a network service platform, a DS, an eUICC, and an operator's server; the requested party includes at least one of the following: a network service platform, a DS, an eUICC, and an operator's server.
可选的,通信机制还包括:通信双方在协商一套最小的公共机密工具集之后,再进行端到端的认证,端到端的认证采用前向安全机制。Optionally, the communication mechanism further includes: after the communication parties negotiate a set of the minimum public secret tools, perform end-to-end authentication, and the end-to-end authentication adopts a forward security mechanism.
在本实施例中,签约数据对应一个AES随机密钥,AES随机密钥用于对签约数据进行加密。In this embodiment, the subscription data corresponds to an AES random key, and the AES random key is used to encrypt the subscription data.
在本实施例的装置中,在下载签约数据之前,与eUICC协商生成用于加密AES随机密钥的第一会话秘钥,在下载签约数据时,与eUICC协商生成用于对签约数据进行加密的第二会话秘钥。In the apparatus of this embodiment, before downloading the subscription data, the first session key for encrypting the AES random key is generated in negotiation with the eUICC, and when the subscription data is downloaded, the eUICC is negotiated to generate the encryption for the subscription data. The second session key.
需要说明的是,上述各个模块是可以通过软件或硬件来实现的,对于后者,可以通过 以下方式实现,但不限于此:上述模块均位于同一处理器中;或者,上述各个模块以任意组合的形式分别位于不同的处理器中。It should be noted that each of the above modules may be implemented by software or hardware. For the latter, the foregoing may be implemented by, but not limited to, the foregoing modules are all located in the same processor; or, the above modules are in any combination. The forms are located in different processors.
实施例3Example 3
本实施例是本公开的可选实施例,用于结合具体的实例对本申请进行详细说明:This embodiment is an optional embodiment of the present disclosure, and is used to describe the present application in detail with reference to specific examples:
本实施例的eUICC卡是一个带有操作系统的智能卡,内部包含了证书安全域、发行者安全根域以及多个发行者安全信息域。其中证书安全域中存储着私钥、相关证书、CI的根公钥以及用于证书更换的密钥组,安全级别较高;发行者安全根域则负责执行发现服务器DS发送的平台管理指令,发行者安全信息域代表了运营商的一个签约数据,包括文件系统、网络接入应用、控制授权安全域、补充安全域、策略规则以及运营商安全域。The eUICC card of this embodiment is a smart card with an operating system, and internally includes a certificate security domain, a publisher security root domain, and a plurality of issuer security information domains. The certificate security domain stores the private key, the related certificate, the root public key of the CI, and the key group used for certificate replacement, and the security level is high; the issuer security root domain is responsible for executing the platform management instruction sent by the discovery server DS. The issuer security information domain represents a contract data of the operator, including the file system, network access application, control authorization security domain, supplementary security domain, policy rules, and carrier security domain.
图4是本公开实施例的eUICC发行者安全信息域流程管理示意图,对应于eUICC卡的控制方法,包括如下步骤:4 is a schematic diagram of process management of an eUICC issuer security information domain according to an embodiment of the present disclosure. The method corresponding to the eUICC card control method includes the following steps:
102,SM-DP+完成签约数据准备后(SM-DP+根据运营商的指令,将需要预定的签约数据数量、签约数据要求、可用IMSI范围这些描述信息自行生成签约数据中的密钥、证书等个人信息部分,将这些签约数据存储在SM-DP+中),收到运营商将下载请求后,如果符合下载条件(SM-DP+与注册的发现服务器DS进行双向鉴权,鉴权通过后,发现服务器DS依据用户设备卡的ID号将该UICC卡预设信息(EIS,eUICC Information Set,eUICC卡信息集)提取出来发送给SM-DP+,用于确认该eUICC是否适合下载该签约数据)则SM-DP+向发现服务器DS发送签署安装新的ISD-P请求。102. After the SM-DP+ completes the subscription data preparation (SM-DP+, according to the operator's instructions, the predetermined number of subscription data, the contract data request, and the available IMSI range description information are required to generate the key, certificate, and the like in the subscription data. In the information part, the subscription data is stored in the SM-DP+, and after receiving the download request from the operator, if the download condition is met (SM-DP+ and the registered discovery server DS perform two-way authentication, after the authentication is passed, the server is found. The DS extracts the UICC card preset information (EIS, eUICC Information Set, eUICC card information set) according to the ID number of the user equipment card, and sends it to the SM-DP+ to confirm whether the eUICC is suitable for downloading the subscription data. DP+ sends a signature to the discovery server DS to install a new ISD-P request.
104,发现服务器DS和eUICC中的ISD-R启动认证流程,如果通过认证,则建立一个空的ISD-P,并将确认信息返回给SM-DP+。104. The ISD-R in the server DS and the eUICC is found to start the authentication process. If the authentication is passed, an empty ISD-P is established, and the confirmation information is returned to the SM-DP+.
106,SM-DP+与新建立的ISD-P通过密钥协商流程建立一个共享来传输密钥,并且从已经生成的新的签约数据中挑选一个符合要求的预备发送给eUICC。106. The SM-DP+ establishes a share with the newly established ISD-P through a key agreement process to transmit a key, and selects a qualified preparation from the newly generated subscription data to send to the eUICC.
108,SM-DP+使用与ISD-P协商好的密钥对其中的个人签约数据进行加密。108. The SM-DP+ encrypts the personal subscription data using the key negotiated with the ISD-P.
110,SM-DP+在传送上述所述签约数据前,先向发现服务器DS申请建立安全传输信道;通过该安全传输信道将加密后的个人签约数据发送给eUICC上的ISD-P。110. Before transmitting the foregoing contract data, the SM-DP+ first applies to the discovery server DS to establish a secure transport channel, and sends the encrypted personal subscription data to the ISD-P on the eUICC through the secure transport channel.
112,ISD-P接收该数据后,使用前面所述密钥对该数据进行解密和安装,并将安装结果和状态返回给SM-DP+。112. After receiving the data, the ISD-P decrypts and installs the data using the key described above, and returns the installation result and status to the SM-DP+.
114,SM-DP+将ISD-P的安装结果和状态发送给发现服务器DS,发现服务器DS对其数据库进行更新,将新的签约数据存储于eUICC签约数据集(EIS)中,且置这个新的签约数据(新安装的ISD-P)为未激活状态。114. The SM-DP+ sends the installation result and status of the ISD-P to the discovery server DS, and the server DS updates the database, stores the new subscription data in the eUICC subscription data set (EIS), and sets the new one. The contract data (newly installed ISD-P) is inactive.
可选的,后续如果接到用户(或运营商)申请开通该新签约数据后,运营商向发现服务器DS发送新签约数据激活请求,发现服务器DS确认该新签约数据集中的规则信息是否允许切换;若允许,则签署一个注册激活请求给eUICC的ISD-R,eUICC继续进行本地执行规则的确认;如果有冲突,ISD-R停止该过程,并且告知发现服务器DS;如果没有冲突,ISD-R进行签约数据切换,并告知切换结果给发现服务器DS,发现服务器DS 再告知运营商切换结果。Optionally, after receiving the new subscription data from the user (or the operator), the operator sends a new subscription data activation request to the discovery server DS, and the discovery server DS confirms whether the rule information in the new subscription data set is allowed to be switched. If allowed, sign a registration activation request to the ISD-R of the eUICC, the eUICC continues to confirm the local execution rules; if there is a conflict, the ISD-R stops the process and informs the discovery server DS; if there is no conflict, the ISD-R The contract data is switched, and the handover result is sent to the discovery server DS, and the server DS is notified to notify the operator of the handover result.
可选的,运营商再通过发现服务器DS将原签约数据去激活,这个过程也使用所述两次规则信息的确认后再执行操作。(去激活过程)Optionally, the operator deactivates the original subscription data through the discovery server DS, and the process also uses the confirmation of the two rule information before performing the operation. (deactivation process)
可选的,后续如果运营商确定对某签约数据不再启用,并将彻底删除时,可以进行eUICC卡内该签约数据的删除的操作。(删除流程另外写一个主权)Optionally, if the operator determines that the subscription data is no longer enabled and will be completely deleted, the deletion of the subscription data in the eUICC card may be performed. (Delete the process to write another sovereign)
可选的,本实施例的所述系统内各组件SM-DP+、发现服务器DS、卡制造商、eUICC需要配置同根的数字证书,用于签名认证和密钥协商,数字证书需要支持撤销机制。Optionally, the components in the system, the SM-DP+, the discovery server DS, the card manufacturer, and the eUICC, need to be configured with the same digital certificate for signature authentication and key agreement, and the digital certificate needs to support the revocation mechanism.
对应于eUICC发行者安全信息域流程管理示意图,图5是本公开实施例的eUICC发行者安全信息域管理过程流程图。Corresponding to the eUICC issuer security information domain process management diagram, FIG. 5 is a flowchart of the eUICC issuer security information domain management process of the embodiment of the present disclosure.
图6是本公开实施例的证书链路示意图;示意了各级证书之间的关系。6 is a schematic diagram of a certificate link according to an embodiment of the present disclosure; illustrating a relationship between certificates at various levels.
可选的,SM-DP+、发现服务器DS、eUICC、运营商任意两个实体之间的通信首先进行身份的双向认证,确认身份正确后再可进行通信,认证的前提是通信双方拥有同根证书。认证步骤如下,Optionally, the communication between the SM-DP+, the discovery server DS, the eUICC, and any two entities of the operator first performs mutual authentication of the identity, and then confirms that the identity is correct, and then the communication is performed. The premise of the authentication is that the two parties have the same root certificate. The authentication steps are as follows.
请求方对被请求方进行认证,请求方对被请求方的公钥证书进行检验;请求方对被请求方的公钥证书进行检验;可选的,请求方可以为SM-DP+、发现服务器DS、eUICC、运营商;被请求方可以为SM-DP+、发现服务器DS、eUICC、运营商;The requesting party authenticates the requested party, and the requesting party checks the public key certificate of the requested party; the requesting party checks the public key certificate of the requested party; optionally, the requesting party may be the SM-DP+, the discovery server DS , eUICC, operator; the requested party can be SM-DP+, discovery server DS, eUICC, carrier;
可选的,其中,SM-DP+、发现服务器DS、eUICC、运营商任意两个实体之间的通信通信之前,要执行下列步骤;Optionally, the following steps are performed before the communication between the SM-DP+, the discovery server DS, the eUICC, and any two entities of the operator;
通信双方协商一套最小的公共机密工具集,再进行端到端的认证,所述端到端的认证采用前向安全机制Forward Secrecy。The communication parties negotiate a set of minimum public secret tools, and then perform end-to-end authentication. The end-to-end authentication uses forward security mechanism Forward Secrecy.
可选的,生成Profile时,同时生成一个AES随机秘钥,使用该随机秘钥对Profile加密进行加密;下载前,SM-DP+与eUICC首先协商生成会话秘钥,该会话密钥仅用于加密上述所述随机密钥,在下载Profile时,SM-DP+与eUICC协商生成会话秘钥,使用会话秘钥对Profile进行加密,以确保profile数据的安全。Optionally, when generating the profile, an AES random key is generated at the same time, and the profile encryption is encrypted by using the random key; before downloading, the SM-DP+ and the eUICC first negotiate to generate a session key, and the session key is only used for encryption. The above-mentioned random key, when downloading the profile, the SM-DP+ negotiates with the eUICC to generate a session key, and uses the session key to encrypt the profile to ensure the security of the profile data.
通过本公开实施例:采用了一种更加安全的方式来解决现有技术中存在的问题而提供一种eUICC管理方法,也就是对发行者安全信息域的提供安全的管理,从而提高了系统的安全性。Through the embodiment of the present disclosure, a more secure way is adopted to solve the problems existing in the prior art, and an eUICC management method is provided, that is, the security management of the issuer security information domain is provided, thereby improving the system. safety.
实施例4Example 4
本公开的实施例还提供了一种存储介质。可选地,在本实施例中,上述存储介质可以被设置为存储用于执行以下步骤的程序代码:Embodiments of the present disclosure also provide a storage medium. Optionally, in the embodiment, the foregoing storage medium may be configured to store program code for performing the following steps:
S1,在网络服务平台完成签约数据准备后,接收运营商的下载请求;S1, after the network service platform completes the subscription data preparation, receiving the download request of the operator;
S2,在下载请求的触发下,判断eUICC是否符合签约数据的下载条件;S2, under the trigger of the download request, determine whether the eUICC meets the download condition of the subscription data;
S3,在符合下载条件的情况下,向发现服务器DS发送用于指示安装发行者安全信息域ISD-P的请求,其中,ISD-P与签约数据对应。S3. If the download condition is met, a request for instructing to install the issuer security information domain ISD-P is sent to the discovery server DS, wherein the ISD-P corresponds to the subscription data.
可选地,在本实施例中,上述存储介质可以包括但不限于:U盘、只读存储器(ROM, Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、移动硬盘、磁碟或者光盘等各种可以存储程序代码的介质。Optionally, in this embodiment, the foregoing storage medium may include, but is not limited to, a USB flash drive, a Read-Only Memory (ROM), a Random Access Memory (RAM), a mobile hard disk, and a magnetic memory. A variety of media that can store program code, such as a disc or a disc.
可选地,在本实施例中,处理器根据存储介质中已存储的程序代码执行在网络服务平台完成签约数据准备后,接收运营商的下载请求;Optionally, in this embodiment, the processor, according to the stored program code in the storage medium, performs a download request of the operator after the network service platform completes the subscription data preparation;
可选地,在本实施例中,处理器根据存储介质中已存储的程序代码执行在下载请求的触发下,判断eUICC是否符合签约数据的下载条件;Optionally, in this embodiment, the processor executes, according to the stored program code in the storage medium, whether the eUICC meets the download condition of the subscription data, triggered by the download request;
可选地,在本实施例中,处理器根据存储介质中已存储的程序代码执行在符合下载条件的情况下,向发现服务器DS发送用于指示安装发行者安全信息域ISD-P的请求,其中,ISD-P与签约数据对应。Optionally, in this embodiment, the processor executes, according to the stored program code in the storage medium, a request for instructing to install the issuer security information domain ISD-P to the discovery server DS, if the download condition is met, Among them, ISD-P corresponds to the contract data.
可选地,本实施例中的具体示例可以参考上述实施例及可选实施方式中所描述的示例,本实施例在此不再赘述。For example, the specific examples in this embodiment may refer to the examples described in the foregoing embodiments and the optional embodiments, and details are not described herein again.
显然,本领域的技术人员应该明白,上述的本公开的各模块或各步骤可以用通用的计算装置来实现,它们可以集中在单个的计算装置上,或者分布在多个计算装置所组成的网络上,可选地,它们可以用计算装置可执行的程序代码来实现,从而,可以将它们存储在存储装置中由计算装置来执行,并且在某些情况下,可以以不同于此处的顺序执行所示出或描述的步骤,或者将它们分别制作成各个集成电路模块,或者将它们中的多个模块或步骤制作成单个集成电路模块来实现。这样,本公开不限制于任何特定的硬件和软件结合。It will be apparent to those skilled in the art that the various modules or steps of the present disclosure described above can be implemented by a general-purpose computing device that can be centralized on a single computing device or distributed across a network of multiple computing devices. Alternatively, they may be implemented by program code executable by the computing device such that they may be stored in the storage device by the computing device and, in some cases, may be different from the order herein. The steps shown or described are performed, or they are separately fabricated into individual integrated circuit modules, or a plurality of modules or steps thereof are fabricated as a single integrated circuit module. As such, the disclosure is not limited to any specific combination of hardware and software.
以上所述仅为本公开的优选实施例而已,并不用于限制本公开,对于本领域的技术人员来说,本公开可以有各种更改和变化。凡在本公开的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本公开的保护范围之内。The above description is only a preferred embodiment of the present disclosure, and is not intended to limit the disclosure, and various changes and modifications may be made to the present disclosure. Any modifications, equivalent substitutions, improvements, etc., made within the spirit and scope of the present disclosure are intended to be included within the scope of the present disclosure.
工业实用性Industrial applicability
根据本公开实施例的eUICC签约数据的下载方法及装置,在网络服务平台完成签约数据准备后,接收运营商的下载请求;在下载请求的触发下,判断eUICC是否符合签约数据的下载条件;在符合下载条件的情况下,向发现服务器DS发送用于指示安装发行者安全信息域ISD-P的请求,其中,ISD-P与签约数据对应。该下载方法及装置,通过对发行者安全信息域的提供安全的管理,解决了相关技术中对ISD-P的管理存在安全隐患较大的技术问题,从而提高了系统的安全性。The method and device for downloading eUICC subscription data according to an embodiment of the present disclosure, after the network service platform completes the subscription data preparation, receives the download request of the operator; and, under the trigger of the download request, determines whether the eUICC meets the download condition of the subscription data; When the download condition is met, a request for instructing installation of the issuer security information domain ISD-P is sent to the discovery server DS, wherein the ISD-P corresponds to the subscription data. The downloading method and device solve the technical problem that the management of the ISD-P has a large security risk in the related technology by providing security management of the issuer security information domain, thereby improving the security of the system.

Claims (23)

  1. 一种eUICC签约数据的下载方法,包括:A method for downloading eUICC subscription data, including:
    在网络服务平台完成签约数据准备后,接收运营商的下载请求;After the network service platform completes the subscription data preparation, receiving the download request of the operator;
    在所述下载请求的触发下,判断所述eUICC是否符合签约数据的下载条件;Determining, by the trigger of the download request, whether the eUICC meets a download condition of the subscription data;
    在符合所述下载条件的情况下,向发现服务器DS发送用于指示安装发行者安全信息域ISD-P的请求,其中,ISD-P与所述签约数据对应。In case the download condition is met, a request for instructing installation of the issuer security information domain ISD-P is sent to the discovery server DS, wherein the ISD-P corresponds to the subscription data.
  2. 根据权利要求1所述的方法,其中,通过以下方式网络服务平台完成签约数据准备:The method of claim 1, wherein the subscription data preparation is completed by the network service platform in the following manner:
    根据运营商的指令,将待预定的以下信息生成签约数据中的签约信息:签约数据数量、签约数据要求、可用国际移动用户识别码IMSI范围;According to the operator's instruction, the following information to be scheduled is generated into the subscription information in the subscription data: the number of contract data, the contract data request, and the range of available international mobile subscriber identity IMSI;
    将所述签约数据存储在所述网络服务平台中。The subscription data is stored in the network service platform.
  3. 根据权利要求1所述的方法,其中,判断所述eUICC是否符合签约数据的下载条件包括:The method of claim 1, wherein determining whether the eUICC meets the downloading conditions of the subscription data comprises:
    网络服务平台与注册的发现服务器DS进行双向鉴权;The network service platform performs two-way authentication with the registered discovery server DS;
    在鉴权通过后,接收所述DS依据用户设备卡的ID号发送的eUICC卡预设信息;After the authentication is passed, receiving the eUICC card preset information sent by the DS according to the ID number of the user equipment card;
    依据所述eUICC卡预设信息确认所述eUICC是否符合下载所述签约数据的下载条件。Determining, according to the eUICC card preset information, whether the eUICC meets a download condition for downloading the subscription data.
  4. 根据权利要求1所述的方法,其中,在向发现服务器DS发送用于指示安装ISD-P的请求之后,所述方法还包括:The method of claim 1, wherein after transmitting a request to the discovery server DS to indicate installation of the ISD-P, the method further comprises:
    接收所述DS的确认信息,其中,所述确认信息用于表征所述DS同意安装ISD-P的请求并建立空的ISD-P;Receiving confirmation information of the DS, wherein the confirmation information is used to represent that the DS agrees to install the ISD-P request and establish an empty ISD-P;
    与所述空的ISD-P通过密钥协商流程建立用于传输密钥的共享信道,并从预设的签约数据中选择与所述下载请求对应的签约数据发送给eUICC。Establishing a shared channel for transmitting a key with the empty ISD-P through a key agreement process, and selecting subscription data corresponding to the download request from the preset subscription data to send to the eUICC.
  5. 根据权利要求4所述的方法,其中,与所述空的ISD-P通过密钥协商流程建立用于传输密钥的共享信道之后,所述方法还包括:The method according to claim 4, wherein after the shared channel for transmitting the key is established by the key ISD-P through the key agreement process, the method further includes:
    使用与所述ISD-P协商的密钥对所述签约数据中的个人签约数据进行加密。The personal subscription data in the subscription data is encrypted using a key negotiated with the ISD-P.
  6. 根据权利要求5所述的方法,其中,在使用与所述ISD-P协商的密钥对所述签约数据中的签约信息进行加密之后,所述方法还包括:The method of claim 5, wherein after encrypting the subscription information in the subscription data using a key negotiated with the ISD-P, the method further comprises:
    向所述DS申请建立安全传输信道;Establishing a secure transmission channel with the DS application;
    通过所述安全传输信道将加密后的个人签约数据发送给所述eUICC上的ISD-P。The encrypted personal subscription data is transmitted to the ISD-P on the eUICC through the secure transport channel.
  7. 根据权利要求6所述的方法,其中,在通过所述安全传输信道将加密后的个人签约数据发送给所述eUICC上的ISD-P之后,所述方法还包括:The method of claim 6, wherein after the encrypted personal subscription data is sent to the ISD-P on the eUICC through the secure transport channel, the method further comprises:
    接收所述ISD-P反馈的安装结果,其中,所述安装结果是所述ISD-P使用所述密钥对所述个人签约数据进行解密和安装后生成的。Receiving an installation result of the ISD-P feedback, wherein the installation result is generated by the ISD-P decrypting and installing the personal subscription data using the key.
  8. 根据权利要求7所述的方法,其中,在接收所述ISD-P反馈的安装结果之后,所述方法还包括:The method of claim 7, wherein after receiving the installation result of the ISD-P feedback, the method further comprises:
    将所述安装结果发送给所述DS,并指示所述DS对数据库进行更新,将与安装完成的ISD-P对应的所述签约数据设置为未激活状态。Sending the installation result to the DS, and instructing the DS to update the database, and setting the subscription data corresponding to the installed ISD-P to an inactive state.
  9. 根据权利要求8所述的方法,其中,在将所述安装结果发送给所述DS之后,所述方法还包括:The method of claim 8, wherein after the transmitting the result of the installation to the DS, the method further comprises:
    接收用于申请开通所述签约数据的请求;Receiving a request for applying for opening the contract data;
    根据所述DS的预设策略激活所述签约数据。The subscription data is activated according to a preset policy of the DS.
  10. 根据权利要求8所述的方法,其中,在将所述安装结果发送给所述DS之后,所述方法还包括:The method of claim 8, wherein after the transmitting the result of the installation to the DS, the method further comprises:
    在运营商确定对所述签约数据不再启用时,删除所述签约数据。When the operator determines that the subscription data is no longer enabled, the subscription data is deleted.
  11. 根据权利要求1所述的方法,其中,以下实体均配置同根的数字证书:所述网络服务平台,所述DS,所述eUICC,所述eUICC的制造商。The method of claim 1, wherein the following entities each configure a digital certificate of the same root: the network service platform, the DS, the eUICC, a manufacturer of the eUICC.
  12. 根据权利要求11所述的方法,其中,所述的数字证书支持撤销机制。The method of claim 11 wherein said digital certificate supports an undo mechanism.
  13. 根据权利要求11所述的方法,其中,所述数字证书的根密钥的子节点包括:所述eUICC生产商的私钥,所述网络服务平台的私钥,所述DS的私钥,所述根密钥的孙子节点包括:所述eUICC的私钥。The method according to claim 11, wherein the child node of the root key of the digital certificate comprises: a private key of the eUICC manufacturer, a private key of the network service platform, a private key of the DS, The grandchild node of the root key includes: a private key of the eUICC.
  14. 根据权利要求1所述的方法,其中,以下任意两个实体:所述网络服务平台、所述DS、所述eUICC、所述运营商的服务器之间的通信机制包括:进行身份的双向认证并确认身份正确后再进行通信。The method according to claim 1, wherein any two entities: the communication mechanism between the network service platform, the DS, the eUICC, and the server of the operator comprises: performing mutual authentication of the identity and Confirm the identity is correct before communicating.
  15. 根据权利要求14所述的方法,其中,所述通信机制还包括:The method of claim 14, wherein the communication mechanism further comprises:
    请求方对被请求方进行认证,请求方对被请求方的公钥证书进行检验;请求方对被请求方的公钥证书进行检验;其中,所述请求方包括以下至少之一:所述网络服务平台、所述DS、所述eUICC、所述运营商的服务器;所述被请求方包括以下至少之一:所述网络服务平台、所述DS、所述eUICC、所述运营商的服务器。The requesting party authenticates the requested party, and the requesting party checks the public key certificate of the requested party; the requesting party checks the public key certificate of the requested party; wherein the requesting party includes at least one of the following: the network a service platform, the DS, the eUICC, and a server of the operator; the requested party includes at least one of the following: the network service platform, the DS, the eUICC, and a server of the operator.
  16. 根据权利要求14所述的方法,其中,所述通信机制还包括:The method of claim 14, wherein the communication mechanism further comprises:
    通信双方在协商一套最小的公共机密工具集之后,再进行端到端的认证。After the communication parties negotiate a set of the smallest public secret tools, they end-to-end authentication.
  17. 根据权利要求14所述的方法,其中,所述端到端的认证采用前向安全机制。The method of claim 14 wherein said end-to-end authentication employs a forward security mechanism.
  18. 根据权利要求1所述的方法,其中,所述签约数据对应一个AES随机密钥,所述AES随机密钥用于对所述签约数据进行加密。The method of claim 1, wherein the subscription data corresponds to an AES random key, and the AES random key is used to encrypt the subscription data.
  19. 根据权利要求18所述的方法,其中,所述方法还包括:The method of claim 18, wherein the method further comprises:
    在下载所述签约数据之前,与所述eUICC协商生成用于加密所述AES随机密钥的第一会话秘钥,在下载所述签约数据时,与所述eUICC协商生成用于对所述签约数据进行加密的第二会话秘钥。Before downloading the subscription data, the first session key used to encrypt the AES random key is generated in association with the eUICC, and when the subscription data is downloaded, the eUICC is negotiated to generate the subscription for the subscription. The second session key to which the data is encrypted.
  20. 根据权利要求1至19任意一项所述的方法,其中,所述网络服务平台包括:增强型用户管理数据准备SM-DP+。The method according to any one of claims 1 to 19, wherein the network service platform comprises: an enhanced user management data preparation SM-DP+.
  21. 一种eUICC签约数据的下载装置,应用于网络服务平台,包括:A download device for eUICC subscription data, applied to a network service platform, comprising:
    接收模块,设置为在所述网络服务平台完成签约数据准备后,接收运营商的下载请求;a receiving module, configured to receive a download request of the operator after the network service platform completes the subscription data preparation;
    判断模块,设置为在所述下载请求的触发下,判断所述eUICC是否符合签约数据的下载条件;a determining module, configured to determine, according to the triggering of the download request, whether the eUICC meets a download condition of the subscription data;
    指示模块,设置为在符合所述下载条件的情况下,向发现服务器DS发送用于指示安装发行者安全信息域ISD-P的请求,其中,ISD-P与所述签约数据对应。The indication module is configured to, when the download condition is met, send a request to the discovery server DS to indicate installation of the issuer security information domain ISD-P, wherein the ISD-P corresponds to the subscription data.
  22. 一种存储介质,所述存储介质存储有程序,其中,所述程序被处理器运行时实施权利要求1至19中任一项所述的方法。A storage medium storing a program, wherein the program is executed by a processor to perform the method of any one of claims 1 to 19.
  23. 一种装置,包括处理器以及存储有所述处理器可执行指令的存储器,当所述指令被处理器执行时,执行权利要求1至19中任一项所述的方法。An apparatus comprising a processor and a memory storing the processor-executable instructions, when the instructions are executed by the processor, performing the method of any one of claims 1 to 19.
PCT/CN2018/071950 2017-05-19 2018-01-09 Method and device for downloading euicc subscription data WO2018209986A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201710362982.2 2017-05-19
CN201710362982.2A CN108966208A (en) 2017-05-19 2017-05-19 The method for down loading and device of eUICC subscription data

Publications (1)

Publication Number Publication Date
WO2018209986A1 true WO2018209986A1 (en) 2018-11-22

Family

ID=64273423

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/071950 WO2018209986A1 (en) 2017-05-19 2018-01-09 Method and device for downloading euicc subscription data

Country Status (2)

Country Link
CN (1) CN108966208A (en)
WO (1) WO2018209986A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109688585A (en) * 2018-12-28 2019-04-26 卡斯柯信号有限公司 Vehicle-ground wireless communication encryption method and device applied to train monitoring system
CN112637848A (en) * 2020-12-18 2021-04-09 中国联合网络通信集团有限公司 Method, device and system for managing authentication application certificate

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112019995A (en) * 2019-05-28 2020-12-01 中国移动通信有限公司研究院 Data processing method and device, terminal card and data management platform
CN111935697B (en) * 2020-08-06 2022-08-19 中国联合网络通信集团有限公司 eSIM discovery service method, discovery server and eSIM terminal
CN115499821A (en) * 2022-07-25 2022-12-20 北京中电飞华通信有限公司 eSIM signing method and device
CN115499820A (en) * 2022-07-25 2022-12-20 北京中电飞华通信有限公司 eSIM aerial number writing system and method

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105050071A (en) * 2015-07-10 2015-11-11 惠州Tcl移动通信有限公司 Multi-equipment management method and system based on eUICC (Embedded Universal Integrated Circuit Card)
CN105122769A (en) * 2013-02-18 2015-12-02 欧贝特科技公司 Method for creating a profile in a security domain of a secured element
CN105792178A (en) * 2016-04-29 2016-07-20 宇龙计算机通信科技(深圳)有限公司 Method of generating and acquiring authorization used for deleting ISD-P domain and apparatus thereof
WO2016153281A1 (en) * 2015-03-25 2016-09-29 삼성전자 주식회사 Method and apparatus for downloading profile in wireless communication system

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104703170B (en) * 2013-12-05 2017-04-12 华为终端有限公司 Methods and equipment for downloading file of operator
CN110267254B (en) * 2014-05-23 2022-04-05 华为技术有限公司 eUICC management method, eUICC, SM platform and system
CN105101165A (en) * 2015-07-28 2015-11-25 中国联合网络通信集团有限公司 eUICC contract-signing data management method and platform

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105122769A (en) * 2013-02-18 2015-12-02 欧贝特科技公司 Method for creating a profile in a security domain of a secured element
WO2016153281A1 (en) * 2015-03-25 2016-09-29 삼성전자 주식회사 Method and apparatus for downloading profile in wireless communication system
CN105050071A (en) * 2015-07-10 2015-11-11 惠州Tcl移动通信有限公司 Multi-equipment management method and system based on eUICC (Embedded Universal Integrated Circuit Card)
CN105792178A (en) * 2016-04-29 2016-07-20 宇龙计算机通信科技(深圳)有限公司 Method of generating and acquiring authorization used for deleting ISD-P domain and apparatus thereof

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109688585A (en) * 2018-12-28 2019-04-26 卡斯柯信号有限公司 Vehicle-ground wireless communication encryption method and device applied to train monitoring system
CN109688585B (en) * 2018-12-28 2023-10-13 卡斯柯信号有限公司 Train-ground wireless communication encryption method and device applied to train monitoring system
CN112637848A (en) * 2020-12-18 2021-04-09 中国联合网络通信集团有限公司 Method, device and system for managing authentication application certificate
CN112637848B (en) * 2020-12-18 2023-03-14 中国联合网络通信集团有限公司 Method, device and system for managing authentication application certificate

Also Published As

Publication number Publication date
CN108966208A (en) 2018-12-07

Similar Documents

Publication Publication Date Title
WO2018209986A1 (en) Method and device for downloading euicc subscription data
US10362485B2 (en) Delegated profile and policy management
EP3629610B1 (en) Method and apparatus for managing embedded universal integrated circuit card configuration file
US8532301B2 (en) Key distribution method and system
RU2595904C2 (en) Methods and device for large-scale propagation of electronic access clients
US20180091978A1 (en) Universal Integrated Circuit Card Having A Virtual Subscriber Identity Module Functionality
KR101907814B1 (en) a remote subscription management method of the eUICC,
CN104519480B (en) Communication control unit, authentication device, central controller and communication system
US11849317B2 (en) Apparatus and method for SSP device and server to negotiate digital certificates
KR20130026958A (en) Method for verification of embedded uicc using euicc certificate, method for provisioning and mno switching, euicc, mno system and recording medium for the same
WO2018107718A1 (en) Method and device for assigning number to intelligent card over air
WO2019119267A1 (en) Profile management method, embedded universal integrated circuit card and terminal
KR20180093333A (en) Apparatus and Methods for Access Control on eSIM
KR20200048298A (en) Method and apparatus for managing bundles of smart secure platform
CN109963275B (en) Sending method and receiving method of subscription data and processing system of subscription data
WO2018107723A1 (en) Method and device for switching remote subscription management platform for intelligent card, intelligent card, and sm-sr
KR102462366B1 (en) APPRATUS AND METHOD FOR NEGOTIATING eUICC VERSION
JP7383693B2 (en) Profile remote management authority setting method, its device, and its system
WO2019223524A1 (en) Method, apparatus and system for managing issuer security information domain
KR102637120B1 (en) APPARATUS AND METHOD FOR MANAGING AUTHORIZATION OF INSTALLING AN eUICC PROFILE
US20220278985A1 (en) Method and device for transferring bundle between devices
KR20210020770A (en) Apparatus, and methods for secure device to device bundle transfer
CN116097636A (en) Apparatus and method for linking or profile transfer between devices
KR20200130044A (en) Apparatus and methods for managing and verifying digital certificates
KR20210020725A (en) Apparatus and methods for secure device to device bundle transfer

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18801263

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18801263

Country of ref document: EP

Kind code of ref document: A1