CN105792178A - Method of generating and acquiring authorization used for deleting ISD-P domain and apparatus thereof - Google Patents
Method of generating and acquiring authorization used for deleting ISD-P domain and apparatus thereof Download PDFInfo
- Publication number
- CN105792178A CN105792178A CN201610281301.5A CN201610281301A CN105792178A CN 105792178 A CN105792178 A CN 105792178A CN 201610281301 A CN201610281301 A CN 201610281301A CN 105792178 A CN105792178 A CN 105792178A
- Authority
- CN
- China
- Prior art keywords
- esim
- territory
- authorization message
- information
- identity information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/18—Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
- H04W8/183—Processing at user equipment or user record carrier
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/18—Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
Abstract
The invention discloses a method of generating and acquiring an authorization used for deleting an ISD-P domain and an apparatus thereof. The method of acquiring the authorization used for deleting the ISD-P domain comprises the following steps of emitting an instruction of acquiring authorization information to a mobile network operator (MNO), wherein the instruction is used for making the mobile network operator generate and return the authorization information used for deleting a certificate issuing party safety domain configuration (ISD-P) domain; and receiving the authorization information returned by the mobile network operator. By using the method and the system, a ''deletion authorization'' mechanism is realized; and through using the mechanism, safety of deleting the ISD-P domain on an eSIM card can be increased.
Description
Technical field
The present invention relates to field of mobile communication, particularly relate to a kind of generation and obtain for deleting ISD-P territory
The method and device of mandate.
Background technology
Along with the development of technology, eSIM (embedded Subscriber Identity Module, embedded visitor
Family identification module) card the most popular.
On eSIM card, foundation has multilevel security territory, and security domains at different levels are configured with ISD-P (Issuer Security
Domain Profile, certificate issue side's security domain configures) territory;Wherein, multiple ISD-P territories are mutually isolated,
Each ISD-P territory comprises the personal data such as operator files system and policy control rule.When one
ISD-P territory is signed with an operator MNO (Mobile Network Operator, Mobile Network Operator)
After about, ISD-P, MNO and SM-DP (Subscription Manager Data Preparation, signing pipe
Reason data prepare) establish corresponding relation.
At present, there is potential safety hazard, such as when eSIM card being deleted ISD-P: there may exist behaviour by mistake
The situations such as work or malicious operation.
Summary of the invention
The inventors found that the reason producing the problems referred to above is: prior art is not provided with " delete
Except authorizing " mechanism, eSIM is stuck in and there is no " delete and authorize " can delete ISD-P.
In view of defect and the above-mentioned discovery of prior art, it is an object of the invention to provide a kind of generation and acquisition use
In the method and device of the mandate deleting ISD-P territory, in order to solve deletion on eSIM card in prior art
The problem that there is potential safety hazard during ISD-P.
The object of the invention is mainly achieved through the following technical solutions:
According to an aspect of the present invention, the present invention provides a kind of acquisition for deleting the mandate in ISD-P territory
Method, including:
Send the instruction obtaining authorization message to Mobile Network Operator, described instruction is used for making described mobile network
Network operator generates and returns the authorization message for deleting security domain configuration territory, certificate issue side;
Receive the authorization message that described Mobile Network Operator returns.
According to another aspect of the present invention, the present invention also provides for a kind of generation for deleting awarding of ISD-P territory
The method of power, including:
Receive signing management data and prepare the instruction of the acquisition authorization message sent;
According to described instruction, generate the authorization message for deleting security domain configuration territory, certificate issue side;
Described authorization message returns to described signing management data prepare.
According to another aspect of the present invention, the present invention also provides for a kind of acquisition for deleting awarding of ISD-P territory
The device of power, including:
Authorization request module, for sending the instruction obtaining authorization message, described finger to Mobile Network Operator
Order is used for making described Mobile Network Operator generate and return for deleting security domain configuration territory, certificate issue side
Authorization message;
Authorize receiver module, for receiving the authorization message that described Mobile Network Operator returns.
According to another aspect of the present invention, the present invention also provides for a kind of generation for deleting awarding of ISD-P territory
The device of power, including:
Command reception module, prepares the instruction of the acquisition authorization message sent for receiving signing management data;
Authorize generation module, with according to described instruction, generate and be used for deleting security domain configuration territory, certificate issue side
Authorization message;
Authorizing and return module, preparing for described authorization message being returned to described signing management data.
The present invention has the beneficial effect that:
In the present invention, method and system achieve the mechanism that one " is deleted and authorized ", utilize this mechanism, permissible
It is effectively improved on eSIM card the safety deleting ISD-P territory.
Accompanying drawing explanation
Fig. 1 be in the embodiment of the present invention a kind of acquisition for deleting the method flow diagram of the mandate in ISD-P territory;
Fig. 2 be in the embodiment of the present invention a kind of generation for deleting the method flow diagram of the mandate in ISD-P territory;
Fig. 3 is the mutual schematic diagram of SM-DP and MNO in the embodiment of the present invention;
Fig. 4 be in the embodiment of the present invention a kind of acquisition for deleting the device schematic diagram of the mandate in ISD-P territory;
Fig. 5 be in the embodiment of the present invention a kind of generation for deleting the device schematic diagram of the mandate in ISD-P territory.
Detailed description of the invention
In order to solve to exist when prior art deletes ISD-P on eSIM card the problem of potential safety hazard, this
The bright method and device providing a kind of mandate generating and obtaining for deleting ISD-P territory, below in conjunction with attached
Figure and embodiment, be further elaborated to the present invention.Should be appreciated that described herein specifically
Embodiment, only in order to explain the present invention, does not limit the present invention.
Embodiment one
As it is shown in figure 1, a kind of method that the embodiment of the present invention provides mandate obtained for deleting ISD-P territory,
Described method is used for management data preparation (SM-DP) side of contracting, including:
S101, sends the instruction obtaining authorization message, described instruction to Mobile Network Operator (MNO)
For making described Mobile Network Operator generate and return for deleting the security domain configuration of certificate issue side
(ISD-P) authorization message in territory;
S102, receives the authorization message that described Mobile Network Operator returns.
Embodiment of the present invention SM-DP obtains the instruction of authorization message to MNO by sending, and makes MNO return
Return authorization message, it is achieved thereby that the mechanism of a kind of " delete and authorize ", utilize this mechanism, can effectively carry
The high safety deleting ISD-P territory on eSIM card.
One of the present invention preferred embodiment in, also said method is optimized, specifically,
Described method also includes:
Described Mobile Network Operator is carried out authentication;
After certification is passed through, send, to described Mobile Network Operator, the instruction that request authorizes.
Wherein, multiple authentication techniques can be used when carrying out authentication, including digital signature technology (i.e.,
Both sides send mutually oneself signature to the other side, allow the identity of the other side's certification oneself), cryptography authentication
Agreement etc..
By this preferred implementation, MNO is carried out authentication, can effectively prevent some from pretending
Some safety issues that MNO sends authorization message to SM-DP and causes.
One of the present invention preferred embodiment in, also said method is optimized, specifically,
Described method also includes:
Receive the solicited message in the security domain configuration territory, deletion certificate issue side that eSIM card sends;Described request
Information carry eSIM identity information, described certificate issue side security domain configuration territory positional information and to described
ESIM initiates the originator identity information of deletion action;
Described eSIM identity information, described positional information and described originator identity information are added to institute
State in the instruction that Mobile Network Operator request authorizes.
By this preferred implementation, MNO can be made to judge whether deletion action accords with according to the information in instruction
Close pre-defined rule, only when meeting pre-defined rule, just SM-DP generated and return authorization message, from
And the safety in ISD-P territory is deleted in significantly more efficient raising on eSIM card.
One of the present invention preferred embodiment in, also said method is optimized, specifically,
Described method also includes:
The described authorization message obtained is sent to described eSIM card, so that described eSIM card is according to described
Authorization message deletes security domain configuration territory, certificate issue side.
By this preferred implementation so that SM-DP is safer when deleting the ISD-P territory of eSIM card
Effectively.
Specifically, the described described authorization message by acquisition is sent to described eSIM card, so that described eSIM
Block the step deleting security domain configuration territory, certificate issue side according to described authorization message, including:
From the described authorization message obtained, parse eSIM identity information, certificate issue side's security domain is joined
Put the positional information in territory and confirm deletion information;
According to the eSIM identity information parsed, described authorization message is sent to the described eSIM of correspondence
Card, so that described eSIM card is according to the described confirmation deletion information parsed and described certificate issue side safety
The positional information in configuration territory, territory, deletes corresponding security domain configuration territory, described certificate issue side.
One of the present invention preferred embodiment in, also said method is optimized, specifically,
Described method also includes:
The described authorization message received is verified.
By this preferred implementation, SM-DP can be made to receive the authorization message of camouflage, thus avoid
Some unsafe deletion actions.
Embodiment two
As in figure 2 it is shown, a kind of method that the embodiment of the present invention provides mandate generated for deleting ISD-P territory,
Described method is used for Mobile Network Operator side, including:
S201, receives signing management data and prepares the instruction of the acquisition authorization message sent;
S202, according to described instruction, generates the authorization message for deleting security domain configuration territory, certificate issue side;
S203, returns to described authorization message described signing management data and prepares.
Embodiment of the present invention MNO is by obtaining the instruction of SM-DP, thus generates and return and be used for deleting
The authorization message in security domain configuration territory, certificate issue side, it is achieved thereby that the mechanism of a kind of " delete and authorize ",
Utilize this mechanism, the safety deleting ISD-P territory can be effectively improved on eSIM card.
One of the present invention preferred embodiment in, also said method is optimized, specifically,
Described method also includes:
Described signing management data are ready for authentication;
After certification is passed through, according to described instruction, generate for deleting awarding of security domain configuration territory, certificate issue side
Power information.
By this preferred implementation, SM-DP is carried out authentication, can effectively prevent some from pretending
SM-DP MNO is sent the instruction obtaining authorization message, and some safety issues caused.
One of the present invention preferred embodiment in, also said method is optimized, specifically,
Described method also includes:
Instruction to receiving is verified.
By this preferred implementation, improve the safety deleting ISD-P territory on eSIM card further.
Specifically, the step that the described instruction to receiving is verified, including:
Step 1, parses eSIM identity information, described certificate issue side security domain is joined from described instruction
Put the positional information in territory and initiate the originator identity information of deletion action to described eSIM;
Step 2, according to described eSIM identity information, described positional information and described originator identity information,
Judge whether deletion action meets pre-defined rule;
Wherein, pre-defined rule is not specifically limited, and arbitrarily can arrange according to prior art;Such as, this step
Rapid when implementing, can by arranging promoter's code, if the promoter's code error in Zhi Ling,
Then do not meet pre-defined rule;And for example, by arranging location information code and eSIM card corresponding relation, if
Corresponding relation in instruction is not inconsistent with aforementioned corresponding relation, then do not meet pre-defined rule.
ESIM identity information includes that integrated circuit card ID (ECCID) mark of eSIM and eUICC-ID mark
Know.To described eSIM initiate deletion action originator identity information can be arranged to the form of identity,
Promoter includes in MNO, various application and user (the deletion instruction that such as user sends) any one.
The positional information in certificate issue side security domain configuration territory includes in the ID mark of routing information and ISD-P at least
A kind of.
Step 3, when judging to meet pre-defined rule, generates and is used for deleting security domain configuration territory, certificate issue side
Authorization message.
In this concrete mode, by eSIM identity information, positional information and originator identity information, it is judged that
Whether deletion action meets pre-defined rule, when meeting pre-defined rule, is used for deleting certificate issue side in generation
The authorization message in security domain configuration territory, improves the safety generating authorization message further, thus improves
The safety in ISD-P territory is deleted on eSIM card.
One of the present invention preferred embodiment in, also said method is optimized, specifically,
Described method also includes:
When judging to meet pre-defined rule, generate and confirm deletion information, and by described confirmation deletion information, institute
State eSIM identity information, described positional information and described originator identity information to add to and award described in generation
In power information.
By this optimal way, SM-DP can be made to pass through the information in authorization message, authorization message is entered
Row checking, improves the safety deleting ISD-P territory on eSIM card further.
Hereinafter describe the SM-DP of method in the application embodiment of the present invention one by a concrete application examples and apply this
In inventive embodiments two, the MNO's of method is mutual.As shown in Figure 3:
Step 1, both sides are mutually authenticated.Certification can use multiple authentication techniques, including digital signature technology
(that is, both sides send mutually oneself signature to the other side, allow the identity of the other side's certification oneself), cryptography body
Part authentication protocol etc..
Step 2, if authentification failure, terminates.
Step 3, SM-DP request ISD-P deletes and authorizes.Sent the content that request message includes: eSIM
Integrated circuit card ID (ECCID) mark, eUICC-ID mark, target ISD-P ID mark,
The identity of deletion action promoter.
Step 4, MNO generates authorization message.Authorization messages should include: all the elements that SM-DP sends,
One confirms the information of deletion, the signature to above-mentioned all the elements and confirmation.
Step 5, MNO sends authorization message.
Step 6, SM-DP receives and verifies authorization message.SM-DP checking is from the authorization message of MNO
Time, the mainly signature of checking MNO is the most correct, if correct, think and have received correct mandate.
Step 7, SM-DP authorization message authentication failed, terminate.
Embodiment three
As shown in Figure 4, the embodiment of the present invention provides the device of a kind of mandate obtained for deleting ISD-P territory,
The device embodiment of embodiment one correspondence, described device is used for management data preparation side of contracting, including:
Authorization request module, for sending the instruction obtaining authorization message, described finger to Mobile Network Operator
Order is used for making described Mobile Network Operator generate and return for deleting security domain configuration territory, certificate issue side
Authorization message;
Authorize receiver module, for receiving the authorization message that described Mobile Network Operator returns.
Embodiment of the present invention MNO is by authorization request module and authorizes receiver module to achieve one " deletion
Authorize " mechanism, utilize this mechanism, can be effectively improved on eSIM card deletion ISD-P territory safety
Property.
One of the present invention preferred embodiment in, also said apparatus is optimized, specifically,
Described device also includes:
Authentication module, for carrying out authentication to described Mobile Network Operator;
After certification is passed through, trigger described authorization request module and send, to Mobile Network Operator, the finger that request authorizes
Order.
One of the present invention preferred embodiment in, also said apparatus is optimized, specifically,
Described device also includes:
Information receiving module, the deletion certificate issue side security domain sent for receiving eSIM card configures territory
Solicited message;Described solicited message carries eSIM identity information, described certificate issue side security domain configuration territory
Positional information and to described eSIM initiate deletion action originator identity information;
Information adds module, for by described eSIM identity information, described positional information and described promoter
Identity information adds in the instruction that the request of described Mobile Network Operator authorizes.
One of the present invention preferred embodiment in, also said apparatus is optimized, specifically,
Described device also includes:
Authorize removing module, for the described authorization message obtained is sent to described eSIM card, so that institute
State eSIM card and delete security domain configuration territory, certificate issue side according to described authorization message.
Wherein, authorize removing module, specifically for, from the described authorization message obtained, parsing eSIM
Identity information, certificate issue side's security domain configure the positional information in territory and confirm deletion information;
According to the eSIM identity information parsed, described authorization message is sent to the described eSIM of correspondence
Card, so that described eSIM card is according to the described confirmation deletion information parsed and described certificate issue side safety
The positional information in configuration territory, territory, deletes corresponding security domain configuration territory, described certificate issue side.
One of the present invention preferred embodiment in, also said apparatus is optimized, specifically,
Described device also includes:
Authority checking module, for verifying the described authorization message received.
Embodiment four
As it is shown in figure 5, the embodiment of the present invention provides the device of a kind of mandate generated for deleting ISD-P territory,
The device embodiment of embodiment two correspondence, described device is used for Mobile Network Operator side, including:
Command reception module, prepares the instruction of the acquisition authorization message sent for receiving signing management data;
Authorize generation module, with according to described instruction, generate and be used for deleting security domain configuration territory, certificate issue side
Authorization message;
Authorizing and return module, preparing for described authorization message being returned to described signing management data.
Embodiment of the present invention MNO is by command reception module, mandate generation module and authorizes return module real
Show the mechanism of a kind of " delete and authorize ", utilized this mechanism, deletion can be effectively improved on eSIM card
The safety in ISD-P territory.
One of the present invention preferred embodiment in, also said apparatus is optimized, specifically,
Described device also includes:
Identification authenticating unit, for being ready for authentication to described signing management data;
After certification is passed through, trigger and authorize generation module according to described instruction, generate and be used for deleting certificate issue side
The authorization message in security domain configuration territory.
One of the present invention preferred embodiment in, also said apparatus is optimized, specifically,
Described device also includes:
Command verification module, for verifying the instruction received.
Wherein, command verification module, specifically for parsing eSIM identity information, institute from described instruction
State the positional information in security domain configuration territory, certificate issue side and initiate the promoter of deletion action to described eSIM
Identity information;
According to described eSIM identity information, described positional information and described originator identity information, it is judged that delete
Except whether action meets pre-defined rule;
When judging to meet pre-defined rule, generate the mandate letter for deleting security domain configuration territory, certificate issue side
Breath.
One of the present invention preferred embodiment in, also said apparatus is optimized, specifically,
Described device also includes:
Information adding device, for when judging to meet pre-defined rule, generating and confirm deletion information, and by institute
State confirmation deletion information, described eSIM identity information, described positional information and described originator identity information
Add in the described authorization message of generation.
Although being example purpose, having been disclosed for the preferred embodiments of the present invention, those skilled in the art will
It is also possible for recognizing various improvement, increasing and replace, therefore, on the scope of the present invention should be not limited to
State embodiment.
Claims (14)
1. the method for the mandate obtained for deleting ISD-P territory, it is characterised in that including:
Send the instruction obtaining authorization message to Mobile Network Operator, described instruction is used for making described mobile network
Network operator generates and returns the authorization message for deleting security domain configuration territory, certificate issue side;
Receive the authorization message that described Mobile Network Operator returns.
2. the method for claim 1, it is characterised in that described method also includes:
Receive the solicited message in the security domain configuration territory, deletion certificate issue side that eSIM card sends;Described request
Information carry eSIM identity information, described certificate issue side security domain configuration territory positional information and to described
ESIM initiates the originator identity information of deletion action;
Described eSIM identity information, described positional information and described originator identity information are added to institute
State in the instruction that Mobile Network Operator request authorizes.
3. method as claimed in claim 1 or 2, it is characterised in that described method also includes:
The described authorization message obtained is sent to described eSIM card, so that described eSIM card is according to described
Authorization message deletes security domain configuration territory, certificate issue side.
4. method as claimed in claim 3, it is characterised in that the described described authorization message that will obtain
It is sent to described eSIM card, so that described eSIM card deletes certificate issue Fang An according to described authorization message
The step in universe configuration territory, including:
From the described authorization message obtained, parse eSIM identity information, certificate issue side's security domain is joined
Put the positional information in territory and confirm deletion information;
According to the eSIM identity information parsed, described authorization message is sent to the described eSIM of correspondence
Card, so that described eSIM card is according to the described confirmation deletion information parsed and described certificate issue side safety
The positional information in configuration territory, territory, deletes corresponding security domain configuration territory, described certificate issue side.
5. the method for the mandate generated for deleting ISD-P territory, it is characterised in that including:
Receive signing management data and prepare the instruction of the acquisition authorization message sent;
According to described instruction, generate the authorization message for deleting security domain configuration territory, certificate issue side;
Described authorization message returns to described signing management data prepare.
6. method as claimed in claim 5, it is characterised in that described method also includes:
ESIM identity information, the position in described certificate issue side security domain configuration territory is parsed from described instruction
Confidence breath and the originator identity information to described eSIM initiation deletion action;
According to described eSIM identity information, described positional information and described originator identity information, it is judged that delete
Except whether action meets pre-defined rule;
When judging to meet pre-defined rule, generate the mandate letter for deleting security domain configuration territory, certificate issue side
Breath.
7. the method as described in claim 5 or 6, it is characterised in that described method also includes:
When judging to meet pre-defined rule, generate and confirm deletion information, and by described confirmation deletion information, institute
State eSIM identity information, described positional information and described originator identity information to add to and award described in generation
In power information.
8. the device of the mandate obtained for deleting ISD-P territory, it is characterised in that including:
Authorization request module, for sending the instruction obtaining authorization message, described finger to Mobile Network Operator
Order is used for making described Mobile Network Operator generate and return for deleting security domain configuration territory, certificate issue side
Authorization message;
Authorize receiver module, for receiving the authorization message that described Mobile Network Operator returns.
9. device as claimed in claim 8, it is characterised in that described device also includes:
Information receiving module, the deletion certificate issue side security domain sent for receiving eSIM card configures territory
Solicited message;Described solicited message carries eSIM identity information, described certificate issue side security domain configuration territory
Positional information and to described eSIM initiate deletion action originator identity information;
Information adds module, for by described eSIM identity information, described positional information and described promoter
Identity information adds in the instruction that the request of described Mobile Network Operator authorizes.
10. device as claimed in claim 8 or 9, it is characterised in that described device also includes:
Authorize removing module, for the described authorization message obtained is sent to described eSIM card, so that institute
State eSIM card and delete security domain configuration territory, certificate issue side according to described authorization message.
11. devices as claimed in claim 10, it is characterised in that shown mandate removing module, specifically
For, from the described authorization message obtained, parsing eSIM identity information, certificate issue side's security domain is joined
Put the positional information in territory and confirm deletion information;
According to the eSIM identity information parsed, described authorization message is sent to the described eSIM of correspondence
Card, so that described eSIM card is according to the described confirmation deletion information parsed and described certificate issue side safety
The positional information in configuration territory, territory, deletes corresponding security domain configuration territory, described certificate issue side.
The device of 12. 1 kinds of mandates generated for deleting ISD-P territory, it is characterised in that including:
Command reception module, prepares the instruction of the acquisition authorization message sent for receiving signing management data;
Authorize generation module, with according to described instruction, generate and be used for deleting security domain configuration territory, certificate issue side
Authorization message;
Authorizing and return module, preparing for described authorization message being returned to described signing management data.
13. devices as claimed in claim 12, it is characterised in that described device also includes:
Command verification module, for parsing eSIM identity information, described certificate issue from described instruction
The positional information in security domain configuration territory, side and the originator identity information to described eSIM initiation deletion action;
According to described eSIM identity information, described positional information and described originator identity information, it is judged that delete
Except whether action meets pre-defined rule;
When judging to meet pre-defined rule, trigger described mandate generation module and generate for deleting certificate issue side
The authorization message in security domain configuration territory.
14. devices as described in claim 12 or 13, it is characterised in that described device also includes:
Information adding device, for when judging to meet pre-defined rule, generating and confirm deletion information, and by institute
State confirmation deletion information, described eSIM identity information, described positional information and described originator identity information
Add in the described authorization message of generation.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610281301.5A CN105792178A (en) | 2016-04-29 | 2016-04-29 | Method of generating and acquiring authorization used for deleting ISD-P domain and apparatus thereof |
PCT/CN2016/084071 WO2017185458A1 (en) | 2016-04-29 | 2016-05-31 | Method and device for generating and acquiring authorization for deleting isd-p domain |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610281301.5A CN105792178A (en) | 2016-04-29 | 2016-04-29 | Method of generating and acquiring authorization used for deleting ISD-P domain and apparatus thereof |
Publications (1)
Publication Number | Publication Date |
---|---|
CN105792178A true CN105792178A (en) | 2016-07-20 |
Family
ID=56400226
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610281301.5A Pending CN105792178A (en) | 2016-04-29 | 2016-04-29 | Method of generating and acquiring authorization used for deleting ISD-P domain and apparatus thereof |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN105792178A (en) |
WO (1) | WO2017185458A1 (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108235821A (en) * | 2016-11-30 | 2018-06-29 | 华为技术有限公司 | A kind of method and apparatus for obtaining authority |
CN108574683A (en) * | 2017-03-13 | 2018-09-25 | 中兴通讯股份有限公司 | Subscription data processing method, signing management server and subscription data processing unit |
WO2018209986A1 (en) * | 2017-05-19 | 2018-11-22 | 中兴通讯股份有限公司 | Method and device for downloading euicc subscription data |
CN110121859A (en) * | 2017-08-28 | 2019-08-13 | 华为技术有限公司 | A kind of Information Authentication method and relevant device |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140237101A1 (en) * | 2011-09-28 | 2014-08-21 | Kt Corporation | Profile management method, embedded uicc, and device provided with the embedded uicc |
CN105050071A (en) * | 2015-07-10 | 2015-11-11 | 惠州Tcl移动通信有限公司 | Multi-equipment management method and system based on eUICC (Embedded Universal Integrated Circuit Card) |
US20160007188A1 (en) * | 2014-09-17 | 2016-01-07 | Simless, Inc. | Apparatuses, methods and systems for implementing a trusted subscription management platform |
CN105282732A (en) * | 2014-07-17 | 2016-01-27 | 三星电子株式会社 | Method and device for updating profile management server |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101282330B (en) * | 2007-04-04 | 2013-08-28 | 华为技术有限公司 | Method and apparatus for managing network memory access authority, network memory access control method |
KR20130012243A (en) * | 2011-07-08 | 2013-02-01 | 주식회사 케이티 | Method for changing mno of embedded sim based on privilege, embedded sim and recording medium for the same |
KR20130006258A (en) * | 2011-07-08 | 2013-01-16 | 주식회사 케이티 | Method for changing mno of embedded sim based on dynamic key generation, embedded sim and recording medium for the same |
CN102970137A (en) * | 2011-08-31 | 2013-03-13 | 北京中电华大电子设计有限责任公司 | Safe issuing method of multi-functional intelligent card |
JP6006533B2 (en) * | 2012-05-25 | 2016-10-12 | キヤノン株式会社 | Authorization server and client device, server linkage system, and token management method |
CN103957210B (en) * | 2014-04-30 | 2017-10-20 | 捷德(中国)信息科技有限公司 | Smart card and its method of controlling security, device and system |
-
2016
- 2016-04-29 CN CN201610281301.5A patent/CN105792178A/en active Pending
- 2016-05-31 WO PCT/CN2016/084071 patent/WO2017185458A1/en active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140237101A1 (en) * | 2011-09-28 | 2014-08-21 | Kt Corporation | Profile management method, embedded uicc, and device provided with the embedded uicc |
CN105282732A (en) * | 2014-07-17 | 2016-01-27 | 三星电子株式会社 | Method and device for updating profile management server |
US20160007188A1 (en) * | 2014-09-17 | 2016-01-07 | Simless, Inc. | Apparatuses, methods and systems for implementing a trusted subscription management platform |
CN105050071A (en) * | 2015-07-10 | 2015-11-11 | 惠州Tcl移动通信有限公司 | Multi-equipment management method and system based on eUICC (Embedded Universal Integrated Circuit Card) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108235821A (en) * | 2016-11-30 | 2018-06-29 | 华为技术有限公司 | A kind of method and apparatus for obtaining authority |
CN108235821B (en) * | 2016-11-30 | 2020-05-08 | 华为技术有限公司 | Method and device for obtaining authorization file |
CN108574683A (en) * | 2017-03-13 | 2018-09-25 | 中兴通讯股份有限公司 | Subscription data processing method, signing management server and subscription data processing unit |
WO2018209986A1 (en) * | 2017-05-19 | 2018-11-22 | 中兴通讯股份有限公司 | Method and device for downloading euicc subscription data |
CN110121859A (en) * | 2017-08-28 | 2019-08-13 | 华为技术有限公司 | A kind of Information Authentication method and relevant device |
CN110121859B (en) * | 2017-08-28 | 2021-01-15 | 华为技术有限公司 | Information verification method and related equipment |
US11234131B2 (en) | 2017-08-28 | 2022-01-25 | Huawei Technologies Co., Ltd. | Information verification method and related device |
Also Published As
Publication number | Publication date |
---|---|
WO2017185458A1 (en) | 2017-11-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105847247A (en) | Authentication system and working method thereof | |
CN108512862A (en) | Internet-of-things terminal safety certification control platform based on no certificates identified authentication techniques | |
CN102469453B (en) | Security certificate method | |
CN105262774A (en) | Remote login method | |
CN105187431A (en) | Log-in method, server, client and communication system for third party application | |
CN104125565A (en) | Method for realizing terminal authentication based on OMA DM, terminal and server | |
KR101028882B1 (en) | System and method for providing user authentication one time password using a wireless mobile terminal | |
CN104811455A (en) | Cloud computing identity authentication method | |
CN104301110A (en) | Authentication method, authentication device and system applied to intelligent terminal | |
CN108880822A (en) | A kind of identity identifying method, device, system and a kind of intelligent wireless device | |
CN105450658B (en) | A kind of system login method and device | |
CN105792178A (en) | Method of generating and acquiring authorization used for deleting ISD-P domain and apparatus thereof | |
CN103401868A (en) | Temporary authorization method for mobile communication equipment of authorizing party and authorized party and temporary authorization management method and device for manager | |
CN107612949B (en) | Wireless intelligent terminal access authentication method and system based on radio frequency fingerprint | |
CN106713279A (en) | Video terminal identity authentication system | |
EP2384038A1 (en) | Method, system and terminal device for realizing locking network by terminal device | |
CN111783068A (en) | Device authentication method, system, electronic device and storage medium | |
CN103944861A (en) | Voice verification system | |
CN107592314A (en) | A kind of order line authority control method and device | |
CN103905194A (en) | Identity traceability authentication method and system | |
CN108900306A (en) | A kind of production method and system of wireless router digital certificate | |
CN112640385A (en) | Non-3 GPP device access to core network | |
CN109583154A (en) | A kind of system and method based on Web middleware access intelligent code key | |
CN104486322B (en) | Terminal access authentication authorization method and terminal access authentication authoring system | |
CN104717649A (en) | Method for remote control over wiping of software data of mobile terminal |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160720 |
|
RJ01 | Rejection of invention patent application after publication |