CN105792178A - Method of generating and acquiring authorization used for deleting ISD-P domain and apparatus thereof - Google Patents

Method of generating and acquiring authorization used for deleting ISD-P domain and apparatus thereof Download PDF

Info

Publication number
CN105792178A
CN105792178A CN201610281301.5A CN201610281301A CN105792178A CN 105792178 A CN105792178 A CN 105792178A CN 201610281301 A CN201610281301 A CN 201610281301A CN 105792178 A CN105792178 A CN 105792178A
Authority
CN
China
Prior art keywords
esim
territory
authorization message
information
identity information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610281301.5A
Other languages
Chinese (zh)
Inventor
钟焰涛
傅文治
蒋罗
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Yulong Computer Telecommunication Scientific Shenzhen Co Ltd
Original Assignee
Yulong Computer Telecommunication Scientific Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Yulong Computer Telecommunication Scientific Shenzhen Co Ltd filed Critical Yulong Computer Telecommunication Scientific Shenzhen Co Ltd
Priority to CN201610281301.5A priority Critical patent/CN105792178A/en
Priority to PCT/CN2016/084071 priority patent/WO2017185458A1/en
Publication of CN105792178A publication Critical patent/CN105792178A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • H04W8/183Processing at user equipment or user record carrier
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Abstract

The invention discloses a method of generating and acquiring an authorization used for deleting an ISD-P domain and an apparatus thereof. The method of acquiring the authorization used for deleting the ISD-P domain comprises the following steps of emitting an instruction of acquiring authorization information to a mobile network operator (MNO), wherein the instruction is used for making the mobile network operator generate and return the authorization information used for deleting a certificate issuing party safety domain configuration (ISD-P) domain; and receiving the authorization information returned by the mobile network operator. By using the method and the system, a ''deletion authorization'' mechanism is realized; and through using the mechanism, safety of deleting the ISD-P domain on an eSIM card can be increased.

Description

Generate and obtain the method and device being used for deleting the mandate in ISD-P territory
Technical field
The present invention relates to field of mobile communication, particularly relate to a kind of generation and obtain for deleting ISD-P territory The method and device of mandate.
Background technology
Along with the development of technology, eSIM (embedded Subscriber Identity Module, embedded visitor Family identification module) card the most popular.
On eSIM card, foundation has multilevel security territory, and security domains at different levels are configured with ISD-P (Issuer Security Domain Profile, certificate issue side's security domain configures) territory;Wherein, multiple ISD-P territories are mutually isolated, Each ISD-P territory comprises the personal data such as operator files system and policy control rule.When one ISD-P territory is signed with an operator MNO (Mobile Network Operator, Mobile Network Operator) After about, ISD-P, MNO and SM-DP (Subscription Manager Data Preparation, signing pipe Reason data prepare) establish corresponding relation.
At present, there is potential safety hazard, such as when eSIM card being deleted ISD-P: there may exist behaviour by mistake The situations such as work or malicious operation.
Summary of the invention
The inventors found that the reason producing the problems referred to above is: prior art is not provided with " delete Except authorizing " mechanism, eSIM is stuck in and there is no " delete and authorize " can delete ISD-P.
In view of defect and the above-mentioned discovery of prior art, it is an object of the invention to provide a kind of generation and acquisition use In the method and device of the mandate deleting ISD-P territory, in order to solve deletion on eSIM card in prior art The problem that there is potential safety hazard during ISD-P.
The object of the invention is mainly achieved through the following technical solutions:
According to an aspect of the present invention, the present invention provides a kind of acquisition for deleting the mandate in ISD-P territory Method, including:
Send the instruction obtaining authorization message to Mobile Network Operator, described instruction is used for making described mobile network Network operator generates and returns the authorization message for deleting security domain configuration territory, certificate issue side;
Receive the authorization message that described Mobile Network Operator returns.
According to another aspect of the present invention, the present invention also provides for a kind of generation for deleting awarding of ISD-P territory The method of power, including:
Receive signing management data and prepare the instruction of the acquisition authorization message sent;
According to described instruction, generate the authorization message for deleting security domain configuration territory, certificate issue side;
Described authorization message returns to described signing management data prepare.
According to another aspect of the present invention, the present invention also provides for a kind of acquisition for deleting awarding of ISD-P territory The device of power, including:
Authorization request module, for sending the instruction obtaining authorization message, described finger to Mobile Network Operator Order is used for making described Mobile Network Operator generate and return for deleting security domain configuration territory, certificate issue side Authorization message;
Authorize receiver module, for receiving the authorization message that described Mobile Network Operator returns.
According to another aspect of the present invention, the present invention also provides for a kind of generation for deleting awarding of ISD-P territory The device of power, including:
Command reception module, prepares the instruction of the acquisition authorization message sent for receiving signing management data;
Authorize generation module, with according to described instruction, generate and be used for deleting security domain configuration territory, certificate issue side Authorization message;
Authorizing and return module, preparing for described authorization message being returned to described signing management data.
The present invention has the beneficial effect that:
In the present invention, method and system achieve the mechanism that one " is deleted and authorized ", utilize this mechanism, permissible It is effectively improved on eSIM card the safety deleting ISD-P territory.
Accompanying drawing explanation
Fig. 1 be in the embodiment of the present invention a kind of acquisition for deleting the method flow diagram of the mandate in ISD-P territory;
Fig. 2 be in the embodiment of the present invention a kind of generation for deleting the method flow diagram of the mandate in ISD-P territory;
Fig. 3 is the mutual schematic diagram of SM-DP and MNO in the embodiment of the present invention;
Fig. 4 be in the embodiment of the present invention a kind of acquisition for deleting the device schematic diagram of the mandate in ISD-P territory;
Fig. 5 be in the embodiment of the present invention a kind of generation for deleting the device schematic diagram of the mandate in ISD-P territory.
Detailed description of the invention
In order to solve to exist when prior art deletes ISD-P on eSIM card the problem of potential safety hazard, this The bright method and device providing a kind of mandate generating and obtaining for deleting ISD-P territory, below in conjunction with attached Figure and embodiment, be further elaborated to the present invention.Should be appreciated that described herein specifically Embodiment, only in order to explain the present invention, does not limit the present invention.
Embodiment one
As it is shown in figure 1, a kind of method that the embodiment of the present invention provides mandate obtained for deleting ISD-P territory, Described method is used for management data preparation (SM-DP) side of contracting, including:
S101, sends the instruction obtaining authorization message, described instruction to Mobile Network Operator (MNO) For making described Mobile Network Operator generate and return for deleting the security domain configuration of certificate issue side (ISD-P) authorization message in territory;
S102, receives the authorization message that described Mobile Network Operator returns.
Embodiment of the present invention SM-DP obtains the instruction of authorization message to MNO by sending, and makes MNO return Return authorization message, it is achieved thereby that the mechanism of a kind of " delete and authorize ", utilize this mechanism, can effectively carry The high safety deleting ISD-P territory on eSIM card.
One of the present invention preferred embodiment in, also said method is optimized, specifically, Described method also includes:
Described Mobile Network Operator is carried out authentication;
After certification is passed through, send, to described Mobile Network Operator, the instruction that request authorizes.
Wherein, multiple authentication techniques can be used when carrying out authentication, including digital signature technology (i.e., Both sides send mutually oneself signature to the other side, allow the identity of the other side's certification oneself), cryptography authentication Agreement etc..
By this preferred implementation, MNO is carried out authentication, can effectively prevent some from pretending Some safety issues that MNO sends authorization message to SM-DP and causes.
One of the present invention preferred embodiment in, also said method is optimized, specifically, Described method also includes:
Receive the solicited message in the security domain configuration territory, deletion certificate issue side that eSIM card sends;Described request Information carry eSIM identity information, described certificate issue side security domain configuration territory positional information and to described ESIM initiates the originator identity information of deletion action;
Described eSIM identity information, described positional information and described originator identity information are added to institute State in the instruction that Mobile Network Operator request authorizes.
By this preferred implementation, MNO can be made to judge whether deletion action accords with according to the information in instruction Close pre-defined rule, only when meeting pre-defined rule, just SM-DP generated and return authorization message, from And the safety in ISD-P territory is deleted in significantly more efficient raising on eSIM card.
One of the present invention preferred embodiment in, also said method is optimized, specifically, Described method also includes:
The described authorization message obtained is sent to described eSIM card, so that described eSIM card is according to described Authorization message deletes security domain configuration territory, certificate issue side.
By this preferred implementation so that SM-DP is safer when deleting the ISD-P territory of eSIM card Effectively.
Specifically, the described described authorization message by acquisition is sent to described eSIM card, so that described eSIM Block the step deleting security domain configuration territory, certificate issue side according to described authorization message, including:
From the described authorization message obtained, parse eSIM identity information, certificate issue side's security domain is joined Put the positional information in territory and confirm deletion information;
According to the eSIM identity information parsed, described authorization message is sent to the described eSIM of correspondence Card, so that described eSIM card is according to the described confirmation deletion information parsed and described certificate issue side safety The positional information in configuration territory, territory, deletes corresponding security domain configuration territory, described certificate issue side.
One of the present invention preferred embodiment in, also said method is optimized, specifically, Described method also includes:
The described authorization message received is verified.
By this preferred implementation, SM-DP can be made to receive the authorization message of camouflage, thus avoid Some unsafe deletion actions.
Embodiment two
As in figure 2 it is shown, a kind of method that the embodiment of the present invention provides mandate generated for deleting ISD-P territory, Described method is used for Mobile Network Operator side, including:
S201, receives signing management data and prepares the instruction of the acquisition authorization message sent;
S202, according to described instruction, generates the authorization message for deleting security domain configuration territory, certificate issue side;
S203, returns to described authorization message described signing management data and prepares.
Embodiment of the present invention MNO is by obtaining the instruction of SM-DP, thus generates and return and be used for deleting The authorization message in security domain configuration territory, certificate issue side, it is achieved thereby that the mechanism of a kind of " delete and authorize ", Utilize this mechanism, the safety deleting ISD-P territory can be effectively improved on eSIM card.
One of the present invention preferred embodiment in, also said method is optimized, specifically, Described method also includes:
Described signing management data are ready for authentication;
After certification is passed through, according to described instruction, generate for deleting awarding of security domain configuration territory, certificate issue side Power information.
By this preferred implementation, SM-DP is carried out authentication, can effectively prevent some from pretending SM-DP MNO is sent the instruction obtaining authorization message, and some safety issues caused.
One of the present invention preferred embodiment in, also said method is optimized, specifically, Described method also includes:
Instruction to receiving is verified.
By this preferred implementation, improve the safety deleting ISD-P territory on eSIM card further.
Specifically, the step that the described instruction to receiving is verified, including:
Step 1, parses eSIM identity information, described certificate issue side security domain is joined from described instruction Put the positional information in territory and initiate the originator identity information of deletion action to described eSIM;
Step 2, according to described eSIM identity information, described positional information and described originator identity information, Judge whether deletion action meets pre-defined rule;
Wherein, pre-defined rule is not specifically limited, and arbitrarily can arrange according to prior art;Such as, this step Rapid when implementing, can by arranging promoter's code, if the promoter's code error in Zhi Ling, Then do not meet pre-defined rule;And for example, by arranging location information code and eSIM card corresponding relation, if Corresponding relation in instruction is not inconsistent with aforementioned corresponding relation, then do not meet pre-defined rule.
ESIM identity information includes that integrated circuit card ID (ECCID) mark of eSIM and eUICC-ID mark Know.To described eSIM initiate deletion action originator identity information can be arranged to the form of identity, Promoter includes in MNO, various application and user (the deletion instruction that such as user sends) any one. The positional information in certificate issue side security domain configuration territory includes in the ID mark of routing information and ISD-P at least A kind of.
Step 3, when judging to meet pre-defined rule, generates and is used for deleting security domain configuration territory, certificate issue side Authorization message.
In this concrete mode, by eSIM identity information, positional information and originator identity information, it is judged that Whether deletion action meets pre-defined rule, when meeting pre-defined rule, is used for deleting certificate issue side in generation The authorization message in security domain configuration territory, improves the safety generating authorization message further, thus improves The safety in ISD-P territory is deleted on eSIM card.
One of the present invention preferred embodiment in, also said method is optimized, specifically, Described method also includes:
When judging to meet pre-defined rule, generate and confirm deletion information, and by described confirmation deletion information, institute State eSIM identity information, described positional information and described originator identity information to add to and award described in generation In power information.
By this optimal way, SM-DP can be made to pass through the information in authorization message, authorization message is entered Row checking, improves the safety deleting ISD-P territory on eSIM card further.
Hereinafter describe the SM-DP of method in the application embodiment of the present invention one by a concrete application examples and apply this In inventive embodiments two, the MNO's of method is mutual.As shown in Figure 3:
Step 1, both sides are mutually authenticated.Certification can use multiple authentication techniques, including digital signature technology (that is, both sides send mutually oneself signature to the other side, allow the identity of the other side's certification oneself), cryptography body Part authentication protocol etc..
Step 2, if authentification failure, terminates.
Step 3, SM-DP request ISD-P deletes and authorizes.Sent the content that request message includes: eSIM Integrated circuit card ID (ECCID) mark, eUICC-ID mark, target ISD-P ID mark, The identity of deletion action promoter.
Step 4, MNO generates authorization message.Authorization messages should include: all the elements that SM-DP sends, One confirms the information of deletion, the signature to above-mentioned all the elements and confirmation.
Step 5, MNO sends authorization message.
Step 6, SM-DP receives and verifies authorization message.SM-DP checking is from the authorization message of MNO Time, the mainly signature of checking MNO is the most correct, if correct, think and have received correct mandate.
Step 7, SM-DP authorization message authentication failed, terminate.
Embodiment three
As shown in Figure 4, the embodiment of the present invention provides the device of a kind of mandate obtained for deleting ISD-P territory, The device embodiment of embodiment one correspondence, described device is used for management data preparation side of contracting, including:
Authorization request module, for sending the instruction obtaining authorization message, described finger to Mobile Network Operator Order is used for making described Mobile Network Operator generate and return for deleting security domain configuration territory, certificate issue side Authorization message;
Authorize receiver module, for receiving the authorization message that described Mobile Network Operator returns.
Embodiment of the present invention MNO is by authorization request module and authorizes receiver module to achieve one " deletion Authorize " mechanism, utilize this mechanism, can be effectively improved on eSIM card deletion ISD-P territory safety Property.
One of the present invention preferred embodiment in, also said apparatus is optimized, specifically, Described device also includes:
Authentication module, for carrying out authentication to described Mobile Network Operator;
After certification is passed through, trigger described authorization request module and send, to Mobile Network Operator, the finger that request authorizes Order.
One of the present invention preferred embodiment in, also said apparatus is optimized, specifically, Described device also includes:
Information receiving module, the deletion certificate issue side security domain sent for receiving eSIM card configures territory Solicited message;Described solicited message carries eSIM identity information, described certificate issue side security domain configuration territory Positional information and to described eSIM initiate deletion action originator identity information;
Information adds module, for by described eSIM identity information, described positional information and described promoter Identity information adds in the instruction that the request of described Mobile Network Operator authorizes.
One of the present invention preferred embodiment in, also said apparatus is optimized, specifically, Described device also includes:
Authorize removing module, for the described authorization message obtained is sent to described eSIM card, so that institute State eSIM card and delete security domain configuration territory, certificate issue side according to described authorization message.
Wherein, authorize removing module, specifically for, from the described authorization message obtained, parsing eSIM Identity information, certificate issue side's security domain configure the positional information in territory and confirm deletion information;
According to the eSIM identity information parsed, described authorization message is sent to the described eSIM of correspondence Card, so that described eSIM card is according to the described confirmation deletion information parsed and described certificate issue side safety The positional information in configuration territory, territory, deletes corresponding security domain configuration territory, described certificate issue side.
One of the present invention preferred embodiment in, also said apparatus is optimized, specifically, Described device also includes:
Authority checking module, for verifying the described authorization message received.
Embodiment four
As it is shown in figure 5, the embodiment of the present invention provides the device of a kind of mandate generated for deleting ISD-P territory, The device embodiment of embodiment two correspondence, described device is used for Mobile Network Operator side, including:
Command reception module, prepares the instruction of the acquisition authorization message sent for receiving signing management data;
Authorize generation module, with according to described instruction, generate and be used for deleting security domain configuration territory, certificate issue side Authorization message;
Authorizing and return module, preparing for described authorization message being returned to described signing management data.
Embodiment of the present invention MNO is by command reception module, mandate generation module and authorizes return module real Show the mechanism of a kind of " delete and authorize ", utilized this mechanism, deletion can be effectively improved on eSIM card The safety in ISD-P territory.
One of the present invention preferred embodiment in, also said apparatus is optimized, specifically, Described device also includes:
Identification authenticating unit, for being ready for authentication to described signing management data;
After certification is passed through, trigger and authorize generation module according to described instruction, generate and be used for deleting certificate issue side The authorization message in security domain configuration territory.
One of the present invention preferred embodiment in, also said apparatus is optimized, specifically, Described device also includes:
Command verification module, for verifying the instruction received.
Wherein, command verification module, specifically for parsing eSIM identity information, institute from described instruction State the positional information in security domain configuration territory, certificate issue side and initiate the promoter of deletion action to described eSIM Identity information;
According to described eSIM identity information, described positional information and described originator identity information, it is judged that delete Except whether action meets pre-defined rule;
When judging to meet pre-defined rule, generate the mandate letter for deleting security domain configuration territory, certificate issue side Breath.
One of the present invention preferred embodiment in, also said apparatus is optimized, specifically, Described device also includes:
Information adding device, for when judging to meet pre-defined rule, generating and confirm deletion information, and by institute State confirmation deletion information, described eSIM identity information, described positional information and described originator identity information Add in the described authorization message of generation.
Although being example purpose, having been disclosed for the preferred embodiments of the present invention, those skilled in the art will It is also possible for recognizing various improvement, increasing and replace, therefore, on the scope of the present invention should be not limited to State embodiment.

Claims (14)

1. the method for the mandate obtained for deleting ISD-P territory, it is characterised in that including:
Send the instruction obtaining authorization message to Mobile Network Operator, described instruction is used for making described mobile network Network operator generates and returns the authorization message for deleting security domain configuration territory, certificate issue side;
Receive the authorization message that described Mobile Network Operator returns.
2. the method for claim 1, it is characterised in that described method also includes:
Receive the solicited message in the security domain configuration territory, deletion certificate issue side that eSIM card sends;Described request Information carry eSIM identity information, described certificate issue side security domain configuration territory positional information and to described ESIM initiates the originator identity information of deletion action;
Described eSIM identity information, described positional information and described originator identity information are added to institute State in the instruction that Mobile Network Operator request authorizes.
3. method as claimed in claim 1 or 2, it is characterised in that described method also includes:
The described authorization message obtained is sent to described eSIM card, so that described eSIM card is according to described Authorization message deletes security domain configuration territory, certificate issue side.
4. method as claimed in claim 3, it is characterised in that the described described authorization message that will obtain It is sent to described eSIM card, so that described eSIM card deletes certificate issue Fang An according to described authorization message The step in universe configuration territory, including:
From the described authorization message obtained, parse eSIM identity information, certificate issue side's security domain is joined Put the positional information in territory and confirm deletion information;
According to the eSIM identity information parsed, described authorization message is sent to the described eSIM of correspondence Card, so that described eSIM card is according to the described confirmation deletion information parsed and described certificate issue side safety The positional information in configuration territory, territory, deletes corresponding security domain configuration territory, described certificate issue side.
5. the method for the mandate generated for deleting ISD-P territory, it is characterised in that including:
Receive signing management data and prepare the instruction of the acquisition authorization message sent;
According to described instruction, generate the authorization message for deleting security domain configuration territory, certificate issue side;
Described authorization message returns to described signing management data prepare.
6. method as claimed in claim 5, it is characterised in that described method also includes:
ESIM identity information, the position in described certificate issue side security domain configuration territory is parsed from described instruction Confidence breath and the originator identity information to described eSIM initiation deletion action;
According to described eSIM identity information, described positional information and described originator identity information, it is judged that delete Except whether action meets pre-defined rule;
When judging to meet pre-defined rule, generate the mandate letter for deleting security domain configuration territory, certificate issue side Breath.
7. the method as described in claim 5 or 6, it is characterised in that described method also includes:
When judging to meet pre-defined rule, generate and confirm deletion information, and by described confirmation deletion information, institute State eSIM identity information, described positional information and described originator identity information to add to and award described in generation In power information.
8. the device of the mandate obtained for deleting ISD-P territory, it is characterised in that including:
Authorization request module, for sending the instruction obtaining authorization message, described finger to Mobile Network Operator Order is used for making described Mobile Network Operator generate and return for deleting security domain configuration territory, certificate issue side Authorization message;
Authorize receiver module, for receiving the authorization message that described Mobile Network Operator returns.
9. device as claimed in claim 8, it is characterised in that described device also includes:
Information receiving module, the deletion certificate issue side security domain sent for receiving eSIM card configures territory Solicited message;Described solicited message carries eSIM identity information, described certificate issue side security domain configuration territory Positional information and to described eSIM initiate deletion action originator identity information;
Information adds module, for by described eSIM identity information, described positional information and described promoter Identity information adds in the instruction that the request of described Mobile Network Operator authorizes.
10. device as claimed in claim 8 or 9, it is characterised in that described device also includes:
Authorize removing module, for the described authorization message obtained is sent to described eSIM card, so that institute State eSIM card and delete security domain configuration territory, certificate issue side according to described authorization message.
11. devices as claimed in claim 10, it is characterised in that shown mandate removing module, specifically For, from the described authorization message obtained, parsing eSIM identity information, certificate issue side's security domain is joined Put the positional information in territory and confirm deletion information;
According to the eSIM identity information parsed, described authorization message is sent to the described eSIM of correspondence Card, so that described eSIM card is according to the described confirmation deletion information parsed and described certificate issue side safety The positional information in configuration territory, territory, deletes corresponding security domain configuration territory, described certificate issue side.
The device of 12. 1 kinds of mandates generated for deleting ISD-P territory, it is characterised in that including:
Command reception module, prepares the instruction of the acquisition authorization message sent for receiving signing management data;
Authorize generation module, with according to described instruction, generate and be used for deleting security domain configuration territory, certificate issue side Authorization message;
Authorizing and return module, preparing for described authorization message being returned to described signing management data.
13. devices as claimed in claim 12, it is characterised in that described device also includes:
Command verification module, for parsing eSIM identity information, described certificate issue from described instruction The positional information in security domain configuration territory, side and the originator identity information to described eSIM initiation deletion action;
According to described eSIM identity information, described positional information and described originator identity information, it is judged that delete Except whether action meets pre-defined rule;
When judging to meet pre-defined rule, trigger described mandate generation module and generate for deleting certificate issue side The authorization message in security domain configuration territory.
14. devices as described in claim 12 or 13, it is characterised in that described device also includes:
Information adding device, for when judging to meet pre-defined rule, generating and confirm deletion information, and by institute State confirmation deletion information, described eSIM identity information, described positional information and described originator identity information Add in the described authorization message of generation.
CN201610281301.5A 2016-04-29 2016-04-29 Method of generating and acquiring authorization used for deleting ISD-P domain and apparatus thereof Pending CN105792178A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201610281301.5A CN105792178A (en) 2016-04-29 2016-04-29 Method of generating and acquiring authorization used for deleting ISD-P domain and apparatus thereof
PCT/CN2016/084071 WO2017185458A1 (en) 2016-04-29 2016-05-31 Method and device for generating and acquiring authorization for deleting isd-p domain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610281301.5A CN105792178A (en) 2016-04-29 2016-04-29 Method of generating and acquiring authorization used for deleting ISD-P domain and apparatus thereof

Publications (1)

Publication Number Publication Date
CN105792178A true CN105792178A (en) 2016-07-20

Family

ID=56400226

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610281301.5A Pending CN105792178A (en) 2016-04-29 2016-04-29 Method of generating and acquiring authorization used for deleting ISD-P domain and apparatus thereof

Country Status (2)

Country Link
CN (1) CN105792178A (en)
WO (1) WO2017185458A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108235821A (en) * 2016-11-30 2018-06-29 华为技术有限公司 A kind of method and apparatus for obtaining authority
CN108574683A (en) * 2017-03-13 2018-09-25 中兴通讯股份有限公司 Subscription data processing method, signing management server and subscription data processing unit
WO2018209986A1 (en) * 2017-05-19 2018-11-22 中兴通讯股份有限公司 Method and device for downloading euicc subscription data
CN110121859A (en) * 2017-08-28 2019-08-13 华为技术有限公司 A kind of Information Authentication method and relevant device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140237101A1 (en) * 2011-09-28 2014-08-21 Kt Corporation Profile management method, embedded uicc, and device provided with the embedded uicc
CN105050071A (en) * 2015-07-10 2015-11-11 惠州Tcl移动通信有限公司 Multi-equipment management method and system based on eUICC (Embedded Universal Integrated Circuit Card)
US20160007188A1 (en) * 2014-09-17 2016-01-07 Simless, Inc. Apparatuses, methods and systems for implementing a trusted subscription management platform
CN105282732A (en) * 2014-07-17 2016-01-27 三星电子株式会社 Method and device for updating profile management server

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101282330B (en) * 2007-04-04 2013-08-28 华为技术有限公司 Method and apparatus for managing network memory access authority, network memory access control method
KR20130012243A (en) * 2011-07-08 2013-02-01 주식회사 케이티 Method for changing mno of embedded sim based on privilege, embedded sim and recording medium for the same
KR20130006258A (en) * 2011-07-08 2013-01-16 주식회사 케이티 Method for changing mno of embedded sim based on dynamic key generation, embedded sim and recording medium for the same
CN102970137A (en) * 2011-08-31 2013-03-13 北京中电华大电子设计有限责任公司 Safe issuing method of multi-functional intelligent card
JP6006533B2 (en) * 2012-05-25 2016-10-12 キヤノン株式会社 Authorization server and client device, server linkage system, and token management method
CN103957210B (en) * 2014-04-30 2017-10-20 捷德(中国)信息科技有限公司 Smart card and its method of controlling security, device and system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140237101A1 (en) * 2011-09-28 2014-08-21 Kt Corporation Profile management method, embedded uicc, and device provided with the embedded uicc
CN105282732A (en) * 2014-07-17 2016-01-27 三星电子株式会社 Method and device for updating profile management server
US20160007188A1 (en) * 2014-09-17 2016-01-07 Simless, Inc. Apparatuses, methods and systems for implementing a trusted subscription management platform
CN105050071A (en) * 2015-07-10 2015-11-11 惠州Tcl移动通信有限公司 Multi-equipment management method and system based on eUICC (Embedded Universal Integrated Circuit Card)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108235821A (en) * 2016-11-30 2018-06-29 华为技术有限公司 A kind of method and apparatus for obtaining authority
CN108235821B (en) * 2016-11-30 2020-05-08 华为技术有限公司 Method and device for obtaining authorization file
CN108574683A (en) * 2017-03-13 2018-09-25 中兴通讯股份有限公司 Subscription data processing method, signing management server and subscription data processing unit
WO2018209986A1 (en) * 2017-05-19 2018-11-22 中兴通讯股份有限公司 Method and device for downloading euicc subscription data
CN110121859A (en) * 2017-08-28 2019-08-13 华为技术有限公司 A kind of Information Authentication method and relevant device
CN110121859B (en) * 2017-08-28 2021-01-15 华为技术有限公司 Information verification method and related equipment
US11234131B2 (en) 2017-08-28 2022-01-25 Huawei Technologies Co., Ltd. Information verification method and related device

Also Published As

Publication number Publication date
WO2017185458A1 (en) 2017-11-02

Similar Documents

Publication Publication Date Title
CN105847247A (en) Authentication system and working method thereof
CN108512862A (en) Internet-of-things terminal safety certification control platform based on no certificates identified authentication techniques
CN102469453B (en) Security certificate method
CN105262774A (en) Remote login method
CN105187431A (en) Log-in method, server, client and communication system for third party application
CN104125565A (en) Method for realizing terminal authentication based on OMA DM, terminal and server
KR101028882B1 (en) System and method for providing user authentication one time password using a wireless mobile terminal
CN104811455A (en) Cloud computing identity authentication method
CN104301110A (en) Authentication method, authentication device and system applied to intelligent terminal
CN108880822A (en) A kind of identity identifying method, device, system and a kind of intelligent wireless device
CN105450658B (en) A kind of system login method and device
CN105792178A (en) Method of generating and acquiring authorization used for deleting ISD-P domain and apparatus thereof
CN103401868A (en) Temporary authorization method for mobile communication equipment of authorizing party and authorized party and temporary authorization management method and device for manager
CN107612949B (en) Wireless intelligent terminal access authentication method and system based on radio frequency fingerprint
CN106713279A (en) Video terminal identity authentication system
EP2384038A1 (en) Method, system and terminal device for realizing locking network by terminal device
CN111783068A (en) Device authentication method, system, electronic device and storage medium
CN103944861A (en) Voice verification system
CN107592314A (en) A kind of order line authority control method and device
CN103905194A (en) Identity traceability authentication method and system
CN108900306A (en) A kind of production method and system of wireless router digital certificate
CN112640385A (en) Non-3 GPP device access to core network
CN109583154A (en) A kind of system and method based on Web middleware access intelligent code key
CN104486322B (en) Terminal access authentication authorization method and terminal access authentication authoring system
CN104717649A (en) Method for remote control over wiping of software data of mobile terminal

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20160720

RJ01 Rejection of invention patent application after publication