CN105933886B - ESIM number writing method, security system, ESIM number server and terminal - Google Patents

ESIM number writing method, security system, ESIM number server and terminal Download PDF

Info

Publication number
CN105933886B
CN105933886B CN201610199846.1A CN201610199846A CN105933886B CN 105933886 B CN105933886 B CN 105933886B CN 201610199846 A CN201610199846 A CN 201610199846A CN 105933886 B CN105933886 B CN 105933886B
Authority
CN
China
Prior art keywords
esim number
esim
security system
server
writing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610199846.1A
Other languages
Chinese (zh)
Other versions
CN105933886A (en
Inventor
陈历伟
李如森
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Yulong Computer Telecommunication Scientific Shenzhen Co Ltd
Original Assignee
Yulong Computer Telecommunication Scientific Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Yulong Computer Telecommunication Scientific Shenzhen Co Ltd filed Critical Yulong Computer Telecommunication Scientific Shenzhen Co Ltd
Priority to CN201610199846.1A priority Critical patent/CN105933886B/en
Priority to PCT/CN2016/080827 priority patent/WO2017166362A1/en
Publication of CN105933886A publication Critical patent/CN105933886A/en
Application granted granted Critical
Publication of CN105933886B publication Critical patent/CN105933886B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • H04W8/183Processing at user equipment or user record carrier
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup
    • H04W76/12Setup of transport tunnels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • H04W8/20Transfer of user or subscriber data
    • H04W8/205Transfer to or from user equipment or user record carrier
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Databases & Information Systems (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the invention discloses an ESIM number writing method, which is used for improving the writing safety of an ESIM number and avoiding risks of malicious hijacking or tampering and the like of the ESIM number. The method provided by the embodiment of the invention comprises the following steps: the security system receives an ESIM number write instruction; if the safety system inquires that the ESIM number writing instruction is matched with the white list of the ESIM number server, the safety system sends an ESIM number writing request to the corresponding ESIM number server through a Virtual Private Network (VPN) according to the ESIM number writing instruction; the security system receives encrypted ESIM number data sent by an ESIM number server based on an ESIM number write request; the security system decrypts the encrypted ESIM number data; the security system writes the decrypted ESIM number data to the ESIM device. The embodiment of the invention also provides a safety system, an ESIM number server and a terminal, which can effectively avoid possible risks in each link of writing the ESIM number and improve the safety of the ESIM number.

Description

ESIM number writing method, security system, ESIM number server and terminal
Technical Field
The invention relates to the field of communication, in particular to an ESIM number writing method, a security system and a terminal.
Background
A SIM card (Subscriber Identity Module), also called a smart card, is not only a Subscriber Identity Module card but also a service bearer in a communication network. The ESIM card is an embedded SIM card, and can integrate SIM card information onto a device chip, compared with the traditional SIM card, the ESIM card is similar to a virtual SIM card, if the device adopting the ESIM card is adopted, a user does not need to buy the device and insert the card, but can directly adopt software registration or directly buy the type of modes, namely, the operator network and package can be selected. However, the ESIM card and SIM card are logically identical, but have been changed from external to internal, and have not been improved in security.
The ESIM card can be applied to devices such as mobile phones, tablet computers and routers, serves as a basic component for storing user data, authenticating methods and keys, and needs to be protected safely. In the prior art, the writing method of the ESIM number mainly includes: 1. ESIM number data is issued from a background server; 2. transmitting to the mobile terminal through the common network connection; 3. and the mobile terminal writes information into the ESIM equipment chip through a common system. As can be seen from the above process, the write method of the ESIM number has the following problems: 1. the connection network is initiated by a common system, and the transmission safety is not guaranteed; 2. ESIM number data information is written into ESIM chip equipment by a common system, and the data has risks of hijacking and tampering; 3. the mobile terminal does not establish a white list mechanism, and may be disturbed by an illegal server, so that the risk of malicious writing exists.
Therefore, how to improve the security of the ESIM number is an urgent problem to be solved.
Disclosure of Invention
The embodiment of the invention provides an ESIM number writing method, a safety system and a terminal, which can effectively avoid possible risks in each link of ESIM number writing and improve the safety of ESIM numbers.
In view of the above, a first aspect of the present invention provides a method for writing an ESIM number, which may include:
the security system receives an ESIM number write instruction;
if the security system inquires that the ESIM number writing instruction is matched with the white list of the ESIM number server, the security system sends an ESIM number writing request to the corresponding ESIM number server through the virtual private network VPN according to the ESIM number writing instruction;
the security system receives encrypted ESIM number data sent by an ESIM number server based on an ESIM number write request;
the security system decrypts the encrypted ESIM number data;
the security system writes the decrypted ESIM number data to the ESIM device.
With reference to the first aspect of the embodiments of the present invention, in a first implementation manner of the first aspect of the embodiments of the present invention, before the security system initiates an ESIM number write request to a corresponding ESIM number server through a virtual private network VPN according to the ESIM number write instruction, the method further includes:
the security system inquires whether the ESIM number writing instruction is matched with an ESIM number server white list, the ESIM number server white list is established for a target position of the terminal outside the security system, and the security system is a system established for the terminal.
With reference to the first aspect of the embodiments of the present invention, in a second implementation manner of the first aspect of the embodiments of the present invention, before the security system initiates an ESIM number write request to the corresponding ESIM number server through the virtual private network VPN according to the ESIM number write instruction, the method further includes:
the security system inquires whether the ESIM number writing instruction is matched with an ESIM number server white list, and the ESIM number server white list is established locally for the security system.
With reference to the first aspect of the embodiment of the present invention, or the first implementation manner or the second implementation manner of the first aspect of the embodiment of the present invention, in a third implementation manner of the first aspect of the embodiment of the present invention, before the security system receives encrypted ESIM number data sent by the ESIM number server based on the ESIM number write request, the method further includes:
the security system sends a security identification message to an ESIM number server through the VPN;
and if the ESIM number server successfully verifies the security identification message, triggering the security system to receive encrypted ESIM number data sent by the ESIM number server based on the ESIM number write-in request.
In combination with the first aspect of this embodiment, any one of the first to third implementations of the first aspect of this embodiment, in a fourth implementation of the first aspect of this embodiment, the method further includes:
the security system receives an ESIM number deletion instruction;
the security system determines a first target ESIM number according to the ESIM number deleting instruction;
the security system deletes the first target ESIM number from the ESIM device.
In combination with the first aspect of this embodiment, any one of the first to fourth implementations of the first aspect of this embodiment, in a fifth implementation of the first aspect of this embodiment, the method further includes:
the security system receives an ESIM number logout instruction;
the security system sends an ESIM number logout request to the ESIM number server through the VPN according to the ESIM number logout instruction, so that the ESIM number server logs out data of the corresponding second target ESIM number according to the ESIM number logout request.
A second aspect of the present invention provides a method for writing an ESIM number, which may include:
an ESIM number server receives an ESIM number write-in request sent by a security system through a virtual private network VPN;
and the ESIM number server sends the encrypted ESIM number data to the security system through the VPN according to the ESIM number writing request.
With reference to the second aspect of the embodiment of the present invention, in a first implementation manner of the second aspect of the embodiment of the present invention, before the ESIM number server encrypts, according to the ESIM number write request, corresponding ESIM number data to obtain encrypted ESIM number data, the method further includes:
an ESIM number server receives a security identification message sent by a security system through a VPN;
the ESIM number server verifies the safety identification message;
and if the verification is successful, triggering the ESIM number server to send the encrypted ESIM number data to the security system through the VPN according to the ESIM number writing request.
With reference to the second aspect of the embodiments, or the first implementation of the second aspect of the embodiments, in a second implementation of the second aspect of the embodiments, the method further includes:
an ESIM number server receives an ESIM number logout request sent by a security system through a VPN;
the ESIM number server determines a second target ESIM number according to the ESIM number logout request;
the ESIM number server logs out data of the second target ESIM number.
A third aspect of the invention provides a security system, which may comprise:
the first receiving module is used for receiving an ESIM number writing instruction;
the system comprises a first sending module, a first receiving module and a first storage module, wherein the first sending module is used for sending an ESIM number writing request to a corresponding ESIM number server through a Virtual Private Network (VPN) according to an ESIM number writing instruction received by the first receiving module when a security system inquiry ESIM number writing instruction is matched with an ESIM number server white list;
the second receiving module is used for receiving the encrypted ESIM number data sent by the ESIM number writing request sent by the ESIM number server based on the first sending module;
the decryption module is used for decrypting the encrypted ESIM number data received by the second receiving module;
and the writing module is used for writing the ESIM number data decrypted by the decryption module into the ESIM equipment.
With reference to the third aspect of the embodiments of the present invention, in a first implementation manner of the third aspect of the embodiments of the present invention, the security system further includes:
the first query module is used for querying whether the ESIM number writing instruction received by the first receiving module is matched with an ESIM number server white list, the ESIM number server white list is established by the terminal at a target position outside the security system, and the security system is a system established by the terminal.
With reference to the third aspect of the embodiment of the present invention, in a second implementation manner of the third aspect of the embodiment of the present invention, the security system method further includes:
and the second query module is used for querying whether the ESIM number writing instruction received by the first receiving module is matched with an ESIM number server white list, and the ESIM number server white list is locally established for the security system.
With reference to the third aspect of the present invention, or the first implementation manner or the second implementation manner of the third aspect of the present invention, in a third implementation manner of the third aspect of the present invention, the security system further includes:
the second sending module is used for sending the security identification message to the ESIM number server through the VPN;
and the triggering module is used for triggering the second receiving module to receive the encrypted ESIM number data sent by the ESIM number server based on the ESIM number write-in request when the ESIM number server verifies that the security identification message sent by the second sending module is successful.
With reference to the third aspect of the example embodiment, any one of the first implementation manner to the third implementation manner of the third aspect of the example embodiment, in a fourth implementation manner of the third aspect of the example embodiment, the safety system further includes:
the third receiving module is used for receiving an ESIM number deleting instruction;
a determining module, configured to determine a first target ESIM number according to the ESIM number deletion instruction received by the third receiving module;
a deletion module to delete the first target ESIM number determined by the determination module from the ESIM device.
With reference to the third aspect of the present example, any one of the first implementation manner to the fourth implementation manner of the third aspect of the present example, in a fifth implementation manner of the third aspect of the present example, the security system further includes:
the fourth receiving module is used for receiving an ESIM number logout instruction;
a third sending module, configured to send, according to the ESIM number logout instruction received by the fourth receiving module, an ESIM number logout request to the ESIM number server through the VPN, so that the ESIM number server logs out data of the corresponding second target ESIM number according to the ESIM number logout request.
A fourth aspect of the present invention provides an ESIM number server, which may include:
the system comprises a first receiving module, a second receiving module and a third receiving module, wherein the first receiving module is used for receiving an ESIM number writing request sent by a security system through a virtual private network VPN;
and the sending module is used for sending the encrypted ESIM number data to the security system through the VPN according to the ESIM number writing request received by the first receiving module.
With reference to the fourth aspect of the present embodiment, in a first implementation manner of the fourth aspect of the present embodiment, the ESIM number server further includes:
the second receiving module is used for receiving the security identification message sent by the security system through the VPN;
the verification module is used for verifying the security identification message received by the second receiving module;
and the triggering module is used for triggering the sending module to send the encrypted ESIM number data to the security system through the VPN according to the ESIM number writing request when the verification module verifies the security identification message successfully.
With reference to the fourth aspect of the present invention or the first implementation manner of the fourth aspect of the present embodiment, in a second implementation manner of the fourth aspect of the present embodiment, the ESIM number server further includes:
the third receiving module is used for receiving an ESIM number logout request sent by the security system through the VPN;
a determining module, configured to determine a second target ESIM number according to the ESIM number logout request received by the third receiving module;
and the logout module is used for logging out the data of the second target ESIM number determined by the determination module.
A fifth aspect of the present invention provides a terminal that may include the security system of the third aspect of the above embodiments.
According to the technical scheme, the embodiment of the invention has the following advantages:
in this embodiment, after the security system receives the ESIM number write instruction, if the security system queries that the ESIM number write instruction matches the ESIM number server white list, an ESIM number write request may be sent to a corresponding ESIM number server through a virtual private network VPN according to the ESIM number write instruction, encrypted ESIM number data sent by the ESIM number server may be decrypted, and the decrypted ESIM number data is written to the ESIM device. Therefore, the embodiment not only has a white list mechanism, but also establishes a process of safely writing data information of the stereoscopic security ESIM number into the ESIM equipment from a background server, a transmission pipeline and a terminal through VPN connection transmission, data encryption and independent writing of a security system into the ESIM equipment, and effectively avoids risks of hijacking, tampering or malicious writing of data possibly existing in each link in the overall scheme.
Drawings
FIG. 1 is a diagram illustrating an example of a method for writing an ESIM number according to an embodiment of the present invention;
FIG. 2 is a diagram illustrating an ESIM number writing method according to another embodiment of the present invention;
FIG. 3 is a diagram illustrating an ESIM number writing method according to another embodiment of the present invention;
FIG. 4 is a diagram illustrating an ESIM number writing method according to another embodiment of the present invention;
FIG. 5 is a diagram illustrating an ESIM number writing method according to another embodiment of the present invention;
FIG. 6 is a schematic diagram of one embodiment of a security system in accordance with embodiments of the present invention;
FIG. 7 is a diagram of an ESIM number server according to an embodiment of the present invention.
Detailed Description
The embodiment of the invention provides an ESIM number writing method, a security system, an ESIM number server and a terminal, which can effectively avoid possible risks in each link of ESIM number writing and improve the security of ESIM numbers.
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The terms "first," "second," "third," "fourth," and the like in the description and in the claims, as well as in the drawings, if any, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It will be appreciated that the data so used may be interchanged under appropriate circumstances such that the embodiments described herein may be practiced otherwise than as specifically illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
For convenience of understanding, a detailed flow in an embodiment of the present invention is described below, and referring to fig. 1, an embodiment of a method for writing an ESIM number in an embodiment of the present invention includes:
101. the security system receives an ESIM number write instruction;
in this embodiment, the terminal includes, but is not limited to, a portable device such as a smart phone and a tablet computer represented by an Android, IOS, and Windows system. The terminal can be equipped with a plurality of intelligent operating systems, and one of the intelligent operating systems can be designated as a security system, namely, the security system is a system which can carry out writing ESIM number operation on the terminal. If the terminal is a device with an ESIM card, the user can be allowed to select an operator or replace the operator more flexibly, and when the user selects an ESIM number of a certain operator as a communication number, the security system can receive an ESIM number write instruction.
102. If the security system inquires that the ESIM number writing instruction is matched with the white list of the ESIM number server, the security system sends an ESIM number writing request to the corresponding ESIM number server through the virtual private network VPN according to the ESIM number writing instruction;
after the security system receives the ESIM number writing instruction, if the security system queries that the ESIM number writing instruction is matched with the white list of the ESIM number server, the security system can send the ESIM number writing request to the corresponding ESIM number server through the virtual private network VPN according to the ESIM number writing instruction.
Specifically, in practical applications, the ESIM number server white list in this embodiment is used to filter an illegal server, so as to prevent malicious writing of the illegal server. The ESIM number writing instruction comprises an address of an ESIM number server, the white list of the ESIM number server also records the address of the ESIM number server, and the security system executes corresponding operation only if the address in the ESIM number writing instruction is matched with the address recorded in the white list of the ESIM number server.
It should be understood that, in this embodiment, only one example of the matching of the security system query ESIM number writing instruction and the ESIM number server white list is described in the foregoing, in practical applications, the security system may also be combined or used alone according to other query manners, as long as whether the ESIM number writing instruction and the ESIM number server white list are matched can be queried, and a specific query manner is not limited herein.
103. The security system receives encrypted ESIM number data sent by an ESIM number server based on an ESIM number write request;
after the security system sends an ESIM number write request to the ESIM number server, the security system may receive encrypted ESIM number data sent by the ESIM number server based on the ESIM number write request.
104. The security system decrypts the encrypted ESIM number data;
when the security system receives the encrypted ESIM number data sent by the ESIM number server, the security system can decrypt the encrypted ESIM number data.
It can be understood that, in this embodiment, in order to avoid malicious leakage or tampering caused by blocking the encrypted ESIM number data during VPN transmission, the encrypted ESIM number data does not carry a corresponding key, and after receiving the encrypted ESIM number data, the security system may perform decryption in a preset decryption manner. In practical applications, the security system is not limited to decrypt the encrypted ESIM number data in any preset decryption manner, and may be a corresponding mapping relationship, or may be digital decryption, for example, an encrypted password is obtained through encryption operation, as long as the decryption manner is stored by the security system, and the decryption operation is only performed by the security system.
105. The security system writes the decrypted ESIM number data to the ESIM device.
After the security system decrypts the encrypted ESIM number data, the decrypted ESIM number data can be written into the ESIM device.
In particular, in practical applications, the ESIM device in this embodiment may write one or more ESIM number data, implementing a dual-card dual-standby terminal such as using a SIM card, and after the ESIM number data is written into the ESIM device, the security system may set a flag bit, for example, for each written ESIM number, indicating that the ESIM number is from the ESIM device. In addition, the ESIM device has an authority setting for an operating system installed in the terminal, and a system of the terminal other than the security system has only a read authority as compared with the security system.
In the embodiment, the security system is used for initiating an ESIM number writing request to the ESIM number server through ESIM number server white list verification, then encrypted ESIM number data sent by the ESIM number server are received, and the security system writes the decrypted ESIM number data into ESIM equipment, so that the risk possibly occurring in each link in the ESIM number writing process is fully avoided, the unique read-write permission of the security system to the ESIM equipment is reflected, and the ESIM number writing security is ensured.
It should be noted that, the terminal in this embodiment may establish a white list mechanism, but the location of the security system for querying the white list of the ESIM number server may be different, that is, the white list of the ESIM number server may be established by the terminal at a target location outside the security system, or may be established locally by the security system, specifically referring to fig. 2, another embodiment of the writing method of the ESIM number in the embodiment of the present invention includes:
step 201 in this embodiment is the same as step 101 in the embodiment shown in fig. 1, and is not described here again.
202. The security system inquires whether an ESIM number writing instruction is matched with an ESIM number server white list, if not, executing a step 203, and if so, executing a step 204;
when the security system receives an ESIM number write instruction, the security system may query whether the ESIM number write instruction matches an ESIM number server white list.
It can be understood that the establishment of the ESIM number server white list in this embodiment is to prevent the disturbance of an illegal server, and the ESIM number server white list may be established for a target location of the terminal outside the security system, such as a control system, or locally established for the security system, as long as the security system can query the ESIM number server white list, and the specific establishment location is not limited here.
203. Executing other processes;
if the security system inquires that the ESIM number writing instruction is not matched with the white list of the ESIM number server, the fact that the ESIM number writing instruction is possible to correspond to an illegal server is shown, and in order to avoid disturbance of the illegal server, the security system can not send an ESIM number writing request to the ESIM number server.
204. The security system sends an ESIM number writing request to a corresponding ESIM number server through a Virtual Private Network (VPN) according to the ESIM number writing instruction;
the content of step 204 in this embodiment is the same as the content of step 102 in the embodiment shown in fig. 1, and is not repeated here.
205. The security system sends a security identification message to an ESIM number server through the VPN;
after the security system sends an ESIM number writing request to the ESIM number server, the security system can send a security identification message to the ESIM number server through the VPN, and the security identification message can indicate to the ESIM number server that a system for transmitting the message is the security system, but not a common system except a terminal security system, and is equivalent to further authentication of the security system by the ESIM number server.
It is understood that, in practical applications, the security identification message in this embodiment is an identification message of the security system, and the security identification message may be an encryption string preset by the security system, for example 1010, in order to implement diversity and security of the encryption string, the encryption string sent by the security system to the ESIM number server each time may be different, and in practical applications, the security identification message may also be of other types as long as the security system can be identified, which is not limited herein.
It is understood that step 205 in this embodiment may be performed in conjunction with step 204, i.e., sent simultaneously with the ESIM number write request for both types of information. In addition, the security identifier message may also be carried in an ESIM number write request by the security system and sent to the ESIM number server, as long as the ESIM number server can further confirm the operation authority of the security system, which is not limited herein.
Steps 206 to 208 in this embodiment are the same as steps 103 to 105 in the embodiment shown in fig. 1, and are not repeated here.
On the basis of the above embodiment, in this embodiment, different positions of the ESIM number server white list establishment are described, and the purpose of querying whether the ESIM number write instruction is matched with the ESIM number server white list by the security system is to filter interference of an illegal server, so that malicious write of the illegal server can be avoided, and sending of the security identification message can enable the ESIM number server to authenticate the security system, thereby further avoiding hijacking or tampering of data by a non-security system.
It can be understood that, in this embodiment, the terminal may also delete the ESIM number data and logout the ESIM service, which is described in detail below:
referring to fig. 3, another embodiment of the method for writing an ESIM number according to the embodiment of the present invention includes:
steps 301 to 305 of the terminal of this embodiment are the same as steps 01 to 105 in the embodiment shown in fig. 1, and are not repeated here.
306. The security system receives an ESIM number deletion instruction;
in this embodiment, the security system may delete ESIM number data written in the ESIM device, and if the user needs to delete one or more ESIM numbers, the security system may receive an ESIM number deletion instruction.
307. The security system determines a first target ESIM number according to the ESIM number deleting instruction;
when the security system receives an ESIM number delete instruction, the security system may determine a first target ESIM number based on the ESIM number delete instruction.
Specifically, in practical applications, since the ESIM number may be provided with a flag bit when written into the ESIM device, the security system in this embodiment may search through the ESIM device through the flag bit to determine the first target ESIM number corresponding to the ESIM number deletion instruction.
It is understood that the embodiment has only described the manner in which the security system determines the first target ESIM number, and in practical applications, the security system may also use other manners as long as the first target ESIM number can be determined according to the ESIM deletion instruction, and the specific manner is not limited herein.
308. The security system deleting the first target ESIM number from the ESIM device;
after the security system determines the first target ESIM number, the first target ESIM number may be deleted from the ESIM device. It is understood that the security system may write the first target ESIM number again from the ESIM number server after deleting the first target ESIM number.
It should be noted that the security system in this embodiment may delete only the first target ESIM number in the ESIM device, or may delete all data related to the first target ESIM number, and the specific details are not limited herein.
It is understood that steps 306 to 308 in this embodiment may be executed before, during or after steps 301 to 305, as long as the security system writes ESIM number data in the ESIM device, and the specific details are not limited herein.
309. The security system receives an ESIM number logout instruction;
in this embodiment, the security system may also perform logout on ESIM number data written in the ESIM device, and if the user needs to logout one or more ESIM numbers, the security system may receive an ESIM number logout instruction.
310. The security system sends an ESIM number logout request to the ESIM number server through the VPN according to the ESIM number logout instruction, so that the ESIM number server logs out data of the corresponding second target ESIM number according to the ESIM number logout request.
After the security system receives the ESIM number logout instruction, the security system may send an ESIM number logout request to the ESIM number server through the VPN according to the ESIM number logout instruction, so that the ESIM number server may logout data of the corresponding second target ESIM number according to the ESIM number logout request.
In practical application, after the security system requests the ESIM number server to logout data of the second target ESIM number, the fact that the second target ESIM number is unavailable and a corresponding service is not reusable means that the security system may delete the second target ESIM number from the ESIM device, or may not delete the second target ESIM number, and the specific details are not limited herein.
It is understood that steps 309 to 310 in this embodiment may be performed before, during, or after steps 301 to 308, and are not limited herein.
In this embodiment, the permission of the security system is described from the perspective that the user needs to delete the ESIM number or cancel the ESIM number, which indicates that other systems except the non-security system cannot write, delete, or cancel the ESIM number in the ESIM device, and operations such as writing, deleting, or canceling can only be executed by the security system, thereby effectively ensuring the read-write permission of the security system.
While the ESIM number writing method in the embodiment of the present invention is described above from the security system side, the ESIM number writing method in the embodiment of the present invention is described below from the ESIM number server side, and referring to fig. 4, another embodiment of the ESIM number writing method in the embodiment of the present invention includes:
401. an ESIM number server receives an ESIM number write-in request sent by a security system through a virtual private network VPN;
in this embodiment, the ESIM number server may store data of each ESIM number, and when the security system of the terminal needs to write ESIM number data to the ESIM device, the ESIM number server may receive an ESIM number write request sent by the security system through the virtual private network VPN.
402. And the ESIM number server sends the encrypted ESIM number data to the security system through the VPN according to the ESIM number writing request.
After the ESIM number server receives an ESIM number write request sent by the security system, ESIM number data which needs to be written by the security system can be determined according to the ESIM number write request, the determined ESIM number data can be encrypted in an encryption operation mode to obtain encrypted ESIM number data, and the encrypted ESIM number data can be returned to the security system through a VPN.
It can be understood that, in addition to the above-described encryption operation for encrypting the ESIM number data by the ESIM number server in this embodiment, in practical applications, other encryption modes may also be used, such as a self-defined encryption mode of the ESIM number server, as long as the encrypted ESIM number data can be obtained, and the security of the encrypted ESIM number data in the VPN transmission process is ensured, and a specific encryption mode is not limited here.
In the embodiment, the ESIM number writing method is explained from one side of the ESIM number server, and compared with the prior art, the ESIM number server improves the safety of ESIM number writing from three aspects of encryption transmission, VPN transmission channels and security system transmission objects, and effectively avoids that ESIM number data is hijacked or tampered by systems except a non-security system.
Referring to fig. 5, another embodiment of the method for writing an ESIM number according to the embodiment of the present invention includes:
step 501 in this embodiment is the same as step 401 in the embodiment shown in fig. 4, and is not described here again.
502. An ESIM number server receives a security identification message sent by a security system through a VPN;
in this embodiment, the ESIM number server may receive a security identification message sent by the security system through the VPN.
It is understood that, in practical applications, the security identification message in this embodiment is an identification message of the security system, and the security identification message may be an encryption string preset by the security system, for example, 1010, in order to implement diversity and security of the encryption string, the encryption string sent by the security system to the ESIM number server each time may be different, and the ESIM number server may receive the different encryption strings.
503. The ESIM number server verifies the safety identification message, if the verification fails, the step 504 is executed, and if the verification succeeds, the step 505 is executed;
when the ESIM number server receives the security identification message, the ESIM number server may verify the security identification message to determine whether the system to which the message is transmitted through the VPN is a security system, i.e., an authentication determination.
Specifically, in practical applications, assuming that the security identification message sent by the security system through the VPN is the type of the encryption string, the ESIM number server may verify the content of the encryption string according to the corresponding decryption manner. Of course, the difference of the security identification information means that the authentication manner of the ESIM number server may be different, and is not limited herein.
504. Executing other processes;
if the ESIM number server fails to verify the security identification message, which indicates that the system transmitting the message to the ESIM number server through the VPN is not a security system, the ESIM number server can not perform other operations, so that other common systems except the non-security system cannot acquire the encrypted ESIM number data, and the risk of illegal invasion is avoided.
Step 505 in this embodiment is the same as step 402 in the embodiment shown in fig. 4, and is not described here again.
506. An ESIM number server receives an ESIM number logout request sent by a security system through a VPN;
in this embodiment, if the user needs to logout one or more ESIM numbers, the ESIM number server may receive an ESIM number logout request sent by the security system through the VPN.
507. The ESIM number server determines a second target ESIM number according to the ESIM number logout request;
when the ESIM number server receives the ESIM number logout request, a second target ESIM number may be determined based on the ESIM number logout request.
Specifically, the ESIM number logout request in this embodiment may include an identifier corresponding to the second target ESIM number, and the ESIM number server may obtain the identifier of the ESIM number logout request, and may determine the second target ESIM number from the locally stored data according to the identifier. It should be understood that, in practical applications, the ESIM number server may also determine the second target ESIM number according to the ESIM number logout request in other manners, as long as the second target ESIM number corresponding to the ESIM number logout request can be determined, and the specific determination manner is not limited herein.
508. The ESIM number server logs out data of the second target ESIM number.
After the ESIM number server determines the second target ESIM number, the locally stored data relating to the second target ESIM number may be deleted. After logout, the second target ESIM number will not exist, and the related information of the user usage record, the user data and the like are also logged out.
It is understood that steps 506 to 508 in this embodiment may be performed before, during, or after steps 501 to 502, and are not limited herein.
On the basis of the above embodiment, the ESIM number server in this embodiment may verify the security identification message, further authenticate the security system, and also receive an ESIM number logout request sent by the security system, and logout data of the second target ESIM number corresponding to the request, so that the security system has a corresponding read-write right, and malicious interference of other systems is avoided.
With reference to fig. 6, the security system in the embodiment of the present invention is described below, where the method for writing an ESIM number in the embodiment of the present invention is described above, and an embodiment of the security system in the embodiment of the present invention includes:
a first receiving module 601, configured to receive an ESIM number write instruction;
a first query module 602, configured to query whether the ESIM number write instruction received by the first receiving module 601 matches an ESIM number server white list, where the ESIM number server white list is established for a target location of the terminal outside the security system, and the security system is a system established for the terminal;
a second query module 603, configured to query whether the ESIM number write instruction received by the first receiving module 601 matches an ESIM number server white list, where the ESIM number server white list is locally established for the security system;
a first sending module 604, configured to send an ESIM number write request to a corresponding ESIM number server through a virtual private network VPN according to an ESIM number write instruction received by the first receiving module 601 when the security system query ESIM number write instruction matches an ESIM number server white list;
a second sending module 605, configured to send the security identifier message to the ESIM number server through the VPN;
a second receiving module 606, configured to receive encrypted ESIM number data sent by the ESIM number server based on the ESIM number write request sent by the first sending module 604;
a triggering module 607, configured to, when the ESIM number server verifies that the security identifier message sent by the second sending module 605 is successful, trigger the second receiving module 606 to receive encrypted ESIM number data sent by the ESIM number server based on the ESIM number write request;
a decryption module 608, configured to decrypt the encrypted ESIM number data received by the second receiving module 602;
a writing module 609, configured to write the ESIM number data decrypted by the decryption module 608 into the ESIM device;
a third receiving module 610, configured to receive an ESIM number deletion instruction;
a determining module 611, configured to determine a first target ESIM number according to the ESIM number deletion instruction received by the third receiving module 610;
a deletion module 612 to delete the first target ESIM number determined by the determination module 611 from the ESIM device.
A fourth receiving module 613, configured to receive an ESIM number logout instruction;
a third sending module 614, configured to send an ESIM number logout request to the ESIM number server through the VPN according to the ESIM number logout instruction received by the fourth receiving module 613, so that the ESIM number server logs out data of the corresponding second target ESIM number according to the ESIM number logout request.
In this embodiment, the first receiving module 601 may receive an ESIM number write instruction, the first sending module 604 may send an ESIM number write request to the ESIM number server, and the writing module 609 may write the ESIM number data decrypted by the decryption module 608 into the ESIM device. The first querying module 602 or the second querying module 603 may query whether the ESIM number write instruction matches the ESIM number server white list, the second sending module 605 may further send a security identifier message to the ESIM number server, and if the ESIM number server verifies that the security identifier message is successful, the triggering module 606 may trigger the second receiving module 607 to execute a corresponding operation. In addition, the deleting module 612 may delete the first target ESIM number determined by the determining module 611 through the ESIM number deletion instruction received by the third receiving module 610, and the third sending module 614 may send the ESIM number logout request to the ESIM number server through the ESIM number logout instruction received by the fourth receiving module 613. Therefore, by establishing a white list mechanism, encrypting transmission and independently writing the security system into the EISM device, risks that the ESIM number writing may be hijacked, tampered or maliciously written in data are avoided from all links, and meanwhile, operations of writing, deleting, logout and the like of the ESIM number data can only be executed by the security system, so that permission limitation of systems except the non-security system is guaranteed.
With reference to fig. 7, the security system in the embodiment of the present invention is described above, and an ESIM number server in the embodiment of the present invention is described below, where an embodiment of the ESIM number server in the embodiment of the present invention includes:
a first receiving module 701, configured to receive an ESIM number write request sent by a security system through a virtual private network VPN;
a second receiving module 702, configured to receive a security identifier message sent by a security system through a VPN;
a verification module 703, configured to verify the security identifier message received by the second receiving module 702;
a sending module 704, configured to send encrypted ESIM number data to the security system through the VPN according to the ESIM number write request received by the first receiving module 701;
the triggering module 705 is configured to, when the verification module 703 successfully verifies the security identifier message, trigger the sending module 704 to send the encrypted ESIM number data to the security system through the VPN;
a third receiving module 706, configured to receive an ESIM number logout request sent by the security system through the VPN;
a determining module 707, configured to determine a second target ESIM number according to the ESIM number logout request received by the third receiving module 706;
a logout module 708 for logging out the data of the second target ESIM number determined by the determination module 707.
In this embodiment, the first receiving module 701 in the ESIM number server may receive an ESIM number write request sent by the security system, and the sending module 705 may return the corresponding encrypted ESIM number data to the security system through the VPN. The verification module 703 may also further verify the identity of the security message received by the second receiving module 702, so that the triggering module 704 may trigger the sending module 705 to perform a corresponding operation. The logout module 708 may also logout the data of the second target ESIM number determined by the determination module 707. The security of ESIM number data is ensured from one side of the ESIM number server, the security system has corresponding read-write permission through authentication of the security system, and malicious interference of other systems is avoided.
The terminal provided by this embodiment has all the beneficial effects of the security system by setting the security system in any of the above embodiments, and details are not repeated herein.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (19)

1. A method for writing an ESIM number, applied to a terminal including at least one operating system, the method comprising:
a security system receives an ESIM number write instruction, the at least one operating system includes the security system, and a system other than the security system in the at least one operating system has a right to read ESIM number data;
if the security system inquires that the ESIM number writing instruction is matched with an ESIM number server white list, the security system sends an ESIM number writing request to a corresponding ESIM number server through a Virtual Private Network (VPN) according to the ESIM number writing instruction;
the security system receives encrypted ESIM number data sent by the ESIM number server based on the ESIM number write request;
the security system decrypts the encrypted ESIM number data;
the security system writes the decrypted ESIM number data to the ESIM device.
2. An ESIM number writing method according to claim 1, wherein before the security system issues an ESIM number write request to a corresponding ESIM number server through a virtual private network VPN according to the ESIM number write instruction, said method further comprises:
the safety system inquires whether the ESIM number writing instruction is matched with an ESIM number server white list or not, the ESIM number server white list is established for a target position of a terminal outside the safety system, and the safety system is a system established for the terminal.
3. An ESIM number writing method according to claim 1, wherein before the security system issues an ESIM number write request to a corresponding ESIM number server through a virtual private network VPN according to the ESIM number write instruction, said method further comprises:
the security system inquires whether the ESIM number writing instruction is matched with the ESIM number server white list, and the ESIM number server white list is established locally for the security system.
4. An ESIM number writing method according to any one of claims 1 to 3, wherein before the secure system receives encrypted ESIM number data sent by the ESIM number server based on the ESIM number write request, the method further comprises:
the security system sends a security identification message to the ESIM number server through the VPN;
and if the ESIM number server verifies that the security identification message is successful, triggering the security system to receive encrypted ESIM number data sent by the ESIM number server based on the ESIM number write-in request.
5. The ESIM number writing method as claimed in any one of claims 1 to 3, further comprising:
the security system receives an ESIM number deletion instruction;
the security system determines a first target ESIM number according to the ESIM number deleting instruction;
the security system deletes the first target ESIM number from the ESIM device.
6. The ESIM number writing method as claimed in any one of claims 1 to 3, further comprising:
the security system receives an ESIM number logout instruction;
the security system sends an ESIM number logout request to the ESIM number server through the VPN according to the ESIM number logout instruction, so that the ESIM number server logs out data of a corresponding second target ESIM number according to the ESIM number logout request.
7. A method for writing an ESIM number, comprising:
the method comprises the steps that an ESIM number server receives an ESIM number writing request sent by a security system through a virtual private network VPN, the security system is an operating system on a terminal, the terminal comprises at least one operating system, and in the at least one operating system, systems except the security system have the authority of reading ESIM number data;
and the ESIM number server sends encrypted ESIM number data to the security system through the VPN according to the ESIM number writing request.
8. An ESIM number writing method as recited in claim 7, wherein prior to said ESIM number server sending encrypted ESIM number data to said secure system via said VPN in accordance with said ESIM number write request, said method further comprises:
the ESIM number server receives a security identification message sent by the security system through the VPN;
the ESIM number server verifies the security identification message;
and if the verification is successful, triggering the ESIM number server to send the encrypted ESIM number data to the security system through the VPN according to the ESIM number writing request.
9. The method of writing an ESIM number as claimed in claim 7 or 8, wherein said method further comprises:
the ESIM number server receives an ESIM number logout request sent by the security system through the VPN;
the ESIM number server determines a second target ESIM number according to the ESIM number logout request;
and the ESIM number server logs out the data of the second target ESIM number.
10. A security system applied to a terminal including at least one operating system including the security system, wherein a system other than the security system has a right to read ESIM number data, the security system comprising:
the first receiving module is used for receiving an ESIM number writing instruction;
a first sending module, configured to send, when the security system queries that the ESIM number write instruction matches an ESIM number server white list, an ESIM number write request to a corresponding ESIM number server through a virtual private network VPN according to the ESIM number write instruction received by the first receiving module;
a second receiving module, configured to receive encrypted ESIM number data sent by the ESIM number server based on the ESIM number write request sent by the first sending module;
the decryption module is used for decrypting the encrypted ESIM number data received by the second receiving module;
and the writing module is used for writing the ESIM number data decrypted by the decryption module into the ESIM equipment.
11. The security system of claim 10, further comprising:
the first query module is configured to query whether the ESIM number write instruction received by the first receiving module matches the ESIM number server white list, where the ESIM number server white list is established for a target location of a terminal outside the security system, and the security system is a system established for the terminal.
12. The security system of claim 10, wherein the security system method further comprises:
a second query module, configured to query whether the ESIM number write instruction received by the first receiving module matches the ESIM number server white list, where the ESIM number server white list is locally established for the security system.
13. The security system of any one of claims 10 to 12, further comprising:
a second sending module, configured to send a security identifier message to the ESIM number server through the VPN;
and the triggering module is configured to trigger the second receiving module to receive encrypted ESIM number data sent by the ESIM number server based on the ESIM number write request when the ESIM number server verifies that the security identifier message sent by the second sending module is successful.
14. The security system of any one of claims 10 to 12, further comprising:
the third receiving module is used for receiving an ESIM number deleting instruction;
a determining module, configured to determine a first target ESIM number according to the ESIM number deletion instruction received by the third receiving module;
a deletion module configured to delete the first target ESIM number determined by the determination module from the ESIM device.
15. The security system of any one of claims 10 to 12, further comprising:
the fourth receiving module is used for receiving an ESIM number logout instruction;
a third sending module, configured to send, according to the ESIM number logout instruction received by the fourth receiving module, an ESIM number logout request to the ESIM number server through the VPN, so that the ESIM number server logs out data of a corresponding second target ESIM number according to the ESIM number logout request.
16. An ESIM number server, comprising:
a first receiving module, configured to receive an ESIM number write request sent by a security system through a virtual private network VPN, where the security system is an operating system on a terminal, the terminal includes at least one operating system, and in the at least one operating system, a system other than the security system has an authority to read ESIM number data;
and the sending module is used for sending encrypted ESIM number data to the security system through the VPN according to the ESIM number writing request received by the first receiving module.
17. The ESIM number server as recited in claim 16, wherein said ESIM number server further comprises:
the second receiving module is used for receiving a security identification message sent by the security system through the VPN;
the verification module is used for verifying the security identification message received by the second receiving module;
and the triggering module is used for triggering the sending module to send the encrypted ESIM number data to the security system through the VPN according to the ESIM number writing request when the verification module verifies that the security identification message is successful.
18. An ESIM number server in accordance with claim 16 or 17, wherein said ESIM number server further comprises:
a third receiving module, configured to receive an ESIM number sent by the security system through the VPN
A code logout request;
a determining module, configured to determine a second target ESIM number according to the ESIM number logout request received by the third receiving module;
and the logout module is used for logging out the data of the second target ESIM number determined by the determination module.
19. A terminal, characterized in that it comprises a security system according to any one of claims 10 to 15.
CN201610199846.1A 2016-03-31 2016-03-31 ESIM number writing method, security system, ESIM number server and terminal Active CN105933886B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201610199846.1A CN105933886B (en) 2016-03-31 2016-03-31 ESIM number writing method, security system, ESIM number server and terminal
PCT/CN2016/080827 WO2017166362A1 (en) 2016-03-31 2016-04-29 Esim number writing method, security system, esim number server, and terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610199846.1A CN105933886B (en) 2016-03-31 2016-03-31 ESIM number writing method, security system, ESIM number server and terminal

Publications (2)

Publication Number Publication Date
CN105933886A CN105933886A (en) 2016-09-07
CN105933886B true CN105933886B (en) 2020-04-07

Family

ID=56840364

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610199846.1A Active CN105933886B (en) 2016-03-31 2016-03-31 ESIM number writing method, security system, ESIM number server and terminal

Country Status (2)

Country Link
CN (1) CN105933886B (en)
WO (1) WO2017166362A1 (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106484796B (en) * 2016-09-22 2022-12-20 宇龙计算机通信科技(深圳)有限公司 File management method, file management device and mobile terminal
CN109660579B (en) * 2017-10-11 2022-02-25 阿里巴巴集团控股有限公司 Data processing method and system and electronic equipment
CN109286927B (en) * 2018-10-11 2021-07-20 中国联合网络通信集团有限公司 Method and device for protecting data security of eSIM (embedded subscriber identity Module)
CN110798827B (en) * 2019-10-29 2022-04-29 恒宝股份有限公司 eSIM card and initialization method thereof
CN112770315B (en) * 2020-12-22 2022-05-27 国网浙江省电力有限公司绍兴供电公司 Code number resource management method and device for power wireless heterogeneous network
CN114745710B (en) * 2022-04-13 2023-04-18 中国联合网络通信集团有限公司 Airspace admission method, device and system
CN115150813B (en) * 2022-09-05 2023-01-20 北京智芯半导体科技有限公司 eSIM card code number writing method, writing device, communication system and server

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102469094A (en) * 2010-11-19 2012-05-23 中国电信股份有限公司 Long-range writing card, server and system
CN102484786A (en) * 2009-06-08 2012-05-30 高通股份有限公司 Method and system for performing multi-stage virtual sim provisioning and setup on mobile devices
CN103795860A (en) * 2014-01-22 2014-05-14 周哲明 Dual-system smartphone and mobile phone outer sleeve with communication function
CN104185176A (en) * 2014-08-28 2014-12-03 中国联合网络通信集团有限公司 Method and system for remote initialization of Internet of Things virtual subscriber identity module card
CN104216777A (en) * 2014-08-29 2014-12-17 宇龙计算机通信科技(深圳)有限公司 Double-system electronic device and terminal
CN105261130A (en) * 2015-11-18 2016-01-20 北京微智全景信息技术有限公司 Intelligent POS terminal

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103916844B (en) * 2012-12-31 2017-12-29 华为技术有限公司 Client identification module card activating method and virtual client identification module card server
EP3621332B1 (en) * 2014-04-18 2023-11-01 Huawei Technologies Co., Ltd. Method, terminal device, management server and system for distributing data of virtual subscriber identity module
KR102191017B1 (en) * 2014-07-19 2020-12-15 삼성전자주식회사 Method and server device for provisioning an embedded SIM
CN105142134B (en) * 2015-06-30 2019-08-02 宇龙计算机通信科技(深圳)有限公司 Parameter acquisition and parameter transmission method and device

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102484786A (en) * 2009-06-08 2012-05-30 高通股份有限公司 Method and system for performing multi-stage virtual sim provisioning and setup on mobile devices
CN102469094A (en) * 2010-11-19 2012-05-23 中国电信股份有限公司 Long-range writing card, server and system
CN103795860A (en) * 2014-01-22 2014-05-14 周哲明 Dual-system smartphone and mobile phone outer sleeve with communication function
CN104185176A (en) * 2014-08-28 2014-12-03 中国联合网络通信集团有限公司 Method and system for remote initialization of Internet of Things virtual subscriber identity module card
CN104216777A (en) * 2014-08-29 2014-12-17 宇龙计算机通信科技(深圳)有限公司 Double-system electronic device and terminal
CN105261130A (en) * 2015-11-18 2016-01-20 北京微智全景信息技术有限公司 Intelligent POS terminal

Also Published As

Publication number Publication date
WO2017166362A1 (en) 2017-10-05
CN105933886A (en) 2016-09-07

Similar Documents

Publication Publication Date Title
CN105933886B (en) ESIM number writing method, security system, ESIM number server and terminal
EP3099090B1 (en) Network locking or card locking method and device for a mobile terminal, terminal, sim card, storage media
EP2741548B1 (en) Method for changing mno in embedded sim on basis of dynamic key generation and embedded sim and recording medium therefor
KR101719381B1 (en) Remote access control of storage devices
US20160218874A1 (en) Apparatus and methods for storing electronic access clients
CN112054892B (en) Data storage device, method and system
US9225696B2 (en) Method for different users to securely access their respective partitioned data in an electronic apparatus
CN1889426B (en) Method and system for realizing network safety storing and accessing
CN112673600B (en) Multiple security authentication system and method between mobile phone terminal and internet of things (IoT) device based on blockchain
US9461995B2 (en) Terminal, network locking and network unlocking method for same, and storage medium
WO2016045189A1 (en) Data reading/writing method of dual-system terminal and dual-system terminal
CN102291717B (en) Data protection method and terminal
JP2005536938A (en) Mobile network authentication to protect stored content
CN106874743B (en) Method and system for storing and extracting smart card password
US20120137372A1 (en) Apparatus and method for protecting confidential information of mobile terminal
CN100353787C (en) Security guarantee for memory data information of mobile terminal
KR100834270B1 (en) Method and system for providing virtual private network services based on mobile communication and mobile terminal for the same
US7853787B2 (en) Peripheral device for programmable logic controller
CN102867157A (en) Mobile terminal and data protecting method
CN105282117A (en) Access control method and device
CN111404706A (en) Application downloading method, secure element, client device and service management device
CN101262669B (en) A secure guarantee method for information stored in a mobile terminal
CN104994498B (en) The method and system that a kind of terminal applies are interacted with mobile phone card application
KR20200070532A (en) Management system and method for data security for storage device using security device
CN102098391B (en) Communication terminal and communication information processing method thereof

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant