CN107623908B - Card issuing method and user identification module card - Google Patents
Card issuing method and user identification module card Download PDFInfo
- Publication number
- CN107623908B CN107623908B CN201610562036.8A CN201610562036A CN107623908B CN 107623908 B CN107623908 B CN 107623908B CN 201610562036 A CN201610562036 A CN 201610562036A CN 107623908 B CN107623908 B CN 107623908B
- Authority
- CN
- China
- Prior art keywords
- card
- euicc
- verification
- information
- permission
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The invention discloses a card issuing method, which comprises the following steps: the user identification module card sends a first permission verification request to the SM-DP +; the first permission verification request is used for the user identification module card to verify the card sending permission of the SM-DP +; the first permission verification request carries eUICC information; receiving first verification information sent by the SM-DP +, and verifying the card sending authority of the SM-DP + by using the first verification information; returning a first permission verification response to the SM-DP +; the first permission verification response represents that verification is successful; receiving first user card data sent by the SM-DP +; the first user card data is user card data obtained based on the eUICC information; sending the first user card data to the eUICC; and the first user card data sent to the eUICC is used for installation on the eUICC. The invention also discloses a user identification module card.
Description
Technical Field
The present invention relates to smart card technologies, and in particular, to a card issuing method and a Subscriber Identity Module (SIM) card.
Background
An embedded SIM (embedded SIM) card is not limited to a welding implementation mode, but also supports a pluggable form, and the eSIM card needs to have functions of an independent hardware carrier, dynamic loading of operator card making file information (Profile) and switching among profiles of different operators. Besides the field of the Internet of things, the wearable internet-of-things system can also be applied to the personal field, such as the wearable field.
Currently, the global system for mobile communications association (GSMA) has made a solution for issuing eSIM cards in the personal area. However, this solution has certain drawbacks: when the scheme is deployed and implemented, the technical architecture is too open, and safety risks exist.
Disclosure of Invention
In order to solve the existing technical problem, the embodiment of the invention provides a card issuing method and an SIM card.
The technical scheme of the embodiment of the invention is realized as follows:
the embodiment of the invention provides a card issuing method, which is applied to an SIM card and comprises the following steps:
transmitting a first rights verification request to a subscriber management-Data Preparation network element (SM-DP, Subscription Manager-Data Preparation +); the first permission verification request is used for the SIM card to verify the card sending permission of the SM-DP +; the first permission verification request carries embedded universal integrated circuit card (eUICC) information; the eUICC information is obtained after authority verification is carried out on the SIM card;
receiving first verification information sent by the SM-DP +, and verifying the card sending authority of the SM-DP + by using the first verification information;
returning a first permission verification response to the SM-DP +; the first permission verification response represents that verification is successful;
receiving first user card data sent by the SM-DP +; the first user card data is user card data obtained based on the eUICC information;
sending the first user card data to the eUICC; and the first user card data sent to the eUICC is used for installation on the eUICC.
In the foregoing solution, before sending the first permission verification request to the SM-DP +, the method further includes:
and establishing connection with the SM-DP +.
In the foregoing solution, the establishing a connection with the SM-DP + includes:
and establishing a Security Transport Layer protocol (TLS) connection with the SM-DP +.
In the above scheme, when receiving the first authentication information sent by the SM-DP +, the method further includes:
receiving a first user card making file sent by the SM-DP +; the first user card making file is a user card making file called based on the eUICC information;
correspondingly, the card issuing authority of the SM-DP + is verified by the first verification information, and after the verification is successful, display content is generated and displayed, wherein the display content comprises the first user card making file;
acquiring a first operation; the first operation is a confirmation operation of the first user card making file;
and responding to the first operation, and returning the first permission verification response to the SM-DP +.
In the above scheme, when receiving the first authentication information sent by the SM-DP +, the method further includes:
receiving a second permission verification request sent by the SM-DP +; the second permission verification request is used for requesting second verification information of the SIM card;
accordingly, when a first permission verification response is returned to the SM-DP +, the method further comprises:
sending second verification information to the SM-DP +; and the second authentication information is used for the SM-DP + to authenticate the SIM card.
In the foregoing solution, before sending the first permission verification request to the SM-DP +, the method further includes:
sending a third permission verification request to the eUICC; the third permission verification request carries third verification information, and the third verification information is used for verifying the card issuing permission of the SIM card by the eUICC;
receiving a second permission verification response returned by the eUICC; the second permission verification response carries first information; the first information comprises the eUICC information.
In the above scheme, the first information further includes fourth verification information;
before receiving a second permission verification response returned by the eUICC and sending a first permission verification request to the SM-DP +, the method further includes:
and verifying the eUICC by using the fourth verification information, and sending a first permission verification request to the SM-DP + after the verification is successful.
In the foregoing solution, before sending the third permission verification request to the eUICC, the method further includes:
and establishing connection with the eUICC.
An embodiment of the present invention provides an SIM card, including:
the first sending unit is used for sending a first permission verification request to the SM-DP +; the first permission verification request is used for the SIM card to verify the card sending permission of the SM-DP +; the first permission verification request carries eUICC information; the eUICC information is obtained after authority verification is carried out on the SIM card;
the first receiving unit is used for the first verification information sent by the SM-DP +;
the first verification unit is used for verifying the card issuing authority of the SM-DP + by using the first verification information;
the second sending unit is used for returning a first permission verification response to the SM-DP +; the first permission verification response represents that verification is successful;
the second receiving unit is used for receiving the first user card data sent by the SM-DP +; the first user card data is user card data obtained based on the eUICC information;
a third sending unit, configured to send the first user card data to the eUICC; and the first user card data sent to the eUICC is used for installation on the eUICC.
In the above solution, the SIM card further includes:
and the first connection establishing unit is used for establishing connection with the SM-DP + before sending the first permission verification request to the SM-DP +.
In the above scheme, the first receiving unit is further configured to receive a first user card making file sent by the SM-DP + when receiving the first verification information sent by the SM-DP +; the first user card making file is a user card making file called based on the eUICC information;
the SIM card further comprises:
the display unit is used for verifying the card issuing authority of the SM-DP + by using the first verification information, and generating and displaying display content after the verification is successful, wherein the display content comprises the first user card making file;
an acquisition unit configured to acquire a first operation; the first operation is a confirmation operation of the first user card making file;
and the second sending unit is used for responding to the first operation and returning the first permission verification response to the SM-DP +.
In the above scheme, the first receiving unit is further configured to receive a second permission verification request sent by the SM-DP + when receiving the first verification information sent by the SM-DP +; the second permission verification request is used for requesting second verification information of the SIM card;
correspondingly, the second sending unit is further configured to send second authentication information to the SM-DP +; and the second authentication information is used for the SM-DP + to authenticate the SIM card.
In the above solution, the SIM card further includes:
a fourth sending unit, configured to send a third permission verification request to the eUICC; the third permission verification request carries third verification information, and the third verification information is used for verifying the card issuing permission of the SIM card by the eUICC;
a third receiving unit, configured to receive a second permission verification response returned by the eUICC; the second permission verification response carries first information; the first information comprises the eUICC information.
In the above scheme, the first information further includes fourth verification information;
the SIM card further comprises:
the second verification module is used for verifying the eUICC by utilizing the fourth verification information;
and the first sending unit is used for sending a first permission verification request to the SM-DP + after the verification is successful.
In the above scheme, the SIM card further includes:
and the second connection establishing unit is used for establishing connection with the eUICC.
According to the card issuing method and the SIM card provided by the embodiment of the invention, the SIM card sends a first permission verification request to the SM-DP +; the first permission verification request is used for the SIM card to verify the card sending permission of the SM-DP +; the first permission verification request carries eUICC information; the eUICC information is obtained after authority verification is carried out on the SIM card; receiving first verification information sent by the SM-DP +, and verifying the card sending authority of the SM-DP + by using the first verification information; returning a first permission verification response to the SM-DP +; the first permission verification response represents that verification is successful; receiving first user card data sent by the SM-DP +; the first user card data is user card data obtained based on the eUICC information; sending the first user card data to the eUICC; the first user card data sent to the eUICC is used for installation on the eUICC, and the authority of the SIM card can be controlled by an operator, so that the implementation safety is greatly improved.
Drawings
In the drawings, which are not necessarily drawn to scale, like reference numerals may describe similar components in different views. Like reference numerals having different letter suffixes may represent different examples of similar components. The drawings illustrate generally, by way of example, but not by way of limitation, various embodiments discussed herein.
FIG. 1 is a schematic diagram of a card issuing process of GSMA standardization in the related art;
FIG. 2 is a flowchart illustrating a method for issuing a card according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of a second embodiment of the present invention;
FIG. 4 is a schematic flow chart illustrating automatic card issuing according to a second embodiment of the present invention;
fig. 5 is a schematic structural diagram of a SIM card according to an embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples.
Prior to describing embodiments of the present invention, a related art of an eSIM card will be understood in detail.
eSIM card requirements originate from the automotive market, and european union legislation specifies: all models of domestic and light passenger cars sold in the european union since 4 months 2018 must be equipped with an embedded call (eCall) emergency call system. Consider that a secure car manufacturer does not want the user to change the SIM card by himself. The vehicle manufacturing location and the final sales location are likely to be inconsistent, high roaming costs are incurred if the preset code number and permanent roaming is not supported in some areas, and thus a need for dynamically downloading the formal code number, i.e., the eSIM card, arises.
With the development of technology and business, the eSIM card is not limited to a welding implementation manner, but also supports a pluggable form; meanwhile, the eSIM card should have: the method has the functions of independent hardware carriers, dynamic loading of the operator profiles and switching among different operator profiles. Meanwhile, the method is gradually approaching to the field of individual users from the field of internet of things.
In addition, in recent years, wearable devices have a demand for space saving, and the size of SIM cards is also required to be smaller and smaller; in addition, from the perspective of user dominance, a switching operator service is provided, and user control power is further improved, and under the action of the two factors, the demand of the eSIM in the personal field is increasing.
In order to implement card issuing of an eSIM card in a personal area, many device manufacturers adopt a similar implementation manner, but in such an implementation manner, an operator lacks control and needs to interface with multiple terminal device manufacturers for implementation.
Based on the current state of the art for this fragmented session, the European Telecommunications Standardization Institute (ETSI)/GSMA provides a standardized card issuance scheme. In this aspect, the network element involved in the aspect includes: SM-DP + and eUICC. The SM-DP +, which is generally operated and maintained by an operator, is used to store and manage user card data (card data used during card making); the eUICC, which may also be referred to as an eSIM card, has preset a card issuing certificate before the device leaves a factory, and is used to verify a card issuing authority of an external platform and install user card data sent by SM-DP +.
In the eUICC, a Local file Download (LPD) submodule in a Local file management (LPA) module is responsible for managing card file Download.
Referring to the GSMA sgp.21rsp Architecture v2.0 technical standard, fig. 1 shows the process of sending a card by the GSMA for an eSIM card in the personal domain. As shown in fig. 1, the process mainly includes:
step 100: presetting certificates in SM-DP + and eUICC;
step 101: the method comprises the following steps that a user triggers the eUICC to initiate a card file downloading process in a mode of scanning a two-dimensional code of an operator and the like;
step 102: establishing TLS connection between the eUICC and the SM-DP + and verifying the SM-DP +;
step 103: after the connection is established, SM-DP + calls the file information of the user card;
step 104: SM-DP + returns the certificate information to eUICC, and initiates a request for verifying eUICC;
here, the certificate information carries user card file information.
Step 105: after receiving the information, the eUICC verifies SM-DP + by using the received certificate information, and after the verification is successful, executes step 206;
step 106: the eUICC confirms the file information of the user card to the user, and after the confirmation is finished, the step 107 is executed;
step 107: the eUICC returns a verification response to the SM-DP + and carries the certificate information of the eUICC;
step 108: SM-DP + verifies the eUICC according to the received certificate information, and after the verification is successful, step 109 is executed;
step 109: the SM-DP + sends a user card data file to the eUICC;
step 110: the eUICC downloads and installs the user card data file, and then step 111 is executed;
here, downloading the user card data file is mainly through a WiFi network or a network sharing the user's mobile phone as a hotspot.
In other words, in step 110, the eUICC receives the user card data file and then installs the user card data file.
Step 111: and the eUICC returns a response notice to the SM-DP +.
Then there is a security risk in implementing and deploying the above scheme, which is mainly reflected in that: GSMA is a unique certificate issuing authority that presents policy and control risks; in addition, the eUICC is issued by the equipment vendor, so there is a security risk; thirdly, the GSMA and the device manufacturer's rights restrict the service development of the operator, losing control over the user card issuance, and risking the replacement of the user subscription entrance by a non-operator entity. That is, the technical architecture of GSMA is too open, resulting in high security risk and business risk.
Based on this, in various embodiments of the invention: the SIM card sends a first permission verification request to the SM-DP +; the first permission verification request is used for the SIM to verify the card sending permission of the SM-DP +; the first permission verification request carries eUICC information; the eUICC information is obtained after authority verification is carried out on the SIM; receiving first verification information sent by the SM-DP +, and verifying the card sending authority of the SM-DP + by using the first verification information; returning a first permission verification response to the SM-DP +; the first permission verification response represents that verification is successful; receiving first user card data sent by the SM-DP +; the first user card data is user card data obtained based on the eUICC information; sending the first user card data to the eUICC; and the first user card data sent to the eUICC is used for installation on the eUICC.
Example one
The card issuing method of the embodiment is applied to the SIM card, and as shown in fig. 2, the method includes the following steps:
step 201: sending a first permission verification request to SM-DP +;
here, the first permission verification request is used for the SIM card to verify the card issuing permission of the SM-DP +.
Wherein the first permission verification request carries eUICC information; and the eUICC information is obtained after the authority verification is carried out on the SIM card.
Here, the eUICC information may be attribute information such as an Identity (ID) of the eUICC, card capacity, and the like.
In practical application, the SIM card first needs to establish a connection with the SM-DP +, and specifically, the SIM card may establish a TLS connection with the SM-DP + to ensure security of subsequent data transmission.
In actual application, the eUICC information can be obtained only after the authority verification is carried out on the eUICC information.
Based on this, in an embodiment, before sending the first permission verification request to the SM-DP +, the method may further include:
the SIM card sends a third permission verification request to the eUICC; the third permission verification request carries third verification information, and the third verification information is used for verifying the card issuing permission of the SIM card by the eUICC;
the SIM card receives a second permission verification response returned by the eUICC; the second permission verification response carries first information; the first information comprises the eUICC information.
Here, the third authentication information may be a certificate, a symmetric key, or the like in actual use.
In addition, in order to ensure the security of data transmission, the eUICC may return authentication information of itself to the SIM card, so that the SIM card verifies itself.
Based on this, the first information may further include fourth authentication information;
and the SIM card receives a second permission verification response returned by the eUICC, verifies the eUICC by using the fourth verification information before sending the first permission verification request to the SM-DP +, and sends the first permission verification request to the SM-DP + after the verification is successful.
In practical application, the fourth authentication information may be a certificate or a symmetric key.
Here, in actual application, in order to implement interaction between the SIM card and the eUICC, it is first required that the SIM card establishes a connection with the eUICC, such as bluetooth, WiFi Direct (WiFi Direct), or Radio Frequency IDentification (RFID).
Wherein, WiFi-Direct means: direct communication between mobile phone terminals does not need to access an Access Point (AP), is similar to Bluetooth Direct connection, but has a different connection protocol with the Bluetooth Direct connection, and compared with the Bluetooth Direct connection, the WiFi-Direct transmission distance is longer and the bandwidth is larger.
Step 202: receiving first verification information sent by the SM-DP +, and verifying the card sending authority of the SM-DP + by using the first verification information;
here, the first authentication information may be a certificate or a symmetric key, etc. in actual use.
Step 203: returning a first permission verification response to the SM-DP +;
here, the first right verification response represents a verification success.
In actual application, when first verification information sent by the SM-DP + is received, the SIM card can also receive a first user card making file sent by the SM-DP +; the first user card making file is a user card making file called based on the eUICC information, so that a user can conveniently confirm whether the user card making file is correct or not, and the correctness of user card data sent subsequently is guaranteed.
At this time, the SIM card generates and displays display content, wherein the display content comprises the first user card making file;
the SIM card acquires a first operation; the first operation is a confirmation operation of the first user card making file;
and responding to the first operation, and returning the first permission verification response to the SM-DP +.
In addition, in order to ensure the security of subsequent data transmission, when receiving the first authentication information sent by the SM-DP +, the SIM card may further receive a second permission authentication request sent by the SM-DP +; the second permission verification request is used for requesting second verification information of the SIM card;
when the SIM card returns a first permission verification response to the SM-DP +, the SIM card can simultaneously send second verification information to the SM-DP +; and the second authentication information is used for the SM-DP + to authenticate the SIM card.
When the second authentication information is actually used, the second authentication information may be a certificate or a symmetric key.
Step 204: receiving first user card data sent by the SM-DP +;
here, the first user card data is user card data obtained based on the eUICC information. That is, the first user card data may be understood as data required for card manufacturing.
Step 205: and sending the first user card data to the eUICC.
Here, the first user card data sent to the eUICC is used for installation on the eUICC.
In other words, the eUICC installs using the first user card data to complete the card manufacturing process.
According to the card sending method provided by the embodiment of the invention, the SIM card sends a first permission verification request to the SM-DP +; the first permission verification request is used for the SIM card to verify the card sending permission of the SM-DP +; the first permission verification request carries eUICC information; the eUICC information is obtained after authority verification is carried out on the SIM card; receiving first verification information sent by the SM-DP +, and verifying the card sending authority of the SM-DP + by using the first verification information; returning a first permission verification response to the SM-DP +; the first permission verification response represents that verification is successful; receiving first user card data sent by the SM-DP +; the first user card data is user card data obtained based on the eUICC information; sending the first user card data to the eUICC; the first user card data sent to the eUICC is used for installation on the eUICC, and the authority of the SIM card can be controlled by an operator, so that the implementation safety is greatly improved.
Example two
On the basis of the first embodiment, the present embodiment describes in detail an automatic card issuing process by taking the SIM card and the mobile phone as a carrier.
Fig. 3 is a schematic diagram of a system architecture for implementing automatic card issuing according to the present embodiment. As can be seen from fig. 3, the system architecture for automatically issuing a card according to the embodiment of the present invention is to add a mobile phone terminal on the basis of a card issuing network element related to the GSMA system architecture, and add an SIM-download management module (SIM-DM) module to a Universal Integrated Circuit Card (UICC) of the mobile phone terminal. Wherein the content of the first and second substances,
SM-DP + is used for storing and managing user card making data, and can be operated and maintained by each large operator; the method is characterized in that an issuing certificate or a symmetric key issued by an operator is preset and used for managing the authority of the SIM-DM in the SIM card of the operator to the SM-DP +.
SIM-DM, existing in the ordinary SIM card (mobile phone uses the big card), is responsible for managing the issue authority of the user's card data, is managed by the issuer operator of SIM card, before SIM card is issued; the traditional card making stage presets a certificate or a symmetric key, which is used for the authority management of the eUICC to the SIM-DM.
The eUICC is positioned in the wearable device, and a card issuing certificate or a symmetric key is preset in the eUICC before the device leaves a factory and is used for verifying the card issuing authority of the SIM-DM.
The connection established between the mobile phone and the wearable device can be Bluetooth, WiFi-Direct, RFID or the like; the SM-DP + and the mobile phone interact through an air card issuing interface, and the communication modes of the SM-DP + and the mobile phone can be as follows: WiFi, or cellular Cell connections, etc.
Here, the over-the-air card issuing interface may be understood as a remote card writing interface.
In fig. 3, SM-DP + (owned) indicates that the operator to which the card-making file belongs is the operator to which the mobile phone belongs; SM-DP + (external) indicates that the operator to which the card making file belongs is not the operator to which the mobile phone belongs.
The following describes a flow of self-service card issuing according to the embodiment with reference to fig. 4 on the basis of fig. 3.
As shown in fig. 4, the process includes the following steps:
step 400: an operator presets a card issuing certificate or a symmetric key on SM-DP +, SIM-DM and eUICC in advance;
step 401: a user initiates a card file downloading process by scanning a two-dimensional code and the like by using a card issuing application in a mobile phone, and the card issuing application acquires a pre-downloaded corresponding operator SM-DP + address;
here, the two-dimensional code information contains an SM-DP + address; and scanning the two-dimensional code to obtain the SM-DP + address.
Step 402: establishing connection between the mobile phone and the wearable device, and requesting authority verification by the SIM-DM;
here, the request carries a certificate or a symmetric key, and also requests to acquire eUICC information.
Step 403: after the eUICC receives the request, verifying the card issuing authority of the SIM-DM by using the received certificate or the symmetric key;
step 404: after the verification is successful, the eUICC returns eUICC information to the SIM-DM and carries a certificate or a symmetric key of the eUICC;
step 405: after receiving the information, the SIM-DM verifies the eUICC by using a certificate or a symmetric key returned by the eUICC;
step 406: after the verification is successful, the SIM-DM establishes TLS connection with a target SM-DP + and requests to verify the authority of the SM-DP +;
here, the eUICC information is carried in the request.
Step 407: after receiving the request, the SM-DP + calls a user card making file corresponding to the eUICC information;
step 408: SM-DP + returns its own certificate or symmetric key to SIM-DM, and carries the called user card making file, and at the same time, initiates a request for verifying SIM-DM to SIM-DM;
step 409: after receiving the information, the SIM-DM verifies the authority of the SM-DP + by using a certificate or a symmetric key returned by the SM-DP +;
step 410: after the verification is successful, the received user card making file is presented to the user, and the user is allowed to confirm the card sending information;
step 411: after the user confirms, the SIM-DM returns a verification response to the SM-DP +;
here, the authentication response carries its own certificate or symmetric key.
Step 412: after the SM-DP + receives the response, the SIM-DM is verified by using the certificate or the symmetric key of the SIM-DM;
step 413: after the verification is successful, the SM-DP + sends a user card data file to the SIM-DM;
step 414: after receiving the file, SIM-DM transmits the data file of the user card;
step 415: after receiving the file, the eUICC installs the file according to the data file of the user card;
here, after the installation fails, the eUICC can download and install again.
Step 416: after the installation is finished, the eUICC returns a response notice to the SIM-DM;
step 417: and the SIM-DM forwards the response notice to the SM-DP + after receiving the response notice.
And finishing the card issuing process.
As can be seen from the above description, the scheme provided in the embodiment of the present invention is to issue an eSIM card for its associated wearable device through a key system in a SIM card of a mobile phone of a user. The whole card issuing process is completed in a closed loop in an operator, and certificates or keys are issued by the operator, so that the security risk is greatly reduced.
The operator manages the SIM-DM in the SIM card of the own user, so that the SIM-DM becomes a key card issuing hub, and the control force for issuing cards to the wearable equipment and the control force of the own user are improved to the maximum extent.
In addition, as the functions of the current user mobile phone are stronger, the SIM card is utilized to realize card issuing, on one hand, the self-service card issuing application on the mobile phone can achieve good user experience, and the wireless communication connection with SM-DP + is smoother, and is not limited to a WiFi mode; on the other hand, the card is issued for the wearable device through the existing mobile phone device of the user, so that the point-to-point communication capability is richer, and the card is more convenient and faster to communicate with the large network than the wearable device.
EXAMPLE III
In order to implement the method according to the embodiment of the present invention, this embodiment provides an SIM card, as shown in fig. 5, where the SIM card includes:
a first transmitting unit 51 for transmitting a first authority verification request to the SM-DP +; the first permission verification request is used for the SIM card to verify the card sending permission of the SM-DP +; the first permission verification request carries eUICC information; the eUICC information is obtained after authority verification is carried out on the SIM card;
a first receiving unit 52, configured to receive the first authentication information sent by the SM-DP +;
a first verification unit 53, configured to verify the card issuing authority of the SM-DP + by using the first verification information;
a second sending unit 54, configured to return a first permission verification response to the SM-DP +; the first permission verification response represents that verification is successful;
a second receiving unit 55, configured to receive the first user card data sent by the SM-DP +; the first user card data is user card data obtained based on the eUICC information;
a third sending unit 56, configured to send the first user card data to the eUICC; and the first user card data sent to the eUICC is used for installation on the eUICC.
Here, the eUICC information may be attribute information such as an ID and card capacity of the eUICC.
When the first authentication information is actually applied, the first authentication information may be a certificate or a symmetric key.
In practical application, the SIM card firstly needs to establish connection with the SM-DP + to interact with the SM-DP +.
Based on this, in an embodiment, the SIM card may further include:
and the first connection establishing unit is used for establishing connection with the SM-DP + before sending the first permission verification request to the SM-DP +.
Specifically, the first connection establishing unit may establish a TLS connection with the SM-DP + to ensure security of subsequent data transmission.
In actual application, the eUICC information can be obtained only after the authority verification is carried out on the eUICC information.
Based on this, in an embodiment, the SIM card may further include:
a fourth sending unit, configured to send a third permission verification request to the eUICC; the third permission verification request carries third verification information, and the third verification information is used for verifying the card issuing permission of the SIM card by the eUICC;
a third receiving unit, configured to receive a second permission verification response returned by the eUICC; the second permission verification response carries first information; the first information comprises the eUICC information.
Here, the third authentication information may be a certificate, a symmetric key, or the like in actual use.
In addition, in order to ensure the security of data transmission, the eUICC may return authentication information of itself to the SIM card, so that the SIM card verifies itself.
Based on this, the first information may further include fourth authentication information;
the using the SIM card may further include:
the second verification module is used for verifying the eUICC by utilizing the fourth verification information;
and the first sending unit is used for sending a first permission verification request to the SM-DP + after the verification is successful.
In practical application, the fourth authentication information may be a certificate or a symmetric key.
Here, in actual application, in order to implement interaction between the SIM card and the eUICC, it is first required that the SIM card establishes a connection with the eUICC.
Based on this, in an embodiment, the SIM card may further include:
and the second connection establishing unit is used for establishing connection with the eUICC.
The connection established may be bluetooth, WiFi-Direct, or RFID, etc.
Wherein, WiFi-Direct means: direct communication between mobile phone terminals does not need to access an Access Point (AP), is similar to Bluetooth Direct connection, but has a different connection protocol with the Bluetooth Direct connection, and compared with the Bluetooth Direct connection, the WiFi-Direct transmission distance is longer and the bandwidth is larger.
In actual application, when first verification information sent by the SM-DP + is received, the SIM card can also receive a first user card making file sent by the SM-DP +; the first user card making file is a user card making file called based on the eUICC information, so that a user can conveniently confirm whether the user card making file is correct or not, and the correctness of user card data sent subsequently is guaranteed.
Based on this, in an embodiment, the first receiving unit 52 is further configured to receive a first user card making file sent by the SM-DP + when receiving the first verification information sent by the SM-DP +; the first user card making file is a user card making file called based on the eUICC information;
the SIM card may further include:
the display unit is used for verifying the card issuing authority of the SM-DP + by using the first verification information, and generating and displaying display content after the verification is successful, wherein the display content comprises the first user card making file;
an acquisition unit configured to acquire a first operation; the first operation is a confirmation operation of the first user card making file;
the second sending unit 54 is configured to respond to the first operation and return the first permission verification response to the SM-DP +.
In addition, in order to ensure the security of subsequent data transmission, when receiving the first authentication information sent by the SM-DP +, the SIM card may further receive a second permission authentication request sent by the SM-DP +; the second permission verification request is used for requesting second verification information of the SIM card;
when the SIM card returns a first permission verification response to the SM-DP +, the SIM card can simultaneously send second verification information to the SM-DP +; and the second authentication information is used for the SM-DP + to authenticate the SIM card.
Based on this, in an embodiment, the first receiving unit 52 is further configured to receive a second permission verification request sent by the SM-DP + when receiving the first verification information sent by the SM-DP +; the second permission verification request is used for requesting second verification information of the SIM card;
correspondingly, the second sending unit 54 is further configured to send second authentication information to the SM-DP +; and the second authentication information is used for the SM-DP + to authenticate the SIM card.
When the second authentication information is actually used, the second authentication information may be a certificate or a symmetric key.
The first user card data is user card data obtained based on the eUICC information. That is, the first user card data may be understood as data required for card manufacturing.
And after the first user card data is sent to the eUICC, the eUICC is installed by utilizing the first user card data so as to finish the card making process.
In the SIM card provided in the embodiment of the present invention, the first sending unit 51 sends a first permission verification request to the SM-DP +; the first permission verification request is used for the SIM card to verify the card sending permission of the SM-DP +; the first permission verification request carries eUICC information; the eUICC information is obtained after authority verification is carried out on the SIM card; the first receiving unit 52 receives first verification information sent by the SM-DP +, and the first verification unit 53 verifies the card issuing authority of the SM-DP + by using the first verification information; the second sending unit 54 returns a first permission verification response to the SM-DP +; the first permission verification response represents that verification is successful; the second receiving unit 55 receives the first user card data sent by the SM-DP +; the first user card data is user card data obtained based on the eUICC information; the third sending unit 56 sends the first user card data to the eUICC; the first user card data sent to the eUICC is used for installation on the eUICC, and the authority of the SIM card can be controlled by an operator, so that the implementation safety is greatly improved.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of a hardware embodiment, a software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above description is only a preferred embodiment of the present invention, and is not intended to limit the scope of the present invention.
Claims (14)
1. A card issuing method applied to a subscriber identity module card, the method comprising:
sending a first permission verification request to a user management-data preparation network element SM-DP +; the first permission verification request is used for the user identification module card to verify the card sending permission of the SM-DP +; the first permission verification request carries embedded universal integrated circuit card eUICC information; the eUICC information is obtained after authority verification is carried out on the user identification module card;
receiving first verification information sent by the SM-DP +, and verifying the card sending authority of the SM-DP + by using the first verification information;
returning a first permission verification response to the SM-DP +; the first permission verification response represents that verification is successful;
receiving first user card data sent by the SM-DP +; the first user card data is user card data obtained based on the eUICC information;
sending the first user card data to the eUICC; the first user card data sent to the eUICC is used for installation on the eUICC; wherein the content of the first and second substances,
when receiving the first authentication information sent by the SM-DP +, the method further includes:
receiving a second permission verification request sent by the SM-DP +; the second permission verification request is used for requesting second verification information of the user identification module card;
when a first permission verification response is returned to the SM-DP +, the method further comprises:
sending second verification information to the SM-DP +; the second authentication information is used for the SM-DP + to authenticate the SIM card.
2. The method of claim 1, wherein prior to sending the first permission verification request to SM-DP +, the method further comprises:
and establishing connection with the SM-DP +.
3. The method of claim 2, wherein the establishing the connection with the SM-DP + comprises:
and establishing a security transport layer protocol (TLS) connection with the SM-DP +.
4. The method of claim 1, wherein upon receiving the first authentication information sent by the SM-DP +, the method further comprises:
receiving a first user card making file sent by the SM-DP +; the first user card making file is a user card making file called based on the eUICC information;
correspondingly, the card issuing authority of the SM-DP + is verified by the first verification information, and after the verification is successful, display content is generated and displayed, wherein the display content comprises the first user card making file;
acquiring a first operation; the first operation is a confirmation operation of the first user card making file;
and responding to the first operation, and returning the first permission verification response to the SM-DP +.
5. The method according to any of claims 1 to 4, wherein before sending the first permission verification request to the SM-DP +, the method further comprises:
sending a third permission verification request to the eUICC; the third permission verification request carries third verification information, and the third verification information is used for verifying the card issuing permission of the subscriber identity module card by the eUICC;
receiving a second permission verification response returned by the eUICC; the second permission verification response carries first information; the first information comprises the eUICC information.
6. The method of claim 5, wherein the first information further comprises fourth authentication information;
before receiving a second permission verification response returned by the eUICC and sending a first permission verification request to the SM-DP +, the method further includes:
and verifying the eUICC by using the fourth verification information, and sending a first permission verification request to the SM-DP + after the verification is successful.
7. The method of claim 5, wherein prior to sending a third permission verification request to the eUICC, the method further comprises:
and establishing connection with the eUICC.
8. A subscriber identity module card, the subscriber identity module card comprising:
the first sending unit is used for sending a first permission verification request to a user management-data preparation network element SM-DP +; the first permission verification request is used for the user identification module card to verify the card sending permission of the SM-DP +; the first permission verification request carries eUICC information; the eUICC information is obtained after authority verification is carried out on the user identification module card;
the first receiving unit is used for the first verification information sent by the SM-DP +;
the first verification unit is used for verifying the card issuing authority of the SM-DP + by using the first verification information;
the second sending unit is used for returning a first permission verification response to the SM-DP +; the first permission verification response represents that verification is successful;
the second receiving unit is used for receiving the first user card data sent by the SM-DP +; the first user card data is user card data obtained based on the eUICC information;
a third sending unit, configured to send the first user card data to the eUICC; the first user card data sent to the eUICC is used for installation on the eUICC; wherein the content of the first and second substances,
the first receiving unit is further configured to: receiving a second authority verification request sent by the SM-DP + when receiving first verification information sent by the SM-DP +; the second permission verification request is used for requesting second verification information of the user identification module card;
the second sending unit is further configured to: sending second verification information to the SM-DP +; the second authentication information is used for the SM-DP + to authenticate the SIM card.
9. The subscriber identity module card according to claim 8, further comprising:
and the first connection establishing unit is used for establishing connection with the SM-DP + before sending the first permission verification request to the SM-DP +.
10. The subscriber identity module card of claim 8,
the first receiving unit is further configured to receive a first user card making file sent by the SM-DP + when receiving the first verification information sent by the SM-DP +; the first user card making file is a user card making file called based on the eUICC information;
the subscriber identity module card further comprises:
the display unit is used for verifying the card issuing authority of the SM-DP + by using the first verification information, and generating and displaying display content after the verification is successful, wherein the display content comprises the first user card making file;
an acquisition unit configured to acquire a first operation; the first operation is a confirmation operation of the first user card making file;
and the second sending unit is used for responding to the first operation and returning the first permission verification response to the SM-DP +.
11. The subscriber identity module card according to any one of claims 8 to 10, further comprising:
a fourth sending unit, configured to send a third permission verification request to the eUICC; the third permission verification request carries third verification information, and the third verification information is used for verifying the card issuing permission of the subscriber identity module card by the eUICC;
a third receiving unit, configured to receive a second permission verification response returned by the eUICC; the second permission verification response carries first information; the first information comprises the eUICC information.
12. The sim card of claim 11, wherein the first information further comprises fourth authentication information;
the subscriber identity module card further comprises:
the second verification module is used for verifying the eUICC by utilizing the fourth verification information;
and the first sending unit is used for sending a first permission verification request to the SM-DP + after the verification is successful.
13. The subscriber identity module card of claim 11, further comprising:
and the second connection establishing unit is used for establishing connection with the eUICC.
14. A storage medium storing a computer program, characterized in that the computer program realizes the steps of the method of any one of claims 1 to 7 when executed by a processor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610562036.8A CN107623908B (en) | 2016-07-15 | 2016-07-15 | Card issuing method and user identification module card |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610562036.8A CN107623908B (en) | 2016-07-15 | 2016-07-15 | Card issuing method and user identification module card |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107623908A CN107623908A (en) | 2018-01-23 |
| CN107623908B true CN107623908B (en) | 2020-10-30 |
Family
ID=61087880
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610562036.8A Active CN107623908B (en) | 2016-07-15 | 2016-07-15 | Card issuing method and user identification module card |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107623908B (en) |
Families Citing this family (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108848491B (en) * | 2018-03-16 | 2019-07-02 | 深圳杰睿联科技有限公司 | Virtual SIM card creates system |
| CN109495874B (en) * | 2018-12-28 | 2020-06-02 | 恒宝股份有限公司 | Profile downloading method and device |
| CN111475430B (en) * | 2019-01-24 | 2023-04-11 | 深圳市文鼎创数据科技有限公司 | Java card chip communication equipment and communication method |
| CN109874137B (en) * | 2019-01-31 | 2020-04-14 | 深圳联想懂的通信有限公司 | Communication system and method based on eSIM card of consumer electronic equipment and empty writing platform |
| CN110366163A (en) * | 2019-07-03 | 2019-10-22 | 深圳杰睿联科技有限公司 | ESIM management method and system based on Internet of Things |
| CN110505619B (en) * | 2019-09-12 | 2022-04-01 | 恒宝股份有限公司 | Data transmission method in eSIM remote configuration |
| CN111093190B (en) * | 2019-12-10 | 2024-02-20 | 爱讯智联科技(北京)有限公司 | Method, device, system, electronic equipment and storage medium for writing key data |
| CN111314904B (en) * | 2020-02-17 | 2021-04-30 | 深圳杰睿联科技有限公司 | Method and system for activating eSIM (embedded subscriber identity Module) equipment |
| CN111542045B (en) * | 2020-06-22 | 2020-10-23 | 深圳杰睿联科技有限公司 | eSIM card opening method, terminal equipment and SM-DP + platform |
| GB2609053A (en) * | 2020-12-31 | 2023-01-25 | Pismo Labs Technology Ltd | Methods and systems of using a plurality of wireless communication modules at a network device with one SIM card |
| CN114245366B (en) * | 2021-11-25 | 2023-10-27 | 深圳市优克联新技术有限公司 | Unified cloud card issuing method, hybrid cloud card service system and system equipment |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103782568A (en) * | 2013-08-30 | 2014-05-07 | 华为终端有限公司 | Remote alteration signing method and apparatus thereof |
| CN103974250A (en) * | 2013-01-30 | 2014-08-06 | 华为终端有限公司 | Configuration method and equipment |
| CN104185179A (en) * | 2013-05-27 | 2014-12-03 | 中国移动通信集团公司 | Control apparatus and method for subscriber identity module, and subscriber identity module |
| EP2858393A1 (en) * | 2012-10-15 | 2015-04-08 | Huawei Device Co., Ltd. | Subscription manager secure routing device switching method and device |
| CN104703170A (en) * | 2013-12-05 | 2015-06-10 | 华为终端有限公司 | Methods and equipment for downloading file of operator |
| WO2015081884A1 (en) * | 2013-12-05 | 2015-06-11 | 华为终端有限公司 | Management method for embedded universal integrated circuit card, related device and system |
| CN104883674A (en) * | 2014-02-28 | 2015-09-02 | 华为终端有限公司 | Profile relating management method and apparatus |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR102200209B1 (en) * | 2014-04-22 | 2021-01-08 | 삼성전자 주식회사 | Method and apparatus for provisioning profiles |
-
2016
- 2016-07-15 CN CN201610562036.8A patent/CN107623908B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2858393A1 (en) * | 2012-10-15 | 2015-04-08 | Huawei Device Co., Ltd. | Subscription manager secure routing device switching method and device |
| CN103974250A (en) * | 2013-01-30 | 2014-08-06 | 华为终端有限公司 | Configuration method and equipment |
| CN104185179A (en) * | 2013-05-27 | 2014-12-03 | 中国移动通信集团公司 | Control apparatus and method for subscriber identity module, and subscriber identity module |
| CN103782568A (en) * | 2013-08-30 | 2014-05-07 | 华为终端有限公司 | Remote alteration signing method and apparatus thereof |
| CN104703170A (en) * | 2013-12-05 | 2015-06-10 | 华为终端有限公司 | Methods and equipment for downloading file of operator |
| WO2015081884A1 (en) * | 2013-12-05 | 2015-06-11 | 华为终端有限公司 | Management method for embedded universal integrated circuit card, related device and system |
| CN104883674A (en) * | 2014-02-28 | 2015-09-02 | 华为终端有限公司 | Profile relating management method and apparatus |
Non-Patent Citations (6)
| Title |
|---|
| eSIM卡空中写号技术发展与安全技术问题;卢丹;吴宏建;《电信网技术》;20160215(第2期);全文 * |
| eUICC及其远程管理关键技术研究;韩玲;颜斌峰;《信息通信技术》;20141015(第5期);全文 * |
| Remote Provisioning Architecture for Embedded UICC Technical Version 3.1;GSM Association;《GSM Association SGP.02》;20160527;全文 * |
| RSP Architecture Version 1.0;GSM Association;《GSM Association SGP.21-RSP Architecture》;20151223;全文 * |
| Secure Profile Provisioning Architecture for Enbedded UICC;Jaemin Park;Kiyoung Baek;Cheoloh Kang;《2013 International Conference on Avaliability,Reliability and Security》;20130906;全文 * |
| Value networks of embedded SIM-based remote subscription management;Alexandr Vesselkov;Heikki Hammainen;Pertti Ikalainen;《2015 Conference of Telecommunication,Media and Internet Techno-Economics(CTTE)》;20151110;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107623908A (en) | 2018-01-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107623908B (en) | Card issuing method and user identification module card | |
| CN111052777B (en) | Method and apparatus for supporting inter-device profile transfer in a wireless communication system | |
| US20220326959A1 (en) | Method and device for efficiently providing profile for communication service | |
| CN109314855B (en) | Method for enabling migration of subscriptions | |
| CN110446201B (en) | Communication module, communication method and system for realizing eSIM remote configuration | |
| EP3446502B1 (en) | Method, servers and system for downloading an updated profile | |
| US9831903B1 (en) | Update of a trusted name list | |
| KR102209031B1 (en) | Apparatus and method for subscribing to network in wireless communication system | |
| CN108476399A (en) | Method and apparatus for sending and receiving profile in a communications system | |
| CN115243260A (en) | Unmanned aerial vehicle access method and device | |
| US11503474B2 (en) | Technique for obtaining a network access profile | |
| CN114631339A (en) | Method and apparatus for reinstalling SIM configuration file in wireless communication system | |
| CN110839232B (en) | eSIM profile updating method | |
| US11871227B2 (en) | Device changing method and apparatus of wireless communication system | |
| WO2014207143A1 (en) | Method, device and system for accessing a contact-less service | |
| CN102209317A (en) | Signing data provision method and system | |
| CN105357771A (en) | Connection establishing method and user terminal | |
| EP3840434B1 (en) | Device-to-device service restriction method and storage medium | |
| CN110474945A (en) | A kind of method and terminal that data are downloaded, managed | |
| CN113678484A (en) | Method for providing subscription configuration file, user identity module and subscription server | |
| US10922424B2 (en) | Method and system for securely providing vehicle services data to a vehicle | |
| CN111107545B (en) | Account synchronization method, medium and terminal based on NFC | |
| US20230232209A1 (en) | Method of Providing a Communication Function in a User Equipment | |
| US20220278985A1 (en) | Method and device for transferring bundle between devices | |
| KR20170134922A (en) | Method for High-Speed Paying a Toll by using Cigar Jack Device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |