CN109792604A

CN109792604A - A kind of eUICC configuration file management method and relevant apparatus

Info

Publication number: CN109792604A
Application number: CN201780061983.1A
Authority: CN
Inventors: 龙水平
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2017-01-16
Filing date: 2017-01-16
Publication date: 2019-05-21
Anticipated expiration: 2037-01-16
Also published as: CN109792604B; WO2018129754A1

Abstract

The embodiment of the invention provides a kind of eUICC configuration file management methods, comprising: establishes and manages session with the eUICC of eUICC remotely administered server；Session, which is managed, by the eUICC obtains user's intention configuration information from the eUICC remotely administered server；It is intended to configuration information to the user to verify；To user in the case where being verified of configuration information of intention, in this eUICC management conversation procedure, user is not executed is intended to verification step, wherein, the eUICC management session is for executing at least one of the downloading of eUICC configuration file and installation operation, eUICC configuration file activation operation, eUICC configuration file deactivating operation or eUICC configuration file delete operation operation.Using the present invention, the efficient downloading and installation and Efficient Remote Profile management to Profile may be implemented.

Description

A kind of eUICC configuration file management method and relevant apparatus

Technical field

The present invention relates to eUICC telecom intelligent card field more particularly to a kind of eUICC configuration file management method and relevant apparatus.

Background technique

EUICC is a moveable or immovable Universal Integrated Circuit Card (Universal Integrated Circuit Card, UICC), remote profile management can be executed in a secured manner, or execute local profile management (for example, configuration file activation, deactivation or deletion etc. of terminal user's triggering).EUICC mono- etymology self-embedding formula (embedded) UICC, it can be one single chip form to be embedded in terminal device, or a part as one single chips other in terminal device, but do not mean that must be embedded in it is irremovable in terminal device, it is also possible to moveable card form, just as SIM card, Micro SIM card or Nano SIM card.EUICC is sometimes referred to as eSIM.EUICC configuration file (Profile) is the combination of data and application, and in order to which the purpose for providing service is configured on eUICC, so-called service includes call, transmitting-receiving short message or data service etc..Profile can also regard SIM (Subscriber Identification Module) software module as, it executes the functions such as authentication calculations in terminal device access to mobile network as traditional SIM card.

EUICC Remote configuration/management system (also referred to as remote sim configuration system) is as shown in Figure 1, wherein, contract manager-data preparation+(Subscription Manager Data Preparation+, SM-DP+) server, for preparing Profile, ready Profile is safely sent to the eUICC module of terminal device, and Profile is remotely managed, SM-DP+ can be deployed in operator, eUICC manufacturer, original equipment manufacturer (Original Equipment Manufacture, OEM) or on the server of other sides；Contract manager-discovery (Subscription Manager Discovery Service, SM-DS) server is for providing the address (one or more) SM-DP+ or replacing the address SM-DS to terminal device, terminal device can establish connection with SM-DP+ by this address SM-DP+, alternatively, terminal device replaces SM-DS further to obtain the address SM-DP+ by this；Terminal device (Device) includes that local Profile assists (Local Profile Assitant, LPA) module, the related management operation to Profile and eUICC is carried out for establishing connection with SM-DP+, as downloaded and installing, long-range Profile is managed and long-range eUICC management, eUICC module, for realizing various functions and Profile and the eUICC configuration of SIM card and management function；Operator BSS is the business support system of operator, it is responsible for ordering Profile to SM-DP+, and request is managed the Profile on eUICC；End user (End User) is terminal device user/user；EUICC manufacturer (eUICC Manufacturer, EUM) is the manufacturer for producing eUICC.SM-DP+, SM-DS are referred to as eUICC management server (or remote sim configuration server).

In the prior art, needing to download Profile can just make terminal device have communication function into the eUICC module of terminal device, be required to terminal device to the downloading of Profile, activation, deactivation or delete operation and user interacts and obtains user and is intended to confirm that instruction can be just achieved.For enterprise customer, before terminal device is distributed to employee, enterprise volume procurement a batch Profile is needed, then it is interacted respectively with each terminal device, Profile is downloaded on terminal device one by one, is wasted time, the download efficiency of Profile is very low；In addition, when asset manager triggers long-range Profile management process, being needed if Corporate Asset Management person needs to be managed the Profile of installation on all terminal devices The enterprise staff for holding terminal device carries out confirming the management that could be completed to Profile on the terminal device, is unfavorable for being managed collectively the Profile on terminal device.

Summary of the invention

The technical problem to be solved by the embodiment of the invention is that providing a kind of eUICC configuration file management method and relevant apparatus, efficient downloading and installation and Efficient Remote Profile management to Profile are realized.

In a first aspect, the embodiment of the invention provides a kind of eUICC configuration file management methods, comprising: establish and manage session with the eUICC of eUICC remotely administered server；

Session, which is managed, by the eUICC obtains user's intention configuration information from the eUICC remotely administered server；

It is intended to configuration information to the user to verify；

To user in the case where being verified of configuration information of intention, in this eUICC management conversation procedure, user is not executed is intended to verification step, wherein, the eUICC management session is for executing at least one of the downloading of eUICC configuration file and installation operation, eUICC configuration file activation operation, eUICC configuration file deactivating operation or eUICC configuration file delete operation operation.

In the first possible implementation of the first aspect, it is that user is intended to mark that user, which is intended to configuration information,；Or it is the first signature value that user, which is intended to configuration information,；Or user is intended to owner's title that configuration information is the first signature value and digital certificate corresponding with the first signature value.

In the second possible implementation of the first aspect, it is the first signature value that user, which is intended to configuration information, wherein the first signature value includes the signature using first key to the first data to be signed, and first key is public key, private key or symmetric key；After getting user's intention configuration information, local first data to be signed are generated, wherein local first data to be signed include action type, operator identifier and eUICC remotely administered server object identity；The verifying that verifying realization is intended to configuration information to user is carried out to the first signature value by the second key corresponding with first key and local first data to be signed.

The possible implementation of second with reference to first aspect, in the third possible implementation, session, which is managed, by eUICC gets the second data to be signed and the second signature value from eUICC remotely administered server, wherein, second data to be signed include that user is intended to configuration information, second signature value is the signature using third key pair the second data to be signed and authentication signature value, and authentication signature value generates in the establishment process of eUICC management session；After getting the second data to be signed and the second signature value, local first data to be signed are generated；The second signature value is verified by the 4th key corresponding with third key, the second data to be signed and authentication signature value, the first signature value is verified by the second key corresponding with first key and local first data to be signed again, to realize the verifying for being intended to configuration information to user.

In a fourth possible implementation of the first aspect, user is intended to owner's title that configuration information is the first signature value and the corresponding digital certificate of the first signature value, wherein, first signature value includes the signature using first key to the first data to be signed, and first key is public key, private key or symmetric key；After getting user's intention configuration information, local first data to be signed are generated, wherein local first data to be signed include action type, operator identifier and eUICC remotely administered server object identity；The first signature value is verified by the second key corresponding with the first key and local first data to be signed, while owner's title of the corresponding data certificate of the first signature value is verified, to realize the verifying for being intended to configuration information to user.

The 4th kind of possible implementation with reference to first aspect manages session by eUICC and from eUICC remotely administered server gets the second data to be signed and the second signature value in a fifth possible implementation, wherein second to Signed data includes that user is intended to configuration information, and the second signature value is the signature using third key pair the second data to be signed and authentication signature value, wherein authentication signature value generates in the establishment process of eUICC management session；After getting the second data to be signed and the second signature value, local first data to be signed are generated, wherein local first data to be signed include action type, operator identifier and eUICC remotely administered server object identity；The second signature value is verified by the 4th key corresponding with third key, the second data to be signed and authentication signature value, the first signature value is verified by the second key corresponding with first key and local first data to be signed again, owner's title of the corresponding data certificate of the first signature value is verified simultaneously, to realize the verifying for being intended to configuration information to user.

In the sixth possible implementation of the first aspect, it is that user is intended to mark that user, which is intended to configuration information, session, which is managed, by eUICC gets third data to be signed and third signature value from eUICC remotely administered server, wherein, third data to be signed include that user is intended to configuration information, third signature value is the signature using third key pair third data to be signed and authentication signature value, wherein authentication signature value generates in the establishment process of eUICC management session；After getting third data to be signed and third signature value, third signature value is verified by the 4th key corresponding with third key, third data to be signed and authentication signature value, then verifies the user and whether is intended to mark effectively to realize the verifying for being intended to configuration information to user.

Second aspect, the embodiment of the invention provides another eUICC configuration file management methods, comprising:

It establishes and manages session with the eUICC of eUICC remotely administered server；

User is sent to eUICC module and is intended to verifying instruction, and user's intention verifying instruction is used to be intended to configuration information to the user to verify by the eUICC module, wherein carries the user in user's intention verifying instruction and is intended to configuration information；

In the first possible implementation of the second aspect, it is that user is intended to mark that user, which is intended to configuration information,；Or it is the first signature value that user, which is intended to configuration information,；Or user is intended to owner's title that configuration information is the first signature value and digital certificate corresponding with the first signature value.

In a second possible implementation of the second aspect, it is the first signature value that user, which is intended to configuration information, wherein the first signature value includes the signature using first key to the first data to be signed, and first key is public key, private key or symmetric key；Local first data to be signed are generated before sending user's intent instructions to eUICC module, wherein local first data to be signed include action type, operator identifier and eUICC remotely administered server object identity；User is intended to local first data to be signed of carrying in verifying instruction, and local first data to be signed carry out the verifying that verifying realization is intended to configuration information to user for the second key pair corresponding with first key the first signature value by eUICC module.

In conjunction with second of possible implementation of second aspect, in the third mode in the cards, session, which is managed, by eUICC gets the second data to be signed and the second signature value from eUICC remotely administered server, wherein, second data to be signed include that user is intended to configuration information, second signature value is the signature using third key pair the second data to be signed and authentication signature value, wherein authentication signature value generates in the establishment process of eUICC management session；In user's checking instruction Also carry the second data to be signed and the second signature value, wherein the second data to be signed and authentication signature value verify realizing the verifying to user's intention configuration information by the eUICC module for the 4th key pair the second signature value corresponding with third key.

In the 4th kind of mode in the cards of second aspect, it is that user is intended to mark that user, which is intended to configuration information,；Third data to be signed and third signature value are got from eUICC remotely administered server by managing session by eUICC, wherein, third data to be signed include that user is intended to configuration information, third signature value is the signature using third key pair third data to be signed and authentication signature value, wherein, authentication signature value generates in the establishment process of eUICC management session；Third data to be signed and third signature value are also carried in user's checking instruction, wherein third data to be signed and authentication signature value are verified by the eUICC module for the 4th key pair third signature value corresponding with third key；User is intended to mark and is used to verify whether effectively by the eUICC to realize the verifying for being intended to configuration information to user.

The third aspect, the embodiment of the invention provides another eUICC configuration file management methods, comprising:

It receives the user that local eUICC configuration file supplementary module is sent and is intended to verifying instruction, wherein, the user, which is intended to verify in instruction, carries user's intention configuration information, and the user is intended to configuration information and manages acquisition conversation from the eUICC of eUICC remotely administered server for the local eUICC configuration file supplementary module；

It is intended to configuration information to the user to verify；

In the first possible implementation of the third aspect, it is that user is intended to mark that user, which is intended to configuration information,；Or it is the first signature value that user, which is intended to configuration information,；Or user is intended to owner's title that configuration information is the first signature value and digital certificate corresponding with the first signature value.

In the second possible implementation of the third aspect, it is the first signature value that user, which is intended to configuration information, wherein the first signature value includes the signature using first key to the first data to be signed, and first key is public key, private key or symmetric key；User is intended to also carry local first data to be signed in verifying instruction, wherein, local first data to be signed are generated by local eUICC configuration file supplementary module, and local first data to be signed include action type, operator identifier and eUICC remotely administered server object identity；Verifying is carried out to the first signature value by the second key corresponding with first key and local first data to be signed and realizes that being intended to configuration information to user verifies.

In conjunction with second of possible implementation of the third aspect, in the third mode in the cards, the second data to be signed and the second signature value are also carried in user's checking instruction, wherein, second data to be signed include that the user is intended to configuration information, and the second signature value includes the signature using the second data to be signed and authentication signature value described in third key pair；The second signature value is verified by the 4th key corresponding with the third key, second data to be signed and the authentication signature value, then verify realizing that being intended to configuration information to user verifies to the first signature value by the second key corresponding with first key and local first data to be signed.

In the fourth possible implementation of the third aspect, it includes the first signature value that the user, which is intended to configuration information, wherein, the first signature value includes using first key to the signature of the first data to be signed, and the first key includes public key, private key or symmetric key；The user is intended to also carry the configuration pipe for generating local first data to be signed in verifying instruction Manage data, the first data to be signed are generated receiving to receive after the user that local eUICC configuration file supplementary module is sent is intended to verifying instruction, wherein, first data to be signed of local are generated by the local eUICC configuration file supplementary module, and first data to be signed of local include action type, operator identifier and eUICC remotely administered server object identity；The first signature value is verified by the second key corresponding with the first key and the first data to be signed of the local.

In the 5th kind of mode in the cards of the third aspect, it is that user is intended to mark that user, which is intended to configuration information,；Third data to be signed and third signature value are also carried in user's checking instruction, wherein third data to be signed include that the user is intended to configuration information, and third signature value includes the signature using third data to be signed and authentication signature value described in third key pair；The third signature value is verified and confirmed and is verified by the 4th key corresponding with the third key, the third data to be signed and the authentication signature value；The user is verified again is intended to whether mark effectively realizes the verifying for being intended to configuration information to user.

Fourth aspect, the embodiment of the invention provides a kind of eUICC configuration file management devices, comprising:

Session establishment module is managed, manages session with the eUICC of eUICC remotely administered server for establishing；

Configuration information obtains module, obtains user's intention configuration information from the eUICC remotely administered server for managing session by the eUICC；

Authentication module is verified for being intended to configuration information to the user；

Execution module, for to user in the case where being verified of configuration information of intention, in this eUICC management conversation procedure, user is not executed is intended to verification step, wherein, the eUICC management session is for executing at least one of the downloading of eUICC configuration file and installation operation, eUICC configuration file activation operation, eUICC configuration file deactivating operation or eUICC configuration file delete operation operation.

5th aspect, the embodiment of the invention provides a kind of local eUICC configuration file supplementary modules, comprising:

Session establishment unit is managed, manages session with the eUICC of eUICC remotely administered server for establishing；

Configuration information acquiring unit obtains user's intention configuration information from the eUICC remotely administered server for managing session by the eUICC；

Verify instruction sending unit, it is intended to verifying instruction for sending user to eUICC module, the user is intended to verifying instruction and is verified by the eUICC module for being intended to configuration information to the user, wherein the user is intended to carry user's intention configuration information in verifying instruction；

First execution unit, for to user in the case where being verified of configuration information of intention, in this eUICC management conversation procedure, user is not executed is intended to verification step, wherein, the eUICC management session is for executing at least one of the downloading of eUICC configuration file and installation operation, eUICC configuration file activation operation, eUICC configuration file deactivating operation or eUICC configuration file delete operation operation.

6th aspect, the embodiment of the invention provides a kind of eUICC modules, comprising:

Verify instruction receiving unit, it is intended to verifying instruction for receiving the user that local eUICC configuration file supplementary module is sent, wherein, the user, which is intended to verify in instruction, carries user's intention configuration information, and the user is intended to configuration information and manages acquisition conversation from the eUICC of eUICC remotely administered server for the local eUICC configuration file supplementary module；

Authentication unit is verified for being intended to configuration information to the user；

Second execution unit, for to user in the case where being verified of configuration information of intention, in this eUICC management conversation procedure, user is not executed is intended to verification step, wherein, the eUICC management session is for executing at least one of the downloading of eUICC configuration file and installation operation, eUICC configuration file activation operation, eUICC configuration file deactivating operation or eUICC configuration file delete operation operation.

7th aspect, the embodiment of the invention provides a kind of eUICC configuration file management devices, it include: processor, memory and transceiver, the processor, memory and transceiver are connected with each other by bus, wherein, the memory is for storing program code, and the processor is for calling said program code, the following operation of execution:

It is intended to configuration information to the user to verify；

Eighth aspect, the embodiment of the invention provides a kind of terminals, it include: processor, memory and transceiver, the processor, memory and transceiver are connected with each other by bus, wherein, the memory is for storing program code, and the processor is for calling said program code, the following operation of execution:

9th aspect, the embodiment of the invention provides a kind of eUICC modules, it include: processor, memory and transceiver, the processor, memory and communication interface are connected with each other by bus, wherein, the memory is for storing program code, and the processor is for calling said program code, the following operation of execution:

It is intended to configuration information to the user to verify；

To user in the case where being verified of configuration information of intention, managed in conversation procedure in this eUICC, User is not executed is intended to verification step, wherein, the eUICC management session is for executing at least one of the downloading of eUICC configuration file and installation operation, eUICC configuration file activation operation, eUICC configuration file deactivating operation or eUICC configuration file delete operation operation.

By implementing the embodiment of the present invention, it obtains user's intention configuration information from eUICC remotely administered server and configuration information is intended to user and verify, to user's in the case where being verified of configuration information of intention, in this eUICC management conversation procedure, user is not executed is intended to verification step, the interactive process with user is saved, so as to realize efficient downloading and installation and Efficient Remote eUICC configuration file management to eUICC configuration file.

Detailed description of the invention

Technical solution in order to illustrate the embodiments of the present invention more clearly or in background technique below will be illustrated attached drawing needed in the embodiment of the present invention or background technique.

Fig. 1 is the system architecture diagram of eUICC；

A kind of Fig. 2 flow diagram of eUICC configuration file management method provided in an embodiment of the present invention；

Fig. 3 is the flow diagram of another kind eUICC configuration file management method provided in an embodiment of the present invention；

Fig. 4 is a kind of flow diagram of the initial method of SM-DP+ provided in an embodiment of the present invention；

Fig. 5 is the flow diagram provided in an embodiment of the present invention that localuserintentfreeSigned is generated by eUICC；

Fig. 6 is the flow diagram of another eUICC configuration file management method provided in an embodiment of the present invention；

Fig. 7 is the flow diagram of another eUICC configuration file management method provided in an embodiment of the present invention；

Fig. 8 is the flow diagram of another eUICC configuration file management method provided in an embodiment of the present invention；

Fig. 9 is a kind of structural schematic diagram of eUICC configuration file management device provided in an embodiment of the present invention；

Figure 10 is the structural schematic diagram of another kind eUICC configuration file management device provided in an embodiment of the present invention；

Figure 11 is a kind of structural schematic diagram of local eUICC configuration file supplementary module provided in an embodiment of the present invention；

Figure 12 is a kind of structural schematic diagram of terminal provided in an embodiment of the present invention；

Figure 13 is a kind of structural schematic diagram of eUICC module provided in an embodiment of the present invention；

Figure 14 is the structural schematic diagram of another kind eUICC module provided in an embodiment of the present invention.

Specific embodiment

The embodiment of the present invention is described with reference to the attached drawing in the embodiment of the present invention.

Fig. 2 is referred to, Fig. 2 is a kind of flow diagram of eUICC configuration file management method provided in an embodiment of the present invention, and the method for the embodiment of the present invention may be implemented in system architecture as shown in Figure 1, and this method includes but is not limited to following steps:

Step S101: terminal device, which is established, manages session with the eUICC of eUICC remotely administered server.

Specifically, as described in Figure 1, terminal device may include LPA module, eUICC module, wherein, LPA module and eUICC module can be two and be separated from each other and there are the modules of physics or logic connecting relation, such as LPA module to be present on baseband chip, on application processor or in other hardware modules of terminal device；LPA module can also be deposited directly It is in eUICC module.Specifically, LPA module can be a software module, or the multiple software modules for existing and being associated for distribution.

Specifically, eUICC, which manages session, can configure (Remote SIM Provisioning, RSP) session for remote sim.

Specifically, eUICC manages session and can be initiated by LPA module, and LPA assists to carry out bi-directional authentification certification between eUICC module and eUICC remotely administered server to establish eUICC management session.

Step S102: the terminal device manages session by the eUICC and obtains user's intention configuration information from the eUICC remotely administered server.

Specifically, eUICC remotely administered server can be SM-DP+, or other are capable of providing eUICC configuration file and can be to the server that eUICC configuration file is remotely managed.

Specifically, it can be the first signature value that user, which is intended to configuration information,；Or user is intended to mark；It can also be the first signature value and owner's title of digital certificate corresponding with the first signature value.

Step S103: the terminal device is intended to configuration information to the user and verifies.

Wherein, user's intention configuration information is used to indicate terminal and saves, deactivates or skip the step of interacting with user in this eUICC management conversation procedure.

Specifically, to user's in the case where being verified of configuration information of intention, step S105 is executed.

Specifically, the interior perhaps type that user is intended to configuration information is different, it is different that terminal device is intended to the detailed process that configuration information is verified to user, in detailed process, terminal not only can be intended to configuration information to user and verify, and can also verify to information related with user's intention configuration information.

Step S104: in the case where being intended to the unsanctioned situation of verifying of configuration information to user, the terminal device executes user and is intended to verification step.

Specifically, when in the unsanctioned situation of verifying to user's intention configuration information, terminal device can show " whether agreeing to download ", the information such as " asking input validation code " and the confirmation operation for obtaining user on interface, just execute subsequent step after getting the confirmation operation of user.

Step S105: the terminal device executes the operation of at least one of eUICC configuration file downloading installation operation, eUICC configuration file activation operation, eUICC configuration file deactivating operation or eUICC configuration file delete operation.

Specifically, eUICC configuration file can be Profile.

The realization process of above-described embodiment is specifically introduced to the 5th embodiment by second embodiment below in conjunction with the system architecture of Fig. 1, it should be noted that, second embodiment of the invention to the 5th embodiment mainly introduces LPA module and eUICC module is the module being separated from each other and works in coordination and realize the situation of the technical solution of above-described embodiment, the situation of eUICC module is directly present in for LPA module, scheme can be formed in view of the step of need to only executing LPA module and eUICC module merges, is not discussed herein.Below using the LPA module of LPA GC group connector equipment, the eUICC module of eUICC GC group connector equipment, SM-DP+ represents eUICC remotely administered server, Profile represents eUICC configuration file and describes in detail to above-described embodiment.

Fig. 3 is referred to, Fig. 3 is a kind of flow diagram for eUICC configuration file management method that second embodiment of the invention provides.In embodiments of the present invention, eUICC manages session and operates for executing the downloading of eUICC configuration file and installation, Specific implementation flow is as follows:

Step S201:LPA obtains the address SM-DP+.

Specifically, under the conditions ofs user's operation, booting, clocked flip or eUICC triggering etc., LPA can obtain the address SM-DP+ and event identifier (Event Identification from SM-DS, EventID), EventID can identify Profile event to be downloaded, Profile or eUICC remote management event can also be identified, downloading or management event can be directed to single or multiple terminal/eUICC.EventID can be sent to SM-DP+ by matching identification (MatchingID) parameter by LPA.

Optionally, LPA can also obtain the address (default) SM-DP+ of default from eUICC, such as terminal device is operator's A customized production, operator A specifies the preset address SM-DP+ in eUICC, alternatively, OEM manufacturer terminal shared address SM-DP+ of preset multiple operators in eUICC.

Step S202:LPA and SM-DP+ establishes Transport Layer Security (Transport Layer Security, TLS) connection.

Specifically, for example, LPA does unidirectional certificate verification to SM-DP+, certification establishes TLS connection after passing through.

Step S203:eUICC and SM-DP+ is based on Secure Hypertext Transfer Protocol (HyperText Transfer Protocol Secure, HTTPS) and carries out bi-directional authentification.

Specifically, HTTPS is operated on TLS connection.

Specifically, LPA obtains the information such as eUICC challenging value from eUICC, HTTPS request (challenging value containing eUICC) is sent to SM-DP+, it triggers eUICC and SM-DP+ and carries out bi-directional authentification, the data exchange of bi-directional authentification just passes through HTTPS request and response message and the interface of LPA and eUICC is realized.In the two-way authentication process, eUICC, which generates the authentication signature value (euiccSignature1) of itself and euiccSignature1 is sent to SM-DP+, SM-DP+ and eUICC, saves euiccSignature1；Meanwhile authentication certificate (CERT.DPauth.ECDSA) is sent to eUICC by SM-DP+, eUICC saves CERT.DPauth.ECDSA；After bi-directional authentification passes through, SM-DP+ generates session identification (TranctionIdentification, TransactionID).

So far, the RSP session establishment success after bi-directional authentification between terminal device and SM-DP+.

Step S204:SM-DP+ is by searching for obtaining Profile event to be downloaded (Profile download pending order) or batch Profile event to be downloaded (Batch Profile download pending order).

Specifically, in two-way authentication process, terminal device sends MatchingID or eUICC mark (EID) to SM-DP+.

Specifically, SM-DP+ can search to obtain Profile download pending order or Batch Profile download pending order by MatchingID or EID.

Specifically, Profile download pending order or Batch Profile download pending order can be downloaded in initialization procedure in the Profile of SM-DP+ and be generated, and Fig. 4 is the Profile downloading initialization process schematic diagram of SM-DP+.

Before downloading Profile to the eUICC of terminal device, personal or enterprise customer needs to carry out signing with operator (Operator) and the processes such as completes to open an account, then by Operator Specific Service support system (Operator Business Sustain System, Operator BSS) indicate that SM-DP+ is the terminal device downloading that user prepares single or a collection of Profile for user, after eUICC downloading and installation Profile success and Profile are active, Operator mobile network can provide respective services for terminal user, including call, receive short message and data service etc..During user and Operator contract, optionally, Operator BSS can get International Mobile Equipment Identity mark (the International Mobile of subscriber terminal equipment Equipment Identity, IMEI), ability information and eUICC mark (eUICC Identification, EID).During preparing Profile, optionally, EID is sent to SM-DP+ by Operator BSS, and SM-DP+ indicates to generate Profile event to be downloaded according to Operator BSS, and subscriber terminal equipment is waited to carry out Profile downloading.Wherein, if with operator signing be enterprise customer, then batch eUICC mark (i.e. EIDs) is optionally sent to SM-DP+ by Operator BSS, SM-DP+ generates batch Profile event to be downloaded or generates a single Profile event to be downloaded for each terminal device/eUICC, introduces the Profile downloading initialization process of SM-DP+ by taking enterprise customer as an example below in conjunction with Fig. 4:

Step S1:Operator BSS sends download command (DownloadOrder) to SM-DP+, wherein, the mark (Integrated Circuit Card ID, ICCIDs) of batch eUICC mark (EIDs), Profile type (Profile Type) or batch Profile can be carried in DownloadOrder.

Wherein, EIDs is optional, i.e. DownloadOrder also in can not also carry EIDs.

Step S2:SM-DP+ saves ICCIDs, and EIDs simultaneously sends replying instruction to Operator BSS.

Specifically, replying instruction, that is, response message.

Optionally, Operator BSS can produce batch matching identification (MatchingIDs) after receiving the replying instruction, and MatchingID can match with the SM-DP+ Profile event to be downloaded generated.

Optionally, Operator BSS can also carry out backstage configuration.

Step S3: optional, Operator BSS obtains terminal device and exempts from user's intention authorization userintentfreeSignature.

Wherein, userintentfreeSignature can indicate that LPA saves, deactivates or skip the step of user is intended to confirmation in this RSP session.Such as, the step of allowing user's confirmation to receive operator's Profile policing rule (Profile Policy Rules, PPR), allows user to confirm the step of downloading and installing the Profile, allow user's Input Acknowledge code the step of, and can merge between these steps.

Optionally, userintentfreeSignature can also be defined with other titles.

Specifically, userintentfreeSignature can be included in user by SM-DP+ and be intended to be sent to LPA in configuration information (userintentConfiguration).

Specifically, Operator BSS can obtain userintentfreeSignature from Enterprise, OEM or EUM.

Specifically, userintentConfiguration can be userintentfreeSignature, it may be { Signer, userintentfreeSignature }, wherein, userintentfreeSignature is using first key to the signature (as the first signature value) of the first data to be signed, first data to be signed can be { euicc Operation Type, Operatorid, SM-DP+OID }, optionally, first data to be signed can also include EIDs, that is the first data to be signed are { euicc Operation Type, Ope Ratorid, SM-DP+OID, EIDs }, wherein euicc Operation Type is that eUICC manages action type, and Operatorid is operator identifier, and SM-DP+OID is SM-DP+ object identity (Object Identifications, OID)；Signer is owner's title of digital certificate corresponding with first key, Signer for example can be distinguished name (the Distinguished Name of OEM digital certificate, EUM digital certificate or Enterprise digital certificate, DN), such as, Operator BSS obtains userintentfreeSignature from OEM, then Signer is the DN title of OEM digital certificate.

Specifically, in embodiments of the present invention, euicc Operation Type is Profile Download.

Optionally, the first key can be public key (Public Key, PK), private key (Secret Key, SK) or symmetric key.

Specifically, the form of expression of the EIDs can there are many, such as EID can be expressed as_start|EID_end、EID_start| in Count EID list any one and combinations thereof.

Step S4:Operator BSS sends confirmation order (ConfirmOrder) to SM-DP+, wherein carries { Signer, userintentfreeSignature } in ConfirmOrder.

Wherein, Signer is optional, when userintentConfiguration is userintentfreeSignature, only carries userintentfreeSignature in ConfirmOrder.

Optionally, ICCIDs, EIDs can be also carried in ConfirmOrder, Confirmation Codes, MatchingIDs, wherein Confirmation Codes is the confirmation code (Confirmation Code) of safety of a batch for enhancing Profile downloading.

Step S5:SM-DP+ generates batch Profile event to be downloaded (Batch Profile download pending order).

Optionally, SM-DP+ may be that each terminal device/eUICC generates a single Profile event to be downloaded.

It specifically, may include a collection of Profile of Signer, userintentfreeSignature, eventID, MatchingIDs, EIDs and SM-DP+ generation in Batch Profile download pending order.

So far, the Profile downloading initialization procedure of SM-DP+ is completed, SM-DP+ is that enterprise customer gets out a collection of Profile, optionally, the title of event to be downloaded is not limited to this kind of description of Batch Profile download pending order in the embodiment of the present invention in batches, it can also be described with other titles, be mainly used to distinguish existing single Profile event to be downloaded.

Specifically, the MatchingID or EID that SM-DP+ can be sent according to terminal device search to obtain Profile download pending order or Batch Profile download pending order.

Step S205:SM-DP+ carries out validity checking using terminal device information (Device Info) and eUICC information (euicc Info2).

Specifically, SM-DP+ for example checks whether firmware information, version information of terminal device and eUICC etc. matches with the Profile in download pending order.

Step S206:SM-DP+ generates Profile metadata (Metadata), it checks whether to retry downloading (download retry), generate the second data to be signed (for example, smdpSigned2), smdpSigned2={ TransactionID, confirmation code indicates (Confirmation Code Required Flag), and temporary key is to public key (bppEuiccOtpk) }.

Specifically, TransactionID is generated in establishing RSP conversation procedure by SM-DP+, Confirmation Code Required Flag is set as ' True ' or " whether False ' (receives Confirmation Code depending on SM-DP+, bppEuiccOtpk is the public key portion in last time abortive Profile downloading RSP session by the eUICC interim public private key pair generated in Profile downloading initialization procedure.

Step S207:SM-DP+ carries out signature calculation to smdpSigned2 and euiccSignature1 using third key (SK.DPpb.ECDSA) and generates the second signature value (for example, smdpSignature2), wherein, SK.DPpb.ECDSA is the private key of the configuration file binding (ProfileBinding) digital certificate (CERT.DPpb.ECDSA) of SM-DP+.

Specifically, smdpSigned2 can be generated in SM-DP+ | and the abstract (" | " symbol is used to former and later two data of connecting) of euiccSignature1 then carries out encryption to the abstract using SK.DPpb.ECDSA and generates smdpSignature2.Such as A={ smdpSigned2, euiccSignature1 }, abstract a will be obtained by picking to A, result i.e. the second signature value smdpSignature2 encrypted using SK.DPpb.ECDSA to abstract a.

Profile Metadata, smdpSigned2, smdpSignature2, CERT.DPpb.ECDSA, userintentConfiguration and EIDs are sent to LPA by step S208:SM-DP+.

Wherein, EIDs is optional.

Step S209:LPA acknowledges receipt of userintentConfiguration, generate local first data to be signed (localuserintentfreeSigned), localuserintentfreeSigned={ euicc Operation Type, Operatorid, SM-DP+OID }.

In another embodiment, localuserintentfreeSigned={ euicc Operation Type, Operatorid, SM-DP+OID, EIDs }.

Specifically, LPA identifies that eUICC Operation Type is Profile download by Profile Metadata, Profile owner (Profileowner) in Profile Metadata is assigned to Operatorid, obtains SM-DP+OID from CERT.DPpb.ECDSA certificate.

Step S210:LPA verifies the EID of local eUICC in EIDs.

LocaluserintentfreeSigned, userintentConfiguration, TransactionID and CERT.DPpb.ECDSA are sent to eUICC by step S211:LPA.

Specifically, LPA reads TransactionID from smdpSigned2.

In another implementation, localuserintentfreeSigned can be generated by eUICC, and step S209~S211 is as shown in figure 5, could alternatively be at this time:

Step S209-1:LPA acknowledges receipt of userintentConfiguration, generates euicc Operation Type, Operatorid.

Wherein, LPA generation euicc Operation Type, the mode of Operatorid are identical as step S209, repeat no more.

Step S210-1: optional, LPA verifies the EID of local eUICC in EIDs.

Euicc Operation Type, Operatorid, userintentConfiguration, TransactionID and CERT.DPpb.ECDSA are sent to eUICC by step S211-1:LPA.

Optionally, if the first data to be signed are { euicc Operation Type, Operatorid, SM-DP+OID, EIDs }, EIDs can also be sent to eUICC by LPA.

Step S211-2:eUICC generates localuserintentfreeSigned.

Step S212:eUICC verifying CERT.DPpb.ECDSA is legal and belongs to same SM-DP+ with CERT.DPauth.ECDSA, and verifying TransactionID matches current RSP session.

Specifically, eUICC is by obtaining SM-DP+OID from CERT.DPpb.ECDSA and CERT.DPauth.ECDSA respectively, two SM-DP+OID for obtaining out respectively are compared, determine that CERT.DPpb.ECDSA and CERT.DPauth.ECDSA belong to same SM-DP+ if two SM-DP+OID are identical.

Step S213:eUICC verifies userintentConfiguration.

Specifically, eUICC verifies userintentfreeSignature using the second key corresponding with first key and localuserintentfreeSigned.

Optionally, second key and the first key can be with mutually symmetrical key or unsymmetrical key, such as first key and the second key unsymmetrical key each other, then when first key is PK, the second key is SK, and when first key is SK, the second key is PK；For another example the second key and the mutually symmetrical key of the first key, then first key and second close Key is identical.

Specifically, eUICC generates local first abstract of the localuserintentfreeSigned, it is decrypted to obtain decrypted result with the second key pair userintentfreeSignature again, when local first abstract is identical as decrypted result, userintentfreeSignature is verified.

Optionally, when the LPA receives userintentfreeSignature and Signer simultaneously, whether eUICC also needs to examine the DN title in Signer and CERT.EUM/Enterprise/OEM.ESCDA identical, identical, is verified.Wherein, Signer and userintentfreeSignature verifying sequence without limitation.

Step S214:eUICC sends verifying to LPA and completes instruction.

Wherein, it includes being verified instruction or verifying not by instruction that instruction is completed in verifying, is used to indicate whether to execute user's checking step, if verifying completes instruction to be verified instruction, does not execute user and be intended to verification step；If verifying complete instruction is verifying not by instruction, executes user and be intended to verification step, alternatively, instruction LPA terminates current RSP session.

Specifically, it can be, for example, OK or Error response message that instruction is completed in verifying.

Step S215:LPA completes instruction according to verifying and determines whether that executing user is intended to verification step.

In one possible implementation, can to whether execute user be intended to verification step be arranged a marker bit, such as it receives and is verified instruction then by mark position ' 1 ', expression runs to user and is intended to that this step should be skipped when verification step, verifying is received not by instruction then by mark position ' 0 ', expression runs to user and is intended to that the step should be executed when verification step.

Specifically, when verifying completes instruction to be verified instruction, step S217 is executed.

Step S216: it is verifying not by instruction that instruction is completed in verifying, and LPA executes user and is intended to verification step.

Step S217:LPA continues to execute Profile downloading and installation procedure.

In method described in Fig. 3, it is userintentfreeSignature or { Signer that user, which is intended to configuration information userintentConfiguration, userintentfreeSignature }, Operator obtains userintentfreeSignature from Enterprise, OEM or EUM and userintentfreeSignature carrying is sent to SM-DP+ in ConfirmOrder, when subscriber terminal equipment will carry out Profile down operation, SM-DP+ by userintentfreeSignature ( And Signer) it is sent to the LPA of terminal, the verifying to userintentfreeSignature (and Signer) is completed in LPA and eUICC cooperation, user is skipped when being verified is intended to verification step, the efficient downloading to Profile is helped to realize, the scene of the enterprise UE terminal equipment of batch is particularly useful for.

Fig. 6 is referred to, Fig. 6 is a kind of flow diagram for eUICC configuration file method for down loading that third embodiment of the invention provides.In embodiments of the present invention, eUICC manages session subscriber for executing the downloading of eUICC configuration file and installation operation, and specific implementation flow is as follows:

Step S301:LPA obtains the address SM-DP+.

Step S302:LPA establishes TLS with SM-DP+ and connect.

Step S303:SM-DP+ and eUICC is based on HTTPS and carries out bi-directional authentification.

Step S304:SM-DP+ searches to obtain Profile download pending order or Batch Profile download pending order.

Step S305:SM-DP+ carries out validity checking using Device Info and euicc Info2.

Wherein, in the realization logical AND implementation of step S301~S305 and above-mentioned second embodiment step S201~S205 That introduces is consistent, repeats no more.

Step S306:SM-DP+ generates Profile Metadata, it checks whether as download retry, generate smdpSigned2, smdpSigned2={ TransactionID, Confirmation Code Required Flag, bppEuiccOtpk, userintentConfiguration, EIDs }.

Wherein, EIDs is optional.Specifically, userintentConfiguration can be intended to mark (User Intent Free Required Flag) for { Signer, userintentfreeSignature }, userintentfreeSignature or user in the embodiment of the present invention.

It should be noted that, if userintentConfiguration is User Intent Free Required Flag, then Operator BSS do not execute obtain terminal device exempt from user be intended to authorization userintentfreeSignature step, directly according to Profile download scene (such as, enterprise customer's batch is downloaded, or, old user/seeking help person user's downloading) instruction SM-DP+ generation user's intention configuration information (for example, user is intended to mark by instruction is set as ' True ' or ' False ').

It should be noted that, in embodiments of the present invention, if userintentConfiguration is { Signer, userintentfreeSignature } or userintentfreeSignature, smdpSigned2 is the second data to be signed, if userintentConfiguration is User Intent Free Required Flag, smdpSigned2 is third data to be signed.

Step S307:SM-DP+ is using SK.DPpb.ECDSA to smdpSigned2 | and euiccSignature1 carries out signature calculation and generates smdpSignature2, wherein SK.DPpb.ECDSA is the private key of the ProfileBinding certificate of SM-DP+.

It should be noted that, in embodiments of the present invention, if userintentConfiguration is { Signer, userintentfreeSignature } or userintentfreeSignature, smdpSignature2 is the second signature value, if userintentConfiguration is User Intent Free Ruired Flag, smdpSignature2 is third signature value.

Profile Metadata, smdpSigned2, smdpSignature2, CERT.DPpb.ECDSA are sent to LPA by step S308:SM-DP+.

Step S309:LPA acknowledges receipt of userintentConfiguration.

Specifically, LPA parses smdpSigned2 and acknowledges receipt of user's intention configuration information userintentConfiguration.

In one possible implementation, if it is { Signer that user, which is intended to configuration information, userintentfreeSignature } or when userintentfreeSignature, localuserintentfreeSigned can be generated in LPA, it is consistent described in step S209 in its generating mode and content and above-mentioned second embodiment, it repeats no more.

Step S310: optional, LPA verifies the EID of local eUICC in EIDs.

SmdpSigned2, smdpSignature2 and CERT.DPpb.ECDSA are sent to eUICC by step S311:LPA.

Optionally, if LPA generates localuserintentfreeSigned, the localuserintentfreeSigned that LPA will additionally generate is sent to eUICC.

In another implementation, userintentfreeSigned can be generated by eUICC, and LPA also needs Operation Type, Operatorid and EIDs (optional) being sent to eUICC in such cases.

Step S312:eUICC verifying CERT.DPpb.ECDSA is legal and belongs to same SM-DP+ with CERT.DPauth.ECDSA, and verifying TransactionID matches current RSP session.

Wherein, the mode of eUICC verifying CERT.DPpb.ECDSA is introduced consistent with above-mentioned second embodiment step S212, is repeated no more.

Step S313:eUICC verifies smdpSignature2.

Specifically, eUICC verifies smdpSignature2 using the 4th key (PK.DPpb.ECDSA) corresponding with SK.DPpb.ECDSA, smdpSigned2 and euiccSignature1, wherein, euiccSignature1 is the authentication signature value that eUICC is generated and saved in establishing RSP conversation procedure.

Specifically, eUICC generates smdpSigned2 | and the third of euiccSignature1 is made a summary, then generates the 4th abstract to smdpSignature2 decryption with PK.DPpb.ECDSA, when third abstract is identical as the 4th abstract, is verified to smdpSignature2.For example, in SM-DP+, A={ smdpSigned2, euiccSignature1 }, abstract a will be obtained by picking to A, and smdpSignature2 is the signature value encrypted to abstract a using SK.DPpb.ECDSA；When smdpSigned2 and smdpSignature2 are transmitted to eUICC, to smdpSigned2 | euiccSignature1, which is picked, will obtain abstract a1, new abstract b is generated to smdpSignature2 decryption using PK.DPpb.ECDSA, when the a1 that makes a summary is identical with abstract b, smdpSignature2 is verified.

Step S314:eUICC verifies userintentConfiguration.

Specifically, when userintentConfiguration is { Signer, userintentfreeSignature } or when userintentfreeSignature, the step of verifying to userintentfreeSignature and Signer repeats no more in the step S213 that can refer to above-mentioned second embodiment.

Specifically, when userintentConfiguration is User Intent Free Required Flag, eUICC judges whether User Intent Free Required Flag is effectively verified, such as the value of User Intent Free Required Flag is that ' True ' (or ' 1 ') then determines effectively, is verified to userintentConfiguration；The value of User Intent Free Required Flag is that ' False ' (or ' 0 ') then determines in vain, is not passed through to the verifying of userintentConfiguration.Or, when userintentConfiguration is User Intent Free Required Flag, eUICC does not verify it, but verification result is returned into LPA after step S313 verifies smdpSignature2, User Intent Free Required Flag verifying is carried out by LPA.

Step S315:eUICC sends verifying to LPA and completes instruction.

Step S316:LPA completes instruction according to verifying and determines whether that executing user is intended to verification step.

Step S317: it is verifying not by instruction that instruction is completed in verifying, and LPA executes user and is intended to verification step.

Step S318:LPA continues to execute Profile downloading and installation procedure.

The realization logical AND mode of step S315~S318 is consistent with step S214~S217 in above-mentioned second embodiment, repeats no more.

In method described in Fig. 6, it is { Signer that user, which is intended to configuration information userintentConfiguration, userintentfreeSignature }, userintentfreeSignature or User Intent Free Required Flag, Operator BSS from from Enterprise, OEM or EUM obtain userintentfreeSignature and by userintentfreeSignature (and Signer) carrying SM-DP+ (userinten is sent in ConfirmOrder Operator BSS, which is not executed, when tConfiguration is User Intent Free Required Flag obtains userintentfreeSignature step); when terminal device will carry out Profile down operation; userintentConfiguration is put into the LPA that smdpSigned2 carries out signature protection and is sent to terminal device by SM-DP+; verifying to smdpSignature2 and userintentConfiguration is completed in LPA and eUICC cooperation, is being passed through to smdpSignature2 signature verification and to use User is skipped when rintentConfiguration is verified and is intended to verification step, is helped to realize the efficient downloading to Profile, is particularly useful for the scene of the enterprise UE terminal equipment of batch.

Fig. 7 is referred to, Fig. 7 is a kind of flow diagram for eUICC configuration file method for remote management that fourth embodiment of the invention provides.In embodiments of the present invention, the eUICC management operation that terminal device executes is that RPM is operated, and specific implementation flow is as follows:

Step S401:LPA obtains the address SM-DP+.

Step S402:LPA establishes TLS with SM-DP+ and connect.

Step S403:SM-DP+ and eUICC is based on HTTPS and carries out bi-directional authentification.

So far, the RSP session establishment success between terminal device and SM-DP+, the logical AND process established describes consistent with above-mentioned second embodiment step S201~S203, repeats no more.

Step S404:SM-DP+ searches to obtain that Profile remotely manages event to be processed (pending RPM order) or batch Profile remotely manages event to be processed (pending Batch RPM order).

Specifically, pending RPM order or pending Batch RPM order can receive long-range Profile administration order (the Remote Profile Management Order of Operator BSS in SM-DP+, RPMOrder it) generates afterwards, detailed process introduced below.

Step S11:Operator BSS acquisition exempts from user and is intended to authorization userintentfreeSignature.

Wherein, Operator BSS obtain userintentfreeSignature mode and with combine Fig. 3 introduction SM-DP+ Profile downloading initialization procedure step S3 in introduce it is consistent identical, it should be noted that, in embodiments of the present invention euicc Operation Type be various Profile Remote management operations (such as, Disable is deactivated, Enable is activated, deletes Delete, Update is updated, Query is inquired).

Step S12:Operator sends RPMOrder to SM-DP+, wherein userintentfreeSignature, RPM Command are carried in RPMOrder.

Optionally, ICCIDs, Signer, EIDs can be also carried in RPMOrder.

Step S13:SM-DP+ carries out validity checking.

Specifically, SM-DP+ checks EIDs or ICCIDs, is confirmed whether to belong to its range of management.

Step S14:SM-DP+ generates one or more pending RPM order or generates pending Batch RPM order.

Optionally, SM-DP+ carries out event registration also at SM-DS.

Specifically, each RPM Oder event has an eventID mark.

Specifically, SM-DP+ finds pending RPM order or pending Batch RPM order by eventID or EID.

Step S405:SM-DP+ generates the second data to be signed (for example, smdpSigned3), smdpSigned3={ TransactionID, RPM Command }.

Step S406:SM-DP+ is using third key (SK.DPrpm.ECDSA) to smdpSigned3 | and euiccSignature1 carries out signature calculation and generates the second signature value (smdpSignature3), wherein, SK.DPrpm.ECDSA is the private key of long-range Profile management (Remote Profile Management, RPM) certificate (CERT.DPrpm.ECDSA) of SM-DP+.

Specifically, RPM certificate can be distinguished or be multiplexed with authentication certificate.

Specifically, smdpSigned3 can be generated in SM-DP+ | and then the abstract of euiccSignature1 utilizes SK.DPrpm.ECDSA carries out encryption to the abstract and generates smdpSignature3.Such as C={ smdpSigned3, euiccSignature1 }, c to be obtained is picked to C, result i.e. the second signature value smdpSignature3 encrypted using SK.DPrpm.ECDSA to abstract c.

SmdpSigned3, smdpSignature3, CERT.DPrpm.ECDSA, userintentConfiguration, EIDs and Operatorid are sent to LPA by step S407:SM-DP+.

Wherein, EIDs is optional；Operatorid may be embodied in RPM Command.

Step S408:LPA acknowledges receipt of userintentConfiguration, generates localuserintentfreeSigned, localuserintentfreeSigned={ euicc Operation Type, Operatorid, SM-DP+OID }.

Specifically, LPA identifies euicc Operation Type by RPM Command, reads Operatorid from smdpSigned3 or in RPM Command, obtains SM-DP+OID from CERT.DPrpm.ECDSA certificate.

Specifically, euicc Operation Type includes for example deactivating (Disable), activation (Enable), deleting (Delete), update (Update) or inquiry (Query).

Step S409:LPA verifies the EID of local eUICC in EIDs.

LocaluserintentfreeSigned, userintentConfiguration, TransactionID and CERT.DPrpm.ECDSA are sent to eUICC by step S410:LPA.

Specifically, TransactionID is read from smdpSigned3.

In another implementation, localuserintentfreeSigned can be generated by eUICC, and euicc Operation Type, Operatorid, userintentConfiguration, TransactionID and CERT.DPrpm.ECDSA are sent to eUICC by LPA.Optionally, EIDs is also sent to eUICC by LPA.

Step S411:eUICC verifying CERT.DPrpm.ECDSA is legal and belongs to same SM-DP+ with CERT.DPauth.ECDSA, and verifying TransactionID matches current RSP session.

Specifically, eUICC is by obtaining SM-DP+OID from CERT.DPrpm.ECDSA and CERT.DPauth.ECDSA respectively, two SM-DP+OID for obtaining out respectively are compared, determine that CERT.DPrpm.ECDSA and CERT.DPauth.ECDSA belong to same SM-DP+ if two SM-DP+OID are identical.

Step S412:eUICC verifies userintentConfiguration.

Specifically, eUICC is verified consistent in the method and above-mentioned second embodiment of userintentConfiguration, and details are not described herein.

Step S413:eUICC sends verifying to LPA and completes instruction.

Step S414:LPA completes instruction according to verifying and determines whether that executing user is intended to verification step.

Step S415: it is verifying not by instruction that instruction is completed in verifying, and LPA executes user and is intended to verification step.

Step S416:LPA continues to execute the long-range management process of Profile.

The realization logic and specific mode of step S413~S416 can refer to step S214~S217 in above-mentioned second embodiment, repeat no more.

In method described in Fig. 7, userintentConfiguration is { Signer, userintentfreeSignature }, userintentfreeSignature, and Operator BSS is obtained from Enterprise, OEM or EUM UserintentConfiguration carrying is simultaneously sent to SM-DP+ by userintentfreeSignature (and Signer) in RPMOrder, when terminal device will carry out Profile Remote management operations, userintentConfiguration is sent to the LPA of terminal by SM-DP+, the verifying to userintentConfiguration is completed in LPA and eUICC cooperation, it does not execute user when being verified and is intended to verification step, help to realize the Efficient Remote management to Profile.

Fig. 8 is referred to, Fig. 8 is a kind of flow diagram for eUICC configuration file method for remote management that fifth embodiment of the invention provides.In embodiments of the present invention, the eUICC management operation that terminal device executes is that RPM is operated, and specific implementation flow is as follows:

Step S501:LPA obtains the address SM-DP+.

Step S502:LPA establishes TLS with SM-DP+ and connect.

Step S503:SM-DP+ and eUICC is based on HTTPS and carries out bi-directional authentification.

So far, the session establishment success after bi-directional authentification between terminal device and SM-DP+, the logical AND process established describes consistent with above-mentioned second embodiment step S201~S203, repeats no more.

Step S504:SM-DP+ searches to obtain pending RPM order or pending Batch RPM order.

Wherein, step S404 is consistent in the realization logical AND mode with above-mentioned fourth embodiment of step S504, repeats no more.

Step S505:SM-DP+ generates smdpSigned3, smdpSigned3={ TransactionID, RPM Command, userintentConfiguration, EIDs, Operatorid }.

Wherein, EIDs is optional；Operatorid also may be embodied in RPM Command.

It should be noted that, in embodiments of the present invention, if userintentConfiguration is { Signer, userintentfreeeSignature } or userintentfreeSignature, then smdpSigned3 is the second data to be signed, if userintentfreeSignature is User Intent Free Ruired Flag, smdpSigned3 is third data to be signed.

Step S506:SM-DP+ is using SK.DPrpm.ECDSA to smdpSigned3 | and euiccSignature1 carries out signature calculation and generates smdpSignature3.

The generating mode of smdpSignature3 refers in above-mentioned fourth embodiment step S406, repeats no more.

It should be noted that, in embodiments of the present invention, if userintentConfiguration is { Signer, userintentfreeSignature } or userintentfreeSignature, smdpSignature3 is the second signature value, if userintentConfiguration is User Itent Free Ruired Flag, smdpSignature3 is third signature value.

SmdpSigned3, smdpSignature3, CERT.DPrpm.ECDSA are sent to LPA by step S507:SM-DP+.

Step S508:LPA acknowledges receipt of userintentConfiguration.

Specifically, the data validation that LPA is parsed in smdpSigned3 receives userintentConfiguration.

In one possible implementation, if userintentConfiguration is { Signer, userintentfreeSignature } or when userintentfreeSignature, localuserintentfreeSigned can be generated in LPA, it is consistent described in step S408 in its mode generated and content and above-mentioned fourth embodiment, it repeats no more.

Step S509:LPA verifies the EID of local eUICC in EIDs.

SmdpSigned3, smdpSignature3 and CERT.DPrpm.ECDSA are sent to eUICC by step S510:LPA.

Optionally, if LPA generates localuserintentfreeSigned, LPA sends out localuserintentfreeSigned Give eUICC.

In another implementation, localuserintentfreeSigned can be generated by eUICC, and LPA also needs euicc Operation Type, Operatorid and optional EIDs being sent to eUICC at this time.

Step S511:eUICC verifying CERT.DPrpm.ECDSA is legal and belongs to same SM-DP+ with CERT.DPauth.ECDSA, and verifying TransactionID matches current RSP session.

Step S512:eUICC verifies smdpSignature3.

Specifically, eUICC verifies smdpSignature3 using the 4th key (PK.DPrpm.ECDSA) corresponding with SK.DPrpm.ECDSA, smdpSigned3 and euiccSignature1.

Specifically, the euiccSignature1 that eUICC is saved to smdpSigned3 and locally generates the 5th abstract, then is decrypted with PK.DPrpm.ECDSA to smdpSignature3, when the 5th abstract is identical as decrypted result, is verified to smdpSignature3.

Step S513:eUICC verifies userintentConfiguration

Specifically, when userintentConfiguration is { Signer, userintentfreeSignature } or when userintentfreeSignature, the step of verifying to userintentConfiguration, can refer to above-mentioned second embodiment step S213, repeat no more.

Specifically, when userintentConfiguration is User Intent Free Required Flag, above-mentioned 3rd embodiment step S314 can refer to the verifying of userintentConfiguration, repeat no more.

Step S514:eUICC sends verifying to LPA and completes instruction.

Step S515:LPA completes instruction according to verifying and determines whether that executing user is intended to verification step.

Step S516: it is verifying not by instruction that instruction is completed in verifying, and LPA executes user and is intended to verification step.

Step S517:LPA continues to execute the long-range management process of Profile.

The realization logical AND of step S514~S517 and specific mode can refer to step S214~S217 in above-mentioned second embodiment, repeat no more.

In the method depicted in fig. 8, userintentConfiguration is { Signer, userintentfreeSignature }, userintentfreeSignature or User Intent Free Required Flag, Operator BSS obtains userintentfreeSignature (and Signer) from Enterprise, OEM or EUM, userintentfreeSignature (and Signer) carrying is sent to SM-DP+ in RPMOrder, when terminal will carry out Profil When e Remote management operations; SM-DP+ puts userintentConfiguration into smdpSigned3 and carries out the LPA that signature protection is sent to terminal; the verifying to smdpSigned3 and userintentConfiguration is completed in LPA and eUICC cooperation; it does not execute user when being verified and is intended to verification step, help to realize the Efficient Remote management to Profile.

It is above-mentioned to illustrate the method for the embodiment of the present invention, the device of the embodiment of the present invention is provided below.

Refer to Fig. 9, Fig. 9 is a kind of structural schematic diagram of eUICC configuration file management device provided in an embodiment of the present invention, the eUICC configuration file management device may include management session establishment module 610, configuration information acquisition module 620, authentication module 630 and execution module 640, wherein, modules are described in detail as follows:

Session establishment module 610 is managed, manages session with the eUICC of eUICC remotely administered server for establishing；

Configuration information obtains module 620, for managing session from the eUICC remote management services by the eUICC Device obtains user and is intended to configuration information；

Authentication module 630 is verified for being intended to configuration information to the user；

Execution module 640, for to user in the case where being verified of configuration information of intention, in this eUICC management conversation procedure, user is not executed is intended to verification step, wherein, the eUICC management session is for executing at least one of the downloading of eUICC configuration file and installation operation, eUICC configuration file activation operation, eUICC configuration file deactivating operation or eUICC configuration file delete operation operation.

It should be noted that the realization of modules can also correspond to referring to Fig.1, the corresponding description of Fig. 3, Fig. 6, Fig. 7 or embodiment of the method shown in Fig. 8.

Referring to Figure 10, Figure 10 is a kind of eUICC configuration file management device 70 provided in an embodiment of the present invention, the eUICC configuration file management device 70 includes processor 701, memory 702 and transceiver 703, and the processor 701, memory 702 and transceiver 403 are connected with each other by bus.

Memory 702 include but is not limited to be random access memory (English: Random Access Memory, referred to as: RAM), read-only memory (English: Read-Only Memory, referred to as: ROM), Erasable Programmable Read Only Memory EPROM (English: Erasable Programmable Read Only Memory, referred to as: EPROM) or portable read-only memory is (English: Compact Disc Read-Only Memory, referred to as: CD-ROM), the memory 702 is for storing dependent instruction and data.Transceiver 703 is for sending and receiving data.

Processor 701 can be one or more central processing units (English: Central Processing Unit, abbreviation: CPU), and in the case where processor 701 is a CPU, which can be monokaryon CPU, be also possible to multi-core CPU.

Processor 701 in the eUICC configuration file management device 70 is for reading the program code stored in the memory 702, the following operation of execution:

It is intended to configuration information to the user to verify；

It should be noted that the realization of each operation can also correspond to referring to Fig.1, the corresponding description of Fig. 1, Fig. 3, Fig. 6, Fig. 7 or embodiment of the method shown in Fig. 8.

Referring to Figure 11, Figure 11 is a kind of structural schematic diagram of local eUICC configuration file supplementary module provided in an embodiment of the present invention, local eUICC configuration file supplementary module includes management session establishment unit 810, configuration information acquiring unit 820, verifying instruction sending unit 830 and the first execution unit 840, wherein, each unit is described in detail as follows:

Session establishment unit 810 is managed, manages session with the eUICC of eUICC remotely administered server for establishing；

Configuration information acquiring unit 820 obtains user's intention configuration information from the eUICC remotely administered server for managing session by the eUICC；

Instruction sending unit 830 is verified, is intended to verifying instruction for sending user to eUICC module, the user is intended to Verifying instruction is used to be intended to configuration information to the user to verify by the eUICC module, wherein carries the user in user's intention verifying instruction and is intended to configuration information；

First execution unit 840, for to user in the case where being verified of configuration information of intention, in this eUICC management conversation procedure, user is not executed is intended to verification step, wherein, the eUICC management session is for executing at least one of the downloading of eUICC configuration file and installation operation, eUICC configuration file activation operation, eUICC configuration file deactivating operation or eUICC configuration file delete operation operation.

It should be noted that the realization of each unit can also correspond to corresponding description referring to Fig.1, in Fig. 3, Fig. 6, Fig. 7 or embodiment of the method shown in Fig. 8 to LPA.

2, Figure 12 is a kind of terminal 90 provided in an embodiment of the present invention referring to Figure 1, which includes processor 901, memory 902 and transceiver 903, and the processor 901, memory 902 and transceiver 903 are connected with each other by bus.

Memory 902 include but is not limited to be random access memory (English: Random Access Memory, referred to as: RAM), read-only memory (English: Read-Only Memory, referred to as: ROM), Erasable Programmable Read Only Memory EPROM (English: Erasable Programmable Read Only Memory, referred to as: EPROM) or portable read-only memory is (English: Compact Disc Read-Only Memory, referred to as: CD-ROM), the memory 902 is for storing dependent instruction and data.Transceiver 903 is for sending and receiving data.

Processor 901 can be one or more central processing units (English: Central Processing Unit, abbreviation: CPU), and in the case where processor 901 is a CPU, which can be monokaryon CPU, be also possible to multi-core CPU.

Processor 901 in the terminal 90 is for reading the program code stored in the memory 902, the following operation of execution:

Referring to Figure 13, Figure 13 is a kind of structural schematic diagram of eUICC module provided in an embodiment of the present invention, the eUICC module includes verifying instruction receiving unit 1010, authentication unit 1020 and the second execution unit 1030, wherein each unit is described in detail as follows:

Verify instruction receiving unit 1010, it is intended to verifying instruction for receiving the user that local eUICC configuration file supplementary module is sent, wherein, the user, which is intended to verify in instruction, carries user's intention configuration information, and the user is intended to configuration information and manages acquisition conversation from the eUICC of eUICC remotely administered server for the local eUICC configuration file supplementary module；

Authentication unit 1020 is verified for being intended to configuration information to the user；

Second execution unit 1030, for to user in the case where being verified of configuration information of intention, in this eUICC management conversation procedure, user is not executed is intended to verification step, wherein, the eUICC management session is for executing at least one of the downloading of eUICC configuration file and installation operation, eUICC configuration file activation operation, eUICC configuration file deactivating operation or eUICC configuration file delete operation operation.

It should be noted that the realization of each unit can also correspond to corresponding description referring to Fig.1, in Fig. 3, Fig. 6, Fig. 7 or embodiment of the method shown in Fig. 8 to eUICC.

Referring to Figure 14, Figure 14 is a kind of eUICC module 110 provided in an embodiment of the present invention, the eUICC module 110 includes processor 1101, memory 1102 and communication interface 1103, and the processor 1101, memory 1102 and communication interface 1103 are connected with each other by bus.

Memory 1102 include but is not limited to be random access memory (English: Random Access Memory, referred to as: RAM), read-only memory (English: Read-Only Memory, referred to as: ROM), Erasable Programmable Read Only Memory EPROM (English: Erasable Programmable Read Only Memory, referred to as: EPROM) or portable read-only memory is (English: Compact Disc Read-Only Memory, referred to as: CD-ROM), the memory 1102 is for storing dependent instruction and data.Communication interface 1103 is for sending and receiving data.

Processor 1101 can be one or more central processing units (English: Central Processing Unit, abbreviation: CPU), and in the case where processor 1101 is a CPU, which can be monokaryon CPU, be also possible to multi-core CPU.

Processor 1101 in the eUICC module 110 is for reading the program code stored in the memory 1102, the following operation of execution:

It is intended to configuration information to the user to verify；

In conclusion the efficient downloading and installation and Efficient Remote Profile management to Profile may be implemented by implementing the embodiment of the present invention.

Those of ordinary skill in the art will appreciate that realizing all or part of the process in above-described embodiment method, the process can be instructed relevant hardware to complete by computer program, the program can be stored in computer-readable storage medium, the program is when being executed, it may include such as the process of above-mentioned each method embodiment.And storage medium above-mentioned includes: the medium of the various program storage codes such as ROM or random access memory RAM, magnetic or disk.

Claims

A kind of eUICC configuration file management method characterized by comprising

It establishes and manages session with the eUICC of eUICC remotely administered server；

Session, which is managed, by the eUICC obtains user's intention configuration information from the eUICC remotely administered server；

It is intended to configuration information to the user to verify；

To user in the case where being verified of configuration information of intention, in this eUICC management conversation procedure, user is not executed is intended to verification step, wherein, the eUICC management session is for executing at least one of the downloading of eUICC configuration file and installation operation, eUICC configuration file activation operation, eUICC configuration file deactivating operation or eUICC configuration file delete operation operation.
The method as described in claim 1, which is characterized in that it includes that user is intended to mark that the user, which is intended to configuration information,；Or

It includes the first signature value that the user, which is intended to configuration information,；Or

The user is intended to owner's title that configuration information includes the first signature value and digital certificate corresponding with the first signature value.
The method as described in claim 1, it is characterized in that, it includes the first signature value that the user, which is intended to configuration information, wherein, the first signature value includes using first key to the signature of the first data to be signed, and the first key includes public key, private key or symmetric key；

It is described to the user be intended to configuration information carry out verifying include:

Generate local first data to be signed, wherein first data to be signed of local include action type, operator identifier and eUICC remotely administered server object identity；

The first signature value is verified by the second key corresponding with the first key and the first data to be signed of the local.
Method as claimed in claim 3, which is characterized in that described to include: from eUICC remotely administered server acquisition user's intention configuration information by eUICC management session

Session, which is managed, by the eUICC obtains the second data to be signed and the second signature value from the eUICC remotely administered server, wherein, second data to be signed include that the user is intended to configuration information, the second signature value includes using the signature of the second data to be signed and authentication signature value described in third key pair, and the authentication signature value generates in the establishment process of eUICC management session；

It is described the first signature value is verified by the second key corresponding with the first key and the first data to be signed of the local before further include:

The second signature value is verified and confirmed and is verified by the 4th key corresponding with the third key, second data to be signed and the authentication signature value.
The method as described in claim 1, which is characterized in that it includes that user is intended to mark that the user, which is intended to configuration information, Show；It is described to include: from eUICC remotely administered server acquisition user's intention configuration information by eUICC management session

Session, which is managed, by the eUICC obtains third data to be signed and third signature value from the eUICC remotely administered server, wherein, the third data to be signed include that the user is intended to configuration information, the third signature value includes using the signature of third data to be signed and authentication signature value described in third key pair, and the authentication signature value generates in the establishment process of eUICC management session；

It is described to the user be intended to configuration information carry out verifying include:

The third signature value is verified and confirmed and is verified by the 4th key corresponding with the third key, the third data to be signed and the authentication signature value；

Whether effective verify user's intention mark.
A kind of eUICC configuration file management method characterized by comprising

It establishes and manages session with the eUICC of eUICC remotely administered server；

Session, which is managed, by the eUICC obtains user's intention configuration information from the eUICC remotely administered server；

User is sent to eUICC module and is intended to verifying instruction, and user's intention verifying instruction is used to be intended to configuration information to the user to verify by the eUICC module, wherein carries the user in user's intention verifying instruction and is intended to configuration information；

To user in the case where being verified of configuration information of intention, in this eUICC management conversation procedure, user is not executed is intended to verification step, wherein, the eUICC management session is for executing at least one of the downloading of eUICC configuration file and installation operation, eUICC configuration file activation operation, eUICC configuration file deactivating operation or eUICC configuration file delete operation operation.
Method as claimed in claim 6, which is characterized in that it includes that user is intended to mark that the user, which is intended to configuration information,；Or

It includes the first signature value that the user, which is intended to configuration information,；Or

The user is intended to owner's title that configuration information includes the first signature value and digital certificate corresponding with the first signature value.
Method as claimed in claim 6, it is characterized in that, it includes the first signature value that the user, which is intended to configuration information, wherein, the first signature value includes using first key to the signature of the first data to be signed, and the first key includes public key, private key or symmetric key；

Include: before transmission user's intention verifying instruction to eUICC module

Generate local first data to be signed, wherein first data to be signed of local include action type, operator identifier and eUICC remotely administered server object identity；

The user is intended to also carry first data to be signed of local in verifying instruction, and first data to be signed of local are verified by the eUICC module for the first signature value described in the second key pair corresponding with the first key.
Method according to claim 8, which is characterized in that described that session is managed from described by the eUICC EUICC remotely administered server obtains user's intention configuration information

Session, which is managed, by the eUICC obtains the second data to be signed and the second signature value from the eUICC remotely administered server, wherein, second data to be signed include that the user is intended to configuration information, the second signature value includes using the signature of the second data to be signed and authentication signature value described in third key pair, and the authentication signature value generates in eUICC management conversation procedure；

Second data to be signed and the second signature value are also carried in the user's checking instruction, wherein, second data to be signed and the authentication signature value are verified by the eUICC module for the second signature value described in the 4th key pair corresponding with the third key.
Method as claimed in claim 6, which is characterized in that it includes that user is intended to mark that the user, which is intended to configuration information,；

It is described to include: from eUICC remotely administered server acquisition user's intention configuration information by eUICC management session

Session, which is managed, by the eUICC obtains third data to be signed and third signature value from the eUICC remotely administered server, wherein, the third data to be signed include that the user is intended to configuration information, the third signature value includes using the signature of third data to be signed and authentication signature value described in third key pair, and the authentication signature value generates in eUICC management conversation procedure；

The third data to be signed and the third signature value are also carried in the user's checking instruction, wherein, the third data to be signed and the authentication signature value are verified by the eUICC module for third signature value described in the 4th key pair corresponding with the third key；

The user is intended to mark by the eUICC for verifying whether effectively.
A kind of eUICC remote profile management method characterized by comprising

It receives the user that local eUICC configuration file supplementary module is sent and is intended to verifying instruction, wherein, the user, which is intended to verify in instruction, carries user's intention configuration information, and the user is intended to configuration information and manages acquisition conversation from the eUICC of eUICC remotely administered server for the local eUICC configuration file supplementary module；

It is intended to configuration information to the user to verify；

To user in the case where being verified of configuration information of intention, in this eUICC management conversation procedure, user is not executed is intended to verification step, wherein, the eUICC management session is for executing at least one of the downloading of eUICC configuration file and installation operation, eUICC configuration file activation operation, eUICC configuration file deactivating operation or eUICC configuration file delete operation operation.
Method as claimed in claim 11, which is characterized in that it includes that user is intended to mark that the user, which is intended to configuration information,；Or

It includes the first signature value that the user, which is intended to configuration information,；Or

The user is intended to owner's title that configuration information includes the first signature value and digital certificate corresponding with the first signature value.
Method as claimed in claim 11, it is characterized in that, it includes the first signature value that the user, which is intended to configuration information, wherein, the first signature value includes using first key to the signature of the first data to be signed, and the first key includes public key, private key or symmetric key；

The user is intended to also carry local first data to be signed in verifying instruction, wherein, first data to be signed of local are generated by the local eUICC configuration file supplementary module, and first data to be signed of local include action type, operator identifier and eUICC remotely administered server object identity；

It is described to the user be intended to configuration information carry out verifying include:

The first signature value is verified by the second key corresponding with the first key and the first data to be signed of the local.
Method as claimed in claim 13, it is characterized in that, the second data to be signed and the second signature value are also carried in the user's checking instruction, wherein, second data to be signed include that the user is intended to configuration information, and the second signature value includes the signature using the second data to be signed and authentication signature value described in third key pair；

It is described the first signature value is verified by the second key corresponding with the first key and the first data to be signed of the local before further include:

The second signature value is verified and confirmed and is verified by the 4th key corresponding with the third key, second data to be signed and the authentication signature value.
Method as claimed in claim 11, which is characterized in that it includes that user is intended to mark that the user, which is intended to configuration information,；Third data to be signed and third signature value are also carried in the user's checking instruction, wherein, the third data to be signed include that the user is intended to configuration information, the third signature value includes using the signature of third data to be signed and authentication signature value described in third key pair, and the authentication signature value generates in eUICC management conversation procedure；

It is described to include: to user intention configuration information progress Information Authentication

The third signature value is verified and confirmed and is verified by the 4th key corresponding with the third key, the third data to be signed and the authentication signature value；

Whether effective verify user's intention mark.
A kind of eUICC configuration file management device characterized by comprising

Session establishment module is managed, manages session with the eUICC of eUICC remotely administered server for establishing；

Configuration information obtains module, obtains user's intention configuration information from the eUICC remotely administered server for managing session by the eUICC；

Authentication module is verified for being intended to configuration information to the user；

Execution module, for to user in the case where being verified of configuration information of intention, in this eUICC management conversation procedure, user is not executed is intended to verification step, wherein, the eUICC management session is for executing at least one of the downloading of eUICC configuration file and installation operation, eUICC configuration file activation operation, eUICC configuration file deactivating operation or eUICC configuration file delete operation operation.
A kind of local eUICC configuration file supplementary module characterized by comprising

Session establishment unit is managed, manages session with the eUICC of eUICC remotely administered server for establishing；

Configuration information acquiring unit obtains user's intention configuration information from the eUICC remotely administered server for managing session by the eUICC；

Verify instruction sending unit, it is intended to verifying instruction for sending user to eUICC module, the user is intended to verifying instruction and is verified by the eUICC module for being intended to configuration information to the user, wherein the user is intended to carry user's intention configuration information in verifying instruction；

First execution unit, for to user in the case where being verified of configuration information of intention, in this eUICC management conversation procedure, user is not executed is intended to verification step, wherein, the eUICC management session is for executing at least one of the downloading of eUICC configuration file and installation operation, eUICC configuration file activation operation, eUICC configuration file deactivating operation or eUICC configuration file delete operation operation.
A kind of eUICC module characterized by comprising

Verify instruction receiving unit, it is intended to verifying instruction for receiving the user that local eUICC configuration file supplementary module is sent, wherein, the user, which is intended to verify in instruction, carries user's intention configuration information, and the user is intended to configuration information and manages acquisition conversation from the eUICC of eUICC remotely administered server for the local eUICC configuration file supplementary module；

Authentication unit is verified for being intended to configuration information to the user；

Second execution unit, for to user in the case where being verified of configuration information of intention, in this eUICC management conversation procedure, user is not executed is intended to verification step, wherein, the eUICC management session is for executing at least one of the downloading of eUICC configuration file and installation operation, eUICC configuration file activation operation, eUICC configuration file deactivating operation or eUICC configuration file delete operation operation.
A kind of eUICC configuration file management device, it is characterized in that, it include: processor, memory and transceiver, the processor, memory and transceiver are connected with each other by bus, wherein, the memory is for storing program code, and the processor is for calling said program code, the following operation of execution:

It establishes and manages session with the eUICC of eUICC remotely administered server；

Session, which is managed, by the eUICC obtains user's intention configuration information from the eUICC remotely administered server；

It is intended to configuration information to the user to verify；

To user in the case where being verified of configuration information of intention, in this eUICC management conversation procedure, user is not executed is intended to verification step, wherein, the eUICC management session is for executing at least one of the downloading of eUICC configuration file and installation operation, eUICC configuration file activation operation, eUICC configuration file deactivating operation or eUICC configuration file delete operation operation.
A kind of terminal characterized by comprising processor, memory and transceiver, the processor, memory and transceiver are connected with each other by bus, wherein the memory is for storing program code, the processor is for calling said program code, the following operation of execution:

It establishes and manages session with the eUICC of eUICC remotely administered server；

Session, which is managed, by the eUICC obtains user's intention configuration information from the eUICC remotely administered server；

User is sent to eUICC module and is intended to verifying instruction, and the user is intended to verifying instruction and is used by the eUICC module It is verified in being intended to configuration information to the user, wherein the user is intended to carry user's intention configuration information in verifying instruction；

To user in the case where being verified of configuration information of intention, in this eUICC management conversation procedure, user is not executed is intended to verification step, wherein, the eUICC management session is for executing at least one of the downloading of eUICC configuration file and installation operation, eUICC configuration file activation operation, eUICC configuration file deactivating operation or eUICC configuration file delete operation operation.
A kind of eUICC module characterized by comprising processor, memory and communication interface, the processor, memory and communication interface are connected with each other by bus, wherein the memory is for storing program code, the processor is for calling said program code, the following operation of execution:

It receives the user that local eUICC configuration file supplementary module is sent and is intended to verifying instruction, wherein, the user, which is intended to verify in instruction, carries user's intention configuration information, and the user is intended to configuration information and manages acquisition conversation from the eUICC of eUICC remotely administered server for the local eUICC configuration file supplementary module；

It is intended to configuration information to the user to verify；

To user in the case where being verified of configuration information of intention, in this eUICC management conversation procedure, user is not executed is intended to verification step, wherein, the eUICC management session is for executing at least one of the downloading of eUICC configuration file and installation operation, eUICC configuration file activation operation, eUICC configuration file deactivating operation or eUICC configuration file delete operation operation.