CN109792604B

CN109792604B - eUICC configuration file management method and related device

Info

Publication number: CN109792604B
Application number: CN201780061983.1A
Authority: CN
Inventors: 龙水平
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2017-01-16
Filing date: 2017-01-16
Publication date: 2021-12-03
Anticipated expiration: 2037-01-16
Also published as: WO2018129754A1; CN109792604A

Abstract

The embodiment of the invention provides a method for managing an eUICC configuration file, which comprises the following steps: establishing an eUICC management session with an eUICC remote management server; acquiring user intention configuration information from the eUICC remote management server through the eUICC management session; verifying the user intention configuration information; and under the condition that the verification of the user intention configuration information is passed, not executing a user intention confirmation step in the process of the eUICC management session, wherein the eUICC management session is used for executing at least one operation of eUICC configuration file downloading and installing operation, eUICC configuration file activating operation, eUICC configuration file deactivating operation or eUICC configuration file deleting operation. By adopting the invention, the efficient downloading and installation of the Profile and the efficient remote Profile management can be realized.

Description

eUICC configuration file management method and related device

Technical Field

The invention relates to the field of eUICC telecommunication smart cards, in particular to a method and a related device for managing eUICC configuration files.

Background

The eUICC is a removable or non-removable Universal Integrated Circuit Card (UICC), and can perform remote profile management in a secure manner or perform local profile management (e.g., end-device user-triggered profile activation, deactivation, deletion, etc.). The term eUICC, derived from an embedded (embedded) UICC, may be embedded in a terminal device in the form of a single chip or as part of another single chip in the terminal device, but does not mean that the eUICC must be embedded in the terminal device in a non-removable manner, and may also be in the form of a removable card, like a SIM card, a Micro SIM card, or a Nano SIM card. euiccs are sometimes also referred to as esims. The eUICC Profile (Profile) is a combination of data and applications, and is configured on the eUICC for the purpose of providing services, such as calling, sending and receiving short messages, or data services. The Profile can also be regarded as an SIM (subscriber identity module) software module, which performs functions such as authentication calculation and the like when the terminal device accesses the mobile network, as in the case of a conventional SIM card.

An eUICC remote configuration/management system (also referred to as a remote SIM configuration system) is shown in fig. 1, where a Subscription Manager-Data Preparation + (SM-DP +) server is used to prepare a Profile, send the prepared Profile to an eUICC module of a terminal device securely, and manage the Profile remotely, and SM-DP + may be deployed on a server of an operator, an eUICC manufacturer, an Original Equipment Manufacturer (OEM), or another party; the Subscription Manager Discovery Service (SM-DS) server is used for providing (one or more) SM-DP + addresses or replacing the SM-DS addresses to the terminal equipment, and the terminal equipment can establish connection with the SM-DP + through the SM-DP + addresses or further obtain the SM-DP + addresses through the terminal equipment replacing the SM-DS; the terminal equipment (Device) comprises a Local Profile Auxiliary (LPA) module, an eUICC module and a SIM card module, wherein the LPA module is used for establishing connection with SM-DP + so as to perform related management operations on the Profile and the eUICC, such as downloading and installation, remote Profile management and remote eUICC management; operator BSS is a service support system of an Operator and is responsible for subscribing Profile to SM-DP + and requesting to manage the Profile on the eUICC; end User (End User) is an End device User/subscriber; eUICC manufacturers (EUMs) are vendors that produce euiccs. SM-DP +, SM-DS are all referred to as eUICC management server (or remote SIM configuration server).

In the prior art, the terminal equipment can have a communication function only by downloading the Profile into an eUICC module of the terminal equipment, and the downloading, activating, deactivating or deleting operation of the Profile can be realized only by interacting the terminal equipment with a user and acquiring a user intention confirmation instruction. For enterprise users, before distributing terminal devices to employees, an enterprise needs to purchase a batch of profiles in batches, then interact with each terminal device respectively, and download the profiles to the terminal devices one by one, which wastes time and has low download efficiency of the profiles; in addition, if an enterprise asset manager needs to manage installed profiles on all terminal devices, when the asset manager triggers a remote Profile management process, the enterprise staff who hold the terminal devices need to confirm on the terminal devices to complete the management of the profiles, which is not beneficial to the unified management of the profiles on the terminal devices.

Disclosure of Invention

The technical problem to be solved by the embodiments of the present invention is to provide a method and a related device for managing an eUICC configuration file, so as to implement efficient downloading and installation of Profile and efficient remote Profile management.

In a first aspect, an embodiment of the present invention provides an eUICC profile management method, including: establishing an eUICC management session with an eUICC remote management server;

acquiring user intention configuration information from the eUICC remote management server through the eUICC management session;

verifying the user intention configuration information;

and under the condition that the verification of the user intention configuration information is passed, not executing a user intention confirmation step in the process of the eUICC management session, wherein the eUICC management session is used for executing at least one operation of eUICC configuration file downloading and installing operation, eUICC configuration file activating operation, eUICC configuration file deactivating operation or eUICC configuration file deleting operation.

In a first possible implementation manner of the first aspect, the user intention configuration information is a user intention indication; or the user intention configuration information is a first signature value; or the user intention configuration information is the first signature value and the owner name of the digital certificate corresponding to the first signature value.

In a second possible implementation manner of the first aspect, the user intention configuration information is a first signature value, where the first signature value includes a signature of the first to-be-signed data by using a first key, and the first key is a public key, a private key, or a symmetric key; after user intention configuration information is acquired, generating local first data to be signed, wherein the local first data to be signed comprises an operation type, an operator identifier and an eUICC remote management server object identifier; and verifying the first signature value through a second key corresponding to the first key and the local first data to be signed to realize the verification of the user intention configuration information.

With reference to the second possible implementation manner of the first aspect, in a third possible implementation manner, obtaining, by an eUICC management session, second data to be signed and a second signature value from an eUICC remote management server, where the second data to be signed includes user intention configuration information, the second signature value is a signature of the second data to be signed and an authentication signature value by using a third key, and the authentication signature value is generated in an establishment process of the eUICC management session; after the second data to be signed and the second signature value are obtained, local first data to be signed is generated; and verifying the second signature value through a fourth key corresponding to the third key, the second data to be signed and the authentication signature value, and verifying the first signature value through the second key corresponding to the first key and the local first data to be signed, thereby realizing the verification of the user intention configuration information.

In a fourth possible implementation manner of the first aspect, the user intention configuration information is a first signature value and an owner name of a digital certificate corresponding to the first signature value, where the first signature value includes a signature of the first to-be-signed data by using a first secret key, and the first secret key is a public key, a private key, or a symmetric secret key; after user intention configuration information is acquired, generating local first data to be signed, wherein the local first data to be signed comprises an operation type, an operator identifier and an eUICC remote management server object identifier; and verifying the first signature value through a second key corresponding to the first key and the local first data to be signed, and verifying the owner name of the data certificate corresponding to the first signature value, thereby realizing the verification of the user intention configuration information.

With reference to the fourth possible implementation manner of the first aspect, in a fifth possible implementation manner, second data to be signed and a second signature value are obtained from an eUICC remote management server through an eUICC management session, where the second data to be signed includes user intention configuration information, the second signature value is a signature of the second data to be signed and an authentication signature value by using a third key, and the authentication signature value is generated in an establishment process of the eUICC management session; after second data to be signed and a second signature value are obtained, local first data to be signed is generated, wherein the local first data to be signed comprises an operation type, an operator identifier and an eUICC remote management server object identifier; and verifying the second signature value through a fourth key corresponding to the third key, the second data to be signed and the authentication signature value, verifying the first signature value through the second key corresponding to the first key and the local first data to be signed, and verifying the owner name of the data certificate corresponding to the first signature value, thereby realizing the verification of the user intention configuration information.

In a sixth possible implementation manner of the first aspect, the user intention configuration information is a user intention indication, and a third data to be signed and a third signature value are acquired from the eUICC remote management server through the eUICC management session, where the third data to be signed includes the user intention configuration information, the third signature value is a signature of a third key on the third data to be signed and an authentication signature value, and the authentication signature value is generated in the establishment process of the eUICC management session; after the third data to be signed and the third signature value are obtained, the third signature value is verified through a fourth secret key corresponding to the third secret key, the third data to be signed and the authentication signature value, and then whether the user intention mark is valid is verified, so that the user intention configuration information is verified.

In a second aspect, an embodiment of the present invention provides another eUICC profile management method, including:

establishing an eUICC management session with an eUICC remote management server;

sending a user intention verification instruction to an eUICC module, wherein the user intention verification instruction is used by the eUICC module for verifying the user intention configuration information, and the user intention verification instruction carries the user intention configuration information;

In a first possible implementation manner of the second aspect, the user intention configuration information is a user intention indication; or the user intention configuration information is a first signature value; or the user intention configuration information is the first signature value and the owner name of the digital certificate corresponding to the first signature value.

In a second possible implementation manner of the second aspect, the user intention configuration information is a first signature value, where the first signature value includes a signature of the first to-be-signed data by using a first key, and the first key is a public key, a private key, or a symmetric key; generating local first data to be signed before sending a user intention instruction to an eUICC module, wherein the local first data to be signed comprises an operation type, an operator identifier and an eUICC remote management server object identifier; the user intention verification instruction carries local first data to be signed, and the local first data to be signed is used by the eUICC module for verifying the first signature value by a second key corresponding to the first key so as to verify the user intention configuration information.

With reference to the second possible implementation manner of the second aspect, in a third possible implementation manner, obtaining, by an eUICC management session, second data to be signed and a second signature value from an eUICC remote management server, where the second data to be signed includes user intention configuration information, and the second signature value is a signature of the second data to be signed and an authentication signature value by using a third key, where the authentication signature value is generated in an establishment process of the eUICC management session; the user verification instruction also carries second data to be signed and a second signature value, wherein the second data to be signed and the authentication signature value are used by the eUICC module for verifying the second signature value by a fourth key corresponding to the third key, so that the user intention configuration information is verified.

In a fourth possible implementation manner of the second aspect, the user intention configuration information is a user intention indication; acquiring third data to be signed and a third signature value from an eUICC remote management server through an eUICC management session, wherein the third data to be signed comprises user intention configuration information, the third signature value is a signature of third data to be signed and an authentication signature value by adopting a third secret key, and the authentication signature value generates a UICC in the establishment process of the eUICC management session; the user verification instruction also carries third data to be signed and a third signature value, wherein the third data to be signed and the authentication signature value are used by the eUICC module for verifying the third signature value by a fourth key corresponding to the third key; the user intention indication is used by the eUICC to verify whether the user intention indication is valid or not so as to verify the user intention configuration information.

In a third aspect, an embodiment of the present invention provides another eUICC profile management method, including:

receiving a user intention verification instruction sent by a local eUICC configuration file auxiliary module, wherein the user intention verification instruction carries user intention configuration information, and the user intention configuration information is acquired by the local eUICC configuration file auxiliary module from an eUICC management session with an eUICC remote management server;

verifying the user intention configuration information;

In a first possible implementation manner of the third aspect, the user intention configuration information is a user intention indication; or the user intention configuration information is a first signature value; or the user intention configuration information is the first signature value and the owner name of the digital certificate corresponding to the first signature value.

In a second possible implementation manner of the third aspect, the user intention configuration information is a first signature value, where the first signature value includes a signature of the first to-be-signed data by using a first key, and the first key is a public key, a private key, or a symmetric key; the user intention verification instruction also carries local first data to be signed, wherein the local first data to be signed is generated by a local eUICC configuration file auxiliary module, and the local first data to be signed comprises an operation type, an operator identifier and an eUICC remote management server object identifier; and verifying the first signature value through a second key corresponding to the first key and the local first data to be signed, so as to verify the user intention configuration information.

With reference to the second possible implementation manner of the third aspect, in a third possible implementation manner, the user verification instruction further carries second data to be signed and a second signature value, where the second data to be signed includes the user intention configuration information, and the second signature value includes a signature of the second data to be signed and the authentication signature value by using a third key; and verifying the second signature value through a fourth key corresponding to the third key, the second data to be signed and the authentication signature value, and verifying the first signature value through the second key corresponding to the first key and the local first data to be signed, thereby realizing verification of the user intention configuration information.

In a fourth possible implementation manner of the third aspect, the user intention configuration information includes a first signature value, where the first signature value includes a signature of the first to-be-signed data with a first key, and the first key includes a public key, a private key, or a symmetric key; the user intention verification instruction also carries configuration management data for generating local first data to be signed, and the first data to be signed is generated after the user intention verification instruction sent by a local eUICC configuration file auxiliary module is received, wherein the local first data to be signed is generated by the local eUICC configuration file auxiliary module, and the local first data to be signed comprises an operation type, an operator identifier and an eUICC remote management server object identifier; and verifying the first signature value through a second key corresponding to the first key and the local first data to be signed.

In a fifth possible implementation manner of the third aspect, the user intention configuration information is a user intention indication; the user verification instruction also carries third data to be signed and a third signature value, wherein the third data to be signed comprises the user intention configuration information, and the third signature value comprises a signature of the third data to be signed and the authentication signature value by adopting a third secret key; verifying the third signature value through a fourth key corresponding to the third key, the third data to be signed and the authentication signature value and confirming that the third signature value passes the verification; and then verifying whether the user intention indication is effective to verify the user intention configuration information.

In a fourth aspect, an embodiment of the present invention provides an eUICC profile management apparatus, including:

the management session establishing module is used for establishing an eUICC management session with the eUICC remote management server;

a configuration information acquisition module, configured to acquire user intention configuration information from the eUICC remote management server through the eUICC management session;

the verification module is used for verifying the user intention configuration information;

and the execution module is used for not executing the user intention confirmation step in the process of the eUICC management session under the condition that the verification of the user intention configuration information is passed, wherein the eUICC management session is used for executing at least one operation of eUICC configuration file downloading and installing operation, eUICC configuration file activating operation, eUICC configuration file deactivating operation or eUICC configuration file deleting operation.

In a fifth aspect, an embodiment of the present invention provides a local eUICC profile assisting module, including:

the management session establishing unit is used for establishing an eUICC management session with the eUICC remote management server;

a configuration information obtaining unit, configured to obtain user intention configuration information from the eUICC remote management server through the eUICC management session;

a verification instruction sending unit, configured to send a user intention verification instruction to an eUICC module, where the user intention verification instruction is used by the eUICC module to verify the user intention configuration information, where the user intention verification instruction carries the user intention configuration information;

a first executing unit, configured to not execute the user intention confirming step in the eUICC management session process when the verification of the user intention configuration information passes, where the eUICC management session is used to execute at least one of an eUICC profile downloading and installing operation, an eUICC profile activating operation, an eUICC profile deactivating operation, or an eUICC profile deleting operation.

In a sixth aspect, an embodiment of the present invention provides an eUICC module, including:

a verification instruction receiving unit, configured to receive a user intention verification instruction sent by a local eUICC profile auxiliary module, where the user intention verification instruction carries user intention configuration information, and the user intention configuration information is obtained by the local eUICC profile auxiliary module from an eUICC management session with an eUICC remote management server;

a verification unit for verifying the user intention configuration information;

and a second execution unit, configured to, when the verification of the user intention configuration information passes, not execute the user intention confirmation step in the eUICC management session, where the eUICC management session is used to execute at least one of an eUICC profile downloading and installing operation, an eUICC profile activating operation, an eUICC profile deactivating operation, or an eUICC profile deleting operation.

In a seventh aspect, an embodiment of the present invention provides an eUICC profile management apparatus, including: the system comprises a processor, a memory and a transceiver, wherein the processor, the memory and the transceiver are connected with each other through a bus, the memory is used for storing program codes, and the processor is used for calling the program codes and executing the following operations:

verifying the user intention configuration information;

In an eighth aspect, an embodiment of the present invention provides a terminal, including: the system comprises a processor, a memory and a transceiver, wherein the processor, the memory and the transceiver are connected with each other through a bus, the memory is used for storing program codes, and the processor is used for calling the program codes and executing the following operations:

In a ninth aspect, an embodiment of the present invention provides an eUICC module, including: the system comprises a processor, a memory and a transceiver, wherein the processor, the memory and a communication interface are connected with each other through a bus, the memory is used for storing program codes, and the processor is used for calling the program codes and executing the following operations:

verifying the user intention configuration information;

By implementing the embodiment of the invention, the user intention configuration information is obtained from the eUICC remote management server and verified, and under the condition that the verification of the user intention configuration information is passed, the user intention confirmation step is not executed in the eUICC management session process, so that the interaction process with the user is omitted, and the high-efficiency downloading and installation of the eUICC configuration file and the high-efficiency remote eUICC configuration file management can be realized.

Drawings

In order to more clearly illustrate the technical solutions in the embodiments or the background art of the present invention, the drawings required to be used in the embodiments or the background art of the present invention will be described below.

FIG. 1 is a system architecture diagram of an eUICC;

fig. 2 is a flowchart illustrating a method for managing an eUICC profile according to an embodiment of the present invention;

fig. 3 is a flowchart illustrating another eUICC profile management method according to an embodiment of the present invention;

fig. 4 is a schematic flowchart of an SM-DP + initialization method according to an embodiment of the present invention;

fig. 5 is a schematic flowchart of generating a localsenterventfreesigned by an eUICC according to an embodiment of the present invention;

fig. 6 is a flowchart illustrating a further eUICC profile management method according to an embodiment of the present invention;

fig. 7 is a flowchart illustrating a further eUICC profile management method according to an embodiment of the present invention;

fig. 8 is a flowchart illustrating a further eUICC profile management method according to an embodiment of the present invention;

fig. 9 is a schematic structural diagram of an eUICC profile management apparatus according to an embodiment of the present invention;

fig. 10 is a schematic structural diagram of another eUICC profile management apparatus according to an embodiment of the present invention;

fig. 11 is a schematic structural diagram of a local eUICC profile auxiliary module according to an embodiment of the present invention;

fig. 12 is a schematic structural diagram of a terminal according to an embodiment of the present invention;

fig. 13 is a schematic structural diagram of an eUICC module according to an embodiment of the present invention;

fig. 14 is a schematic structural diagram of another eUICC module according to an embodiment of the present invention.

Detailed Description

The embodiments of the present invention will be described below with reference to the drawings.

Referring to fig. 2, fig. 2 is a flowchart illustrating a method for managing an eUICC profile according to an embodiment of the present invention, where the method according to the embodiment of the present invention can be implemented on the system architecture shown in fig. 1, and the method includes, but is not limited to, the following steps:

step S101: and the terminal equipment establishes an eUICC management session with the eUICC remote management server.

Specifically, as shown in fig. 1, the terminal device may include an LPA module and an eUICC module, where the LPA module and the eUICC module may be two modules that are separated from each other and have a physical or logical connection relationship, for example, the LPA module exists on a baseband chip, an application processor, or other hardware modules of the terminal device; the LPA module may also exist directly on the eUICC module. In particular, the LPA module may be one software module, or a plurality of software modules that are distributed and associated.

Specifically, the eUICC management session may be a Remote SIM Provisioning (RSP) session.

Specifically, the eUICC management session can be initiated by the LPA module, and the LPA facilitates bidirectional authentication between the eUICC module and the eUICC remote management server to establish the eUICC management session.

Step S102: and the terminal equipment acquires user intention configuration information from the eUICC remote management server through the eUICC management session.

Specifically, the eUICC remote management server may be SM-DP +, or other servers capable of providing the eUICC profile and remotely managing the eUICC profile.

Specifically, the user intention configuration information may be a first signature value; may also be user intent indications; the first signature value and the owner name of the digital certificate corresponding to the first signature value may also be considered.

Step S103: and the terminal equipment verifies the user intention configuration information.

The user intention configuration information is used for indicating that the terminal omits, deactivates or skips the step of interacting with the user in the current eUICC management session process.

Specifically, in the case where the verification of the user intention configuration information is passed, step S105 is performed.

Specifically, the content or the type of the user intention configuration information is different, and the specific process of verifying the user intention configuration information by the terminal device is different, and in the specific process, the terminal may verify not only the user intention configuration information but also information related to the user intention configuration information.

Step S104: in the case where the verification of the user intention configuration information is not passed, the terminal device performs a user intention confirming step.

Specifically, when the verification of the user intention configuration information is not passed, the terminal device may display information such as "whether to approve downloading", "please input a confirmation code", and the like on the interface and obtain a confirmation operation of the user, and perform the subsequent steps after obtaining the confirmation operation of the user.

Step S105: the terminal equipment executes at least one operation of eUICC configuration file downloading and installing operation, eUICC configuration file activating operation, eUICC configuration file deactivating operation or eUICC configuration file deleting operation.

Specifically, the eUICC Profile can be Profile.

The implementation process of the foregoing embodiment is specifically described below through the second to fifth embodiments in conjunction with the system architecture of fig. 1, and it should be noted that the second to fifth embodiments of the present invention mainly describe a case where the LPA module and the eUICC module are mutually separate modules and cooperate with each other to implement the technical solution of the foregoing embodiment, and for a case where the LPA module directly exists in the eUICC module, it is considered that a solution can be formed only by combining steps executed by the LPA module and the eUICC module, and no discussion is provided herein. The following describes the above embodiments in detail by using an LPA module representing terminal equipment, an eUICC module representing terminal equipment, an SM-DP + remote management server representing the eUICC, and a Profile representing an eUICC Profile.

Referring to fig. 3, fig. 3 is a flowchart illustrating a method for managing an eUICC profile according to a second embodiment of the present invention. In the embodiment of the present invention, the eUICC management session is used to perform the operations of downloading and installing the eUICC configuration file, and the specific implementation flow is as follows:

step S201: the LPA obtains the SM-DP + address.

Specifically, under the conditions of user operation, startup, timing trigger, eUICC trigger, and the like, the LPA may acquire an SM-DP + address and an Event Identification (Event Identification, Event id) from the SM-DS, the Event id may identify a Profile Event to be downloaded, or may identify a Profile or eUICC remote management Event, and the download or management Event may be for a single or multiple terminals/euiccs. The LPA may send EventID to SM-DP + via a match identification (MatchingID) parameter.

Optionally, the LPA may also obtain a default (default) SM-DP + address from the eUICC, for example, the terminal device is custom-manufactured by the operator a, and the operator a specifies that an SM-DP + address is preset in the eUICC, or an OEM terminal manufacturer presets an SM-DP + address shared by multiple operators in the eUICC.

Step S202: the LPA establishes a Transport Layer Security (TLS) connection with SM-DP +.

Specifically, for example, the LPA performs one-way certificate authentication on SM-DP +, and establishes the TLS connection after the authentication is passed.

Step S203: the eUICC and the SM-DP + perform bidirectional authentication based on a Secure HyperText Transfer Protocol (HTTPS).

Specifically, HTTPS runs on top of the TLS connection.

Specifically, the LPA obtains information such as an eUICC challenge value from the eUICC, sends an HTTPS request (including the eUICC challenge value) to the SM-DP +, triggers the eUICC to perform bidirectional authentication with the SM-DP +, and realizes data exchange of the bidirectional authentication through the HTTPS request and response message and interfaces between the LPA and the eUICC. In the bidirectional authentication process, the eUICC generates an authentication signature value (euiccSignature1) of the eUICC and sends the euiccSignature1 to the SM-DP +, the SM-DP + and the eUICC to store euiccSignature 1; meanwhile, the SM-DP + sends the authentication certificate (CERT.DPauth.ECDSA) to the eUICC, and the eUICC stores the CERT.DPauth.ECDSA; after the bidirectional authentication is passed, SM-DP + generates a session identification (TransactionID).

And thus, after bidirectional authentication, the RSP session between the terminal equipment and the SM-DP + is successfully established.

Step S204: and obtaining a Profile download waiting event (Profile download pending order) or a Batch of Profile download waiting events (Batch Profile download pending order) by the SM-DP + through searching.

Specifically, in the bidirectional authentication process, the terminal device sends MatchingID or EUICC Identification (EID) to SM-DP +.

Specifically, the SM-DP + may find the Profile down pending order or the Batch Profile down pending order through MatchingID or EID.

Specifically, the Profile download pending order or the Batch Profile download pending order may be generated in the Profile download initializing process of SM-DP +, and fig. 4 is a schematic diagram of the Profile download initializing process of SM-DP +.

Before downloading a Profile to an eUICC of a terminal device, an individual or enterprise user needs to sign with an Operator (Operator) to complete processes such as account opening, and then an Operator Business support System (Operator Business subsystem, Operator BSS) indicates an SM-DP + to prepare a single or a batch of profiles for the user to download, so that after the eUICC downloads and installs the profiles successfully and the profiles are in an activated state, the Operator mobile network can provide various services for the terminal device user, including conversation, short message receiving, data service and the like. In the process of signing a contract between the user and the Operator, optionally, the Operator BSS may obtain an International Mobile Equipment Identity (IMEI), capability information, and an EUICC Identity (EID) of the user terminal device. In the process of preparing the Profile, optionally, the Operator BSS sends the EID to the SM-DP +, and the SM-DP + generates a Profile event to be downloaded according to the indication of the Operator BSS, and waits for the user terminal device to download the Profile. If the contract with the Operator is an enterprise user, the Operator BSS optionally sends the batch eUICC identifier (i.e., EIDs) to the SM-DP +, and the SM-DP + generates a batch Profile event to be downloaded or generates a single Profile event to be downloaded for each terminal device/eUICC, and introduces a Profile download initialization procedure of the SM-DP + by taking the enterprise user as an example in combination with fig. 4 as follows:

step S1: operator BSS sends a download command (download order) to SM-DP +, where the download order may carry batch EUICC Identities (EIDs), Profile types (Profile types), or batch Profile identities (Integrated Circuit Card IDs, ICCIDs).

Among them, EIDs are optional, i.e., the DownloadOrder may not carry EIDs.

Step S2: SM-DP + holds ICCIDs, EIDs and sends reply instructions to Operator BSS.

Specifically, the reply instruction is a response message.

Optionally, the Operator BSS may generate a batch matching identifier (MatchingIDs) after receiving the reply instruction, and the MatchingID may be matched with the Profile to-be-downloaded event generated by the SM-DP +.

Optionally, the Operator BSS may also perform background configuration.

Step S3: optionally, the Operator BSS obtains the usenterfreesignature from the terminal device without the intention of the user.

Wherein the usenterthrietfreesignature may instruct the LPA to omit, deactivate or skip the step of user intent confirmation in this RSP session. For example, the step of letting the user confirm the acceptance of the operator Profile Policy Rules (PPR), the step of letting the user confirm the downloading and installation of the Profile, the step of letting the user input the authentication code, and these steps may be combined.

Alternatively, the usenterthrietfreesignature may be defined by other names.

Specifically, the usenterventfreesignature may be transmitted to the LPA by being included in the user intention configuration information (usenterconfiguration) by the SM-DP +.

Specifically, Operator BSS may obtain usenterthriftfreesignature from Enterprise, OEM, or EUM.

Specifically, the userinterprovisionconfiguration may be userintrefeesignature, or { Signer, userintrefeesignature }, where the userintrefeesignature is a signature (i.e., a first signature value) of first to-be-signed data using a first key, the first to-be-signed data may be { euicop Operation Type, operator id, SM-DP + OID }, and optionally, the first to-be-signed data may further include EIDs, that is, the first to-be-signed data is { euicop Operation Type, operator, SM-DP + OID, EIDs }, where the euicop Operation Type is an euicumnagement Operation Type, the operator is an operator identity, and the SM-DP + OID is SM-DP + Object identity (Object identities); signer is the owner Name of the digital certificate corresponding to the first key, and may be, for example, a Distinguished Name (DN) of an OEM digital certificate, an EUM digital certificate, or an Enterprise digital certificate, for example, if Operator BSS obtains a userintrefeesignate from the OEM, then Signer is the DN Name of the OEM digital certificate.

Specifically, in the embodiment of the present invention, the euicc Operation Type is Profile Download.

Alternatively, the first Key may be a Public Key (PK), a private Key (SK), or a symmetric Key.

Specifically, the representations of the EIDs may be various, and may be expressed as EIDs, for example_start|EID_end、EID_startAny one of | Count or EID list and combinations thereof.

Step S4: operator BSS sends acknowledgement command (ConfirmOrder) to SM-DP +, where { Signer, usenterfreeSignature } is carried in ConfirmOrder.

Wherein Signer is optional, and when the userintetranfiguration is userintrefeesignature, the configorrer only carries userintrefeesignature.

Optionally, the configorrder may also carry ICCIDs, EIDs, verification Codes, and MatchingIDs, where the verification Codes are a set of Confirmation Codes (verification Codes) for enhancing security of Profile download.

Step S5: and SM-DP + generates a Batch Profile download pending event (Batch Profile download pending order).

Optionally, the SM-DP + may also generate a single Profile event to be downloaded for each terminal device/eUICC.

Specifically, the Batch Profile generated by the signature, the usenterfreesignature, the eventID, the matchingIDs, the EIDs and the SM-DP + may be included in the Batch Profile download dependency order.

Therefore, the Profile download initialization process of the SM-DP + is completed, the SM-DP + prepares a Batch of profiles for the enterprise user, optionally, the name of the Batch to-be-downloaded event is not limited to the description of the Batch Profile download pending order in the embodiment of the present invention, and may also be described by other names, which are mainly used to distinguish the existing single Profile to-be-downloaded event.

Specifically, the SM-DP + may find the Profile downlink pending order or the Batch Profile downlink pending order according to the MatchingID or the EID sent by the terminal device.

Step S205: the SM-DP + performs validity check using the terminal Device information (Device Info) and the eUICC information (eUICC Info 2).

Specifically, the SM-DP + checks, for example, whether the firmware information, version information, and the like of the terminal device and the eUICC match the Profile in the download pending order.

Step S206: SM-DP + generates Profile Metadata (Metadata), checks whether it is retry download (download retry), and generates second data to be signed (e.g., smdpSigned2), smdpSigned2 { (TransactionID, Confirmation Code Required Flag), and temporary key pair public key (bppeuccotpk).

Specifically, the TransactionID is generated by SM-DP + during the establishment of the RSP session, and the configuration Code Required Flag is set to 'True' or 'False' (depending on whether the SM-DP + received the configuration Code during the Profile download initialization, bppeuccutppk is the public key portion of the ephemeral public-private key pair generated by the eUICC in the last abnormally terminated Profile download RSP session.

Step S207: SM-DP + performs signature computation on smdpSigned2 and euicsignature 1 with a third key (sk.dppb.ecdsa) to generate a second signature value (e.g., smdpcsignature 2), where sk.dppb.ecdsa is a private key of a profile binding (profile binding) digital certificate (cert.dppb.ecdsa) of SM-DP +.

Specifically, SM-DP + may generate a digest of smdpSigned2| euicsignature 1 ("|" symbol is used to concatenate the front and back two data) and then encrypt the digest using sk.dppb.ecdsa to generate smdpcsignature 2. For example, a is { smdpcigned 2, euicsignature 1}, a digest is extracted from a to obtain a digest a, and the digest a is encrypted by sk.dppb.ecdsa to obtain a second signature value smdpcignure 2.

Step S208: SM-DP + sends Profile Metadata, smdpSigned2, smdpSignature2, CERT.DPpb.ECDSA, usenterterconfiguration, and EIDs to the LPA.

Among them, EIDs are optional.

Step S209: the LPA confirms that the usenterterconfiguration is received, and generates local first data to be signed (localunentfreesigned), where localunentfreesigned is { euicoperationtype, Operatorid, SM-DP + OID }.

In another embodiment, localuenterfreesigned ═ euiccc Operation Type, Operatorid, SM-DP + OID, eid }.

Specifically, the LPA recognizes the eUICC Operation Type as Profile download through the Profile Metadata, assigns a Profile owner (Profile owner) in the Profile Metadata to the operator, and acquires SM-DP + OID from the cert.dppb.ecdsa certificate.

Step S210: the LPA verifies that the EID of the local eUICC is within the EIDs.

Step S211: the LPA sends localumentfreesigned, usenterconfiguration, transactioniD and CERT.DPpb.ECDSA to the eUICC.

Specifically, the LPA reads the TransactionID from smdpSigned 2.

In another implementation manner, the localumentitlerfriesigned may be generated by the eUICC, and steps S209 to S211 shown in fig. 5 may be replaced with:

step S209-1: the LPA confirms the reception of the usenterconfiguration and generates an euicc Operation Type and an Operatorid.

The way of generating the euicc Operation Type and the Operation identifier by the LPA is the same as that in step S209, and is not described again.

Step S210-1: optionally, the LPA verifies that the EID of the local eUICC is within the EIDs.

Step S211-1: the LPA sends the eUICC Operation Type, the operator id, the usenterconfiguration, the transactioniD and CERT.DPpb.ECDSA to the eUICC.

Optionally, if the first to-be-signed data is { eUICC Operation Type, Operatorid, SM-DP + OID, eid }, the LPA may also send the EIDs to the eUICC.

Step S211-2: the eUICC generates localuserentfreeSigned.

Step S212: eUICC verifies that cert.dppb.ecdsa is legitimate and belongs to the same SM-DP + as cert.dpauth.ecdsa, verifies that TransactionID matches the current RSP session.

Specifically, the eUICC obtains SM-DP + OIDs from cert.dppb.ecdsa and cert.dpauth.ecdsa respectively, compares the two obtained SM-DP + OIDs, and determines that cert.dppb.ecdsa and cert.dpauth.ecdsa belong to the same SM-DP + if the two SM-DP + OIDs are the same.

Step S213: the eUICC verifies the usenterconfiguration.

Specifically, the eUICC verifies the usenterthrintfreesignature by using the second key corresponding to the first key and the localumentintfreesignature.

Optionally, the second key and the first key may be a symmetric key or an asymmetric key, for example, the first key and the second key are asymmetric keys, when the first key is PK, the second key is SK, and when the first key is SK, the second key is PK; and if the second key and the first key are symmetric keys, the first key and the second key are the same.

Specifically, the eUICC generates a local first digest of the localumerinentrencfreesigned, decrypts the userintrefeesignation by using the second key to obtain a decryption result, and verifies the userintrefeesignation when the local first digest is the same as the decryption result.

Optionally, when the LPA receives userintrefeesignature and Signer at the same time, the eUICC further needs to check whether the DN names in Signer and cert. The verification sequence of Signer and usenterprefreeSignature is not limited.

Step S214: the eUICC sends a verification complete instruction to the LPA.

The verification completion instruction comprises a verification passing instruction or a verification failing instruction and is used for indicating whether to execute the user verification step, and if the verification completion instruction is the verification passing instruction, the user intention confirming step is not executed; and if the verification complete instruction is a verification failed instruction, executing a user intention confirming step, or instructing the LPA to terminate the current RSP session.

Specifically, the verification completion instruction may be, for example, an OK or Error response message.

Step S215: the LPA determines whether to perform the user intention confirming step according to the verification completion instruction.

In a possible implementation manner, a flag bit may be set for whether to execute the user intention confirming step, for example, if the verification passing instruction is received, the flag bit is set to '1', which indicates that the user intention confirming step should be skipped when the step is executed, and if the verification failing instruction is received, the flag bit is set to '0', which indicates that the user intention confirming step should be executed when the step is executed.

Specifically, when the verification completion instruction is a verification pass instruction, step S217 is performed.

Step S216: the verification completion instruction is a verification failure instruction, and the LPA performs a user intention confirming step.

Step S217: the LPA continues to perform the Profile download and installation process.

In the method shown in fig. 3, the user intention configuration information userinterfreesignature or { Signer, userintrefreesignature }, the Operator acquires userintrefreesignature from Enterprise, OEM or EUM and sends the userintrefreesignature to SM-DP +, when the user terminal device is about to perform a Profile download operation, SM-DP + sends the userintrefreesignature (and Signer) to the LPA of the terminal, and the LPA and the eue cooperate to complete the verification of the userintrefreesignature (and Signer), and when the verification passes, the user intention confirmation step is skipped, which is helpful for realizing efficient download of the Profile, and is particularly beneficial to the scenes of batch Enterprise user terminal devices.

Referring to fig. 6, fig. 6 is a flowchart illustrating a method for downloading an eUICC profile according to a third embodiment of the present invention. In the embodiment of the present invention, an eUICC management session user is used to execute eUICC configuration file downloading and installing operations, and the specific implementation flow is as follows:

step S301: the LPA obtains the SM-DP + address.

Step S302: the LPA establishes a TLS connection with SM-DP +.

Step S303: and the SM-DP + and the eUICC perform bidirectional authentication based on HTTPS.

Step S304: and searching for the SM-DP + to obtain a Profile down loading order or a Batch Profile down loading order.

Step S305: SM-DP + performs a validity check using Device Info and euicc Info 2.

The implementation logic and implementation manner of steps S301 to S305 are the same as those introduced in steps S201 to S205 of the second embodiment, and are not described again.

Step S306: SM-DP + generates Profile Metadata, checks if it is a download retry, generates smdpSigned2, smdpSigned2 { (TransactionID, configuration Code Required Flag, bppEuiccOtpk, usenterconfiguration, EIDs }.

Among them, EIDs are optional. Specifically, in the embodiment of the present invention, the userinteconfiguration may be { Signer, userintrefeesignation }, userintrefeesignation, or User Intent Free Required Flag (User Intent Free).

It should be noted that, if the userinterconfiguration is User Intent requested Flag, the Operator BSS does not perform the step of obtaining the userintrefransignature authorization exempted from the User Intent of the terminal device, and directly instructs the SM-DP + to generate the User Intent configuration information (e.g., instructs to set the User Intent indication to "True" or "False") according to the Profile download scenario (e.g., batch download by enterprise users, or download by elderly users/help users).

It should be noted that, in the embodiment of the present invention, if the userintterconfiguration is { signal, userintrefeesignature } or userintrefeesignature, smdpSigned2 is the second data to be signed, and if the userintterconfiguration is User Intent Free Required Flag, smdpSigned2 is the third data to be signed.

Step S307: SM-DP + utilizes SK.DPpb.ECDSA to perform signature calculation on smdSigned 2| euicSignature 1 to generate smdSignature 2, wherein SK.DPpb.ECDSA is the private key of the Profile binding certificate of SM-DP +.

It should be noted that, in this embodiment of the present invention, if the userintterconfiguration is { signal, userintrefeesignature } or userintrefeesignature, smdpSignature2 is the second signature value, and if the userintterconfiguration is User Intent Free Flag, smdpSignature2 is the third signature value.

Step S308: and the SM-DP + sends the Profile Metadata, the smdpSigned2, the smdpSignature2 and the CERT.DPpb.ECDSA to the LPA.

Step S309: the LPA acknowledges receipt of the usenterconfiguration.

Specifically, LPA parsing smdpSigned2 confirms receipt of user intention configuration information usenterconfiguration.

In a possible implementation manner, if the user intention configuration information is { Signer, userintrefreeSignature } or userintrefreeSignature, the LPA may generate localumersinterfreefreeSigned, and a generation manner and content of the localumerinterfreeSigned are consistent with those described in step S209 in the second embodiment, and are not described again.

Step S310: optionally, the LPA verifies that the EID of the local eUICC is within the EIDs.

Step S311: the LPA sends smdpSigned2, smdpSignature2 and CERT.DPpb.ECDSA to the eUICC.

Optionally, if the LPA generates a localuserventfreesigned, the LPA further sends the generated localuserventblocksigned to the eUICC.

In another implementation, the usenterthrieesigned may be generated by the eUICC, in which case the LPA also needs to send the Operation Type, the Operation id, and the EIDs (optional) to the eUICC.

Step S312: eUICC verifies that cert.dppb.ecdsa is legitimate and belongs to the same SM-DP + as cert.dpauth.ecdsa, verifies that TransactionID matches the current RSP session.

The method for verifying cert.dppb.ecdsa by the eUICC is the same as that described in step S212 of the second embodiment, and is not described again.

Step S313: the eUICC verifies the smdPstSignature 2.

Specifically, the eUICC verifies smdpcignature 2 by using a fourth key (pk.dppb.ecdsa), smdpcigned 2 and euicsignatur 1 corresponding to sk.dppb.ecdsa, wherein the eUICC signatur 1 is an authentication signature value generated and stored by the eUICC in the process of establishing the RSP session.

Specifically, the eUICC generates a third digest of smdpSigned2| euicsignature 1, decrypts the smdpcsignature 2 by using pk.dppb.ecdsa to generate a fourth digest, and when the third digest is the same as the fourth digest, the verification of the smdpcsignature 2 is passed. For example, in SM-DP +, a ═ smdpcigned 2, euicsignature 1}, a digest is extracted from a to obtain a digest a, and smdpcsignature 2 is a signature value obtained by encrypting the digest a with sk.dppb.ecdsa; when the smdpSigned2 and the smdpSignature2 are transmitted to the eUICC, the smdpSigned2| euicsignature 1 is abstracted to obtain an abstract a1, the smdpssignature 2 is decrypted by using PK.DPpb.ECDSA to generate a new abstract b, and when the abstract a1 is the same as the abstract b, the smdpSignature2 is verified to be passed.

Step S314: the eUICC verifies the usenterconfiguration.

Specifically, when the userintterconfiguration is { Signer, userintrefeesignature } or userintrefeesignature, the step of verifying userintrefeesignature and Signer may refer to step S213 of the second embodiment, and is not described again.

Specifically, when the userintnterconfiguration is a User Intent Free Required Flag, the eUICC determines whether the User Intent Free Required Flag is valid for verification, for example, if the value of the User Intent Free Required Flag is 'True' (or '1'), the eUICC determines that the User Intent Free Required Flag is valid, and the verification of the userintnterconfiguration passes; a value of 'False' (or '0') for User Intent Free Required Flag determines invalid and fails the userintnterconfiguration verification. Or, when the userinterponfiguration is User Intent Free Required Flag, the eUICC does not verify the User Intent Free Required Flag, but returns the verification result to the LPA after verifying the smdpssignenature 2 in step S313, and the LPA performs User Intent Free Required Flag verification.

Step S315: the eUICC sends a verification complete instruction to the LPA.

Step S316: the LPA determines whether to perform the user intention confirming step according to the verification completion instruction.

Step S317: the verification completion instruction is a verification failure instruction, and the LPA performs a user intention confirming step.

Step S318: the LPA continues to perform the Profile download and installation process.

The logic and manner of steps S315 to S318 are the same as those of steps S214 to S217 in the second embodiment, and are not described again.

In the method shown in fig. 6, the User intends to configure the information userrentconfiguration as { Signer, userrentsignatur }, userrentfreesignatur, or User Intent Required Flag, the Operator BSS obtains userrentfreesignatur from the Enterprise, OEM, or EUM and sends the userrentfreesignatur (and Signer) in the configer to the SM-DP + (the Operator BSS does not perform the step of obtaining userrentsignatur when the userrentconfiguration is User Intent Required request Flag), when the terminal device is to perform the Profile download operation, the SM-DP + puts the usertconfigurability into the dpsigned2 for signature protection and sends the userrentfreesignatur to the LPA of the terminal device, the LPA and the eUICC cooperate to complete the signature verification and the validation of the User statentsmartsignature 2, and the validation of the User Intent is particularly beneficial to the Enterprise through the signature verification 2.

Referring to fig. 7, fig. 7 is a flowchart illustrating a method for remotely managing an eUICC profile according to a fourth embodiment of the present invention. In the embodiment of the present invention, the eUICC management operation performed by the terminal device is an RPM operation, and the specific implementation flow is as follows:

step S401: the LPA obtains the SM-DP + address.

Step S402: the LPA establishes a TLS connection with SM-DP +.

Step S403: and the SM-DP + and the eUICC perform bidirectional authentication based on HTTPS.

So far, the RSP session between the terminal device and the SM-DP + is successfully established, and the established logic and flow are consistent with those described in steps S201 to S203 of the second embodiment, and are not described again.

Step S404: and searching by SM-DP + to obtain the Profile remote management events to be processed (pending RPM order) or Batch Profile remote management events to be processed (pending Batch RPM order).

Specifically, the pending RPM Order or pending Batch RPM Order may be generated after receiving a Remote Profile Management command (Remote Profile Management Order, RPMOrder) of the Operator BSS by SM-DP +, and a specific flow is introduced below.

Step S11: operator BSS obtains a usenterfreesignature that is authorized without the user's intention.

The manner of acquiring the userintrefeesignature by the operator bss is the same as that introduced in step S3 of the Profile download initialization process of the SM-DP + introduced in conjunction with fig. 3, and it should be noted that the euicc Operation Type is various Profile remote management operations (for example, Disable is deactivated, Enable is activated, Delete is deleted, Update is updated, Query is queried) in the embodiment of the present invention.

Step S12: the Operator sends RPMOrder to SM-DP +, wherein RPMOrder carries usenterfreeSignature, RPM Command.

Optionally, the RPMOrder may also carry ICCIDs, Signer, EIDs.

Step S13: and carrying out validity check on the SM-DP +.

Specifically, SM-DP + checks EIDs or ICCIDs to see if they fall within their regulatory scope.

Step S14: SM-DP + generates one or more pending RPM orders or generates pending Batch RPM orders.

Optionally, SM-DP + also performs event registration at the SM-DS.

Specifically, each RPM order event has an eventID identification.

Specifically, SM-DP + finds the pending RPM order or pending Batch RPM order through evenID or EID.

Step S405: and the SM-DP + generates second data to be signed (for example, smdpSigned3), and smdpSigned3 ═ TransactionID, RPM Command }.

Step S406: SM-DP + performs signature calculation on smdpSigned3| euicsignature 1 using a third key (sk.dprpm.ecdsa), which is a private key of a Remote Profile Management (RPM) certificate (cert.dprpm.ecdsa) of SM-DP +, to generate a second signature value (smdpsignsignature 3).

In particular, the RPM certificate may be distinguished from or multiplexed with the authentication certificate.

Specifically, SM-DP + may generate a digest of smdpSigned3| euicsignature 1, which is then encrypted using sk.dprpm.ecdsa to generate smdpcsignature 3. For example, C is { smdpSigned3, euicsignature 1}, and the second signature value smdpsignure 3 is a result obtained by encrypting the digest C using sk.dprpm.ecdsa, with the digest C being obtained by fetching C.

Step S407: SM-DP + sends smdPSigned3, smdPSignature3, CERT.DPrpm.ECDSA, userintConfiguration, EIDs, and Operatorid to the LPA.

Wherein EIDs are optional; the operand may be included in an RPM Command.

Step S408: the LPA confirms that the userintnterconfiguration is received, and generates a loc misunderentfreesigned which is { euicOperationType, Operatorid, SM-DP + OID }.

Specifically, the LPA recognizes the euicc Operation Type through an RPM Command, reads the operand from smdpSigned3 or the RPM Command, and acquires the SM-DP + OID from the CERT.DPrpm.ECDSA certificate.

Specifically, the euicc Operation Type includes, for example, deactivation (Disable), activation (Enable), deletion (Delete), Update (Update), or Query (Query).

Step S409: the LPA verifies that the EID of the local eUICC is within the EIDs.

Step S410: the LPA sends localumentfreesignal, usenterconfiguration, TransactionID, and CERT.DPrpm.ECDSA to the eUICC.

Specifically, TransactionID is read from smdPstSigned 3.

In another implementation, the localumentinterfreesigned may be generated by the eUICC, and the LPA sends the eUICC Operation Type, the operator, the userinteconfiguration, the TransactionID, and cert. Optionally, the LPA also sends the EIDs to the eUICC.

Step S411: eUICC verifies cert.dprpm.ecdsa is legitimate and belongs to the same SM-DP + as cert.dpauth.ecdsa, verifying that TransactionID matches the current RSP session.

Specifically, the eUICC obtains SM-DP + OIDs from cert.dprpm.ecdsa and cert.dpauth.ecdsa, respectively, compares the two obtained SM-DP + OIDs, and determines that cert.dprpm.ecdsa and cert.dpauth.ecdsa belong to the same SM-DP + if the two SM-DP + OIDs are the same.

Step S412: the eUICC verifies the usenterconfiguration.

Specifically, the method for the eUICC to verify the userinteconfiguration is the same as that in the second embodiment, and is not described herein again.

Step S413: the eUICC sends a verification complete instruction to the LPA.

Step S414: the LPA determines whether to perform the user intention confirming step according to the verification completion instruction.

Step S415: the verification completion instruction is a verification failure instruction, and the LPA performs a user intention confirming step.

Step S416: the LPA continues to execute the Profile remote management flow.

The implementation logic and specific manner of steps S413 to S416 may refer to steps S214 to S217 in the second embodiment, and are not described again.

In the method shown in fig. 7, the userintnfiguration is { Signer, userintrefeesignation }, userintrefeesignation, Operator BSS obtains userintrefeesignation (and Signer) from Enterprise, OEM or EUM and sends the userintnfiguration to SM-DP +, when the terminal device is about to perform the Profile remote management operation, SM-DP + sends the userintnfiguration to the LPA of the terminal, the LPA and the eUICC cooperate to complete the verification of the userintnfiguration, and the user intention confirmation step is not executed when the verification is passed, which helps to realize the efficient remote management of the Profile.

Referring to fig. 8, fig. 8 is a flowchart illustrating a method for remotely managing an eUICC profile according to a fifth embodiment of the present invention. In the embodiment of the present invention, the eUICC management operation performed by the terminal device is an RPM operation, and the specific implementation flow is as follows:

step S501: the LPA obtains the SM-DP + address.

Step S502: the LPA establishes a TLS connection with SM-DP +.

Step S503: and the SM-DP + and the eUICC perform bidirectional authentication based on HTTPS.

So far, after the bidirectional authentication, the session between the terminal device and the SM-DP + is successfully established, and the established logic and flow are consistent with those described in steps S201 to S203 of the second embodiment, and are not described again.

Step S504: the SM-DP + lookup yields a pending RPM order or a pending Batch RPM order.

The implementation logic and manner of step S504 are the same as those of step S404 in the fourth embodiment, and are not described again.

Step S505: SM-DP + generates smdpSigned3, smdpSigned3 { (TransactionID, RPM Command, usenterconfiguration, EIDs, Operatorid }.

Wherein EIDs are optional; the Operatorid may also be included in the RPM Command.

It should be noted that, in the embodiment of the present invention, if the userinteconfiguration is { signal, userintfreesigation } or userintfreesigation, then smdpSigned3 is the second data to be signed, and if the userintrefraytation is User Intent ruled Flag, then smdpSigned3 is the third data to be signed.

Step S506: SM-DP + utilizes SK.DPrpm.ECDSA to carry out signature calculation on smdPsigned3| euicSignature 1 to generate smdPsSignature 3.

The generation manner of the smdpssignet 3 is mentioned in step S406 in the fourth embodiment, and is not described again.

It should be noted that, in the embodiment of the present invention, if the userintterconfiguration is { signal, userintrefeesignature } or userintrefeesignature, smdpSignature3 is the second signature value, and if the userintterconfiguration is User item Free ruled Flag, smdpSignature3 is the third signature value.

Step S507: and the SM-DP + sends the smdpSigned3, the smdpSignature3, CERT.DPrpm.ECDSA to the LPA.

Step S508: the LPA acknowledges receipt of the usenterconfiguration.

Specifically, the LPA parses the data in smdpssigned 3 to acknowledge receipt of the userintconfiguration.

In a possible implementation manner, if the userintterconfigurability is { Signer, userintrefreeSignature } or userintrefreeSignature, the LPA may generate localumersinterfreerefreeSigned, and a generation manner and content of the localumentfreeSigned are consistent with those described in step S408 in the fourth embodiment, and are not described again.

Step S509: the LPA verifies that the EID of the local eUICC is within the EIDs.

Step S510: the LPA sends the smdpSigned3, the smdpSignature3 and CERT.DPrpm.ECDSA to the eUICC.

Optionally, if the LPA generates a localuserventfreesignal, the LPA sends the localuserventfreesignal to the eUICC.

In another implementation, the localuserventfreesigned may be generated by the eUICC, and at this time, the LPA further needs to send the eUICC Operation Type, the Operatorid, and the optional EIDs to the eUICC.

Step S511: eUICC verifies cert.dprpm.ecdsa is legitimate and belongs to the same SM-DP + as cert.dpauth.ecdsa, verifying that TransactionID matches the current RSP session.

Step S512: the eUICC verifies the smdPstSignature 3.

Specifically, the eUICC verifies smdpcignature 3 using a fourth key (pk.dprpm.ecdsa), smdpcigned 3, and euicsignatur 1 corresponding to sk.dprpm.ecdsa.

Specifically, the eUICC generates a fifth digest for the smdpSigned3 and the locally stored euicsignature 1, decrypts the smdpcsignature 3 by using pk.dprpm.ecdsa, and verifies the smdpcsignature 3 when the fifth digest is the same as the decryption result.

Step S513: eUICC verifies userinteConfiguration

Specifically, when the userintterconfiguration is { Signer, userintrefeesignature } or userintrefeesignature, the step of verifying the userintterconfiguration may refer to step S213 of the second embodiment, and is not described again.

Specifically, when the userinterponfiguration is User Intent Free Required Flag, the verification of the userintonfiguration may refer to step S314 of the third embodiment, and will not be described again.

Step S514: the eUICC sends a verification complete instruction to the LPA.

Step S515: the LPA determines whether to perform the user intention confirming step according to the verification completion instruction.

Step S516: the verification completion instruction is a verification failure instruction, and the LPA performs a user intention confirming step.

Step S517: the LPA continues to execute the Profile remote management flow.

The logic and specific implementation manner of steps S514 to S517 may refer to steps S214 to S217 in the second embodiment, and are not described again.

In the method shown in fig. 8, the userinterfiguration is { Signer, userintrefransignation }, userintrefransignation or User Intent Required Flag, the Operator BSS obtains userintrefransignation (and Signer) from Enterprise, OEM or EUM, carries the userintrefransignation (and Signer) in RPMOrder and sends the userinterfresignation (and Signer) to SM-DP +, when the terminal is about to perform the Profile remote management operation, SM-DP + puts the usenterconfiguration in smdpcigned 3 to perform signature protection and send to the LPA of the terminal, the LPA and eUICC cooperate to complete the verification of smdpSigned3 and userinteconfiguration, when the verification is passed, the User intention confirmation step is not executed, which is helpful to achieve efficient remote management of the Profile.

The method of embodiments of the present invention is set forth above in detail and the apparatus of embodiments of the present invention is provided below.

Referring to fig. 9, fig. 9 is a schematic structural diagram of an eUICC profile management apparatus according to an embodiment of the present invention, where the eUICC profile management apparatus may include a management session establishing module 610, a configuration information obtaining module 620, a verifying module 630, and an executing module 640, where details of each module are as follows:

a management session establishing module 610, configured to establish an eUICC management session with an eUICC remote management server;

a configuration information obtaining module 620, configured to obtain user intention configuration information from the eUICC remote management server through the eUICC management session;

a verification module 630, configured to verify the user intention configuration information;

an executing module 640, configured to, when the verification of the user intention configuration information passes, not execute the user intention confirming step in the eUICC management session, where the eUICC management session is used to execute at least one of an eUICC profile downloading and installing operation, an eUICC profile activating operation, an eUICC profile deactivating operation, or an eUICC profile deleting operation.

It should be noted that the implementation of each module may also correspond to the corresponding description of the method embodiments shown in fig. 1, fig. 3, fig. 6, fig. 7, or fig. 8.

Referring to fig. 10, fig. 10 is an eUICC profile management apparatus 70 according to an embodiment of the present invention, where the eUICC profile management apparatus 70 includes a processor 701, a memory 702, and a transceiver 703, and the processor 701, the memory 702, and the transceiver 403 are connected to each other through a bus.

The Memory 702 includes, but is not limited to, a Random Access Memory (RAM), a Read-Only Memory (ROM), an Erasable Programmable Read Only Memory (EPROM), or a portable Read Only Memory (CD-ROM), and the Memory 702 is used for storing related instructions and data. The transceiver 703 is used for receiving and transmitting data.

The processor 701 may be one or more Central Processing Units (CPUs), and in the case that the processor 701 is one CPU, the CPU may be a single-core CPU or a multi-core CPU.

The processor 701 in the eUICC profile management apparatus 70 is configured to read the program code stored in the memory 702 and perform the following operations:

verifying the user intention configuration information;

It should be noted that, the implementation of each operation may also correspond to the corresponding description of the method embodiments shown in fig. 1, fig. 3, fig. 6, fig. 7, or fig. 8.

Referring to fig. 11, fig. 11 is a schematic structural diagram of a local eUICC profile auxiliary module according to an embodiment of the present invention, where the local eUICC profile auxiliary module includes a management session establishing unit 810, a configuration information obtaining unit 820, a verification instruction sending unit 830, and a first executing unit 840, where details of each unit are as follows:

a management session establishing unit 810, configured to establish an eUICC management session with an eUICC remote management server;

a configuration information obtaining unit 820, configured to obtain user intention configuration information from the eUICC remote management server through the eUICC management session;

a verification instruction sending unit 830, configured to send a user intention verification instruction to an eUICC module, where the user intention verification instruction is used by the eUICC module to verify the user intention configuration information, where the user intention verification instruction carries the user intention configuration information;

a first executing unit 840, configured to, if the verification of the user intention configuration information passes, not execute the user intention confirmation step in the eUICC management session, where the eUICC management session is used to execute at least one of an eUICC profile downloading and installing operation, an eUICC profile activating operation, an eUICC profile deactivating operation, or an eUICC profile deleting operation.

It should be noted that the implementation of each unit may also correspond to the corresponding description of the LPA in the method embodiments shown in fig. 1, fig. 3, fig. 6, fig. 7, or fig. 8.

Referring to fig. 12, fig. 12 is a terminal 90 according to an embodiment of the present invention, where the terminal 90 includes a processor 901, a memory 902 and a transceiver 903, and the processor 901, the memory 902 and the transceiver 903 are connected to each other through a bus.

The Memory 902 includes, but is not limited to, a Random Access Memory (RAM), a Read-Only Memory (ROM), an Erasable Programmable Read Only Memory (EPROM), or a portable Read Only Memory (CD-ROM), and the Memory 902 is used for storing related instructions and data. The transceiver 903 is used for receiving and transmitting data.

The processor 901 may be one or more Central Processing Units (CPUs), and in the case that the processor 901 is one CPU, the CPU may be a single-core CPU or a multi-core CPU.

The processor 901 in the terminal 90 is configured to read the program code stored in the memory 902, and perform the following operations:

Referring to fig. 13, fig. 13 is a schematic structural diagram of an eUICC module according to an embodiment of the present invention, where the eUICC module includes a verification instruction receiving unit 1010, a verification unit 1020, and a second execution unit 1030, where the details of each unit are as follows:

a verification instruction receiving unit 1010, configured to receive a user intention verification instruction sent by a local eUICC profile auxiliary module, where the user intention verification instruction carries user intention configuration information, and the user intention configuration information is obtained by the local eUICC profile auxiliary module from an eUICC management session with an eUICC remote management server;

a verification unit 1020 for verifying the user intention configuration information;

a second executing unit 1030, configured to not execute the user intention confirming step in the eUICC management session process when the verification of the user intention configuration information passes, where the eUICC management session is used to execute at least one of an eUICC profile downloading and installing operation, an eUICC profile activating operation, an eUICC profile deactivating operation, or an eUICC profile deleting operation.

It should be noted that the implementation of each unit may also correspond to the corresponding description of the eUICC in the method embodiment shown in fig. 1, fig. 3, fig. 6, fig. 7, or fig. 8.

Referring to fig. 14, fig. 14 is a eUICC module 110 according to an embodiment of the present invention, where the eUICC module 110 includes a processor 1101, a memory 1102, and a communication interface 1103, and the processor 1101, the memory 1102, and the communication interface 1103 are connected to each other through a bus.

The Memory 1102 includes, but is not limited to, a Random Access Memory (RAM), a Read-Only Memory (ROM), an Erasable Programmable Read-Only Memory (EPROM), or a portable Read-Only Memory (CD-ROM), and the Memory 1102 is used for storing related instructions and data. The communication interface 1103 is used for receiving and transmitting data.

The processor 1101 may be one or more Central Processing Units (CPUs), and in the case that the processor 1101 is a CPU, the CPU may be a single-core CPU or a multi-core CPU.

The processor 1101 in the eUICC module 110 is configured to read the program codes stored in the memory 1102 and perform the following operations:

verifying the user intention configuration information;

In summary, by implementing the embodiment of the present invention, efficient downloading and installation of the Profile and efficient remote Profile management can be achieved.

One of ordinary skill in the art will appreciate that all or part of the processes in the methods of the above embodiments may be implemented by hardware related to instructions of a computer program, which may be stored in a computer-readable storage medium, and when executed, may include the processes of the above method embodiments. And the aforementioned storage medium includes: various media capable of storing program codes, such as ROM or RAM, magnetic or optical disks, etc.

Claims

1. An eUICC configuration file management method is characterized by comprising the following steps:

establishing an eUICC management session with an eUICC remote management server, wherein the eUICC remote management server generates an eUICC configuration file for a plurality of terminals to download in batch according to a download command carrying batch eUICC Event Identifications (EIDs) sent by an Operator BSS (service support system);

verifying the user intention configuration information; the user intention configuration information is used for indicating that the step of interacting with the user is omitted, deactivated or skipped in the eUICC management session process;

under the condition that the user intention configuration information is verified, in the process of the eUICC management session, not executing a user intention confirmation step, wherein the eUICC management session is used for executing at least one operation of eUICC configuration file downloading and installing operation, eUICC configuration file activating operation, eUICC configuration file deactivating operation or eUICC configuration file deleting operation;

performing a user intention confirmation step in case the verification of the user intention configuration information is not passed;

the user intention configuration information comprises a first signature value, wherein the first signature value comprises a signature of first data to be signed by a first secret key, and the first secret key comprises a public key, a private key or a symmetric secret key;

the verifying the user intention configuration information comprises:

generating local first data to be signed, wherein the local first data to be signed comprises an operation type, an operator identifier and an eUICC remote management server object identifier;

and verifying the first signature value through a second key corresponding to the first key and the local first data to be signed.

2. The method of claim 1, wherein the obtaining user intent configuration information from the eUICC remote management server over the eUICC management session comprises:

acquiring second data to be signed and a second signature value from the eUICC remote management server through the eUICC management session, wherein the second data to be signed comprises the user intention configuration information, the second signature value comprises a signature of a third secret key on the second data to be signed and an authentication signature value, and the authentication signature value is generated in the establishment process of the eUICC management session;

before the verifying the first signature value by the second key corresponding to the first key and the local first data to be signed, the method further comprises:

and verifying the second signature value through a fourth key corresponding to the third key, the second data to be signed and the authentication signature value and confirming that the verification is passed.

3. An eUICC configuration file management method is characterized by comprising the following steps:

establishing an eUICC management session with an eUICC remote management server; the eUICC remote management server generates an eUICC configuration file for batch downloading of a plurality of terminals according to a downloading command carrying batch eUICC Event Identifications (EIDs) sent by an Operator BSS (service support system);

sending a user intention verification instruction to an eUICC module, wherein the user intention verification instruction is used by the eUICC module for verifying the user intention configuration information, and the user intention verification instruction carries the user intention configuration information; the user intention configuration information is used for indicating that the step of interacting with the user is omitted, deactivated or skipped in the eUICC management session process;

the sending of the user intention verification instruction to the eUICC module comprises:

the user intention verification instruction also carries the local first data to be signed, and the local first data to be signed is used by the eUICC module for verifying the first signature value by a second key corresponding to the first key.

4. The method of claim 3, wherein the obtaining user intent configuration information from the eUICC remote management server over the eUICC management session comprises:

acquiring second data to be signed and a second signature value from the eUICC remote management server through the eUICC management session, wherein the second data to be signed comprises the user intention configuration information, the second signature value comprises a signature of a third secret key on the second data to be signed and an authentication signature value, and the authentication signature value is generated in the eUICC management session process;

the user verification instruction further carries the second data to be signed and the second signature value, wherein the second data to be signed and the authentication signature value are used by the eUICC module to verify the second signature value by a fourth key corresponding to the third key.

5. A method for managing an eUICC remote configuration file is characterized by comprising the following steps:

receiving a user intention verification instruction sent by a local eUICC configuration file auxiliary module, wherein the user intention verification instruction carries user intention configuration information, and the user intention configuration information is acquired by the local eUICC configuration file auxiliary module from an eUICC management session with an eUICC remote management server; the eUICC remote management server generates an eUICC configuration file for batch downloading of a plurality of terminals according to a downloading command carrying batch eUICC Event Identifications (EIDs) sent by an Operator BSS (service support system);

the user intention verification instruction also carries local first data to be signed, wherein the local first data to be signed is generated by the local eUICC configuration file auxiliary module, and the local first data to be signed comprises an operation type, an operator identifier and an eUICC remote management server object identifier;

the verifying the user intention configuration information comprises:

6. The method of claim 5, wherein the user verification instruction further carries second data to be signed and a second signature value, wherein the second data to be signed includes the user intention configuration information, and the second signature value includes a signature of the second data to be signed and the authentication signature value with a third key;

7. An eUICC profile management apparatus, comprising:

the system comprises a management session establishing module, a service management module and a service management module, wherein the management session establishing module is used for establishing an eUICC management session with an eUICC remote management server, and the eUICC remote management server generates an eUICC configuration file for batch downloading of a plurality of terminals according to a downloading command which is sent by an Operator BSS and carries batch eUICC event identifiers;

the verification module is used for verifying the user intention configuration information; the user intention configuration information is used for indicating that the step of interacting with the user is omitted, deactivated or skipped in the eUICC management session process;

an execution module, configured to not execute the user intention confirmation step in the eUICC management session process when the verification of the user intention configuration information passes, where the eUICC management session is used to execute at least one of an eUICC profile downloading and installing operation, an eUICC profile activating operation, an eUICC profile deactivating operation, or an eUICC profile deleting operation; performing a user intention confirmation step in case the verification of the user intention configuration information is not passed;

the verifying the user intention configuration information comprises:

8. A local eUICC profile assistance module, comprising:

the management session establishing unit is used for establishing an eUICC management session with the eUICC remote management server; the eUICC remote management server generates an eUICC configuration file for batch downloading of a plurality of terminals according to a downloading command carrying batch eUICC Event Identifications (EIDs) sent by an Operator BSS (service support system);

a verification instruction sending unit, configured to send a user intention verification instruction to an eUICC module, where the user intention verification instruction is used by the eUICC module to verify the user intention configuration information, where the user intention verification instruction carries the user intention configuration information; the user intention configuration information is used for indicating that the step of interacting with the user is omitted, deactivated or skipped in the eUICC management session process;

a first execution unit, configured to, when the verification of the user intention configuration information passes, not execute the user intention confirmation step in the eUICC management session, where the eUICC management session is used to execute at least one of an eUICC profile downloading and installing operation, an eUICC profile activating operation, an eUICC profile deactivating operation, or an eUICC profile deleting operation; performing a user intention confirmation step in case the verification of the user intention configuration information is not passed;

9. An eUICC module, comprising:

a verification instruction receiving unit, configured to receive a user intention verification instruction sent by a local eUICC profile auxiliary module, where the user intention verification instruction carries user intention configuration information, and the user intention configuration information is obtained by the local eUICC profile auxiliary module from an eUICC management session with an eUICC remote management server; the eUICC remote management server generates an eUICC configuration file for batch downloading of a plurality of terminals according to a downloading command carrying batch eUICC Event Identifications (EIDs) sent by an Operator BSS (service support system);

a verification unit for verifying the user intention configuration information; the user intention configuration information is used for indicating that the step of interacting with the user is omitted, deactivated or skipped in the eUICC management session process;

a second execution unit, configured to, when the verification of the user intention configuration information passes, not execute the user intention confirmation step in the eUICC management session, where the eUICC management session is used to execute at least one of an eUICC profile downloading and installing operation, an eUICC profile activating operation, an eUICC profile deactivating operation, or an eUICC profile deleting operation; performing a user intention confirmation step in case the verification of the user intention configuration information is not passed;

the verifying the user intention configuration information comprises:

10. An eUICC profile management apparatus, comprising: the system comprises a processor, a memory and a transceiver, wherein the processor, the memory and the transceiver are connected with each other through a bus, the memory is used for storing program codes, and the processor is used for calling the program codes and executing the following operations:

under the condition that the user intention configuration information is verified, in the process of the eUICC management session, not executing a user intention confirmation step, wherein the eUICC management session is used for executing at least one operation of eUICC configuration file downloading and installing operation, eUICC configuration file activating operation, eUICC configuration file deactivating operation or eUICC configuration file deleting operation; performing a user intention confirmation step in case the verification of the user intention configuration information is not passed;

the verifying the user intention configuration information comprises:

11. A terminal, comprising: the system comprises a processor, a memory and a transceiver, wherein the processor, the memory and the transceiver are connected with each other through a bus, the memory is used for storing program codes, and the processor is used for calling the program codes and executing the following operations:

12. An eUICC module, comprising: the system comprises a processor, a memory and a communication interface, wherein the processor, the memory and the communication interface are connected with each other through a bus, the memory is used for storing program codes, and the processor is used for calling the program codes and executing the following operations:

the verifying the user intention configuration information comprises: