CN110505619A - A kind of data transmission method in eSIM Remote configuration - Google Patents
A kind of data transmission method in eSIM Remote configuration Download PDFInfo
- Publication number
- CN110505619A CN110505619A CN201910862614.3A CN201910862614A CN110505619A CN 110505619 A CN110505619 A CN 110505619A CN 201910862614 A CN201910862614 A CN 201910862614A CN 110505619 A CN110505619 A CN 110505619A
- Authority
- CN
- China
- Prior art keywords
- profile
- ppk
- ciphertext
- terminal
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/18—Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
- H04W8/20—Transfer of user or subscriber data
- H04W8/205—Transfer to or from user equipment or user record carrier
Abstract
The present invention relates to the data transmission system in a kind of eSIM Remote configuration, which includes first terminal, second terminal, Profile download server, encryption equipment 1 and encryption equipment 2.Simultaneously, the invention further relates to the data transmission methods in a kind of eSIM Remote configuration, after authentication information is by verifying, Profile data directly can be downloaded from Profile download server by mobile terminal, and give the Profile data forwarding to eSIM card apparatus, the Profile data write-in for realizing eSIM card, can quickly and effectively connect the downloading that Profile download server carries out Profile, improve the downloading convenience of Profile.Meanwhile after encryption equipment 1 and encryption equipment 2 carry out multi-enciphering using corresponding key in plain text to Profile, so that Profile ciphertext in download transmission and installation process, is not easy to be stolen, the safety of Profile data downloading is improved.
Description
Technical field
The present invention relates to the communications fields eSIM, more particularly to the data transmission method in a kind of eSIM Remote configuration.
Background technique
Most of Internet of Things application terminal all uses mobile radio communication to carry out the high-speed mobiles such as data communication, especially automobile
Carrier, rely more on the mobile network of high bandwidth, low time delay.The SIM card generally used by each operator is as mobile communication
User authentication information carrier is the important component of mobile communication terminal, however traditional plug-in type (plug-in) SIM card is difficult to
Meet often mobile unit demand of the work in limiting temperature and violent vibration environment, embedded SIM card to have obtained increasingly
More applications.ESIM (embedded SIM) is that universal embedded integrated circuit is written in the client identification information of mobile operator
Block (embeddeduniversal integrated circuit card, eUICC), and be fixed on insertion terminal device, no
At will it can extract and replace, user can not directly replace, and need the later period to be remotely managed to coding resource, thus in vehicle
The sale of cross-region or the mobile communications network for allowing hand over different operators when driving.
In order to guarantee the stability of mobile communication and the physical security of equipment itself, internet-of-things terminal often uses eSIM
Card replaces traditional plug-in SIM card, and eSIM is substantially a kind of programmable SIM card, and editable after profile factory, it is supported
Remote configuration is carried out to SIM card by OTA, downloading, installation, activation, deactivation and the deletion of profile is realized, can apply
It renews a contract after batch service is opened, business expires after the factory of M2M terminal, change signing and the fields such as change operator in roaming
Scape.
In the prior art, when how to realize eSIM Remote configuration, profile data are effective in downloading process, safe
Transmission become urgent problem to be solved.
Summary of the invention
This part provides the general summary of the disclosure, rather than its full scope or the comprehensive of its whole feature drape over one's shoulders
Dew.
The data transmission system of the disclosure being designed to provide in a kind of eSIM Remote configuration, the system include first eventually
End, second terminal, Profile download server, encryption equipment 1 and encryption equipment 2;
Wherein, first terminal user requests the downloading of Profile data, and receives Profile download server by second
The Profile data that terminal is sent, and eSIM card is written;
Second terminal is used to authenticate first terminal when first terminal requests downloading Profile data;
The Profile download information and second terminal that Profile download server is used to be sent according to first terminal are sent
Authentication information, obtain Profile ciphertext, and be sent to first terminal;
Encryption equipment 1 encrypts in plain text for generating PPK key, and to PPK key and Profile, obtains PPK ciphertext 1
With Profile ciphertext, and it is sent to Profile download server;
Encryption equipment 2 receives the PPK of Profile download server transmission for generating the disposable public private key pair of another pair
PPK ciphertext 2 and DPot public key are then sent to Profile download server by ciphertext 1 and public key, and the PPK ciphertext 2 is by PPK
The processing of ciphertext 1 obtains.
Preferably, the first terminal further comprises eSIM card, downloading request module, key production module, decryption mould
Block;
Preferably, the eSIM card is used for Profile data management;
Preferably, the instruction that the downloading request module is used to be inputted according to user generates Profile downloading request, and
It is sent to second terminal;
Preferably, the key production module is for generating a pair of disposable public private key pair, and sends public key to
Profile download server, while storing private key;
Preferably, the deciphering module be used to receive ciphertext that Profile download server is sent by second terminal with
Public key, and after ciphertext is decrypted using private key, obtain corresponding Profile data.
Preferably, encryption equipment 2 is specifically used for: session key is calculated using DPot private key and eUICCot public key, and makes
PPK is obtained in plain text with server transport private key decryption PPK ciphertext 1, then, it is close to obtain PPK in plain text using session key encryption PPK
Text 2.
Preferably, the deciphering module is specifically used for: the decryption being calculated using DPot public key and eUICCot private key is close
PPK ciphertext 2 is decrypted in key, obtains PPK key, then, is decrypted using PPK key pair Profile ciphertext, finally
To Profile data.
Preferably, eSIM card is set in the first terminal, the second terminal is trusted third party's equipment, provides verifying
With communication etc. background services.
The present invention also provides the data transmission methods in a kind of eSIM Remote configuration, and this method comprises the following steps:
Step 1, when receiving Profile download information, to the authentication information of first terminal request eSIM card, and
Verify the authentication information;
Step 2, if the authentication information is by verifying, when monitoring Profile downloading confirmation instruction, by institute
It states Profile download information and the authentication information is sent to Profile download server, then, second terminal receives
The Profile data that the Profile download server returns, and the Profile data are sent to the first terminal,
So that the Profile data are written in eSIM card the first terminal;
The step 2 specifically:
Profile is sent to encryption equipment 1 by step 21, Profile download server in plain text;
Step 22,1 internal random of encryption equipment generate a PPK key, in plain text using PPK key encryption Profile, use
Server transport public key encryption PPK key obtains PPK ciphertext 1, and encryption equipment 1 is close to Profile download server output Profile
Text and PPK ciphertext 1;
Profile ciphertext and PPK ciphertext 1 are sent to Profile management service by step 23, Profile download server
Device is stored in the database of Profile management server, due to only having encryption equipment 2 that could decrypt Profile ciphertext,
As long as encryption equipment 2 is safe, Profile storage exactly safety;
Step 3, when first terminal receives the PPK ciphertext 2 and public affairs that Profile download server is sent by second terminal
After key, after PPK ciphertext 2 and Profile ciphertext are decrypted respectively, corresponding Profile data are obtained, and will be described
Profile data are written in eSIM card.
Preferably, the step 2 further include:
When step 24, first terminal request downloading Profile, a pair of disposable public private key pair of generation: eUICCot public key,
EUICCot private key, private key are stored in first terminal, and public key is sent to Profile download server;
PPK ciphertext 1, eUICCot public key are sent to encryption equipment 2 by step 25, Profile download server;
Step 26, encryption equipment 2 generate the disposable public private key pair of another pair: DPot public key and DPot private key, and by PPK ciphertext
2 and DPot public key is sent to Profile download server;
Profile ciphertext, PPK ciphertext 2 and DPot public key are passed through second terminal by step 27, Profile download server
It is forwarded to first terminal.
Preferably, the step 26 specifically: session key is calculated using DPot private key and eUICCot public key, and
PPK is obtained in plain text using server transport private key decryption PPK ciphertext 1, then, obtains PPK in plain text using session key encryption PPK
Ciphertext 2.
Preferably, the step 3 specifically: the decruption key pair being calculated using DPot public key and eUICCot private key
PPK ciphertext 2 is decrypted, and obtains PPK key, then, is decrypted, is finally obtained using PPK key pair Profile ciphertext
Profile data.
The utility model has the advantages that can directly pass through mobile terminal from Profile download service after authentication information is by verifying
Profile data are downloaded in device, and give the Profile data forwarding to eSIM card apparatus, realize the Profile data of eSIM card
Write-in can quickly and effectively connect the downloading that Profile download server carries out Profile, improve the downloading of Profile just
Benefit.Meanwhile after encryption equipment 1 and encryption equipment 2 carry out multi-enciphering using corresponding key in plain text to Profile, so that
Profile ciphertext is not easy to be stolen in download transmission and installation process, improves the safety of Profile data downloading.
From describing provided herein, further applicability region will become obvious.Description in this summary and
Specific examples are intended merely to the purpose of signal, are not intended to limit the scope of the present disclosure.
Detailed description of the invention
Attached drawing described here is intended merely to the purpose of the signal of selected embodiment and not all possible implementation, and not
It is intended to limit the scope of the present disclosure.In the accompanying drawings:
Fig. 1 is the data transmission system schematic diagram in eSIM Remote configuration;
Fig. 2 is the data transmission method flow chart in eSIM Remote configuration.
Although the disclosure is subjected to various modifications and alternative forms, its specific embodiment is as an example in attached drawing
In show, and be described in detail here.It should be understood, however, that being not intended to the description of specific embodiment by this public affairs at this
Open and be restricted to disclosed concrete form, but on the contrary, disclosure purpose be intended to cover fall in spirit and scope of the present disclosure it
Interior all modifications, equivalent and replacement.It should be noted that running through several attached drawings, corresponding label indicates corresponding component.
Specific embodiment
It is described more fully the example of the disclosure referring now to the drawings.It is described below and is merely exemplary in nature,
It is not intended to limit the disclosure, application or purposes.
Example embodiment is provided, so that the disclosure will become detailed, and will be abundant to those skilled in the art
Convey its range in ground.The example of numerous specific details such as particular elements, device and method is elaborated, to provide to the disclosure
The detailed understanding of embodiment.To those skilled in the art, it does not need using specific details, example embodiment can be used
Many different forms are implemented, they shall not be interpreted to limit the scope of the present disclosure.In some example embodiments,
Well-known process, well-known structure and widely-known technique are not described in detail.
Below will be proposed to present disclosure the technical issues of, is described in detail.It should be noted that, the technical problem
It is merely exemplary, the application being not intended to limit the present invention.
The present invention also provides the data transmission systems in a kind of eSIM Remote configuration.
As shown in Figure 1, the system includes first terminal, second terminal, Profile download server, Profile management clothes
Business device, encryption equipment 1 and encryption equipment 2.
Wherein, first terminal user requests the downloading of Profile data, and receives Profile download server by second
The Profile data that terminal is sent, and eSIM card is written.The first terminal includes eSIM card, downloading request module, key life
At module, deciphering module.
The eSIM card is used for Profile data management.
The downloading request module is used for the instruction that input according to user, generates Profile downloading and requests, and is sent to the
Two terminals.
The key production module is sent to Profile downloading for generating a pair of disposable public private key pair, and by public key
Server, while storing private key.
The deciphering module is used to receive the ciphertext and public key that Profile download server is sent by second terminal, and
After ciphertext is decrypted using private key, corresponding Profile data are obtained.
Second terminal is used to authenticate first terminal when first terminal requests downloading Profile data.
The Profile download information and second terminal that Profile download server is used to be sent according to first terminal are sent
Authentication information, obtain Profile ciphertext, and be sent to first terminal.
Profile management server is stored and is arranged for Profile data.
Encryption equipment 1 encrypts in plain text for generating PPK key, and to PPK key and Profile, obtains PPK ciphertext 1
With Profile ciphertext, and it is sent to Profile download server.
Encryption equipment 2 receives the PPK of Profile download server transmission for generating the disposable public private key pair of another pair
PPK ciphertext 2 and DPot public key are then sent to Profile download server by ciphertext 1 and public key, and the PPK ciphertext 2 is by PPK
The processing of ciphertext 1 obtains.
The following detailed description of the interactive mode of equipment each in above system.
When first terminal needs to download Profile, downloading request module therein generates Profile downloading request, concurrently
It is sent to second terminal.It wherein, include Profile download information in the downloading request.
ESIM card is set in the first terminal, the second terminal is trusted third party's equipment, provides verifying and communication
Equal background services.
After second terminal receives downloading request, Profile download information is obtained, and according to download information to first terminal
Request the authentication information of eSIM card.The authentication information can be the personal identification number of current eSIM card.
After first terminal receives the solicited message of second terminal transmission, downloading request module receives the current of user's input
The personal identification number of eSIM card, and it is sent to second terminal.
After second terminal receives the personal identification number of current eSIM card, it is pre- that the machine is obtained by Profile download information
The personal identification number deposited, and the personal identification number of the current eSIM card received is compared with the personal identification number prestored,
If the two is identical, the identity that the second terminal verifies the first terminal is legal, and Xiang Suoshu first terminal sends response and disappears
Breath;If the two is different, authentication error message is sent to the first terminal.
If the authentication information, by verifying, second terminal, will when monitoring Profile downloading confirmation instruction
The Profile download information and the authentication information are sent to Profile download server, and then, second terminal connects
The Profile data that the Profile download server returns are received, and the Profile data are sent to described first eventually
End, so that the Profile data are written in eSIM card the first terminal.
Specifically:
Profile is sent to encryption equipment 1 by Profile download server in plain text.
1 internal random of encryption equipment generates a PPK key, in plain text using PPK key encryption Profile, uses server
Transmit public key encryption PPK key obtain PPK ciphertext 1, encryption equipment 1 to Profile download server output Profile ciphertext and
PPK ciphertext 1.
Profile ciphertext and PPK ciphertext 1 are sent to Profile management server by Profile download server, storage
In the database of Profile management server, due to only having encryption equipment 2 that could decrypt Profile ciphertext, as long as encryption
Machine 2 is safe, Profile storage exactly safety.
In order to realize forward secrecy, in downloading process, SIM card hardware (eUICC) i.e. needs between eSIM and encryption equipment 2
Will be by one disposable session key of ECKA negotiating algorithm, the session key is for encrypting PPK.
When first terminal request downloading Profile, key production module therein generates a pair of disposable public private key pair:
EUICCot public key, eUICCot private key, private key are stored in the key production module, and public key are sent under Profile
Carry server.
PPK ciphertext 1, eUICCot public key are sent to encryption equipment 2 by Profile download server.
Encryption equipment 2 generates the disposable public private key pair of another pair: DPot public key and DPot private key, and then, encryption equipment 2 uses
Session key is calculated in DPot private key and eUICCot public key, and obtains PPK using server transport private key decryption PPK ciphertext 1
In plain text.
Encryption equipment 2 obtains PPK ciphertext 2 using session key encryption PPK in plain text, and encryption equipment is by PPK ciphertext 2 and DPot public key
It is sent to Profile download server
Profile ciphertext, PPK ciphertext 2 and DPot public key are forwarded to by second terminal by Profile download server
One terminal.
After first terminal receives ciphertext and the public key of the transmission of Profile download server, deciphering module difference therein
After PPK ciphertext 2 and Profile ciphertext are decrypted, corresponding Profile data are obtained, and the Profile data are write
Enter in eSIM card.
Specifically: first terminal receive the Profile ciphertext that Profile download server sent by second terminal,
After PPK ciphertext 2 and DPot public key, decruption key that the deciphering module is calculated using DPot public key and eUICCot private key
PPK ciphertext 2 is decrypted, PPK key is obtained, then, the deciphering module is carried out using PPK key pair Profile ciphertext
Decryption, finally obtains Profile data.
Obtained Profile data are written in eSIM card first terminal, form new eSIM card.
The present invention also provides the data transmission methods in a kind of eSIM Remote configuration.
As shown in Fig. 2, this method comprises the following steps:
Step 1, when receiving Profile download information, to the authentication information of first terminal request eSIM card, and
Verify the authentication information.
Specifically: when first terminal needs to download Profile, Profile downloading request is generated, and be sent to second eventually
End.
It wherein, include Profile download information in the downloading request.
ESIM card is set in the first terminal, the second terminal is trusted third party's equipment, provides verifying and communication
Equal background services.
After second terminal receives downloading request, Profile download information is obtained, and whole to first according to download information
The authentication information of end request eSIM card.The authentication information can be the personal identification number of current eSIM card.
The personal identification number of the current eSIM card of user's input is received on first terminal, and is sent to second terminal.
After second terminal receives the personal identification number of current eSIM card, the machine is obtained by Profile download information
The personal identification number prestored, and the personal identification number of the current eSIM card received is compared with the personal identification number prestored
Compared with if the two is identical, the identity that the second terminal verifies the first terminal is legal, and Xiang Suoshu first terminal sends response
Message;If the two is different, authentication error message is sent to the first terminal.
Step 2, if the authentication information is by verifying, when monitoring Profile downloading confirmation instruction, by institute
It states Profile download information and the authentication information is sent to Profile download server, then, second terminal receives
The Profile data that the Profile download server returns, and the Profile data are sent to the first terminal,
So that the Profile data are written in eSIM card the first terminal.
Specifically:
Profile is sent to encryption equipment 1 by step 21, Profile download server in plain text.
Step 22,1 internal random of encryption equipment generate a PPK key, in plain text using PPK key encryption Profile, use
Server transport public key encryption PPK key obtains PPK ciphertext 1, and encryption equipment 1 is close to Profile download server output Profile
Text and PPK ciphertext 1.
Profile ciphertext and PPK ciphertext 1 are sent to Profile management service by step 23, Profile download server
Device is stored in the database of Profile management server, due to only having encryption equipment 2 that could decrypt Profile ciphertext,
As long as encryption equipment 2 is safe, Profile storage exactly safety.
In order to realize forward secrecy, in downloading process, SIM card hardware (eUICC) i.e. needs between eSIM and encryption equipment 2
Will be by one disposable session key of ECKA negotiating algorithm, the session key is for encrypting PPK.
When step 24, first terminal request downloading Profile, a pair of disposable public private key pair of generation: eUICCot public key,
EUICCot private key, private key are stored in first terminal, and public key is sent to Profile download server.
PPK ciphertext 1, eUICCot public key are sent to encryption equipment 2 by step 25, Profile download server.
Step 26, encryption equipment 2 generate the disposable public private key pair of another pair: DPot public key and DPot private key, use DPot private
Session key is calculated in key and eUICCot public key, and encryption equipment 2 obtains PPK using server transport private key decryption PPK ciphertext 1
In plain text, it reuses session key encryption PPK and obtains PPK ciphertext 2 in plain text, PPK ciphertext 2 and DPot public key are sent to by encryption equipment
Profile download server.
Profile ciphertext, PPK ciphertext 2 and DPot public key are passed through second terminal by step 27, Profile download server
It is forwarded to first terminal.
Step 3, right respectively after first terminal receives the PPK ciphertext 2 and public key of Profile download server transmission
After PPK ciphertext 2 and Profile ciphertext are decrypted, corresponding Profile data are obtained, and the Profile data are written
In eSIM card.
Specifically: when to receive the Profile that Profile download server is sent by second terminal close for first terminal
After text, PPK ciphertext 2 and DPot public key, the decruption key being calculated using DPot public key and eUICCot private key is to PPK ciphertext 2
It is decrypted, obtains PPK key, then, be decrypted using PPK key pair Profile ciphertext, finally obtain Profile number
According to.
Obtained Profile data are written in eSIM card, new eSIM card is formed.
Preferred embodiment of the present disclosure is described above by reference to attached drawing, but the disclosure is certainly not limited to above example.This
Field technical staff can obtain various changes and modifications within the scope of the appended claims, and should be understood that these changes and repair
Changing nature will fall into scope of the presently disclosed technology.
For example, can be realized in the embodiment above by the device separated including multiple functions in a unit.
As an alternative, the multiple functions of being realized in the embodiment above by multiple units can be realized by the device separated respectively.In addition, with
One of upper function can be realized by multiple units.Needless to say, such configuration includes in scope of the presently disclosed technology.
In this specification, described in flow chart the step of not only includes the place executed in temporal sequence with the sequence
Reason, and including concurrently or individually rather than the processing that must execute in temporal sequence.In addition, even in temporal sequence
In the step of processing, needless to say, the sequence can also be suitably changed.
Although embodiment of the disclosure is described in detail in conjunction with attached drawing above, it is to be understood that reality described above
The mode of applying is only intended to illustrate the disclosure, and does not constitute the limitation to the disclosure.For those skilled in the art, may be used
To make various changes and modifications the spirit and scope without departing from the disclosure to above embodiment.Therefore, the disclosure
Range is only limited by the attached claims and its equivalents.
Claims (10)
1. the data transmission system in a kind of eSIM Remote configuration, which includes under first terminal, second terminal, Profile
Carry server, encryption equipment 1 and encryption equipment 2;
Wherein, first terminal user requests the downloading of Profile data, and receives Profile download server and pass through second terminal
The Profile data of transmission, and eSIM card is written;
Second terminal is used to authenticate first terminal when first terminal requests downloading Profile data;
The body that the Profile download information and second terminal that Profile download server is used to be sent according to first terminal are sent
Part authentication information, obtains Profile ciphertext, and be sent to first terminal;
Encryption equipment 1 encrypts in plain text for generating PPK key, and to PPK key and Profile, obtains 1 He of PPK ciphertext
Profile ciphertext, and it is sent to Profile download server;
Encryption equipment 2 receives the PPK ciphertext 1 of Profile download server transmission for generating the disposable public private key pair of another pair
And PPK ciphertext 2 and DPot public key are then sent to Profile download server by public key, the PPK ciphertext 2 is by PPK ciphertext 1
Processing obtains.
2. system according to claim 1, which is characterized in that the first terminal further comprises eSIM card, downloading request
Module, key production module, deciphering module;
The eSIM card is used for Profile data management;
The instruction that the downloading request module is used to be inputted according to user generates Profile downloading request, and is sent to second eventually
End;
The key production module sends Profile download service for public key for generating a pair of disposable public private key pair
Device, while storing private key;
The deciphering module is used to receive the ciphertext and public key that Profile download server is sent by second terminal, and utilizes
After ciphertext is decrypted in private key, corresponding Profile data are obtained.
3. system according to claim 1, which is characterized in that encryption equipment 2 is specifically used for: using DPot private key and eUICCot
Session key is calculated in public key, and obtains PPK in plain text using server transport private key decryption PPK ciphertext 1, then, uses meeting
It talks about key encryption PPK and obtains PPK ciphertext 2 in plain text.
4. system according to claim 2, which is characterized in that wherein the deciphering module is specifically used for: utilizing DPot public key
PPK ciphertext 2 is decrypted in the decruption key being calculated with eUICCot private key, obtains PPK key, then, close using PPK
Profile ciphertext is decrypted in key, finally obtains Profile data.
5. system according to claim 1, which is characterized in that eSIM card, the second terminal is arranged in the first terminal
For trusted third party's equipment, verifying and communication background service are provided.
6. the data transmission method in a kind of eSIM Remote configuration, this method comprises the following steps:
Step 1, it when receiving Profile download information, to the authentication information of first terminal request eSIM card, receives simultaneously
Verify the authentication information;
Step 2, if the authentication information will be described when monitoring Profile downloading confirmation instruction by verifying
Profile download information and the authentication information are sent to Profile download server, and then, second terminal receives institute
The Profile data of Profile download server return are stated, and the Profile data are sent to first terminal, for institute
It states first terminal the Profile data are written in eSIM card;
The step 2 specifically:
Profile is sent to encryption equipment 1 by step 21, Profile download server in plain text;
Step 22,1 internal random of encryption equipment generate a PPK key, in plain text using PPK key encryption Profile, use service
Device transmit public key encryption PPK key obtain PPK ciphertext 1, encryption equipment 1 to Profile download server output Profile ciphertext and
PPK ciphertext 1;
Profile ciphertext and PPK ciphertext 1 are sent to Profile management server by step 23, Profile download server, are deposited
Storage is in the database of Profile management server;
Step 3, close to PPK respectively after first terminal receives the PPK ciphertext 2 and public key of Profile download server transmission
After text 2 and Profile ciphertext is decrypted, corresponding Profile data are obtained, and eSIM is written into the Profile data
In card.
7. method according to claim 6, which is characterized in that the step 2 further include:
When step 24, first terminal request downloading Profile, a pair of disposable public private key pair of generation: eUICCot public key,
EUICCot private key, private key are stored in first terminal, and public key is sent to Profile download server;
PPK ciphertext 1, eUICCot public key are sent to encryption equipment 2 by step 25, Profile download server;
Step 26, encryption equipment 2 generate the disposable public private key pair of another pair: DPot public key and DPot private key, and by 2 He of PPK ciphertext
DPot public key is sent to Profile download server;
Step 27, Profile download server forward Profile ciphertext, PPK ciphertext 2 and DPot public key by second terminal
To first terminal.
8. method according to claim 7, which is characterized in that the step 26 specifically: use DPot private key and eUICCot
Session key is calculated in public key, and obtains PPK in plain text using server transport private key decryption PPK ciphertext 1, then, uses meeting
It talks about key encryption PPK and obtains PPK ciphertext 2 in plain text.
9. method according to claim 6, which is characterized in that the step 3 specifically: utilize DPot public key and eUICCot
PPK ciphertext 2 is decrypted in the decruption key that private key is calculated, and obtains PPK key, then, utilizes PPK key pair
Profile ciphertext is decrypted, and finally obtains Profile data.
10. method according to claim 6, which is characterized in that eSIM card is arranged in the first terminal, second terminal is can
Believe third party device, verifying and communication background service are provided.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910862614.3A CN110505619B (en) | 2019-09-12 | 2019-09-12 | Data transmission method in eSIM remote configuration |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910862614.3A CN110505619B (en) | 2019-09-12 | 2019-09-12 | Data transmission method in eSIM remote configuration |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110505619A true CN110505619A (en) | 2019-11-26 |
| CN110505619B CN110505619B (en) | 2022-04-01 |
Family
ID=68591779
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910862614.3A Active CN110505619B (en) | 2019-09-12 | 2019-09-12 | Data transmission method in eSIM remote configuration |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110505619B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111314904A (en) * | 2020-02-17 | 2020-06-19 | 深圳杰睿联科技有限公司 | Method and system for activating eSIM (embedded subscriber identity Module) equipment |
| CN113785547A (en) * | 2020-12-30 | 2021-12-10 | 深圳杰睿联科技有限公司 | Security transmission method of Profile data and corresponding device |
| CN114786168A (en) * | 2021-12-10 | 2022-07-22 | 国网电力科学研究院有限公司 | Encryption ESIM module and 5G module suitable for power service |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150121495A1 (en) * | 2012-10-15 | 2015-04-30 | Huawei Device Co., Ltd. | Method and Device for Switching Subscription Manager-Secure Routing Device |
| US20160302061A1 (en) * | 2015-04-08 | 2016-10-13 | Samsung Electronics Co., Ltd. | Method and apparatus for downloading a profile in a wireless communication system |
| CN106162602A (en) * | 2014-08-14 | 2016-11-23 | 三星电子株式会社 | The method and apparatus downloaded for the configuration file of group device |
| CN106537961A (en) * | 2014-07-17 | 2017-03-22 | 三星电子株式会社 | Method and device for installing profile of eUICC |
| CN107623908A (en) * | 2016-07-15 | 2018-01-23 | 中国移动通信有限公司研究院 | A kind of hair fastener method and subscriber identification module card |
| CN107809411A (en) * | 2016-09-09 | 2018-03-16 | 华为技术有限公司 | Authentication method, terminal device, server and the network authentication entity of mobile network |
| US20180351945A1 (en) * | 2017-05-31 | 2018-12-06 | Apple Inc. | ELECTRONIC SUBSCRIBER IDENTITY MODULE (eSIM) INSTALLATION AND TESTING |
| CN109257740A (en) * | 2018-09-27 | 2019-01-22 | 努比亚技术有限公司 | Profile method for down loading, mobile terminal and readable storage medium storing program for executing |
| CN109417545A (en) * | 2016-06-24 | 2019-03-01 | 奥兰治 | For downloading the technology of network insertion profile |
| CN109756447A (en) * | 2017-11-01 | 2019-05-14 | 华为技术有限公司 | A kind of safety certifying method and relevant device |
-
2019
- 2019-09-12 CN CN201910862614.3A patent/CN110505619B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150121495A1 (en) * | 2012-10-15 | 2015-04-30 | Huawei Device Co., Ltd. | Method and Device for Switching Subscription Manager-Secure Routing Device |
| CN106537961A (en) * | 2014-07-17 | 2017-03-22 | 三星电子株式会社 | Method and device for installing profile of eUICC |
| CN106162602A (en) * | 2014-08-14 | 2016-11-23 | 三星电子株式会社 | The method and apparatus downloaded for the configuration file of group device |
| US20160302061A1 (en) * | 2015-04-08 | 2016-10-13 | Samsung Electronics Co., Ltd. | Method and apparatus for downloading a profile in a wireless communication system |
| CN109417545A (en) * | 2016-06-24 | 2019-03-01 | 奥兰治 | For downloading the technology of network insertion profile |
| CN107623908A (en) * | 2016-07-15 | 2018-01-23 | 中国移动通信有限公司研究院 | A kind of hair fastener method and subscriber identification module card |
| CN107809411A (en) * | 2016-09-09 | 2018-03-16 | 华为技术有限公司 | Authentication method, terminal device, server and the network authentication entity of mobile network |
| US20180351945A1 (en) * | 2017-05-31 | 2018-12-06 | Apple Inc. | ELECTRONIC SUBSCRIBER IDENTITY MODULE (eSIM) INSTALLATION AND TESTING |
| CN109756447A (en) * | 2017-11-01 | 2019-05-14 | 华为技术有限公司 | A kind of safety certifying method and relevant device |
| CN109257740A (en) * | 2018-09-27 | 2019-01-22 | 努比亚技术有限公司 | Profile method for down loading, mobile terminal and readable storage medium storing program for executing |
Non-Patent Citations (2)
| Title |
|---|
| A.VESSELKOV等: "Value networks of embedded SIM-based remote subscription management", 《2015 CONFERENCE OF TELECOMMUNICATION, MEDIA AND INTERNET TECHNO-ECONOMICS (CTTE)》 * |
| 仇剑书等: "eSIM安全性分析及实现方案研究", 《互联网天地》 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111314904A (en) * | 2020-02-17 | 2020-06-19 | 深圳杰睿联科技有限公司 | Method and system for activating eSIM (embedded subscriber identity Module) equipment |
| CN113785547A (en) * | 2020-12-30 | 2021-12-10 | 深圳杰睿联科技有限公司 | Security transmission method of Profile data and corresponding device |
| CN114786168A (en) * | 2021-12-10 | 2022-07-22 | 国网电力科学研究院有限公司 | Encryption ESIM module and 5G module suitable for power service |
| CN114786168B (en) * | 2021-12-10 | 2023-10-20 | 国网电力科学研究院有限公司 | Encryption ESIM module and 5G module suitable for power business |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110505619B (en) | 2022-04-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10003965B2 (en) | Subscriber profile transfer method, subscriber profile transfer system, and user equipment | |
| CN108028758B (en) | Method and apparatus for downloading profiles in a communication system | |
| US8578153B2 (en) | Method and arrangement for provisioning and managing a device | |
| CN110881184B (en) | Communication method and device | |
| US7395050B2 (en) | Method and system for authenticating user of data transfer device | |
| CN102137397B (en) | Authentication method based on shared group key in machine type communication (MTC) | |
| CN107241339B (en) | Identity authentication method, identity authentication device and storage medium | |
| KR20160124648A (en) | Method and apparatus for downloading and installing a profile | |
| KR20000062153A (en) | Efficient authentication with key update | |
| KR20190004499A (en) | Apparatus and methods for esim device and server to negociate digital certificates | |
| CN110505619A (en) | A kind of data transmission method in eSIM Remote configuration | |
| KR20180093333A (en) | Apparatus and Methods for Access Control on eSIM | |
| CN102143492B (en) | Method for establishing virtual private network (VPN) connection, mobile terminal and server | |
| KR20190062063A (en) | Apparatus and method for managing events in communication system | |
| CN113613227B (en) | Data transmission method and device of Bluetooth equipment, storage medium and electronic device | |
| CN103152326A (en) | Distributed authentication method and authentication system | |
| KR20200101257A (en) | Method and apparatus for device change in mobile communication system | |
| CN111357305B (en) | Communication method, equipment, system and storage medium of movable platform | |
| KR101500118B1 (en) | Data sharing method and data sharing system | |
| CN111770496B (en) | 5G-AKA authentication method, unified data management network element and user equipment | |
| CN110830243B (en) | Symmetric key distribution method, device, vehicle and storage medium | |
| CN101990203B (en) | Key agreement method, device and system based on universal self-initializing architecture | |
| KR20190050949A (en) | Method and apparatus of constructing secure infra-structure for using embedded universal integrated circuit card | |
| CN114158046B (en) | Method and device for realizing one-key login service | |
| CN110234110B (en) | Automatic switching method for mobile network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: 801, 8 / F, building 4a, international R & D headquarters park, 68 Olympic street, Jianye District, Nanjing City, Jiangsu Province 210019 Applicant after: JIANGSU HENGBAO INTELLIGENT SYSTEM TECHNOLOGY Co.,Ltd. Address before: 212355 Hengtang Industrial Zone, Yunyang Town, Danyang City, Zhenjiang City, Jiangsu Province Applicant before: JIANGSU HENGBAO INTELLIGENT SYSTEM TECHNOLOGY Co.,Ltd. |
|
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20220310 Address after: 212355 Hengtang Industrial Zone, Danyang City, Zhenjiang City, Jiangsu Province Applicant after: HENGBAO Corp. Address before: 801, 8 / F, building 4a, international R & D headquarters park, 68 Olympic street, Jianye District, Nanjing City, Jiangsu Province 210019 Applicant before: JIANGSU HENGBAO INTELLIGENT SYSTEM TECHNOLOGY Co.,Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |