CN111356124B - eSIM activation method, system and computer readable storage medium - Google Patents
eSIM activation method, system and computer readable storage medium Download PDFInfo
- Publication number
- CN111356124B CN111356124B CN202010097063.9A CN202010097063A CN111356124B CN 111356124 B CN111356124 B CN 111356124B CN 202010097063 A CN202010097063 A CN 202010097063A CN 111356124 B CN111356124 B CN 111356124B
- Authority
- CN
- China
- Prior art keywords
- information
- esim
- terminal
- management platform
- activation code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/18—Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
- H04W8/20—Transfer of user or subscriber data
- H04W8/205—Transfer to or from user equipment or user record carrier
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
Abstract
The invention mainly discloses an eSIM activation method and a system, wherein the eSIM activation method comprises the following steps: the eSIM terminal calls eUICC data information; sending eUICC data information to a main terminal; and the connection management platform in communication connection with the eSIM terminal verifies the validity of the information of the main terminal, and if the verification result is positive, the main terminal uses the eUICC to order the service to the resource management platform, receives the returned activation code, encrypts the activation code and forwards the encrypted activation code to the eSIM terminal through the connection management platform, and the eSIM terminal decrypts the activation code to obtain the activation code, downloads and installs the card resource and completes activation. The invention verifies the eUICC data information by the connection management platform before reporting the eUICC data information, thereby ensuring the legality of important information such as EID and the like. The invention also ensures the safety of the information by methods of forwarding the activation code, encrypting the activation code and the like through the connection management platform.
Description
Technical Field
The invention relates to the technical field of eSIM management, in particular to an eSIM activation method, an eSIM activation system, an information verification method for eSIM resource ordering, an activation code forwarding method for eSIM resource ordering, a computer-readable storage medium and electronic equipment.
Background
The eSIM means a technology in which a conventional physical SIM card is replaced by software without using a conventional pluggable SIM card, thereby enabling the mobile terminal to be connected to a cellular network without using the pluggable SIM card. The eSIM technology is particularly valuable in outbound data services, and a user can use a mobile intelligent terminal supporting eSIM to download and activate SIM data (i.e., operator profile) of a local operator after outbound, thereby avoiding high roaming charges between operators.
The GSMA defines an eSIM remote management technology based on an embedded UICC (eUICC for short), and can download a Profile (Profile) to the eUICC through an SM-DP + platform. As shown in fig. 1, the eUICC is an independent hardware on the terminal, is a carrier for finally downloading an eSIM profile, and is used as an SIM card after being downloaded and activated; the LPA (local profile identifier) is a terminal software module and is responsible for carrying out network communication with the SM-DP + and carrying out local communication with the eUICC, establishing a secure channel between the SM-DP + and the eUICC and finishing downloading and local management of profile data; ES10+ is a communication interface between the LPA and the eUICC, for transmitting an encryption profile; the ES8+ provides an end-to-end secure channel from the SM-DP + to the eUICC, and downloads and installs operator data in the eUICC at the server side; the ISO-7816 interface is a direct communication interface between the baseband chip and the eUICC, and is used for transmitting and processing data interaction between all the baseband chips and the SIM card, and the existing mobile terminal is the same.
The eSIM technology is commonly used in mobile equipment such as intelligent wearable equipment, on one hand, the pluggable card is no longer used to meet the physical property requirements of the wearable equipment on equipment volume, endurance, vibration and the like, on the other hand, the experience of the user for activation on demand can be met, and the eSIM terminal is required to be matched with the main terminal to complete the activation of the equipment. In the prior art, because terminal identifiers (such as EIDs) relate to users and terminal privacy data, information leakage may be caused by directly transmitting the terminal identifiers; similarly, when the downloading of the card resources is triggered, the information security is considered, and the main terminal is not allowed to directly send the activation code to the LPA of the eSIM terminal to be activated to trigger the standard downloading flow. In addition, the eSIM terminal to be activated generally needs to be bound with the main terminal through bluetooth, which clearly limits the use distance between the two terminals, and the information of the near field communication has higher theft risk.
Disclosure of Invention
In view of the problems in the prior art, the present invention is directed to provide an eSIM activation method and system, an eSIM resource subscription information verification method, an eSIM resource subscription activation code forwarding method, a computer-readable storage medium, and an electronic device.
Specifically, the invention discloses an eSIM activation method, which comprises the following steps:
an eSIM terminal at a user side calls eUICC data information;
the eSIM terminal establishes communication connection with a connection management platform, generates/acquires encryption rule information, and sends the encryption rule information and the eUICC data information to the connection management platform;
the eSIM terminal encrypts the eUICC data information according to the encryption rule information to obtain verification information;
a main terminal at a user side acquires the eUICC data information and the verification information;
the main terminal reports the eUICC data information and the verification information to the connection management platform;
the main terminal receives the data sent by the connection management platform: verification result information used for reflecting the validity of the eUICC data information received by the main terminal; the verification result information is obtained by verifying the connection management platform according to the eUICC data information, the verification information and the encryption rule information;
if the verification result information is legal, the main terminal uses the eUICC data information to order card resources from a resource management platform;
the main terminal receives the activation code sent by the resource management platform and uploads the activation code to the connection management platform;
the eSIM terminal receives an activation code issued by the connection management platform;
and the eSIM terminal downloads the card resource by using the activation code and installs the card resource to complete activation.
Further, the establishing of the communication connection between the eSIM terminal and the connection management platform includes:
establishing a temporary network through a seed card preset in the eSIM terminal;
and the eSIM terminal establishes communication connection with the connection management platform through the temporary network.
Further, the eSIM terminal generating/obtaining encryption rule information and sending the encryption rule information and the eUICC data information to the connection management platform includes:
the eSIM terminal generates a key pair and sends a public key in the key pair and the eUICC data information to the connection management platform;
the eSIM terminal encrypts the eUICC data information according to the encryption rule information to obtain verification information, and the verification information comprises the following steps:
the eSIM terminal signs the eUICC data according to a private key in the key pair to obtain verification information;
in the eSIM activation method, the verification result information is obtained by the connection management platform through signature verification according to the eUICC data information, the eUICC data information encrypted by the private key and the public key.
Further, the public key and the private key have a limited age.
Further, after the eSIM terminal encrypts the eUICC data information according to the encryption rule information to obtain verification information, the method further includes:
the eSIM terminal generates a two-dimensional code according to the eUICC data information and the verification information;
the step of obtaining the eUICC data information and the verification information by the main terminal of the user side comprises the following steps:
and the main terminal obtains the eUICC data information and the verification information by scanning the two-dimensional code.
Further, the receiving, by the master terminal, the activation code sent by the resource management platform and uploading the activation code to the connection management platform includes:
the main terminal receives the activation code sent by the resource management platform, acquires and encrypts the activation code by using the encryption rule information to obtain an encrypted activation code; the main terminal uploads the encrypted activation code to the connection management platform;
the receiving, by the eSIM terminal, the activation code issued by the connection management platform includes:
and the eSIM terminal receives the encrypted activation code and decrypts the encrypted activation code by using the encryption rule information to obtain the activation code.
Further, in this method, the eUICC data information at least includes: and (7) EID.
The invention also discloses an information verification method for eSIM resource ordering, which is executed on a connection management platform and comprises the following steps:
establishing communication connection with an eSIM terminal;
acquiring eUICC data information and encryption rule information sent by the eSIM terminal;
acquiring the eUICC data information and the verification information sent by a main terminal, wherein the verification information is obtained by encrypting the eUICC data information by using the encryption rule information;
verifying according to the eUICC data information, the verification information and the encryption rule information to obtain verification result information;
and feeding back the verification result information to the main terminal.
Further, the establishing of the communication connection with the eSIM terminal includes:
the connection management platform establishes communication connection with the eSIM terminal through a temporary network established by a seed card preset in the eSIM terminal.
Further, the acquiring eUICC data information and encryption rule information sent by the eSIM terminal includes:
acquiring eUICC data information sent by an eSIM terminal and a public key in a key pair, wherein the key pair is generated/acquired by the eSIM terminal;
in the information verification method, the verification information acquired from the main terminal is sent to the main terminal after the eSIM terminal encrypts the eUICC data information by using a private key of the key pair.
The invention also discloses an activation code forwarding method for eSIM resource ordering, which is executed on a connection management platform and comprises the following steps:
after a main terminal receives an activation code sent by a resource management platform, acquiring the activation code uploaded by the main terminal;
and sending the activation code to an eSIM terminal so that the eSIM terminal can download card resources by using the activation code.
Further, after the master terminal receives the activation code sent by the resource management platform, acquiring the activation code uploaded by the master terminal includes:
after the master terminal receives and encrypts the activation code sent by the resource management platform, acquiring an encrypted activation code uploaded by the master terminal;
the sending the activation code to the eSIM terminal includes:
and sending the encrypted activation code to an eSIM terminal, so that the eSIM terminal can download the card resource by using the activation code after decrypting the encrypted activation code.
The invention also discloses an eSIM activation system, which comprises: the system comprises an eSIM terminal at a user side, a main terminal, a connection management platform at a platform side and a resource management platform;
wherein the eSIM terminal is configured to:
calling eUICC data information;
establishing communication connection with the connection management platform;
generating/acquiring encryption rule information;
sending the encryption rule information and the eUICC data information to the connection management platform;
encrypting the eUICC data information according to the encryption rule information to obtain verification information;
receiving an activation code issued by the connection management platform;
downloading a card resource by using the activation code, and installing the card resource to complete activation;
the main terminal is used for:
acquiring the eUICC data information and the verification information;
reporting the eUICC data information and the verification information to the connection management platform;
if the verification result information is legal, ordering the card resource to a resource management platform by using the eUICC data information;
receiving the activation code sent by the resource management platform and uploading the activation code to the connection management platform;
the connection management platform is used for:
verifying according to the eUICC data information, the verification information and the encryption rule information to obtain verification result information, wherein the verification result information is used for reflecting the legality of the eUICC data information received by the main terminal;
and sending the verification result information to the main terminal.
Further, the eSIM terminal is specifically configured to:
and establishing communication connection with the connection management platform through a temporary network established by a preset seed card.
Further, the eSIM terminal is specifically configured to:
generating a key pair, and sending a public key in the key pair and the eUICC data information to the connection management platform;
signing the eUICC data according to a private key in the key pair to obtain verification information;
the connection management platform is used for:
and performing signature verification according to the eUICC data information, the eUICC data information encrypted by the private key and the public key to obtain verification result information.
Further, the eSIM terminal is specifically configured to:
a key pair with a limited age is generated.
Further, the eSIM terminal is further configured to:
after the verification information is obtained, generating a two-dimensional code according to the eUICC data information and the verification information;
the main terminal is specifically configured to:
and scanning the two-dimensional code to obtain the eUICC data information and the verification information.
Further, the master terminal is specifically configured to:
receiving an activation code sent by the resource management platform, and acquiring and encrypting the activation code by using the encryption rule information to obtain an encrypted activation code;
uploading the encrypted activation code to the connection management platform;
the eSIM terminal is specifically configured to:
and decrypting the encrypted activation code by using the encryption rule information to obtain the activation code.
The invention also discloses a computer readable storage medium, which stores a computer program for executing the method of any of the above embodiments.
The invention also discloses an electronic device, comprising:
a processor;
a memory for storing the processor-executable instructions;
the processor is configured to read the executable instructions from the memory and execute the instructions to implement the method according to any of the embodiments.
The invention has at least the following beneficial effects:
based on the technical standard of SGP.21/22 which is widely used in the field of consumer electronics at present, the invention defines a set of safe and convenient-to-use eSIM terminal activation process. Before using the eUICC to report, the connection management platform is used for verifying, so that the legality of important information such as EID (electronic equipment identification) is ensured. The invention also ensures the safety of the information by methods of forwarding the activation code, encrypting the activation code and the like through the connection management platform.
Additional features and advantages of the invention will be set forth in the detailed description which follows.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate an embodiment of the invention and, together with the description, serve to explain the invention and not to limit the invention.
In the drawings:
FIG. 1 is a prior art architecture diagram of GSMA eSIM;
fig. 2 is a flowchart of an eSIM terminal activation method according to an embodiment of the present invention;
fig. 3 is a system configuration diagram of an eSIM terminal activation system according to an embodiment of the present invention;
fig. 4 is a timing diagram illustrating an eSIM activation by the eSIM terminal activation system according to the embodiment of the present invention.
Detailed Description
The following detailed description of embodiments of the invention refers to the accompanying drawings. It should be understood that the detailed description and specific examples, while indicating embodiments of the invention, are given by way of illustration and explanation only, not limitation.
As shown in fig. 2 and fig. 3, the present invention discloses an eSIM activation method, which takes an eSIM terminal to be activated as a main executive end and completes activation through cooperation with other ends, and specifically includes the following steps:
(1) the eSIM terminal and the connection management platform are connected in a communication manner, which may include near field communication (such as bluetooth) and remote communication (WIFI, cellular network, etc.). The connection management platform is an Internet of things platform, can be built according to requirements, and can also adopt a commercial Internet of things platform which is open in the existing market. The eSIM terminal to be activated may be a mobile phone, an intelligent wearable device, or the like. It should be noted that this step may be completed first, or may be completed before the corresponding data transmission/interaction is required.
(2) And calling the eUICC data information and encrypting to obtain verification information. As shown in fig. 1, eUICC data information is generally stored in an eUICC, and specifically may include data representing user or device information, such as an EID, an IMEI code, and the like, which may be called by an LPA (local file allocation unit), and in addition, encryption may be performed by the LPA of the eSIM terminal or other existing processing module, and a specific encryption manner may employ an encryption manner, such as key encryption, to obtain verification information (e.g., a signature, and the like), where the verification information is used to verify the validity of the eUICC data information.
(3) And transmitting the eUICC data information and the verification information to a main terminal. The main terminal is preferably a mobile terminal such as a mobile phone and a tablet computer which are common in daily life, and the mobile terminals generally have functions of data processing, transmission, storage, networking, photographing and the like. And after receiving the eUICC data information, the main terminal decrypts the eUICC data information to obtain a plaintext of the eUICC data information and uses the plaintext to order card resources to a resource management platform, and the order information, EID and the like of a user are specifically required to be reported. According to the characteristics of the mobile terminal itself, a suitable specific manner for delivering the encrypted eUICC data information can be selected, including but not limited to: bluetooth connection transfer, transfer within a local area network, connection ethernet transfer, etc.
(4) Verifying the validity of eUICC data information received by a main terminal, wherein the eUICC data information received by the main terminal is verified by a connection management platform, the connection management platform needs to receive eSIM terminal uploading encryption rule information and eUICC data information, and also needs to receive eUICC data information and verification information uploaded by the main terminal, and finally, the verification is carried out according to the eUICC data information, the verification information and the encryption rule information to obtain a verification result and return the verification result to the main terminal, and if the verification result confirms that the eUICC data information received by the main terminal is legal, the following steps are continued.
(5) If the verification result information is legal, the main terminal uses the eUICC data information to order card resources to a resource management platform, at present, the resource management platform is usually established and managed by a communication operator (such as china mobile and china telecom), and the platform mainly comprises two parts: the resource ordering platform is used for receiving ordering information (such as tariff selection, real-name authentication, package selection and the like), eUICC data information, completing card resource allocation and issuing an activation code; and the resource downloading platform is used for storing specific card resources, providing downloading and generating corresponding activation codes. The specific resource allocation process is the prior art in the field, and the detailed description of the present invention is omitted.
(6) And after the card resources are distributed, the resource management platform generates an activation code and sends the activation code to the main terminal, wherein the activation code is data sent to the main terminal after the resource management platform completes the distribution of the card resources, and the activation code not only comprises a correct download address of the distributed card resources, but also has the function of verifying the identity of a download party and is a 'token' of the card resources for the download activation of the eSIM terminal.
(7) The main terminal uploads the activation code to a connection management platform, and the eSIM terminal downloads the activation code from the connection management platform. Preferably, the main terminal encrypts the activation code before uploading the activation code, so as to ensure the security of the information.
(8) And the eSIM terminal finishes downloading and installing the card resource by using the activation code. The specific downloading and installing process can be realized by adopting the existing method in the field, and the detailed description is not provided herein.
Therefore, the method and the device can verify the legality of the eUICC data information and ensure the information security of the activation code transmission. On the other hand, the data information is processed by connecting the management platform, so that the near-field binding relationship of the to-be-activated eSIM terminal to the main terminal is weakened, the complicated operation of a user is simplified, and the flow is simplified.
In some embodiments of the present invention, the eSIM establishes a temporary (cellular) network through a preset seed card, and uploads and downloads data through the temporary network, thereby implementing data interaction with a connection management platform connected to an ethernet network. The seed card is generated by a card resource (proflie) preset in the eUICC, can be connected with a network in the activation process of the eSIM terminal, but cannot be used as a daily-used network, after the eSIM terminal is activated, the service card generated by the installed card resource is used, the seed card is deactivated, and if the service card cannot be normally used, the seed card can be restarted to activate the eSIM terminal again. In this embodiment, the temporary network may also be configured to download the card resource from the resource management platform.
In some embodiments of the present invention, the encryption rule information may adopt a secret key, the secret key pair includes a public key and a private key corresponding to each other, the public key is relatively open, and the information encrypted by the public key can be decrypted by the private key; the private key is usually held only by the back key pair generation side of the user side, and is not disclosed to the outside, and the information encrypted by the private key can be decrypted by the public key.
After calling the eUICC data information by the LPA of the eSIM terminal, encrypting (signing) the eUICC data information by using a private key to obtain verification information, transmitting the verification information and the eUICC data information to a main terminal which is the user side at the same time, and uploading the verification information and the eUICC data information to a connection management platform by the main terminal; the eSIM terminal further needs to send the public key and the eUICC data information to a connection management platform, and preferably, each type of information sent by the eSIM terminal is implemented based on a temporary network established by the seed card. And finally, the connection management platform verifies the legality of the eUICC data information received by the main terminal according to the received eUICC data information, the verification information and the public key, and generates verification result information.
Preferably, the key pair has a time limit beyond which the key pair is no longer used for corresponding operations. This can be done by generating a new key pair, which is typically sufficient to complete the entire eSIM activation process of the above-described embodiments within the set time limit. The key pair may be generated by the eSIM terminal, and the specific method, program, etc. for generating the key pair may all adopt the schemes disclosed in the prior art, and will not be described in detail herein.
In some embodiments of the present invention, the eUICC data information can be transmitted in a two-dimensional code manner, in addition to the conventional wired communication, remote communication and near field communication, specifically, the eSIM terminal generates a two-dimensional code according to the eUICC data information and the verification information and displays the two-dimensional code through a two-dimensional code display module or a main screen of the eSIM terminal, and the main terminal scans the two-dimensional code through a camera and processes the two-dimensional code to obtain the eUICC data information and the verification information.
In some embodiments of the present invention, the activation code also needs to be encrypted for transmission, and can be encrypted by using the encryption rule information, that is, the key pair encryption method, specifically, after receiving the activation code allocated by the resource management platform, the main terminal on the user side encrypts the activation code by using a public key and sends the encrypted activation code to the connection management platform, and the eSIM terminal downloads the encrypted activation code from the connection management platform and decrypts the activation code by using a private key, so as to obtain the activation code in the form of a clear text of the activation code.
The invention also discloses an information verification method for eSIM resource ordering, which is executed on a connection management platform and comprises the following steps:
establishing communication connection with an eSIM terminal;
acquiring eUICC data information and encryption rule information sent by the eSIM terminal;
acquiring the eUICC data information and the verification information sent by a main terminal, wherein the verification information is obtained by encrypting the eUICC data information by using the encryption rule information;
verifying according to the eUICC data information, the verification information and the encryption rule information to obtain verification result information;
and feeding back the verification result information to the main terminal.
In some embodiments of the present invention, the establishing a communication connection with an eSIM terminal includes:
the connection management platform establishes communication connection with the eSIM terminal through a temporary network established by a seed card preset in the eSIM terminal.
In some embodiments of the present invention, the obtaining eUICC data information and encryption rule information sent by an eSIM terminal includes:
acquiring eUICC data information sent by an eSIM terminal and a public key in a key pair, wherein the key pair is generated/acquired by the eSIM terminal;
in the information verification method, the verification information acquired from the main terminal is sent to the main terminal after the eSIM terminal encrypts the eUICC data information by using a private key of the key pair.
The invention also discloses an activation code forwarding method for eSIM resource ordering, which is executed on a connection management platform and comprises the following steps:
after a main terminal receives an activation code sent by a resource management platform, acquiring the activation code uploaded by the main terminal;
and sending the activation code to an eSIM terminal so that the eSIM terminal can download card resources by using the activation code.
In some embodiments of the present invention, the obtaining, after the master terminal receives the activation code sent by the resource management platform, the activation code uploaded by the master terminal includes:
after the master terminal receives and encrypts the activation code sent by the resource management platform, acquiring an encrypted activation code uploaded by the master terminal;
the sending the activation code to the eSIM terminal includes:
and sending the encrypted activation code to an eSIM terminal, so that the eSIM terminal can download the card resource by using the activation code after decrypting the encrypted activation code.
The information verification and activation code forwarding method for eSIM resource subscription disclosed by the invention has the same beneficial effects as the eSIM activation method described above, and details are not repeated here.
The invention also discloses an eSIM activation system, which comprises an eSIM terminal at a user side, a main terminal, a connection management platform at a platform side and a resource management platform, wherein the eSIM activation system is used for executing the eSIM activation method.
To sum up, the present invention discloses a specific embodiment, such as the timing chart shown in fig. 4, which includes the following specific contents:
1. triggering an EID calling instruction by a user, and obtaining an EID (eUICC data information) from an eUICC by an LPA (Low-pass programmable logic array) of an eSIM (eSIM) terminal;
the eSIM terminal establishes a temporary network for data communication using the seed card (number), communicating with the connection management platform. An LPA in an eSIM terminal generates a key pair, and sends an EID and a public key to a connection management platform, wherein the valid time of the key pair is T, and T is a finite positive number;
the eSIM terminal signs the EID by using a private key to obtain verification information (signedEID), and generates a two-dimensional code based on the EID and the verification signature;
4. the main terminal uses an order module carried by the main terminal to scan the two-dimensional code to obtain the EID and the signed SignedEID;
5. the main terminal sends the EID and the signature SignedEID thereof to the connection management platform;
6. the connection management platform checks the EID and the SignedEID through the public key to obtain verification result information, if the signature passes the verification, the connection management platform determines that the reported information of the main terminal is legal, and returns the verification result information to the main terminal;
7. under the condition that the authenticity of the EID is confirmed to be reliable, the main terminal uses the EID to order the service to an ordering platform in the resource management platform;
8. the ordering platform orders the electronic card to a resource downloading platform (SM-DP +);
9. after the resource management platform completes card resource allocation, an activation code is generated;
10. returning the activation code to an ordering module of the main terminal through an ordering platform;
11. the main terminal encrypts the activation code through the public key to generate an encrypted activation code (Sec _ ACCode), and reports the encrypted activation code to the connection management platform;
12. the connection management platform issues the encrypted activation code to an LPA of the eSIM terminal;
the LPA decrypts the activation code by using the private key;
initiating the electronic card downloading by the LPA according to the activation code, wherein the specific process is a standard process in the field and is not described again;
15. and installing and activating the downloaded electronic card, generating a service card (number), deactivating the seed card to close the temporary network, and completing the opening process.
Although the embodiments of the present invention have been described in detail with reference to the accompanying drawings, the embodiments of the present invention are not limited to the details of the above embodiments, and various simple modifications can be made to the technical solutions of the embodiments of the present invention within the technical idea of the embodiments of the present invention, and the simple modifications all belong to the protection scope of the embodiments of the present invention.
It should be noted that the various features described in the above embodiments may be combined in any suitable manner without departing from the scope of the invention. In order to avoid unnecessary repetition, the embodiments of the present invention do not describe every possible combination.
Those skilled in the art will understand that all or part of the steps in the method according to the above embodiments may be implemented by a program, which is stored in a storage medium and includes several instructions to enable a single chip, a chip, or a processor (processor) to execute all or part of the steps in the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
In addition, any combination of various different implementation manners of the embodiments of the present invention is also possible, and the embodiments of the present invention should be considered as disclosed in the embodiments of the present invention as long as the combination does not depart from the spirit of the embodiments of the present invention.
Claims (16)
1. An eSIM activation method, comprising:
an eSIM terminal at a user side calls eUICC data information;
the eSIM terminal establishes communication connection with a connection management platform, generates/acquires encryption rule information, and sends the encryption rule information and the eUICC data information to the connection management platform;
the eSIM terminal encrypts the eUICC data information according to the encryption rule information to obtain verification information;
a main terminal at a user side acquires the eUICC data information and the verification information;
the main terminal reports the eUICC data information and the verification information to the connection management platform;
the main terminal receives the data sent by the connection management platform: verification result information used for reflecting the validity of the eUICC data information received by the main terminal; the verification result information is obtained by verifying the connection management platform according to the eUICC data information, the verification information and the encryption rule information;
if the verification result information is legal, the main terminal uses the eUICC data information to order card resources from a resource management platform;
the main terminal receives the activation code sent by the resource management platform and uploads the activation code to the connection management platform;
the eSIM terminal receives an activation code issued by the connection management platform;
the eSIM terminal downloads the card resource by using the activation code and installs the card resource to complete activation;
wherein, the main terminal receives the activation code sent by the resource management platform and uploads the activation code to the connection management platform, and the method comprises the following steps:
the main terminal receives the activation code sent by the resource management platform, acquires and encrypts the activation code by using the encryption rule information to obtain an encrypted activation code,
the main terminal uploads the encrypted activation code to the connection management platform;
the receiving, by the eSIM terminal, the activation code issued by the connection management platform includes:
and the eSIM terminal receives the encrypted activation code and decrypts the encrypted activation code by using the encryption rule information to obtain the activation code.
2. The eSIM activation method of claim 1, wherein establishing a communication connection between the eSIM terminal and a connection management platform comprises:
establishing a temporary network through a seed card preset in the eSIM terminal;
and the eSIM terminal establishes communication connection with the connection management platform through the temporary network.
3. The eSIM activation method of claim 1, wherein the eSIM terminal generating/obtaining encryption rule information and sending the encryption rule information and the eUICC data information to the connectivity management platform, comprises:
the eSIM terminal generates a key pair and sends a public key in the key pair and the eUICC data information to the connection management platform;
the eSIM terminal encrypts the eUICC data information according to the encryption rule information to obtain verification information, and the verification information comprises the following steps:
the eSIM terminal signs the eUICC data according to a private key in the key pair to obtain verification information;
in the eSIM activation method, the verification result information is obtained by the connection management platform through signature verification according to the eUICC data information, the eUICC data information encrypted by the private key and the public key.
4. The eSIM activation method of claim 3, wherein the public key and the private key have a limited age.
5. The eSIM activation method of claim 1, wherein after the eSIM terminal encrypts the eUICC data message according to the encryption rule information to obtain verification information, the method further comprises:
the eSIM terminal generates a two-dimensional code according to the eUICC data information and the verification information;
the step of obtaining the eUICC data information and the verification information by the main terminal of the user side comprises the following steps:
and the main terminal obtains the eUICC data information and the verification information by scanning the two-dimensional code.
6. The eSIM activation method according to any one of claims 1-5, wherein the eUICC data information comprises at least: and (7) EID.
7. An information verification method for eSIM resource subscription, executed on a connection management platform, is characterized by comprising the following steps:
establishing communication connection with an eSIM terminal;
acquiring eUICC data information and encryption rule information sent by the eSIM terminal;
acquiring the eUICC data information and verification information sent by a main terminal, wherein the verification information is obtained by encrypting the eUICC data information by using the encryption rule information;
verifying according to the eUICC data information, the verification information and the encryption rule information to obtain verification result information;
feeding back the verification result information to the main terminal;
after the main terminal receives the activation code sent by the resource management platform, the activation code uploaded by the main terminal is obtained;
sending the activation code to the eSIM terminal so that the eSIM terminal can download card resources by using the activation code;
after the master terminal receives the activation code sent by the resource management platform, the method for acquiring the activation code uploaded by the master terminal comprises the following steps:
after the main terminal receives and encrypts the activation code sent by the resource management platform, acquiring an encrypted activation code uploaded by the main terminal;
wherein the sending the activation code to the eSIM terminal includes:
and sending the encrypted activation code to the eSIM terminal, so that the eSIM terminal can download the card resource by using the activation code after decrypting the encrypted activation code.
8. The method of claim 7, wherein establishing the communication connection with the eSIM terminal comprises:
the connection management platform establishes communication connection with the eSIM terminal through a temporary network established by a seed card preset in the eSIM terminal.
9. The method of claim 7, wherein the obtaining eUICC data information and encryption rule information sent by the eSIM terminal comprises:
acquiring eUICC data information sent by an eSIM terminal and a public key in a key pair, wherein the key pair is generated/acquired by the eSIM terminal;
in the information verification method, the verification information acquired from the main terminal is sent to the main terminal after the eSIM terminal encrypts the eUICC data information by using a private key of the key pair.
10. An eSIM activation system, comprising: the system comprises an eSIM terminal at a user side, a main terminal, a connection management platform at a platform side and a resource management platform;
wherein the eSIM terminal is configured to:
calling eUICC data information;
establishing communication connection with the connection management platform;
generating/acquiring encryption rule information;
sending the encryption rule information and the eUICC data information to the connection management platform;
encrypting the eUICC data information according to the encryption rule information to obtain verification information;
receiving an activation code issued by the connection management platform;
downloading a card resource by using the activation code, and installing the card resource to complete activation;
the main terminal is used for:
acquiring the eUICC data information and the verification information;
reporting the eUICC data information and the verification information to the connection management platform;
if the verification result information is legal, ordering the card resource to a resource management platform by using the eUICC data information;
receiving the activation code sent by the resource management platform and uploading the activation code to the connection management platform;
the connection management platform is used for:
verifying according to the eUICC data information, the verification information and the encryption rule information to obtain verification result information, wherein the verification result information is used for reflecting the legality of the eUICC data information received by the main terminal;
sending the verification result information to a main terminal;
the main terminal is specifically configured to:
receiving an activation code sent by the resource management platform, acquiring and encrypting the activation code by using the encryption rule information to obtain an encrypted activation code,
uploading the encrypted activation code to the connection management platform;
the eSIM terminal is specifically configured to:
and decrypting the encrypted activation code by using the encryption rule information to obtain the activation code.
11. The eSIM activation system of claim 10, wherein the eSIM terminal is specifically configured to:
and establishing communication connection with the connection management platform through a temporary network established by a preset seed card.
12. The eSIM activation system of claim 10, wherein the eSIM terminal is specifically configured to:
generating a key pair, and sending a public key in the key pair and the eUICC data information to the connection management platform;
signing the eUICC data according to a private key in the key pair to obtain verification information;
the connection management platform is used for:
and performing signature verification according to the eUICC data information, the eUICC data information encrypted by the private key and the public key to obtain verification result information.
13. The eSIM activation system of claim 12, wherein the eSIM terminal is specifically configured to:
a key pair with a limited age is generated.
14. The eSIM activation system of claim 10, wherein the eSIM terminal is further configured to:
after the verification information is obtained, generating a two-dimensional code according to the eUICC data information and the verification information;
the main terminal is specifically configured to:
and scanning the two-dimensional code to obtain the eUICC data information and the verification information.
15. A computer-readable storage medium, which stores a computer program for performing the method of any of the preceding claims 1-6, 7-9 when the computer program is executed by a processor.
16. An electronic device, the electronic device comprising:
a processor;
a memory for storing the processor-executable instructions;
the processor is configured to read the executable instructions from the memory and execute the instructions to implement the method of any one of claims 1-6, 7-9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010097063.9A CN111356124B (en) | 2020-02-17 | 2020-02-17 | eSIM activation method, system and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010097063.9A CN111356124B (en) | 2020-02-17 | 2020-02-17 | eSIM activation method, system and computer readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111356124A CN111356124A (en) | 2020-06-30 |
| CN111356124B true CN111356124B (en) | 2021-03-05 |
Family
ID=71197006
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010097063.9A Active CN111356124B (en) | 2020-02-17 | 2020-02-17 | eSIM activation method, system and computer readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111356124B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111818511B (en) * | 2020-07-09 | 2023-04-25 | 联通物联网有限责任公司 | Method and device for recycling seed card |
| CN114554476B (en) * | 2020-11-10 | 2023-04-07 | 荣耀终端有限公司 | eSIM card control method, readable medium and electronic device |
| CN114786168B (en) * | 2021-12-10 | 2023-10-20 | 国网电力科学研究院有限公司 | Encryption ESIM module and 5G module suitable for power business |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20170098110A (en) * | 2016-02-19 | 2017-08-29 | 삼성전자주식회사 | Supporting method for operation of an embedded subscriber identifier module and electronic device supporting the same |
| CN105657818B (en) * | 2016-03-11 | 2019-04-12 | 宇龙计算机通信科技(深圳)有限公司 | Register method, register device and the mobile terminal of embedded user identification module |
| CN107613487A (en) * | 2017-11-07 | 2018-01-19 | 恒宝股份有限公司 | A kind of eSIM cards and its method of work |
| CN109992949B (en) * | 2017-12-29 | 2021-04-16 | 中移(杭州)信息技术有限公司 | Equipment authentication method, over-the-air card writing method and equipment authentication device |
| CN109257740B (en) * | 2018-09-27 | 2022-02-22 | 努比亚技术有限公司 | Profile downloading method, mobile terminal and readable storage medium |
| CN110248358B (en) * | 2019-07-03 | 2020-10-30 | 深圳杰睿联科技有限公司 | eSIM management method and system based on Internet of things |
-
2020
- 2020-02-17 CN CN202010097063.9A patent/CN111356124B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN111356124A (en) | 2020-06-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR102502503B1 (en) | Profile providing method and device | |
| CN106537961B (en) | Method and apparatus for installing configuration file of embedded universal integrated circuit card | |
| KR102398276B1 (en) | Method and apparatus for downloading and installing a profile | |
| EP3429243B1 (en) | Remote management method and device | |
| KR102406757B1 (en) | A method of provisioning a subscriber profile for a secure module | |
| US9031541B2 (en) | Method for transmitting information stored in a tamper-resistant module | |
| CN111356124B (en) | eSIM activation method, system and computer readable storage medium | |
| US20170161721A1 (en) | Method and system for opening account based on euicc | |
| CN108848496B (en) | TEE-based virtual eSIM card authentication method, TEE terminal and management platform | |
| US20190387396A1 (en) | ESIM Card Activation Method, Wireless Router, and User Terminal | |
| US20030166398A1 (en) | Method and apparatus for secure immediate wireless access in a telecommunications network | |
| CN105207774A (en) | Key negotiation method and device of verification information | |
| KR20070114839A (en) | Limited supply access to mobile terminal features | |
| KR101891326B1 (en) | Subscription Changing Method for Embedded UICC using Trusted Subscription Manager and Embedded UICC Architecture therefor | |
| EP3824594B1 (en) | Apparatus and method for ssp device and server to negotiate digital certificates | |
| US11937088B2 (en) | Updating a subscriber identity module | |
| KR102014108B1 (en) | Method and RSP Server Apparatus for Providing SIM Profile to eUICC Device | |
| US11871227B2 (en) | Device changing method and apparatus of wireless communication system | |
| KR20200044629A (en) | Apparatus, method for handling execptions in remote profile management | |
| CN104917718A (en) | Method and terminal for fast authentication of mobile terminal user and application server | |
| CN107852603A (en) | The method and apparatus of terminal authentication | |
| US20130183934A1 (en) | Methods for initializing and/or activating at least one user account for carrying out a transaction, as well as terminal device | |
| CN108616861B (en) | Over-the-air card writing method and device | |
| US20170208450A1 (en) | Method and system for determining that a sim and a sip client are co-located in the same mobile equipment | |
| KR20130049748A (en) | Method, embedded uicc, external entity, and backup apparatus for information backup |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |