CN113076556A - eUICC signed data file management method - Google Patents
eUICC signed data file management method Download PDFInfo
- Publication number
- CN113076556A CN113076556A CN202110334255.1A CN202110334255A CN113076556A CN 113076556 A CN113076556 A CN 113076556A CN 202110334255 A CN202110334255 A CN 202110334255A CN 113076556 A CN113076556 A CN 113076556A
- Authority
- CN
- China
- Prior art keywords
- data
- profile
- template
- euicc
- different
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/18—Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
- H04W8/183—Processing at user equipment or user record carrier
Abstract
The invention discloses a method for managing signed data (hereinafter referred to as profile) of an eUICC (Embedded Universal Integrated Circuit Card). The method can realize the rapid activation and deactivation operation of the eUICC profile, ensure the isolation of different profile data, is easy to implement and only needs to modify the original platform virtual machine to realize the method. The method provided by the invention comprises the following steps: and abstracting a data template according to different data element types in the profile, and storing the key information of each data element. When the eUICC is initialized, a system template pointer is constructed. And respectively constructing a plurality of profile data template examples when a plurality of profiles are downloaded. During activation and deactivation, only the instance pointed by the template pointer needs to be modified, and the activation and deactivation operation of the corresponding profile can be completed.
Description
Technical Field
The invention relates to the technical field of smart cards, in particular to the field of smart cards required to support eUICC functions.
Background
The core function of the eUICC card is to allow a user to switch between different operators. The user can select the most suitable operator according to the requirement of the user. The operator service is completed through subscription data (profile) provided by the operator, and the profile of the operator includes MNOSD, SSD, CASD, Applet, Application, FileSystem, and MetaData.
When profile data of multiple operators is downloaded, the eUICC card has multiple MNOSDs, SSDs, CASDs, applications, filesystems, and MetaData. The eUICC requires data in each Profile to be isolated from each other, and when one Profile is activated, data in other profiles cannot be accessed.
The eUICC is realized based on Java Card, the Java Card platform management has no concept of Profile isolation, and only application isolation exists, so that the access of the Profile A to the Profile B cannot be limited based on the existing Java platform management mechanism; that is, based on the current common Java platform management, after the Profile a is activated, the application of the Profile B may be selected to access the data of the Profile B.
To meet the requirement of the eUICC, the management mechanism of the Java platform must be upgraded, and an information attribution Profile is added to the information of each application and each file, so that attribution judgment of the Profile is performed when the Java card is virtually executed, and data isolation between different profiles is realized. The scheme needs to make more modifications on the realization of the Java card virtual machine, adds extra judgment, increases code space and reduces execution performance.
The other scheme is to allocate completely independent space for each different profile for management, and determine whether the access of the profile is allowed or not through the division of the space. But the space of the Profile is not fixed and may be increased or decreased after the Profile is created, and it is difficult to reserve a proper space for each Profile.
The invention abstracts the profile data structure and the realization of the existing Java virtual machine, refines a group of data templates, creates a group of data template pointers and examples, and finishes the access of different profile data by pointing the pointers to different profile data examples. And when the profile is activated and deactivated, the profile can be completed only by performing less operations, and the fast switching performance can be achieved.
Disclosure of Invention
The invention combines the eUICC profile data content and the common Java platform management data information to refine a group of data templates, thereby facilitating the use of the eUICC Java platform.
The method is used for organizing and recording the profile data and searching and accessing the profile data through the data template pointer. When downloading the profile, after generating the data of the profile, creating a template data instance according to the requirements of the data template, and using the template data instance as the basis for the profile data management.
If multiple profiles are downloaded on the card, multiple template data will be created.
When a profile is activated, the data template pointer is pointed to the template data instance of the activated profile.
And when the Java platform runs, the template data of the currently activated profile is used. When selecting application and file, using the information of template data to search and access relative application and file. At this time, since the template pointer is only the data of the current profile, only the current profile data can be accessed. While other profile applications and files cannot be accessed because their data is stored in another template data instance.
In order to realize the purpose of the invention, the technical method adopted by the invention comprises the following steps:
step one, a group of data templates are extracted according to the existing Java platform information and the content contained in the profile, wherein the data templates contain profile access and basic information of the Java platform access.
And secondly, when the card is initialized, a default data template is created and used for recording system data information.
And step three, in the downloading process of the Profile, creating a Profile data template for recording data information in the Profile.
And step four, when the profile is activated, pointing the system data template pointer to the profile data template, and ensuring that the data in the activated profile can be selected, installed, deleted and accessed only by the file.
Step five, when the profile is deactivated, the template pointer is pointed back to the system data template to ensure the selection and installation of the application
Operations such as delete, file access, etc. can only access system data.
Drawings
FIG. 1 is a schematic view of a template.
FIG. 2 is a schematic view of an embodiment of the present invention
FIG. 3 data access flow of the present invention
Detailed Description
The following is a description of an embodiment of the present invention, and further describes the Profile management method provided by the present invention by way of example. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Firstly, a typical Java platform data structure and a profile data structure are combined, and a data template is extracted, wherein the data template comprises the following contents: the Java package registry, Java Applet registry, MF start address, see fig. 1.
The Java platform creates a data template pointer TemplatePointer at initialization. Meanwhile, creating a Java platform system data template example: SystemTemplateInst, points TemplatePointer to SystemTemplateInst.
Under the condition that the Java platform does not have the profile, when accessing package information, Applet information and file information, accessing by using the System template pointed by the template, wherein the accessing comprises application searching, selecting, installing, deleting, state obtaining, file reading and writing and the like.
When the profileA is downloaded, a profileA data template, namely, a profileATemplateInst, is created, wherein the profileA data template comprises Java Package, Java Applet and MF information in the current profileA.
When the profileB is downloaded, a profileB data template, namely the profileBTemplatiInst, is created, wherein the profileB data template comprises Java Package, Java Applet and MF information in the current profileB.
The internal structure of the eUICC of this embodiment is shown in fig. 2
When profileA is activated, TemplatePoint is pointed to the profileATemplateInst. Subsequent operations including application searching, selecting, installing, deleting, state obtaining, file reading and writing and the like access by using data in the Profile elementary Inst. Because the platform access completely uses the TemplatePoint content for access, the data in the Profile A can only be accessed after the Profile A is activated, and the data in other profiles cannot be accessed, so that the Profile data isolation is realized.
The data access flow of the ProfileA is shown in fig. 3, and it can be seen that the ProfileA cannot access the ProfileB data when activated.
Claims (4)
1. A method for managing eUICC signing data is characterized in that a data template is abstracted according to the data element type of eUICC profile and is used for describing and managing signing data information, wherein the data template is an abstract set of eUICC data and can be used for indexing all application and file data of the eUICC; when the eUICC is initialized, creating a data template pointer for pointing to different template data; when downloading the profiles, creating an instance of the data template, wherein each Profile creates a data template instance; and when the Profile is activated and switched, the data template pointer points to the corresponding Profile data template, so that subsequent operation on the Profile data is realized, including creation, searching and deletion of applications and files.
2. An eUICC subscription data management method, characterized in that, when an eUICC is initialized, a data template pointer according to claim 1 is created, which can point to different template data, for implementing fast switching of different profiles, and completing activation and deactivation operations.
3. An eUICC signing data management method is characterized in that when a Profile is downloaded, a template instance is created according to the data template of claim 1 for storing and indexing Profile information; and downloading a plurality of profiles, and creating a plurality of data templates corresponding to different Profile data.
4. The eUICC signed data management method is characterized in that when different Profile data are activated, only a data template pointer points to a corresponding Profile data template, the Profile data switching can be completed, it is guaranteed that only the corresponding Profile data can be accessed, and the Profile data isolation is realized.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110334255.1A CN113076556A (en) | 2021-03-29 | 2021-03-29 | eUICC signed data file management method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110334255.1A CN113076556A (en) | 2021-03-29 | 2021-03-29 | eUICC signed data file management method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113076556A true CN113076556A (en) | 2021-07-06 |
Family
ID=76611103
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110334255.1A Pending CN113076556A (en) | 2021-03-29 | 2021-03-29 | eUICC signed data file management method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113076556A (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103678682A (en) * | 2013-12-26 | 2014-03-26 | 中国科学院遥感与数字地球研究所 | Mass grid data processing and management method based on abstract templates |
| WO2015102658A1 (en) * | 2014-01-03 | 2015-07-09 | Intel Corporation | Systems and techniques for user interface control |
| CN106445656A (en) * | 2016-09-06 | 2017-02-22 | 北京邮电大学 | Method and device for realizing thread local storage |
| CN106937274A (en) * | 2017-05-12 | 2017-07-07 | 东信和平科技股份有限公司 | A kind of Profile changing methods and device based on EUICC |
| CN111225370A (en) * | 2019-12-17 | 2020-06-02 | 中移动信息技术有限公司 | Profile generation method based on eUICC, electronic device and computer-readable storage medium |
| CN112181663A (en) * | 2020-10-15 | 2021-01-05 | 新华三大数据技术有限公司 | Memory scheduling method and device and computer equipment |
-
2021
- 2021-03-29 CN CN202110334255.1A patent/CN113076556A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103678682A (en) * | 2013-12-26 | 2014-03-26 | 中国科学院遥感与数字地球研究所 | Mass grid data processing and management method based on abstract templates |
| WO2015102658A1 (en) * | 2014-01-03 | 2015-07-09 | Intel Corporation | Systems and techniques for user interface control |
| CN106445656A (en) * | 2016-09-06 | 2017-02-22 | 北京邮电大学 | Method and device for realizing thread local storage |
| CN106937274A (en) * | 2017-05-12 | 2017-07-07 | 东信和平科技股份有限公司 | A kind of Profile changing methods and device based on EUICC |
| CN111225370A (en) * | 2019-12-17 | 2020-06-02 | 中移动信息技术有限公司 | Profile generation method based on eUICC, electronic device and computer-readable storage medium |
| CN112181663A (en) * | 2020-10-15 | 2021-01-05 | 新华三大数据技术有限公司 | Memory scheduling method and device and computer equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1517885B (en) | Method and system for updating central cache by atomicity | |
| EP2854049B1 (en) | Method for managing and displaying folders based on android system and mobile terminal thereof | |
| CN104915268A (en) | Desktop layout storage and recovery method and device thereof, terminal equipment and system | |
| US9971799B2 (en) | Storage device for storing directory entries, directory entry lookup apparatus and method, and storage medium storing directory entry lookup program | |
| KR102050725B1 (en) | Computing system and method for managing data in the system | |
| KR100877063B1 (en) | Apparatus and method for managing data | |
| CN104699423B (en) | The method and apparatus that drive is bound in linux system | |
| KR102050723B1 (en) | Computing system and data management method thereof | |
| CN105320578A (en) | Method and apparatus for backing up and recovering APP | |
| KR20190050993A (en) | Update escalation system and method | |
| CN100447765C (en) | Mapping method for mobile memory device | |
| CN111241791A (en) | Editing method and device of webpage text, computer equipment and storage medium | |
| CN113220669A (en) | Service data processing method and device and electronic equipment | |
| CN106709014B (en) | File system conversion method and device | |
| CN102968323B (en) | Terminal and the method that realizes computer system power-on acceleration | |
| WO2024078107A1 (en) | Database service execution method and apparatus | |
| CN110795386A (en) | Data writing method and server | |
| CN109558082B (en) | Distributed file system | |
| CN115543224B (en) | ZNS SSD-based file system control method, device and equipment | |
| CN113076556A (en) | eUICC signed data file management method | |
| KR101979715B1 (en) | Computing system and data management method thereof | |
| CN114792016A (en) | Processing method and electronic equipment | |
| CN106569829A (en) | Implementing method for switching operation modes of touch screen, touch screen device and headset device | |
| CN109669921A (en) | File operation method and system, electronic equipment and storage medium | |
| KR100843075B1 (en) | Apparatus and method for managing data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20210706 |