CN113286289A

CN113286289A - Permission confirmation method and electronic equipment

Info

Publication number: CN113286289A
Application number: CN202010077756.1A
Authority: CN
Inventors: 耿东玉; 余荣道
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2020-01-31
Filing date: 2020-01-31
Publication date: 2021-08-20

Abstract

The embodiment of the application provides a permission confirmation method and electronic equipment. When the electronic equipment detects that the user identity of the electronic equipment is to be replaced, judging whether a user has the authority of replacing the user identity of the electronic equipment; the user identity comprises authentication information for authenticating the user identity in the communication process; agreeing to replace the user identity when the user is confirmed to have the right to replace the user identity of the electronic equipment; otherwise, the user identity is refused to be replaced. The method is helpful to avoid finding out the user identity (such as SIM card) of the mobile phone which is replaced by the mobile phone user, and occupying the mobile phone as the own mobile phone.

Description

Permission confirmation method and electronic equipment

Technical Field

The present application relates to the field of terminal technologies, and in particular, to a method for confirming permission and an electronic device.

Background

With the rapid development of society, mobile terminals such as mobile phones are becoming more and more popular. The mobile phone not only has a communication function, but also has strong processing capability, storage capability, a photographing function and the like. Therefore, the mobile phone can be used as a communication tool, and is a mobile file library of the user, which stores various personal information, photos, videos and the like of the user, and can also bind information such as a social account, an internet bank and a mobile payment account of the user. Therefore, if the mobile phone is lost, the property of the user can be greatly damaged.

In the current mobile phone retrieving scheme, after a user loses a mobile phone, the user logs in a website that can be used for retrieving the mobile phone on another device or uses an application (APP for short) of "finding my mobile phone". And inputting the system account number, the password and the like of the lost mobile phone on the login interface. And the other equipment sends a retrieving instruction of the mobile phone to the network side, and the network side pages the mobile phone. If the mobile phone is in the networking state, the paging message of the network side can be detected, and then the current position is sent to the network side. And the network side sends the current position of the mobile phone to the other equipment. The above-mentioned mobile phone retrieving scheme has a certain defect, and if the person who finds the mobile phone pulls out a Subscriber Identity Module (SIM) card in the mobile phone, the SIM card cannot be networked, the above-mentioned mobile phone retrieving scheme cannot retrieve the mobile phone.

Therefore, the person who finds the mobile phone may replace the original SIM card in the mobile phone, and use the new SIM card to take the mobile phone as its own.

Disclosure of Invention

The application provides an authority confirmation method and electronic equipment, which are used for preventing the identity of a user who maliciously replaces the electronic equipment.

In a first aspect, a method for confirming permission is provided, which is applied to an electronic device. When the electronic equipment detects that the identity of a user to be replaced is about to be replaced, judging whether the user has the authority of replacing the identity of the user of the electronic equipment; the user identity comprises authentication information for authenticating the user identity in the communication process; agreeing to replace the user identity when the user is confirmed to have the right to replace the user identity of the electronic equipment; and refusing to replace the user identity when the user is confirmed not to have the authority of replacing the user identity of the electronic equipment.

Taking a mobile phone as an example, after the owner loses the mobile phone, the mobile phone picks up the user identity of the mobile phone (e.g., changes the SIM card). When the mobile phone detects that the user identity (such as a SIM card) is to be replaced, the permission is confirmed to judge whether the user has the permission to replace the user identity of the mobile phone. Only the user with the authority can replace the user identity of the mobile phone, so that the user identity of the mobile phone which is maliciously replaced by a mobile phone user is prevented from being picked up, and the mobile phone is occupied.

It should be noted that the above "the electronic device is to replace the user identity" may be understood as before the electronic device successfully runs the new configuration file. It should be understood that different profiles are used to provide different user identities. And when the electronic equipment successfully operates the new configuration file, the user identity corresponding to the configuration file is realized. Taking the SIM card in the mobile phone as an example, after the mobile phone inserts a new SIM card, the configuration file embedded in the SIM card can be run, and if the running is successful, the service is executed based on the SIM card, that is, the mobile phone changes the user identity. Taking an eSIM card in a mobile phone as an example, assuming that the eSIM card supports one user identity, after downloading a new configuration file by the mobile phone, if the new configuration file is successfully operated, the original user identity is replaced with a new user identity. Therefore, in the embodiment of the application, before the electronic device successfully operates the new configuration file, whether the user has the authority can be judged, and the malicious replacement of the user identity can be effectively prevented in time.

The electronic device may be an electronic device including an embedded subscriber identity eSIM module, or an electronic device including a subscriber identity SIM module, which is not limited in the embodiments of the present application. Which will be described separately below.

First, an electronic device includes an eSIM module.

Mode 1: the electronic equipment detects that the identity of the user is to be replaced, and comprises the following steps: detecting that a first module of an eSIM module in the electronic device receives a write request, the write request requesting to write a configuration file, the configuration file comprising a file for providing a user identity.

It should be appreciated that a first module is included in the eSIM module that is configured to receive a write request for a configuration file. Illustratively, the first module can be an ISD-R in an eSIM module.

The process of user identity replacement in the eSIM module comprises the following steps: after the first module receives the write-in request of the configuration file, the configuration file is written into the eSIM module, and then the original user identity of the eSIM module is replaced by the user identity corresponding to the written configuration file. Therefore, when the electronic device detects that the first module receives the write request, the electronic device indicates that the user identity may be replaced. At the moment, the electronic equipment confirms the authority, and the user identity can be replaced only if the authority is confirmed to pass (namely, the user has the authority of replacing the user identity of the electronic equipment), so that the condition that the user identity of the mobile phone is maliciously replaced by a mobile phone user is picked up, and the mobile phone is occupied.

In the mode 1, when the authority confirmation is not passed (that is, the user does not have the authority to change the identity of the user of the electronic device), the user identity is refused to be changed. The method specifically comprises the following steps: discarding the write request, or not responding to the write request, or sending an indication of a denial of writing to a remote configuration platform; and the like, and the embodiments of the present application are not limited. And when the permission confirmation is unsuccessful, agreeing to replace the user identity. The method specifically comprises the following steps: sending an indication of write consent to the remote configuration platform.

Mode 2, the electronic device detects that the identity of the user is to be replaced, and the method includes: detecting that a new configuration file is stored in a second one of the eSIM modules in the electronic device, the new configuration file comprising a file for providing a new user identity.

It should be understood that a second module is included in the eSIM module, the second module being configured to carry the configuration file. Illustratively, the second module may be an ISD-P in an eSIM module. And if the second module stores the new configuration file, replacing the original user identity of the eSIM module with the user identity corresponding to the new configuration file. Therefore, when the electronic equipment detects that the second module stores a new configuration file, the electronic equipment indicates that the user identity of the electronic equipment is to be changed, at the moment, the permission confirmation is carried out, the new configuration file can be used for realizing the user identity change only through the permission confirmation, the user identity of the mobile phone which is maliciously changed by a mobile phone user is prevented from being picked up, and the mobile phone is occupied.

In the mode 2, when the right confirmation is not passed, the user identity is rejected from being replaced. The method specifically comprises the following steps: delete the new configuration file, or not run the new configuration file. And when the authority is confirmed to pass, the user identity is agreed to be replaced. The method specifically comprises the following steps: and running the new configuration file to realize the new user identity.

Mode 3, the electronic device detects that the identity of the user is to be replaced, and the method includes: detecting that a new module for carrying a configuration file is created in an eSIM module in the electronic equipment, wherein the configuration file comprises a file for providing a user identity.

It should be understood that the eSIM modules include a module for carrying a configuration file, e.g., ISD-P. When the user identity needs to be replaced, the electronic device may create a new ISD-P to store the configuration file corresponding to the new user identity. Therefore, when the electronic equipment detects that a new ISD-P is created in the eSIM module, the electronic equipment indicates that the user identity of the electronic equipment is to be changed, at the moment, the permission confirmation is carried out, and the created new ISD-P can be used for bearing the configuration file only through the permission confirmation, so that the user identity is changed, the user identity of the mobile phone which is maliciously changed by a mobile phone user is prevented from being picked up, and the mobile phone is occupied.

In mode 3, the authorization is not confirmed, and the user identity is rejected from being replaced. The method specifically comprises the following steps: deleting the created new module for carrying the configuration file, or prohibiting writing the configuration file in the new module for carrying the configuration file. And the permission is confirmed, and the user identity is agreed to be changed. The method specifically comprises the following steps: writing a new configuration file in the created new module for bearing the configuration file, and running the new configuration file to realize a new user identity.

Second, the electronic device includes a SIM module therein.

The electronic equipment detects that the identity of the user is to be replaced, and comprises the following steps: detecting electrical characteristics of a SIM card in a SIM module in the electronic device; determining that the electrical characteristic is different from the stored electrical characteristic.

It should be understood that a SIM card is a card that is removable from an electronic device, and that the electrical characteristics of different SIM cards differ. Therefore, the electronic equipment can detect whether the electrical characteristics of the SIM card change, if so, the SIM card is replaced, the permission confirmation is carried out, and the new SIM card can be used only after the permission confirmation, so that the user identity of the mobile phone maliciously replaced by the mobile phone user is prevented from being picked up, and the mobile phone is occupied. For example, the electronic device may compare the electrical characteristics immediately after detecting the operation of inserting the SIM card, so as to perform the authority confirmation as early as possible.

The electrical characteristics include an operating parameter of the SIM card, where the operating parameter includes at least one of current, voltage, and power, and the embodiment of the present application is not limited thereto.

As an example, the way in which the electronic device detects the electrical characteristics of the SIM card in the SIM module may be: and detecting the electrical characteristics of the SIM card through a first port in the SIM module, wherein the first port is used for connecting an input/output (I/O) pin on the SIM card. That is, the electronic device may detect the electrical characteristics of the SIM card through the I/O pins.

In the second case, the user identity is refused to be replaced when the permission is not confirmed. The method specifically comprises the following steps: disconnecting the electronic device from the SIM card, or closing a communication function of the SIM card, and the like, which is not limited in the embodiments of the present application. And the permission is confirmed, and the user identity is agreed to be changed. The method specifically comprises the following steps: and realizing a communication function through the SIM card.

In one possible design, the electronic device may determine whether the user has the right to replace the user identity of the electronic device by: the electronic equipment receives verification information input by a user; if the verification information is consistent with the stored verification information, confirming that the user has the authority of replacing the user identity of the electronic equipment; and if the verification information is inconsistent with the stored verification information, confirming that the user does not have the authority of replacing the user identity of the electronic equipment.

Illustratively, the verification information includes one or more of account information, fingerprint information, facial information, or voice information.

That is to say, only the user having the authority to change the user identity of the electronic device, for example, the user whose fingerprint authentication passes and the user whose face authentication passes, can change the user identity of the electronic device, which is helpful to avoid finding the malicious change of the mobile phone user identity of the mobile phone user, and takes the mobile phone as the owner.

In a second aspect, there is also provided an electronic device, including:

the permission confirmation module is used for judging whether the user has the permission to replace the user identity of the electronic equipment when the user identity of the electronic equipment is to be replaced; the user identity comprises authentication information for authenticating the user identity in the communication process;

the processing module is used for agreeing to replace the user identity when the user is confirmed to have the authority of replacing the user identity of the electronic equipment; and refusing to replace the user identity when the user is confirmed not to have the authority of replacing the user identity of the electronic equipment.

In one possible design, the electronic device further includes a state detection module to: detecting whether a first module in an embedded subscriber identity (eSIM) module in the electronic equipment receives a write request; the write request is used for requesting to write a configuration file, and the configuration file comprises a file for providing the user identity.

When the first module is detected to receive the writing request, determining that the electronic equipment is to replace the user identity.

In a possible design, the processing module, when configured to refuse to replace the user identity, is specifically configured to: discarding the write request, or not responding to the write request, or sending an indication of a denial of writing to a remote configuration platform;

when the processing module agrees to change the user identity, the processing module is specifically configured to: sending, by the first module, an indication of write consent to the remote configuration platform.

In one possible design, the electronic device further includes a state detection module to: detecting whether a new configuration file is stored in a second module of an eSIM module in the electronic equipment, wherein the new configuration file comprises a file for providing a new user identity;

determining that the electronic device is to replace the user identity when it is detected that a new configuration file is stored in the second module.

In a possible design, the processing module, when refusing to replace the user identity, is specifically configured to: deleting the new configuration file, or not running the new configuration file;

when the processing module agrees to change the user identity, the processing module is specifically configured to: and running the new configuration file.

In one possible design, the electronic device further includes a state detection module to: detecting whether a new module for carrying configuration files is created in an eSIM module in the electronic equipment, wherein the configuration files comprise files for providing user identities;

when detecting that a module of a new user bearer profile is created, determining that the electronic device is to replace the user identity.

In a possible design, the processing module, when refusing to replace the user identity, is specifically configured to: deleting the created new module for carrying the configuration file, or prohibiting writing the configuration file in the new module for carrying the configuration file;

when the processing module agrees to change the user identity, the processing module is specifically configured to: writing a new configuration file in the created new module for bearing the configuration file, and running the new configuration file.

In one possible design, the electronic device further includes a state detection module to: detecting electrical characteristics of a SIM card in a SIM module in the electronic device; determining whether the electrical characteristic is different from a stored electrical characteristic; determining that the electronic device is to replace the user identity when the electrical characteristic is determined to be different from the stored electrical characteristic.

In a possible design, when the processing module refuses to replace the user identity, the processing module is specifically configured to: disconnecting the electronic equipment from the SIM card, or closing the communication function of the SIM card;

when the processing module agrees to change the user identity, the processing module is specifically configured to: and realizing a communication function through the SIM card.

In one possible design, the electrical characteristic includes an operating parameter of the SIM card, the operating parameter including at least one of current, voltage, power.

In one possible design, the state detection module, when being configured to detect an electrical characteristic of a SIM card in a SIM module in the electronic device, is specifically configured to:

and detecting the electrical characteristics of the SIM card through a first port in the SIM module, wherein the first port is used for connecting an input/output (I/O) pin on the SIM card.

In one possible design, the permission validation module is specifically configured to: comparing the authentication information input by the received user with the stored authentication information;

if the verification information is consistent with the stored verification information, confirming that the user has the authority of replacing the user identity of the electronic equipment;

and if the verification information is inconsistent with the stored verification information, confirming that the user does not have the authority of replacing the user identity of the electronic equipment.

In one possible design, the verification information includes one or more of account information, fingerprint information, facial information, or voice information.

In a third aspect, there is also provided an electronic device comprising a processor and a memory; the memory has stored therein program instructions that, when executed, cause the electronic device to perform the method as provided in the first aspect above.

In a fourth aspect, a chip is further provided, where the chip is coupled with a memory in an electronic device, so that the chip calls program instructions stored in the memory when running, to implement the method provided in the first aspect.

In a fifth aspect, there is also provided a computer-readable storage medium comprising a computer program which, when run on an electronic device, causes the electronic device to perform the method as provided in the first aspect above.

In a sixth aspect, there is also provided a computer program product comprising instructions which, when run on a computer, cause the computer to perform the method as provided in the first aspect above.

For the above beneficial effects of the second aspect to the sixth aspect, please refer to the beneficial effects of the first aspect, which is not described again.

Drawings

Fig. 1A is a schematic structural diagram of an electronic device according to an embodiment of the present application;

fig. 1B is a schematic structural diagram of another exemplary electronic device provided in an embodiment of the present application;

fig. 2 is a schematic structural diagram of another exemplary electronic device provided in an embodiment of the present application;

fig. 3 is a schematic flowchart of a method for confirming authority according to an embodiment of the present application;

fig. 4 is a schematic view of a display interface of an electronic device according to an embodiment of the present application;

fig. 5 is a flowchart illustrating a method for confirming permission according to an embodiment of the present application;

fig. 6 is a schematic view of a display interface of an electronic device according to an embodiment of the present application;

fig. 7 is a schematic structural diagram of another exemplary electronic device provided in an embodiment of the present application;

fig. 8 is a flowchart illustrating a method for confirming authority according to an embodiment of the present application;

fig. 9-10 are schematic structural diagrams of an electronic device according to an embodiment of the present application.

Detailed Description

The technical solutions in the embodiments of the present application will be described in detail below with reference to the drawings in the following embodiments of the present application.

First, some terms in the embodiments of the present application are explained so as to be easily understood by those skilled in the art.

(1) Electronic devices, such as mobile phones (mobile phones), tablet computers, notebook computers, palm top computers, Mobile Internet Devices (MID), wearable devices (e.g., watches, bracelets, smart helmets, etc.), Virtual Reality (VR) devices, Augmented Reality (AR) devices, ultra-mobile personal computers (UMPCs), netbooks, Personal Digital Assistants (PDAs), and the like.

The electronic device may be an electronic device supporting a SIM card or an embedded subscriber identity module (eSIM) card.

The SIM card, also called as a subscriber identity card or a smart card, is a communication module provided by a network operator to a subscriber according to a request from the subscriber, so that the subscriber can use data and a communication circuit on the SIM card to implement network communication with an operator network, thereby implementing network communication service application of an electronic device. It should be noted that the SIM described in this embodiment of the application may be a SIM card applied to a second generation mobile communication technology (2nd generation, 2G) network, a SIM card applied to a third generation mobile communication technology (3rd generation, 3G) network (such as a Universal Subscriber Identity Module (USIM)), a SIM card applied to a fourth generation mobile communication technology (4th generation, 4G) network, or a SIM card applied to a future mobile communication network (such as a fifth generation mobile communication technology (5th generation, 5G) network). The related information of the SIM comprises four types of index data, service data, authentication data and position data. Wherein, the index data includes Integrated Circuit Card Identification (ICCID), namely SIM card number; the service data includes an International Mobile Subscriber Identity (IMSI), a Personal Identification Number (PIN), a PIN Unlock Key (PUK), an over-the-air technology (OTA) menu, and JAVA application data; the authentication data includes IMSI, a key (e.g., ki (key identifier) in a 2G network, an encryption algorithm, an authentication algorithm, a key generation algorithm, etc., and the location data includes a Location Area Identity (LAI), a Temporary Mobile Subscriber Identity (TMSI), location status information, Broadcast Control Channel (BCCH) information, etc.

In which the eSIM card embeds a traditional physical SIM card directly onto the device chip, rather than adding it to the device as a separate removable component. Therefore, the user does not need to insert a physical SIM card, and more convenience and safety are brought to common consumers. For an electronic device supporting eSIM, a mobile phone number and related services may be applied to an operator. The related services may include, among other things, the telephone number and the service functions provided by the telephone number (e.g., the services subscribed to by the user). Illustratively, an eSIM-enabled electronic device requests a configuration file (profile) from a remote configuration platform provided by an operator, the configuration file being used to configure a phone number and associated services supported by the phone number. The remote configuration platform sends the configuration file to the electronic device, and the electronic device writes the configuration file into the eSIM. Thereafter, the electronic device can access the carrier network through the eSIM and accept the associated services.

(2) In the embodiment of the present application, the "user identity" is a logical concept, for example, taking a SIM card as an example, the "user identity" may correspond to a SIM card or subscriber information or a virtual SIM card or a subscriber identity (e.g., International Mobile Subscriber Identity (IMSI)/Temporary Mobile Subscriber Identity (TMSI)). From the perspective of the network side, different "user identities" logically correspond to different communication entities served by the network side, for example, an electronic device supporting two user identities, which are two communication entities for the network side. For another example, when the "user identity" corresponds to the SIM card or the subscriber information, the network side may identify two electronic devices supporting different SIM cards or different subscriber information as two different communication entities, and may also identify the same electronic device supporting multiple different SIM cards or multiple subscriber information as multiple different communication entities, even though in practice, the electronic device supporting multiple different SIM cards or multiple subscriber information is only one physical entity. Take the example that the user identity corresponds to the SIM card. By way of example, a SIM card may be understood as a key for accessing a mobile network by an electronic device, or as an authentication of a user during network communication. For example, the SIM card may be an identification card of a global system for mobile communications (GSM) digital mobile phone user, which is used for storing an identification code and a secret key of the user and supporting the authentication of the GSM system to the user; for example, the SIM card may be a Universal Subscriber Identity Module (USIM), which may also be referred to as an upgraded SIM card.

(3) At least one embodiment of the present application relates to one or more of; wherein a plurality means greater than or equal to two. In addition, it is to be understood that the terms first, second, etc. in the description of the present application are used for distinguishing between the descriptions and not necessarily for describing a sequential or chronological order.

The terminology used in the following examples is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in the specification of this application and the appended claims, the singular forms "a", "an", "the" and "the" are intended to include the plural forms as well, such as "one or more", unless the context clearly indicates otherwise. It should also be understood that in the embodiments of the present application, "one or more" means one, two, or more than two; "and/or" describes the association relationship of the associated objects, indicating that three relationships may exist; for example, a and/or B, may represent: a alone, both A and B, and B alone, where A, B may be singular or plural. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship.

Reference throughout this specification to "one embodiment" or "some embodiments," or the like, means that a particular feature, structure, or characteristic described in connection with the embodiment is included in one or more embodiments of the present application. Thus, appearances of the phrases "in one embodiment," "in some embodiments," "in other embodiments," or the like, in various places throughout this specification are not necessarily all referring to the same embodiment, but rather "one or more but not all embodiments" unless specifically stated otherwise. The terms "comprising," "including," "having," and variations thereof mean "including, but not limited to," unless expressly specified otherwise.

The embodiment of the present application provides an authority confirmation method, which may be applicable to an electronic device supporting an SIM card or an embedded subscriber identity module (eSIM). Taking the electronic device supporting the SIM card as an example, the method can prevent the person who finds the mobile phone from replacing the original SIM card with a new SIM card, and using the new SIM card to take the mobile phone as the own. Taking an electronic device supporting an eSIM card as an example, the method can prevent a phone number of a mobile phone user modifying the eSIM card configuration from being picked up.

Fig. 1A is a schematic diagram illustrating an example of an electronic device provided in an embodiment of the present application. It should be understood that the various components shown in fig. 1A may be implemented in hardware, software, or a combination of hardware and software, including one or more signal processing and/or application specific integrated circuits. As shown in fig. 1A, the electronic device 100 includes: processor 110, system-on-chip device 120, display controller 130, CODEC140, manager 150, memory 160, input device 170, modem 180, transceiver 190, and the like. Those skilled in the art will appreciate that the handset configuration shown in fig. 1A is not intended to be limiting and may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components.

As shown in fig. 1A, an interface 151 may also be included in the electronic device 100 for communicating with a SIM card or an eSIM card. Assuming that the electronic device 100 is an electronic device supporting a SIM card, the interface 151 may be a SIM card connector including a main body having a SIM card receiving space, and a plurality of communication slots for receiving conductive terminals of the received SIM card. Electrical signaling contact with the SIM card may be made through the conductive terminals and the socket. Example interfaces may include serial or parallel (e.g., 6 pin or 8 pin) connections. Further, multiple SIM card sizes may be provided (e.g., full size SIM, mini SIM, or micro SIM). In other embodiments, the electronic device 100 may not include multiple SIM card interfaces when multiple subscriptions are associated with a common identity module (e.g., a common SIM). Assuming that the electronic apparatus 100 supports an electronic apparatus of an eSIM card, the interface 151 is used to enable communication between the eSIM card and the manager 150. The manager 150 is used to manage the SIM card or the eSIM card.

As shown in FIG. 1A, the electronic device 100 may also include a speaker 141 and a microphone 142 coupled to the CODEC 140. Fig. 1A also indicates that a CODEC140 can be coupled to the processor 110 and to a modem 180 in communication with a transceiver 190. Where the transceiver 190 is connected to one or more antennas. An example of only one antenna is shown in fig. 1A. In a particular embodiment, the transceiver 190 is coupled to a plurality of antennas, and the modem 180 supports diversity, wherein one of the plurality of antennas is a primary antenna and the other antenna is a secondary antenna. Transceiver 190 may be an RF circuit that may be used to transmit and receive information, for example, downlink information of a base station may be received and then processed by processor 110; uplink data may also be transmitted to the base station. Typically, the RF circuitry includes, but is not limited to, an antenna, at least one amplifier, transceiver, combiner, low noise amplifier, duplexer, and the like. In addition, the RF circuitry may also communicate with networks and other mobile devices via wireless communications. The wireless communication may use any communication standard or protocol including, but not limited to, global system for mobile communications, general packet radio service, code division multiple access, wideband code division multiple access, long term evolution, email, short message service, and the like.

A radio frequency Rx1 path and a radio frequency Tx1 path may be included in the transceiver 190. The memory 160 may be used for storing software programs and data, among other things. The processor 110 executes various functions and data processing of the electronic device 100 by executing software programs and data stored in the memory 160. For example, as shown in FIG. 1A, instructions 161 are stored in memory 160. The instructions 161 may be executable by the processor 110. For example, the instructions 161 may include instructions executable by the processor 110 to receive communication data related to a SIM card or eSIM card at a primary signal input of the modem 180. Wherein the above-mentioned "SIM card or eSIM card related communication data" may be routed to a main signal input (not shown in fig. 1A) of the modem 180 via a main RF path, i.e., Rx1, of the transceiver 190.

The memory 160 may include a program storage area and a data storage area, wherein the program storage area may store an operating system, an application program (such as a sound playing function, an image playing function, etc.) required by at least one function, and the like; the storage data area may store data (e.g., audio data, a phonebook, etc.) created according to the use of the electronic apparatus 100. Further, the memory 160 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device. In the following embodiments, the memory 160 stores an operating system that enables the electronic device 100 to run, such as the iOS operating system developed by apple inc, the Android open source operating system developed by gugo, the Windows operating system developed by microsoft, and the like. An input device 170, such as a touch screen, may be used to receive entered numeric or character information and generate signal inputs related to user settings and function control of the electronic device 100. Specifically, the input device 170 may include a touch panel disposed on the front surface of the electronic apparatus 100, and may collect a touch operation performed by a user (e.g., a user's operation performed by a finger, a stylus, or any other suitable object or accessory on or near the touch panel) thereon or nearby, and drive the corresponding connection device according to a preset program. Alternatively, the touch panel may include two parts, a touch detection device and a touch controller. The touch detection device detects the touch direction of a user, detects a signal brought by touch operation and transmits the signal to the touch controller; the touch controller receives touch information from the touch sensing device, converts the touch information into touch point coordinates, sends the touch point coordinates to the processor 110, and can receive and execute instructions sent by the processor 110. In addition, the touch panel may be implemented in various types such as a resistive type, a capacitive type, an infrared ray, and a surface acoustic wave. The display 131 (i.e., a display screen) may be used to display information input by or provided to the user and a Graphical User Interface (GUI) for various menus of the electronic device 100. The display 131 may include a display panel disposed on a front surface of the electronic device 100. The display panel may be in the form of a liquid crystal display, a light emitting diode, or the like. When the touch panel detects a touch operation on or near the touch panel, the touch operation is transmitted to the processor 110 to determine a touch event, and then the processor 110 provides a corresponding visual output on the display panel according to the type of the touch event. Although the touch panel and the display panel are shown as two separate components in fig. 1A to implement the input and output functions of the electronic device 100, in some embodiments, the touch panel and the display panel may be integrated to implement the input and output functions of the electronic device 100, and the integrated touch panel and display panel may be referred to as a touch display screen. In some other embodiments, the touch panel may further include a pressure-sensitive sensor, so that when a user performs a touch operation on the touch panel, the touch panel can also detect a pressure of the touch operation, and the electronic device 100 can further accurately detect the touch operation. The electronic device 100 may also include at least one sensor 143, such as light sensors, motion sensors, and other sensors. Specifically, the light sensor may include an ambient light sensor and a proximity sensor, wherein the ambient light sensor may adjust brightness of the display panel according to brightness of ambient light, the proximity light sensor is disposed on a front surface of the electronic device 100, and when the electronic device 100 moves to an ear, the electronic device 100 turns off a power supply of the display panel according to detection of the proximity light sensor, so that the electronic device 100 may further save power. As one of the motion sensors, the accelerometer sensor can detect the magnitude of acceleration in each direction (generally three axes), detect the magnitude and direction of gravity when stationary, and can be used to identify the gesture of the mobile phone (such as horizontal and vertical screen conversion, related games, magnetometer gesture calibration), vibration identification related functions (such as pedometer, tapping), and the like; the electronic device 100 may further include other sensors such as a gyroscope, a barometer, a hygrometer, a thermometer, and an infrared sensor, which are not described herein. The CODEC440, the speaker 141, and the microphone 142 may provide an audio interface between a user and the electronic device 100. The CODEC140 may transmit the electrical signal converted from the received audio data to the speaker 141, and convert the electrical signal into an audio signal by the speaker 141 and output the audio signal; on the other hand, the microphone 142 converts the collected sound signal into an electric signal, converts the electric signal into audio data after being received by the CODEC140, and outputs the audio data to the RF circuit 110 to be transmitted to, for example, another cellular phone, or outputs the audio data to the memory 160 for further processing. The processor 110 is a control center of the electronic device 100, connects various parts of the entire cellular phone using various interfaces and lines, and performs various functions of the electronic device 100 and processes data by running or executing software programs stored in the memory 160 and calling data stored in the memory 160, thereby performing overall monitoring of the cellular phone. In some embodiments, processor 110 may include one or more processing units; the processor 110 may also integrate an application processor, which primarily handles operating systems, user interfaces, applications, etc., and a modem processor, which primarily handles wireless communications. It will be appreciated that the modem processor described above may not be integrated into the processor 110. The electronic device 100 may further include a bluetooth module and a Wi-Fi module. The bluetooth module is used for information interaction with other devices through a short-range communication protocol such as bluetooth. For example, the electronic device 100 may establish a bluetooth connection with a wearable electronic device (e.g., a smart watch) that is also equipped with a bluetooth module via the bluetooth module, so as to perform data interaction. Wi-Fi belongs to a short-distance wireless transmission technology, and the electronic device 100 can help a user to receive and send e-mails, browse webpages, access streaming media and the like through a Wi-Fi module, and provides wireless broadband internet access for the user. The electronic device 100 also includes a power source (e.g., a battery) to power the various components. The power supply may be logically coupled to the processor 110 through a power management system to manage charging, discharging, and power consumption functions through the power management system. It is understood that, in the following embodiments, the power source may be used to supply power to the display panel and the touch panel. The methods in the following embodiments may be implemented in the electronic device 100 having the above-described hardware structure.

Fig. 1B shows a functional block diagram of another example of an electronic device provided by an embodiment of the present application. As shown in fig. 1B, the electronic device includes a user identity module 101 and a computer chip 100. Among them, the computer chip 100 includes: a state detection module 102 and a permission confirmation module 103. The computer chip 100 can be connected to a subscriber identity module 101 in the electronic device, and a SIM card or an eSIM card is deployed in the subscriber identity module 101.

It is assumed that a SIM card is deployed in the subscriber identity module 101. The SIM card 101 includes one or more slots (or called card slots), and a plurality of conductive terminals are disposed on an inner surface of the slot and are respectively used for establishing electrical connection with pins (or conductive terminals) of an inserted SIM card. The design of the slot enables the SIM card to be removed or disassembled, namely, the user can replace the SIM card.

Assume that the subscriber identity module 101 is used to deploy an eSIM card. The subscriber identity module 101 may be a module embedded on a device chip (e.g., Soc chip) in which an eSIM card is not removable.

The state detection module 102 is connected to the user identity module 101, and is configured to detect a state of the user identity module 101. For example, whether the user identity of the user identity module 101 is to be replaced. In particular, assuming that a SIM card is deployed in the subscriber identity module 101, the status detection module 102 may be configured to detect whether a new SIM card is inserted in the subscriber identity module 101. For another example, assuming that an eSIM card is deployed in the subscriber identity module 101, the status detection module 102 may be configured to detect whether the eSIM card applies for a new phone number.

Illustratively, the status detection module 102 may be integrated in one of the physical devices of the soc device 120, for example, in the manager 150 or the processor 110, or may be a separate physical device different from the manager 150 and the processor 110.

The permission confirmation module 103 is connected to the status detection module 102, and configured to perform permission confirmation, that is, determine whether the user has a permission to replace the user identity of the electronic device. For example, when the status detection module 102 detects that the user identity is to be changed, the permission confirmation module 103 is notified to perform permission confirmation. And if the permission is confirmed to pass, the user is allowed to change the user identity if the permission shows that the user has the permission to change the user identity of the electronic equipment. If the permission validation fails, which indicates that the user does not have the permission to change the identity of the user of the electronic device, the user identity may be rejected from being changed, for example, corresponding security measures (described later) may be implemented to reject the user identity from being changed. That is, after the user loses the mobile phone, the user can not replace the SIM card or apply for a new phone number without permission.

Illustratively, the permission validation module 103 may be integrated in one physical device of the soc device 120, for example, in the manager 150 or the processor 110, or may be a separate physical device different from the manager 150 and the processor 110.

The state detection module 102 and the permission validation module 103 may be integrated on one physical device, such as a chip. Such as field-programmable gate arrays (FPGAs), or Application Specific Integrated Circuits (ASICs). Or, alternatively, integrated separately on different physical devices. Illustratively, the state detection module 102 and the permission validation module 103 may both be integrated on the system-on-chip device 120 in fig. 1A, or both may be integrated on a SIM card or an eSIM card. Alternatively, the status detection module 102 and the permission confirmation module 103 may be integrated on one system-on-chip device 120, and the other is integrated on a SIM card or an eSIM card, and the like, which is not limited in this embodiment of the present application.

Therefore, the electronic equipment provided by the embodiment of the application can prevent an unauthorized user from easily replacing the SIM card of the electronic equipment or modifying the telephone number by picking up the SIM card of a mobile phone. Or, under the condition that the authority is not confirmed to pass, the mobile phone can be normally used only by using the original SIM card or the original telephone number. Therefore, the possibility that the original phone owner uses the original phone number to keep in contact with the mobile phone so as to retrieve the mobile phone is increased to a certain extent.

The following embodiments are described taking as an example that the electronic apparatus is an electronic apparatus including an eSIM card.

Fig. 2 shows a functional block diagram of an example of an electronic device provided in an embodiment of the present application. As shown in fig. 2, the electronic device includes a user identity module 101 and a computer chip 100, where the user identity module 101 is an eSIM module, in which an eSIM card is deployed, and the eSIM module includes an eSIM control security domain (ECASD), an issuer security domain-configuration file (ISD-P), and an issuer security domain-root (ISD-R). The computer chip 100 includes a status detection module 102 and a permission confirmation module 103.

Among other things, ECASD is used to provide the secure storage needed to support eSIM functionality. The ISD-R is a logical functional entity for communicating with a remote configuration platform. The ISD-P is a security domain for carrying the operator's configuration files. Illustratively, the configuration file may include a personalized profile for providing phone numbers and related services. The related services may include user subscription services, packages, etc.

The ISD-R is used to communicate with a remote configuration platform. The remote configuration platform may be an operator provided platform for providing a configuration file to a customer. The holder of the mobile phone (for example, the person who picks up the mobile phone) requests for opening the card in the business hall where the operator is located, and the operator registers the information of the requested card in the background system of the operator. And the background system stores the relevant information of the applied card to the remote configuration platform. The mobile phone holder acquires the address of the remote configuration platform (for example, the address can be acquired by scanning the two-dimensional code through the mobile phone APP). And the SD-R applies for the configuration file of the eSIM card from the remote configuration platform. The eSIM remote configuration platform sends a write request to the ISD-R to request writing of the configuration file. After the configuration file is written into the eSIM card, the mobile phone can access an operator through the applied telephone number to receive related services.

The ISD-R is also responsible for creating and managing ISD-P. For example, the ISD-R may create an ISD-P for storing a configuration file; or may also empty the configuration file within the ISD-P, etc.

The number of ISD-P may be more than one. For example, when an eSIM card supports multiple phone numbers, each ISD-P of the multiple ISD-ps stores one configuration file.

First scheme

Referring to fig. 3, a flowchart of a method for confirming a right according to an embodiment of the present application is shown. As shown in fig. 3, the flow of the method includes:

301, the ISD-R detects a write request requesting to write to the configuration file. Illustratively, the write request may be a write request sent by the remote configuration platform to the ISD-R.

It should be understood that, before 301, a process of the mobile phone applying for the configuration file from the remote configuration platform may also be included, which is not repeated.

302, ISD-R sends an exception alarm to the status detection module.

The status detection module is connected (e.g., electrically connected) to the ISD-R, and the ISD-R sends an exception alert to the status detection module after detecting the write request. Illustratively, the anomaly alarm may be an electrical signal, e.g., a high or low level signal. The receipt of an exception alarm by the status detection module may determine that the ISD-R detected a write request.

303, the state detection module notifies the permission confirmation module to confirm the permission.

For example, the permission confirmation module may pop up a first interface on the display screen, where the first interface includes an input box of an account (e.g., a system account) and a password. After the user inputs the account and the password, the authority confirmation module matches the account and the password with the pre-stored account and the pre-stored password, if the account and the password are consistent, the authority confirmation is passed, namely the user has the authority for replacing the user identity of the electronic equipment, and if the account and the password are inconsistent, the authority confirmation is not passed, namely the user does not have the authority for replacing the user identity of the electronic equipment. Certainly, the permission confirmation module may also perform fingerprint authentication, face authentication, voice authentication, and the like, and the embodiment of the present application is not limited.

304, judging whether the permission confirmation passes; if not, 305 is performed. If so, the configuration file is approved for writing, e.g., an indication of approval to write is sent to the remote configuration platform.

And 305, if the security policy fails, executing the corresponding security policy.

Illustratively, the security policy may include a variety of conditions. Such as dropping the write request, or not responding to the write request, or sending an instruction to the remote configuration platform to deny the write, etc. Assuming that the remote configuration platform is a physical device in the business hall, after the remote configuration platform receives the instruction of refusing to write, an alarm can be popped up to prompt staff in the business hall that the configuration file cannot be written.

For example, referring to fig. 4, a schematic flow chart of provisioning or replacing a phone number for an eSIM card handset provided by the embodiment of the present application is shown. The display interface shown in fig. 4(a) may be a display interface of a client of a certain operator included in the handset. After detecting the operation of "opening or updating the service of the eSIM card" by clicking, the mobile phone may display an interface as shown in fig. 4(b), where the interface prompts the user to scan a two-dimensional code provided by an operator, and after the scanning is completed, the interface as shown in fig. 4(c) is displayed, where the interface includes an input box for a system account and a password. When the mobile phone determines that the input system account and the password are incorrect, an interface as shown in fig. 4(d) may be displayed, where the interface includes a prompt message that the password is incorrect and the configuration file cannot be downloaded. That is, the mobile phone holder must download the configuration file and replace the phone number successfully when the permission is confirmed.

Therefore, in the first scheme, after the ISD-R detects the write request, the permission can be timely confirmed, the configuration file can be written only if the permission confirmation passes, otherwise, the configuration file cannot be written, and the applied telephone number cannot be normally used.

Optionally, the 301-303 processing may occur when the ISD-R detects the write request for the first time (for example, a user applies for a phone number for the first time after purchasing an eSIM card mobile phone), or when the ISD-R detects the write request for the first time, the permission confirmation is not required, and the permission confirmation is performed after the write request is not detected for the first time.

Second embodiment

Fig. 5 shows another flowchart of the device protection method provided in the embodiment of the present application. As shown in fig. 5, the flow of the method includes:

501, the state detection module detects whether the state of the ISD-P changes, if so, 502 is executed.

Example 1, the state of the ISD-P includes the creation of a new ISD-P.

Each time a telephone number is applied, the ISD-R creates an ISD-P for storing a configuration file corresponding to the telephone number. Thus, when the status detection module detects that a new ISD-P is created, an authority validation can be performed.

For example, when a new phone number is required (e.g., the eSIM module changes from supporting one phone number to supporting two phone numbers originally), the eSIM module creates a new ISD-P for storing a new configuration file. When the status detection module detects that a new ISD-P is created, an authority confirmation may be performed.

Example 2, the state of the ISD-P includes a new configuration file stored in the ISD-P.

For example, when a phone number is replaced, an original profile in the ISD-P for storing a profile corresponding to the original phone number is overwritten by a new profile. Therefore, when the state detection module detects that the configuration files in a certain ISD-P are updated, the authority can be confirmed.

For another example, the eSIM module includes two ISD-ps, where one ISD-P stores a configuration file therein and the other ISD-P is empty. After the status detection module detects that a new configuration file is stored in the other ISD-P, the authority can be confirmed.

502, the status detection module notifies the permission confirmation module to confirm the permission.

The manner in which the permission validation module performs permission validation is described above.

503, judging whether the permission confirmation passes; if not, 504 is performed.

And 504, executing the corresponding security policy.

Illustratively, the corresponding security policy may include: deleting the newly created ISD-P, prohibiting the configuration file from being written in the newly created ISD-P, prohibiting the access to the newly added configuration file, or deleting the newly added configuration file, or sending an alarm message to the remote configuration platform, etc.

For example, referring to fig. 6, a schematic flow chart of provisioning or replacing a phone number for an eSIM card handset provided by the embodiment of the present application is shown. The display interface as shown in fig. 6(a) may be a display interface of a client of a certain operator included in the handset. After detecting the operation of "opening or updating the service of the eSIM card" by clicking, the mobile phone may display an interface as shown in fig. 6(b), where the interface prompts the user to scan the two-dimensional code provided by the operator, and after the scanning is completed, the interface as shown in fig. 6(c) is displayed, and the interface prompts the user to successfully download the configuration file. When the mobile phone detects that the configuration file is updated, an interface as shown in fig. 6(d) may be displayed, where the interface includes input boxes of a system account and a password. When the mobile phone detects that the system account and the password input by the user are incorrect, an interface as shown in fig. 6(e) may be displayed, in which an indication for confirming the permission fails, and the replacement of the eSIM card service fails. Therefore, the mobile phone holder needs to download the configuration file and replace the phone number successfully under the condition that the permission confirmation is passed.

The following description will be given taking an example in which the electronic device is an electronic device including a SIM card.

Fig. 7 shows a functional block diagram of another example of an electronic device provided by an embodiment of the present application. As shown in fig. 7, the electronic device comprises a subscriber identity module 101 and a computer chip 100, wherein the subscriber identity module 101 is a SIM card module, i.e. for deploying a SIM card. The computer chip 100 includes a status detection module 102 and an authority confirmation module 103. The description of the state detection module 102 and the permission confirmation module 103 may refer to the foregoing, and are not repeated. The SIM module 101 includes a card slot for carrying a SIM card, and 8 interfaces connected to the card slot, which are interfaces 1 to 8, respectively, where the 8 interfaces can be connected to 8 pins (or pins) on the SIM card, respectively. Different pins are used to implement different functions. For example, pin 1 is ground, pin 2 is Vpp, pin 3 is an input/output (I/O) port, pins 4 and 5 are Optional pad for USB, pin 6 is clock, pin 7 is reset, and pin 8 is a power supply.

The process of replacing the SIM card by the holder of the mobile phone comprises the following steps: the holder of the mobile phone (e.g., the person who picks up the mobile phone) requests for a card at the business hall where the operator is located, and the operator gives the new SIM card to the holder of the mobile phone. The holder of the mobile phone pulls out the old SIM card and inserts the new SIM card into the card slot, and the 8 interfaces connected with the card slot are respectively in communication connection with the pins on the SIM card.

The state detection module can detect whether a new SIM card is inserted, and if so, the permission confirmation can be carried out through the permission confirmation module. For example, the status detection module may detect whether a new SIM card is inserted, and the status detection module may detect the electrical characteristics of the SIM card in real time. And assuming that the electrical characteristics of the SIM card detected at the first moment are different from the electrical characteristics detected at a second moment before the first moment, indicating that a new SIM card is inserted into the mobile phone.

By way of example, the electrical characteristics may include, but are not limited to, operating voltage, current, resistance, power, etc. of the SIM card. The handset may store the electrical characteristics of the old SIM card. When the state detection module detects that the electrical characteristics of the SIM card change, the SIM card can be determined to be replaced.

As an example, assuming that the interface 3 is connected with input and output (I/O) pins on the SIM card, the state detection module may be electrically connected with the interface 3 to detect the electrical characteristics of the SIM card in real time. Taking the current as an example, the state detection module obtains the current of the SIM card through the interface 3, then compares the current with the stored current, if the current is consistent, it is determined that a new SIM card is not inserted, and if the current is inconsistent, it is determined that a new SIM card is inserted.

And when the state detection module determines that a new SIM card is inserted, the permission confirmation module is informed to confirm the permission. The manner of authority confirmation is similar to the foregoing manner, and is not repeated here.

If the permission validation fails, the mobile phone (for example, a permission validation module in the mobile phone) may execute a corresponding security policy. For example, the new SIM card is not recognized, such as controlling the 8 interfaces to disconnect from the 8 pins on the SIM card. Or, the communication function of the new SIM card is turned off, etc.

In the embodiment of the application, the state detection module and the permission confirmation module can be isolated from the operating system by adopting an isolation mechanism. In this way, the functions of the state detection module and the permission verification module are not lost due to resetting the operating system or flashing. The isolation mechanism may be implemented in various ways, for example, in a hardware isolation manner, and the like, and the embodiments of the present application are not limited thereto.

Based on the same inventive concept, as shown in fig. 8, an embodiment of the present application provides a method for confirming a right, which may be implemented by the electronic device shown in fig. 1A or fig. 1B. For example, by the electronic device including the eSIM card shown in fig. 2, or by the electronic device including the SIM card shown in fig. 7. As shown in fig. 8, the method flow includes:

801, detecting that the electronic device is to replace a user identity, where the user identity includes authentication information for authenticating the user identity in a communication process.

First, an electronic device includes an eSIM module. Implementations of step 801 include, but are not limited to, one or more of the following modes 1-3.

It should be appreciated that a first module is included in the eSIM module that is configured to receive a write request for a configuration file. Illustratively, the first module can be an ISD-R in an eSIM module. For the process of the electronic device detecting whether the ISD-R receives the write request, please refer to the foregoing description, which is not repeated herein.

It should be understood that a second module is included in the eSIM module, the second module being configured to carry the configuration file. Illustratively, the second module may be an ISD-P in an eSIM module. For the process of the electronic device determining whether to store the new configuration file in the ISD-P, please refer to the foregoing description, and details are not repeated.

And if the second module stores the new configuration file, replacing the original user identity of the eSIM module with the user identity corresponding to the new configuration file. Therefore, when the electronic equipment detects that the second module stores a new configuration file, the electronic equipment indicates that the user identity of the electronic equipment is to be changed, at the moment, the permission confirmation is carried out, the new configuration file can be used for realizing the user identity change only through the permission confirmation, the user identity of the mobile phone which is maliciously changed by a mobile phone user is prevented from being picked up, and the mobile phone is occupied.

It should be understood that the eSIM modules include a module for carrying a configuration file, e.g., ISD-P. When the user identity needs to be replaced, the electronic device may create a new ISD-P to store the configuration file corresponding to the new user identity. Therefore, when the electronic equipment detects that a new ISD-P is created in the eSIM module, the electronic equipment indicates that the user identity of the electronic equipment is to be changed, at the moment, the permission confirmation is carried out, and the created new ISD-P can be used for bearing the configuration file only through the permission confirmation, so that the user identity is changed, the user identity of the mobile phone which is maliciously changed by a mobile phone user is prevented from being picked up, and the mobile phone is occupied. For the process of the electronic device detecting whether to create a new ISD-P in the eSIM module, please refer to the foregoing description, which is not repeated herein.

Second, the electronic device includes a SIM module therein.

The electronic equipment detects that the identity of the user is to be replaced, and comprises the following steps: detecting electrical characteristics of a SIM card in a SIM module in the electronic device; determining that the electrical characteristic is different from the stored electrical characteristic. The electrical characteristic includes an operating parameter of the SIM card, and the operating parameter includes at least one of current, voltage, and power, which is not limited in the embodiments of the present application.

It should be understood that a SIM card is a card that is removable from an electronic device, and that the electrical characteristics of different SIM cards differ. Therefore, the electronic equipment can detect whether the electrical characteristics of the SIM card change, if so, the SIM card is replaced, the permission confirmation is carried out, and the new SIM card can be used only after the permission confirmation, so that the user identity of the mobile phone maliciously replaced by the mobile phone user is prevented from being picked up, and the mobile phone is occupied.

As an example, the way in which the electronic device detects the electrical characteristics of the SIM card in the SIM module may be: and detecting the electrical characteristics of the SIM card through a first port in the SIM module, wherein the first port is used for connecting an input/output (I/O) pin on the SIM card. That is, the electronic device may detect the electrical characteristics of the SIM card through the I/O pins. For a specific implementation process, please refer to the foregoing description, which is not repeated herein.

802, judging whether the user has the authority of replacing the user identity of the electronic equipment; if yes, 803 is executed, otherwise 804 is executed.

The manner for the electronic device to determine whether the user has the right to replace the user identity of the electronic device may be: the electronic equipment receives verification information input by a user; if the verification information is consistent with the stored verification information, confirming that the user has the authority of replacing the user identity of the electronic equipment; and if the verification information is inconsistent with the stored verification information, confirming that the user does not have the authority of replacing the user identity of the electronic equipment.

Illustratively, the verification information includes one or more of account information, fingerprint information, facial information, or voice information. For example, only the user who passes fingerprint authentication or face authentication is the user who has the authority to change the user identity of the electronic equipment, so that the user identity of the electronic equipment can be changed, and the method is favorable for avoiding malicious change of the mobile phone user identity of a mobile phone user and taking the mobile phone as the owner.

803 agreeing to replace the user identity when it is determined that the user has the right to replace the user identity of the electronic device;

and 804, refusing to replace the user identity when the user is determined not to have the authority to replace the user identity of the electronic equipment.

For mode 1 in the first case described above, when the authorization confirmation fails (i.e., the user does not have the authorization to change the identity of the user of the electronic device), the user identity is rejected from being changed. The method specifically comprises the following steps: discarding the write request, or not responding to the write request, or sending an indication of a denial of writing to a remote configuration platform; and the like, and the embodiments of the present application are not limited. And when the permission confirmation is unsuccessful, agreeing to replace the user identity. The method specifically comprises the following steps: sending an indication of write consent to the remote configuration platform.

With the mode 2 in the first case described above, when the authority confirmation is not passed, the replacement of the user identity is rejected. The method specifically comprises the following steps: delete the new configuration file, or not run the new configuration file. And when the authority is confirmed to pass, the user identity is agreed to be replaced. The method specifically comprises the following steps: and running the new configuration file to realize the new user identity.

For mode 3 in the first case described above, the permission validation fails, and the user identity is denied for replacement. The method specifically comprises the following steps: deleting the created new module for carrying the configuration file, or prohibiting writing the configuration file in the new module for carrying the configuration file. And the permission is confirmed, and the user identity is agreed to be changed. The method specifically comprises the following steps: writing a new configuration file in the created new module for bearing the configuration file, and running the new configuration file to realize a new user identity.

For the second case, the user identity is refused to be replaced when the permission validation fails. The method specifically comprises the following steps: disconnecting the electronic device from the SIM card, or closing a communication function of the SIM card, and the like, which is not limited in the embodiments of the present application. And the permission is confirmed, and the user identity is agreed to be changed. The method specifically comprises the following steps: and realizing a communication function through the SIM card.

Based on the same inventive concept, as shown in fig. 9, an embodiment of the present application further provides an apparatus 900, where the apparatus 900 includes a right confirmation module 901 and a processing module 902.

In one example, the apparatus 900 is configured to implement the functions of the electronic device in the above-described method. The apparatus may be an electronic device, or an apparatus in an electronic device, such as a system-on-a-chip.

The permission confirming module 901 is configured to determine whether a user has a permission to replace the user identity of the electronic device when the electronic device is to replace the user identity; the user identity comprises authentication information for authenticating the user identity in the communication process;

a processing module 902, configured to, when it is determined that the user has a right to replace the user identity of the electronic device, agree to replace the user identity; and refusing to replace the user identity when the user is confirmed not to have the authority of replacing the user identity of the electronic equipment.

For specific execution procedures of the processing module 902 and the authority confirming module 901, reference may be made to the descriptions in the above method embodiments. The division of the modules in the embodiments of the present application is schematic, and only one logical function division is provided, and in actual implementation, there may be another division manner, and in addition, each functional module in each embodiment of the present application may be integrated in one processor, may also exist alone physically, or may also be integrated in one module by two or more modules. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode.

As another alternative variation, the device may be a system-on-a-chip. In the embodiment of the present application, the chip system may be composed of a chip, and may also include a chip and other discrete devices. Illustratively, the apparatus includes a processor and an interface, which may be an input/output interface. Wherein, the processor completes the functions of the processing module 902 and the authority confirming module 901. The apparatus may further comprise a memory for storing a program operable on a processor, the program when executed by the processor implementing the methods of the various embodiments described above.

Similar to the above concept, as shown in fig. 10, the embodiment of the present application further provides an apparatus 1000. The device 1000 comprises: a communications interface 1001, at least one processor 1002, at least one memory 1003. A communication interface 1001 for communicating with other devices via a transmission medium so that the apparatus used in the apparatus 1000 can communicate with other devices. The memory 1003 is used for storing computer programs. The processor 1002 calls the computer program stored in the memory 1003 to implement the method for confirming the permission provided by the embodiment of the present application.

In the present embodiment, the communication interface 1001 may be a transceiver, a circuit, a bus, a module, or other type of communication interface. The processor 1002 may be a general purpose processor, a digital signal processor, an application specific integrated circuit, a field programmable gate array or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or the like that implement or perform the methods, steps, and logic blocks disclosed in embodiments of the present application. A general purpose processor may be a microprocessor or any conventional processor or the like. The steps of a method disclosed in connection with the embodiments of the present application may be directly implemented by a hardware processor, or may be implemented by a combination of hardware and software modules in a processor. The memory 1003 may be a nonvolatile memory such as a Hard Disk Drive (HDD) or a solid-state drive (SSD), and may also be a volatile memory (RAM), for example, a random-access memory (RAM). The memory is any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer, but is not limited to such. The memory in the embodiments of the present application may also be a circuit or any other device capable of implementing a storage function. The memory 1003 is coupled to the processor 1002. The coupling in the embodiments of the present application is a spaced coupling or communication connection between devices, units or modules, and may be in an electrical, mechanical or other form, and is used for information interaction between the devices, units or modules. As another implementation, the memory 1003 may also be located outside of the device 1000. The processor 1002 may operate in conjunction with the memory 1003. The processor 1002 may execute program instructions stored in the memory 1003. At least one of the at least one memory 1003 may also be included in the processor 1002. The embodiment of the present application does not limit the connection medium among the communication interface 1001, the processor 1002, and the memory 1003. For example, in fig. 10, the memory 1003, the processor 1002, and the communication interface 1001 may be connected by a bus, and the bus may be divided into an address bus, a data bus, a control bus, and the like.

It will be appreciated that the apparatus described above in the embodiment of fig. 9 may be implemented as the apparatus 1000 shown in fig. 10. For example, processing module 902 and permission validation module 901 may both be implemented by processor 1002. Of course, the processing module 902 is implemented by the processor 1002, and it is also possible that the permission confirmation module 901 may be implemented by other devices not used by the processor 1002.

The method provided by the embodiment of the present application may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, cause the processes or functions described in accordance with the embodiments of the invention to occur, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, a network appliance, a user device, or other programmable apparatus. The computer instructions may be stored on a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, the computer instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center via wire (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL)), or wireless (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that incorporates one or more of the available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., Digital Video Disk (DVD)), or a semiconductor medium (e.g., Solid State Disk (SSD)), among others.

The above embodiments are only used to describe the technical solutions of the present application in detail, but the above embodiments are only used to help understanding the method of the embodiments of the present invention, and should not be construed as limiting the embodiments of the present invention. Variations or substitutions that may be readily apparent to one skilled in the art are intended to be included within the scope of the embodiments of the present invention.

Claims

1. An authority confirmation method is applied to an electronic device, and comprises the following steps:

when detecting that the electronic equipment is about to replace the user identity, judging whether the user has the authority of replacing the user identity of the electronic equipment; the user identity comprises authentication information for authenticating the user identity in the communication process;

agreeing to replace the user identity when the user is confirmed to have the right to replace the user identity of the electronic equipment;

and refusing to replace the user identity when the user is confirmed not to have the authority of replacing the user identity of the electronic equipment.

2. The method of claim 1, wherein the detecting that the electronic device is about to change user identity comprises:

detecting that a first module in an embedded subscriber identity (eSIM) module in the electronic device receives a write request, where the write request is for requesting to write a configuration file, and the configuration file includes a file for providing a subscriber identity.

3. The method of claim 2,

the refusing to replace the user identity comprises the following steps: discarding the write request, or not responding to the write request, or sending an indication of a denial of writing to a remote configuration platform;

the agreeing to replace the user identity includes: sending an indication of write consent to the remote configuration platform.

4. The method of claim 1, wherein the detecting that the electronic device is about to change user identity comprises:

detecting that a new configuration file is stored in a second one of the eSIM modules in the electronic device, the new configuration file comprising a file for providing a new user identity.

5. The method of claim 4,

the refusing to replace the user identity comprises the following steps: deleting the new configuration file, or not running the new configuration file;

the agreeing to replace the user identity includes: and running the new configuration file.

6. The method of claim 1, wherein the detecting that the electronic device is about to change user identity comprises:

detecting that a new module for carrying a configuration file is created in an eSIM module in the electronic equipment, wherein the configuration file comprises a file for providing a user identity.

7. The method of claim 6,

the refusing to replace the user identity comprises the following steps: deleting the created new module for carrying the configuration file, or prohibiting writing the configuration file in the new module for carrying the configuration file;

the agreeing to replace the user identity includes: writing a new configuration file in the created new module for bearing the configuration file, and running the new configuration file.

8. The method of claim 1, wherein the detecting that the electronic device is about to change user identity comprises:

detecting electrical characteristics of a SIM card in a SIM module in the electronic device;

determining that the electrical characteristic is different from the stored electrical characteristic.

9. The method of claim 8,

the refusing to replace the user identity comprises the following steps: disconnecting the electronic equipment from the SIM card, or closing the communication function of the SIM card;

the agreeing to replace the user identity includes: and realizing a communication function through the SIM card.

10. The method of claim 8 or 9, wherein the electrical characteristic comprises an operating parameter of the SIM card, the operating parameter comprising at least one of current, voltage, power.

11. The method of any of claims 8-10, wherein the detecting an electrical characteristic of a SIM card in a SIM module in the electronic device comprises:

12. The method of any of claims 1-11, wherein determining whether the user has the authority to change the user identity of the electronic device comprises:

receiving authentication information input by a user;

13. The method of claim 12, wherein the verification information includes one or more of account information, fingerprint information, facial information, or voice information.

14. An electronic device, comprising:

15. The electronic device of claim 14, wherein the electronic device further comprises a status detection module to: detecting whether a first module in an embedded subscriber identity (eSIM) module in the electronic equipment receives a write request; the write request is used for requesting to write a configuration file, and the configuration file comprises a file for providing user identity

16. The electronic device according to claim 15, wherein the processing module, when configured to reject the replacement of the user identity, is specifically configured to: discarding the write request, or not responding to the write request, or sending an indication of a denial of writing to a remote configuration platform;

17. The electronic device of claim 14, wherein the electronic device further comprises a status detection module to: detecting whether a new configuration file is stored in a second module of an eSIM module in the electronic equipment, wherein the new configuration file comprises a file for providing a new user identity;

18. The electronic device according to claim 17, wherein the processing module, when rejecting the replacement of the user identity, is specifically configured to: deleting the new configuration file, or not running the new configuration file;

19. The electronic device of claim 14, wherein the electronic device further comprises a status detection module to: detecting whether a new module for carrying configuration files is created in an eSIM module in the electronic equipment, wherein the configuration files comprise files for providing user identities;

20. The electronic device of claim 19,

when the processing module refuses to replace the user identity, the processing module is specifically configured to: deleting the created new module for carrying the configuration file, or prohibiting writing the configuration file in the new module for carrying the configuration file;

21. The electronic device of claim 14, wherein the electronic device further comprises a status detection module to: detecting electrical characteristics of a SIM card in a SIM module in the electronic device; determining whether the electrical characteristic is different from a stored electrical characteristic;

determining that the electronic device is to replace the user identity when the electrical characteristic is determined to be different from the stored electrical characteristic.

22. The electronic device of claim 21,

when the processing module refuses to replace the user identity, the processing module is specifically configured to: disconnecting the electronic equipment from the SIM card, or closing the communication function of the SIM card;

23. The electronic device of claim 21 or 22, wherein the electrical characteristic comprises an operating parameter of the SIM card, the operating parameter comprising at least one of current, voltage, power.

24. The electronic device according to any of claims 21-23, wherein the state detection module, when configured to detect an electrical characteristic of a SIM card in a SIM module in the electronic device, is specifically configured to:

25. The electronic device according to any of claims 14-24, wherein the permission validation module is specifically configured to: comparing the authentication information input by the received user with the stored authentication information;

26. The electronic device of claim 25, wherein the verification information includes one or more of account information, fingerprint information, facial information, or voice information.

27. An electronic device comprising a processor and a memory; the memory has stored therein program instructions that, when executed, cause the electronic device to perform the method of any of claims 1-13.

28. A chip, wherein the chip is coupled to a memory in an electronic device, such that when run, the chip invokes program instructions stored in the memory to implement the method of any of claims 1-13.

29. A computer-readable storage medium, comprising a computer program which, when run on an electronic device, causes the electronic device to perform the method of any of claims 1-13.