CN113691971A - Network subscription data acquisition method, device and system - Google Patents

Network subscription data acquisition method, device and system Download PDF

Info

Publication number
CN113691971A
CN113691971A CN202010420842.8A CN202010420842A CN113691971A CN 113691971 A CN113691971 A CN 113691971A CN 202010420842 A CN202010420842 A CN 202010420842A CN 113691971 A CN113691971 A CN 113691971A
Authority
CN
China
Prior art keywords
network
terminal
subscription
data
identifier
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010420842.8A
Other languages
Chinese (zh)
Other versions
CN113691971B (en
Inventor
田树一
赵嵩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Corp Ltd
Original Assignee
China Telecom Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Corp Ltd filed Critical China Telecom Corp Ltd
Priority to CN202010420842.8A priority Critical patent/CN113691971B/en
Publication of CN113691971A publication Critical patent/CN113691971A/en
Application granted granted Critical
Publication of CN113691971B publication Critical patent/CN113691971B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • H04W8/183Processing at user equipment or user record carrier
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • H04W8/20Transfer of user or subscriber data
    • H04W8/205Transfer to or from user equipment or user record carrier

Landscapes

  • Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Telephonic Communication Services (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a method, a device and a system for acquiring network subscription data, and relates to the technical field of wireless communication. The method comprises the following steps: receiving a first identifier and a second identifier sent by a terminal; determining a subscription information query server corresponding to the first identifier; sending the second identifier to a subscription information query server so that the subscription information query server queries the subscription network information of the terminal according to the second identifier; and sending the network signing data obtained based on the signing network information to the terminal. The method and the device for acquiring the network subscription data can enable the terminal to acquire the network subscription data under the condition that the terminal does not need to provide the network information signed by the terminal to the network.

Description

Network subscription data acquisition method, device and system
Technical Field
The present disclosure relates to the field of wireless communication technologies, and in particular, to a method, an apparatus, and a system for acquiring network subscription data.
Background
More and more smart devices have wireless communication capabilities and are capable of connecting to a wireless communication network via subscription data and credentials stored in a SIM card to obtain services provided by the network. Some devices have a removable SIM card that a network operator may remove and use a specific machine to enter subscription information and credentials for the device into the SIM card. Some SIM cards in the device are not pluggable, and subscription data and credentials of a specific network need to be recorded into the SIM card before the device leaves a factory, or the subscription data and credentials are acquired through the network after the device leaves the factory.
In the case where some smart devices do not have an input function, and a user cannot notify the smart device of which network the smart device has signed, since the smart device does not know which network the smart device has signed, it cannot indicate which network the smart device wants to acquire subscription data and credentials of which network, and thus the current network cannot verify the device, or cannot determine from which network the subscription data and credentials of the smart device have been retrieved.
Disclosure of Invention
One technical problem to be solved by the present disclosure is to provide a method, an apparatus, and a system for acquiring network subscription data, which enable a terminal to acquire the network subscription data without providing network information of its subscription to a network.
According to an aspect of the present disclosure, a method for acquiring network subscription data is provided, including: receiving a first identifier and a second identifier sent by a terminal; determining a subscription information query server corresponding to the first identifier; sending the second identifier to a subscription information query server so that the subscription information query server queries the subscription network information of the terminal according to the second identifier; and sending the network signing data obtained based on the signing network information to the terminal.
In some embodiments, sending the network subscription data obtained based on the subscription network information to the terminal includes: receiving signing network information returned by a signing information inquiry server; determining a data storage server for storing network subscription data according to the subscription network information; acquiring network subscription data from a data storage server; and sending the network subscription data to the terminal.
In some embodiments, sending the network subscription data obtained based on the subscription network information to the terminal includes: receiving network signing data sent by a signing information inquiry server, wherein the network signing data are obtained by the signing information inquiry server in a corresponding data storage server based on signing network information; and sending the network subscription data to the terminal.
In some embodiments, sending the network subscription data obtained based on the subscription network information to the terminal includes: receiving signing network information returned by a signing information inquiry server; transmitting the signing network information to a terminal; receiving a request for acquiring network subscription data sent by a terminal according to subscription network information; establishing connection with a corresponding data storage server according to the request; acquiring network signing data from a data storage server; and sending the network subscription data to the terminal.
In some embodiments, first terminal authentication data sent by a terminal for an authentication server to authenticate the terminal is received; determining an authentication server corresponding to the first identifier; and sending the first terminal authentication data to an authentication server so that the authentication server authenticates the terminal according to the first terminal authentication data.
In some embodiments, first terminal authentication data for an authentication server to authenticate a terminal and second terminal authentication data for a current network to authenticate the terminal are received; authenticating the terminal based on the second terminal authentication data; and sending the first terminal authentication data to the subscription information inquiry server so that the subscription information inquiry server authenticates the terminal by using the first terminal authentication data through the authentication server corresponding to the first identifier.
In some embodiments, the subscription network information comprises at least one of an identifier of the data storage server, an address of the data storage server, and an identifier of a network in which the data storage server is located.
According to another aspect of the present disclosure, a method for acquiring network subscription data is further provided, including: receiving a first identifier and a second identifier sent by a terminal; determining a subscription information query server corresponding to the first identifier; sending the second identifier to a subscription information query server to receive subscription network information of a subscription information query server for querying the terminal according to the second identifier; transmitting the signing network information to a terminal; receiving a request for acquiring network subscription data sent by a terminal according to subscription network information; determining a data storage server for storing the network subscription data according to the request; and providing a user plane connection to the data storage server to the terminal so that the terminal acquires the network subscription data.
According to another aspect of the present disclosure, a network subscription data obtaining apparatus is further provided, including: a first receiving unit configured to receive a first identifier and a second identifier transmitted by a terminal; a server query unit configured to determine a subscription information query server corresponding to the first identifier; a first sending unit configured to send the second identifier to a subscription information query server so that the subscription information query server queries subscription network information of the terminal according to the second identifier; and a second transmitting unit configured to transmit the network subscription data obtained based on the subscription network information to the terminal.
According to another aspect of the present disclosure, a network subscription data obtaining apparatus is further provided, including: a first receiving unit configured to receive a first identifier and a second identifier transmitted by a terminal; a server query unit configured to determine a subscription information query server corresponding to the first identifier; a first transmitting unit configured to transmit the second identifier to a subscription information query server; a second receiving unit configured to receive subscription network information of the subscription information inquiry server inquiring the terminal according to the second identifier; the interaction unit is configured to send the signing network information to the terminal and receive a request for acquiring network signing data sent by the terminal according to the signing network information; a server determination unit configured to determine, according to the request, a data storage server storing the network subscription data; and a second sending unit configured to provide the terminal with a user plane connection to the data storage server to cause the terminal to acquire the network subscription data.
According to another aspect of the present disclosure, a network subscription data obtaining apparatus is further provided, including: a memory; and a processor coupled to the memory, the processor configured to perform the network subscription data acquisition method as described above based on instructions stored in the memory.
According to another aspect of the present disclosure, a network subscription data obtaining system is further provided, including: the above-mentioned network subscription data acquisition device; the terminal is configured to send the first identifier and the second identifier to the network signing data acquisition device, and receive the network signing data sent by the network signing data acquisition device or acquire the network signing data from the data storage server through the network signing data acquisition device; a subscription information query server configured to query subscription network information of the terminal according to the second identifier; and a data storage server configured to store the network subscription data.
In some embodiments, the system further includes an authentication server configured to receive the first terminal authentication data sent by the network subscription data obtaining device, and authenticate the terminal according to the first terminal authentication data, wherein the terminal is further configured to send the first terminal authentication data to the network subscription data obtaining device.
In some embodiments, the terminal is further configured to send second terminal authentication data for authenticating the terminal with the current network to the network subscription data acquisition device.
According to another aspect of the present disclosure, a non-transitory computer-readable storage medium is also presented, on which computer program instructions are stored, which instructions, when executed by a processor, implement the above-mentioned network subscription data acquisition method.
In the embodiment of the disclosure, after the subscription information query server corresponding to the first identifier is determined, the second identifier is sent to the subscription information query server, so that the subscription information query server queries the subscription network information of the terminal according to the second identifier, and sends the network subscription data obtained based on the subscription network information to the terminal. The terminal can acquire the network subscription data under the condition that the terminal does not need to provide the network information signed by the terminal to the network.
Other features of the present disclosure and advantages thereof will become apparent from the following detailed description of exemplary embodiments thereof, which proceeds with reference to the accompanying drawings.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the description, serve to explain the principles of the disclosure.
The present disclosure may be more clearly understood from the following detailed description, taken with reference to the accompanying drawings, in which:
fig. 1 is a flowchart illustrating some embodiments of a network subscription data acquisition method according to the present disclosure.
Fig. 2 is a flowchart illustrating a network subscription data acquisition method according to another embodiment of the disclosure.
Fig. 3 is a flowchart illustrating a network subscription data acquiring method according to another embodiment of the disclosure.
Fig. 4 is a flowchart illustrating a network subscription data acquiring method according to another embodiment of the disclosure.
Fig. 5 is a flowchart illustrating a network subscription data acquisition method according to another embodiment of the disclosure.
Fig. 6 is a flowchart illustrating a network subscription data acquisition method according to another embodiment of the disclosure.
Fig. 7 is a network architecture diagram of some embodiments of the present disclosure.
Fig. 8 is a flowchart illustrating a network subscription data acquisition method according to another embodiment of the disclosure.
Fig. 9 is a network architecture diagram of some embodiments of the present disclosure.
Fig. 10 is a flowchart illustrating a network subscription data acquisition method according to another embodiment of the disclosure.
Fig. 11 is a network architecture diagram of some embodiments of the present disclosure.
Fig. 12 is a schematic structural diagram of some embodiments of a network subscription data acquisition device according to the present disclosure.
Fig. 13 is a schematic structural diagram of another embodiment of a network subscription data acquisition device according to the present disclosure.
Fig. 14 is a schematic structural diagram of another embodiment of a network subscription data acquisition device according to the present disclosure.
Fig. 15 is a schematic structural diagram of some embodiments of a network subscription data acquisition system according to the present disclosure.
Detailed Description
Various exemplary embodiments of the present disclosure will now be described in detail with reference to the accompanying drawings. It should be noted that: the relative arrangement of the components and steps, the numerical expressions, and numerical values set forth in these embodiments do not limit the scope of the present disclosure unless specifically stated otherwise.
Meanwhile, it should be understood that the sizes of the respective portions shown in the drawings are not drawn in an actual proportional relationship for the convenience of description.
The following description of at least one exemplary embodiment is merely illustrative in nature and is in no way intended to limit the disclosure, its application, or uses.
Techniques, methods, and apparatus known to those of ordinary skill in the relevant art may not be discussed in detail but are intended to be part of the specification where appropriate.
In all examples shown and discussed herein, any particular value should be construed as merely illustrative, and not limiting. Thus, other examples of the exemplary embodiments may have different values.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, further discussion thereof is not required in subsequent figures.
For the purpose of promoting a better understanding of the objects, aspects and advantages of the present disclosure, reference is made to the following detailed description taken in conjunction with the accompanying drawings.
Fig. 1 is a flowchart illustrating some embodiments of a network subscription data acquisition method according to the present disclosure. This embodiment is performed by a network contract data acquisition apparatus that is located in a network having a contract data provision function.
In step 110, the first identifier and the second identifier transmitted by the terminal are received.
In some embodiments, the first identifier is a terminal manufacturer identifier, an identifier agreed with a third party, an identifier of a network having a subscription data providing function, or an identifier of a network in which a data storage server storing network subscription data is located, so that the current network can query an authentication server and a subscription information query server corresponding to the terminal. The authentication server can authenticate the terminal, and the subscription information inquiry server provides subscription information inquiry service for the terminal.
The second identifier is, for example, a terminal identifier from which the subscription information query server can identify the terminal.
In some embodiments, the terminal may transmit the first identifier and the second identifier separately, or may transmit the first identifier and the second identifier by integrating the first identifier and the second identifier into one identifier.
At step 120, a subscription information query server corresponding to the first identifier is determined.
In step 130, the second identifier is sent to the subscription information query server, so that the subscription information query server queries the subscription network information of the terminal according to the second identifier. For example, the subscription information query server queries the subscription network information of the terminal according to the terminal identifier. The subscription network information includes, for example, an identifier of a data storage server storing network subscription data corresponding to the terminal, an address of the data storage server, an identifier of a network in which the data storage server is located, and the like.
In step 140, the network subscription data obtained based on the subscription network information is sent to the terminal. The network subscription data includes, for example, subscription credentials.
For example, a data storage server storing network subscription data is selected based on network information of the terminal subscription, and the network subscription data is retrieved from the data storage server.
In the above embodiment, after determining the subscription information query server corresponding to the first identifier, the network subscription data obtaining device sends the second identifier to the subscription information query server, so that the subscription information query server queries the subscription network information of the terminal according to the second identifier, and sends the network subscription data obtained based on the subscription network information to the terminal. The terminal can acquire the network subscription data under the condition that the terminal does not need to provide the network information signed by the terminal to the network.
Fig. 2 is a flowchart illustrating a network subscription data acquisition method according to another embodiment of the disclosure. This embodiment is performed by a network subscription data acquisition device.
In step 210, a first identifier, a second identifier and first terminal authentication data for an authentication server to authenticate a terminal are received, wherein the first identifier and the second identifier are sent by the terminal. The first terminal authentication data is for example a terminal manufacturer certificate.
At step 220, an authentication server corresponding to the first identifier is determined.
In step 230, the first terminal authentication data is sent to the authentication server.
In step 240, in response to the authentication server authenticating the terminal according to the first terminal authentication data, the subscription information query server corresponding to the first identifier is determined.
At step 250, the second identifier is sent to the subscription information query server.
In step 260, the subscription network information of the terminal queried by the subscription information querying server according to the second identifier is received.
In step 270, a data storage server storing the network subscription data is determined according to the subscription network information.
At step 280, network subscription data is retrieved at the data storage server.
In step 290, the network subscription data is transmitted to the terminal.
In the above embodiment, the network subscription data obtaining device obtains the network subscription data according to the subscription network information of the terminal, and sends the network subscription data to the terminal, so that the terminal obtains the network subscription data through the current network under the condition that the terminal cannot provide the subscription network.
Fig. 3 is a flowchart illustrating a network subscription data acquiring method according to another embodiment of the disclosure. This embodiment is performed by a network subscription data acquisition device.
In step 310, a first identifier, a second identifier and first terminal authentication data for an authentication server to authenticate a terminal are received, wherein the first identifier and the second identifier are sent by the terminal.
At step 320, an authentication server corresponding to the first identifier is determined.
In step 330, the first terminal authentication data is sent to the authentication server.
In step 340, in response to the authentication server authenticating the terminal according to the first terminal authentication data, the subscription information query server corresponding to the first identifier is determined.
In step 350, the second identifier is sent to the subscription information query server, so that the subscription information query server queries the subscription network information of the terminal according to the second identifier.
In step 360, network subscription data sent by the subscription information query server is received, where the network subscription data is obtained by the subscription information query server in the corresponding data storage server based on the subscription network information.
For example, the subscription information query server belongs to a terminal manufacturer network, and the data storage server is a private factory network, and the subscription information query server in the terminal manufacturer network may obtain the network subscription data of the terminal from the data storage server in the private factory network.
In step 370, the network subscription data is transmitted to the terminal.
In the above embodiment, the network subscription data obtaining device determines the authentication server and the subscription information query server, and receives the network subscription data sent by the subscription information query server, so that the terminal can obtain the network subscription data through the current network even when the terminal cannot provide the subscription network.
Fig. 4 is a flowchart illustrating a network subscription data acquiring method according to another embodiment of the disclosure. This embodiment is performed by a network subscription data acquisition device.
In step 410, a first identifier, a second identifier and first terminal authentication data for an authentication server to authenticate a terminal are received, wherein the first identifier and the second identifier are sent by the terminal.
At step 420, an authentication server corresponding to the first identifier is determined.
In step 430, the first terminal authentication data is sent to the authentication server.
In step 440, the subscription information query server corresponding to the first identifier is determined in response to the authentication server passing the authentication of the terminal according to the first terminal authentication data.
At step 450, the second identifier is sent to the subscription information query server.
In step 460, the subscription network information of the terminal queried by the subscription information querying server according to the second identifier is received.
In step 470, the subscription network information is transmitted to the terminal.
In step 480, the receiving terminal receives the request for acquiring the network subscription data sent by the subscription network information. For example, the terminal sends a request to acquire network subscription data through a network control plane.
At step 490, a connection is established with the corresponding data storage server upon request. For example, the network subscription data acquisition device establishes a connection with the data storage server through the control plane.
At step 4100, network subscription data is obtained at the data storage server.
In step 4110, the network subscription data is sent to the terminal.
In the above embodiments, the terminal can obtain the subscription data through the network without knowing the subscription network.
Fig. 5 is a flowchart illustrating a network subscription data acquisition method according to another embodiment of the disclosure. This embodiment is performed by a network subscription data acquisition device.
In step 510, a first identifier and a second identifier transmitted by a terminal are received.
At step 520, a subscription information query server corresponding to the first identifier is determined.
In some embodiments, before step 520, the network subscription data obtaining apparatus may further receive first terminal authentication data for the authentication server to authenticate the terminal, determine an authentication server corresponding to the first identifier, and send the first terminal authentication data to the authentication server, so that the authentication server authenticates the terminal according to the first terminal authentication data. And if the terminal passes the authentication, determining a subscription information inquiry server corresponding to the first identifier.
At step 530, the second identifier is sent to the subscription information query server.
In step 540, the receiving subscription information query server queries the subscription network information of the terminal according to the second identifier.
In step 550, the subscription network information is transmitted to the terminal.
In step 560, the receiving terminal receives the request for acquiring the network subscription data sent by the subscription network information. For example, the terminal sends a request to acquire network subscription data through the network user plane.
At step 570, a data storage server storing the network subscription data is determined according to the request.
At step 580, a user plane connection is provided to the terminal to the data storage server to enable the terminal to obtain the network subscription data.
In the above embodiments, the terminal can obtain the subscription data through the network without knowing the subscription network.
In some embodiments of the present disclosure, the network subscription data obtaining device may further receive second terminal authentication data for authenticating the terminal by the current network, and authenticate the terminal based on the second terminal authentication data. The second terminal authentication data is for example a current network credential.
In this embodiment, if the terminal stores the subscription information of the current network, the terminal may be verified.
In other embodiments of the present disclosure, the network subscription data obtaining device may further send the first terminal authentication data to the subscription information query server, so that the subscription information query server authenticates the terminal by using the first terminal authentication data through the authentication server corresponding to the first identifier.
In some embodiments, the network subscription data acquisition device is located in a first network, the data storage server is located in a second network, and the authentication server and the subscription information query server are located in a third network. The first network, the second network and the third network may be the same network or different networks. For example, the first Network is, for example, SNPN (Stand-alone Non-Public Network), PLMN (Public Land Mobile Network), PNI-NPN (Public Network Integrated Non-Public Network), etc., the second Network is, for example, a private factory Network, a terminal manufacturer Network, SNPN, PNI-NPN, etc., and the third Network is, for example, a terminal manufacturer Network, SNPN, PNI-NPN, PLMN, etc.
In the embodiments shown in fig. 6 and 8, the first network where the network subscription Data acquiring device is located is, for example, SNPN1, and the SNPN1 includes an Access and Mobility Management Function (AMF) and a Unified Data Management Function (UDM). The second network where the data storage server is located is, for example, SNPN2, and the third network where the authentication server and the subscription information inquiry server are located is, for example, the terminal manufacturer's own network. The terminal owns the manufacturer Identifier, the manufacturer digital certificate, the Permanent Equipment Identifier (PEI). The user of the terminal has a contract with the SNPN2, and the data storage server of the SNPN2 stores the contract data of the terminal in the SNPN 2. The terminal does not have subscription information of the SNPN1 and the SNPN2, and does not know which SNPN the terminal has subscribed to.
The embodiment shown in fig. 6 includes the following steps 610-680. The corresponding network architecture of this embodiment is shown in fig. 7.
At step 610, the terminal sends the manufacturer identifier, manufacturer digital certificate, PEI to the AMF of SNPN 1.
At step 620, the AMF of SNPN1 selects a manufacturer authentication server based on the manufacturer identifier.
At step 630, the AMF of SNPN1 sends the manufacturer digital certificate to the authentication server.
The authentication server verifies that the terminal is a legitimate terminal based on the manufacturer certificate in step 640.
At step 650, the AMF of SNPN1 sends subscription data retrieval signaling to the UDM of SNPN 1.
At step 660 the UDM of SNPN1 selects a manufacturer subscription information query server based on the manufacturer identifier and sends the terminal PEI to the subscription information query server.
In step 670, the subscription information query server queries that the terminal has subscribed to SNPN2 through PEI, and then sends the SNPN2 identifier to the UDM of SNPN 1.
In this embodiment, the data storage server address or identifier of SNPN2 may also be sent to the UDM of SNPN 1.
In step 680, the UDM of SNPN1 selects the data storage server of SNPN2 based on the SNPN2 identifier, retrieves the subscription data of the terminal at SNPN2 from it and sends it to the terminal.
In some embodiments, the SNPN1 may also provide the terminal with a user plane connection for the terminal to a data storage server of the SNPN2, with the terminal obtaining subscription data from the SNPN 2.
The embodiment shown in fig. 8 includes the following steps 710-780. The network architecture corresponding to this embodiment is shown in fig. 9.
At step 810, the terminal sends the manufacturer identifier, manufacturer digital certificate, PEI to the AMF of SNPN 1.
At step 820, the AMF of SNPN1 selects a manufacturer authentication server based on the manufacturer identifier.
At step 830, the AMF of SNPN1 sends the manufacturer digital certificate to the authentication server.
The authentication server verifies that the terminal is a legitimate terminal according to the manufacturer certificate in step 840.
At step 850, the AMF of SNPN1 selects a manufacturer contract information query server based on the manufacturer identifier and sends the terminal PEI to the contract information query server.
In step 860, the subscription information query server queries the terminal that the terminal is subscribed to the SNPN2 through the PEI, and transmits the address of the data storage server of the SNPN2 to the AMF of the SNPN 1.
At step 870, the AMF of SNPN1 gives the terminal the data storage server address of SNPN 2.
In step 880, the terminal establishes a connection with the data storage server of SNPN2 in SNPN1 through the data storage server address of SNPN2 and retrieves the subscription data of the terminal at SNPN2 therefrom.
In the embodiments shown in fig. 6 and 8, the current network retrieves the network information signed by the terminal from the manufacturer network, and then retrieves the subscription data of the terminal from the terminal signed network, which can solve the problem that the terminal does not have the subscription information of SNPN1 and SNPN2, and does not know which SNPN the terminal signs up to, so that the subscription data cannot be obtained.
Fig. 10 is a flowchart illustrating a network subscription data acquisition method according to another embodiment of the disclosure. The first network where the network subscription data acquisition device is located is, for example, a PLMN, and includes an AMF, a UDM, and an Authentication Server Function (AUSF). The second network where the data storage server is located is for example a private factory network. The third network where the authentication server and the subscription information inquiry server are located is the terminal manufacturer's own network. The subscription information query server in the terminal manufacturer network may obtain the subscription credentials of the terminal from the data storage server in the private factory network. The user of the terminal has signed an agreement with both the PLMN and the private factory network, and the terminal can only access the private factory network through a specific slice in the PLMN, for which PLMN subscription data and credentials and private factory network credentials need to be provided. The terminal possesses the manufacturer identifier, the manufacturer digital certificate, the PEI, the PLMN subscription data and credentials, but the terminal does not have credentials for the private factory network, nor does it know which private factory network it has subscribed to. The network architecture corresponding to this embodiment is shown in fig. 11.
In step 1010, the terminal sends the PLMN AMF a manufacturer identifier, a manufacturer digital certificate, PEI, PLMN credentials.
In step 1020, the AMF of the PLMN verifies the terminal as a valid terminal according to the PLMN credential through AUSF in the PLMN.
At step 1030, the AMF of the PLMN sends subscription data retrieval signaling to the UDM of the PLMN.
In step 1040, the UDM of the PLMN selects a manufacturer subscription information query server according to the manufacturer identifier, and sends the terminal PEI and the manufacturer digital certificate to the subscription information query server.
In step 1050, the subscription information query server verifies that the terminal is a legitimate terminal according to the manufacturer digital certificate through the manufacturer authentication server.
In step 1060, the contract information query server retrieves the certificate of the terminal in the private factory network from the data storage server of the private factory network according to the PEI and the contract information of the terminal.
In step 1070, the subscription information query server sends the credentials of the private factory network to the UDM of the PLMN.
The UDM of the PLMN sends the terminal's credentials at the private factory network to the terminal in step 1080.
In the above embodiments, the terminal is able to acquire the subscription data through the network, and the terminal does not need to provide the network with information of the network it subscribes to.
Fig. 12 is a schematic structural diagram of some embodiments of a network subscription data acquisition device according to the present disclosure. The network subscription data acquiring device includes a first receiving unit 1210, a server querying unit 1220, a first sending unit 1230, and a second sending unit 1240. The functions of the first receiving unit 1210, the server querying unit 1220, the first transmitting unit 1230, and the second transmitting unit 1240 may be implemented by the AMF and the UDM.
The first receiving unit 1210 is configured to receive a first identifier and a second identifier transmitted by a terminal.
In some embodiments, the first identifier is a terminal manufacturer identifier, an identifier agreed with a third party, an identifier of a network having a function of providing subscription data, or an identifier of a network in which a data storage server storing network subscription data is located, and the second identifier is, for example, a terminal identifier.
The server querying unit 1220 is configured to determine a subscription information query server corresponding to the first identifier.
The first transmitting unit 1230 is configured to transmit the second identifier to the subscription information query server, so that the subscription information query server queries the subscription network information of the terminal according to the second identifier. For example, the subscription information query server queries the subscription network information of the terminal according to the terminal identifier. The subscription network information includes, for example, an identifier of a data storage server storing network subscription data corresponding to the terminal, an address of the data storage server, an identifier of a network in which the data storage server is located, and the like.
The second transmitting unit 1240 is configured to transmit network subscription data obtained based on the subscription network information to the terminal.
In the above embodiment, after determining the subscription information query server corresponding to the first identifier, the network subscription data obtaining device sends the second identifier to the subscription information query server, so that the subscription information query server queries the subscription network information of the terminal according to the second identifier, and sends the network subscription data obtained based on the subscription network information to the terminal. The terminal can acquire the network subscription data under the condition that the terminal does not need to provide the network information signed by the terminal to the network.
Fig. 13 is a schematic structural diagram of another embodiment of a network subscription data acquisition device according to the present disclosure. The network subscription data acquiring apparatus includes a first receiving unit 1110, a server querying unit 1220, a first sending unit 1230, a second sending unit 1240, a second receiving unit 1310, and a server determining unit 1320.
The first receiving unit 1210 is configured to receive a first identifier, a second identifier, and first terminal authentication data for an authentication server to authenticate a terminal, which are transmitted by the terminal.
In some embodiments, the first receiving unit 1210 is further configured to receive second terminal authentication data for authenticating the terminal by the current network.
The server querying unit 1220 is configured to determine an authentication server corresponding to the first identifier.
The first transmitting unit 1230 is configured to transmit the second identifier to the subscription information query server.
In some embodiments, the first sending unit 1230 is further configured to send the first terminal authentication data to an authentication server, which authenticates the terminal.
In some embodiments, the server querying unit 1220 is configured to determine the subscription information querying server corresponding to the first identifier in response to the authentication server authenticating the terminal according to the first terminal authentication data.
The first sending unit 1230 is further configured to send the second identifier to the subscription information query server.
The second receiving unit 1310 is configured to receive the subscription network information of the terminal queried by the subscription information query server according to the second identifier.
The server determining unit 1320 is configured to determine a data storage server storing the network subscription data according to the subscription network information.
The second transmitting unit 1240 is configured to acquire the network subscription data in the data storage server and transmit the network subscription data to the terminal.
In some embodiments, the second receiving unit 1310 is further configured to receive the network subscription data sent by the subscription information query server, where the network subscription data is obtained by the subscription information query server in the corresponding data storage server based on the subscription network information. The second transmitting unit 1240 is configured to transmit the network subscription data transmitted by the subscription information query server to the terminal.
In other embodiments of the present disclosure, the system further includes a terminal interaction unit 1330 configured to send the subscription network information to the terminal, and receive a request for acquiring network subscription data sent by the terminal according to the subscription network information. For example, the terminal sends a request to acquire network subscription data through the control plane. The server determining unit 1320 is further configured to establish a connection with a corresponding data storage server according to the request. For example, a connection is established with a data storage server through a control plane. The second transmitting unit 1240 is configured to acquire the network subscription data in the data storage server and transmit the network subscription data to the terminal.
In other embodiments, the terminal interaction unit 1330 is configured to send the subscription network information to the terminal, and receive a request for acquiring network subscription data sent by the terminal according to the subscription network information. For example, the terminal sends a request for acquiring network subscription data through the user plane. The server determining unit 1320 is further configured to determine a data storage server storing the network subscription data according to the request. The second sending unit 1240 is configured to provide the terminal with a user plane connection to the data storage server to enable the terminal to acquire the network subscription data.
Fig. 14 is a schematic structural diagram of another embodiment of a network subscription data acquisition device according to the present disclosure. The apparatus includes a memory 1410 and a processor 1420. Wherein: the memory 1410 may be a magnetic disk, flash memory, or any other non-volatile storage medium. The memory is used to store instructions in the embodiments corresponding to fig. 1-11. Processor 1420 is coupled to memory 1410 and may be implemented as one or more integrated circuits, such as a microprocessor or microcontroller. The processor 1420 is used to execute instructions stored in memory.
In some embodiments, processor 1420 is coupled to memory 1410 through BUS BUS 1430. The electronic device 1400 may also be connected to an external storage system 1450 via a storage interface 1440 for accessing external data, and may also be connected to a network or another computer system (not shown) via a network interface 1460. And will not be described in detail herein.
In this embodiment, the terminal is enabled to acquire the network subscription data without providing the network information of its subscription to the network.
Fig. 15 is a schematic structural diagram of some embodiments of a network subscription data acquisition system according to the present disclosure. The system includes a network subscription data acquisition device 1510, a terminal 1520, a subscription information query server 1530 and a data storage server 1540, where the network subscription data acquisition device 1510 has been described in detail in the above embodiments.
The terminal 1520 is configured to transmit the first identifier and the second identifier to the network contract data acquisition device 1510, and receive the network contract data transmitted by the network contract data acquisition device 1510 or acquire the network contract data at the data storage server 1540 through the network contract data acquisition device 1510.
In some embodiments, the terminal 1520 is further configured to send first terminal authentication data for the authentication server to authenticate the terminal and second terminal authentication data for the current network to authenticate the terminal to the network subscription data obtaining means 1510.
In some embodiments, the terminal 1520 is further configured to send a request to the network subscription data acquisition device 1510 to acquire network subscription data.
The subscription information query server 1530 is configured to query the subscription network information of the terminal according to the second identifier.
The data storage server 1540 is configured to store network subscription data.
In some embodiments, the system further includes an authentication server 1550 configured to receive the first terminal authentication data sent by the network subscription data obtaining apparatus, and authenticate the terminal according to the first terminal authentication data.
In other embodiments, a computer-readable storage medium has stored thereon computer program instructions which, when executed by a processor, implement the steps of the method in the embodiments corresponding to fig. 1-11. As will be appreciated by one skilled in the art, embodiments of the present disclosure may be provided as a method, apparatus, or computer program product. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present disclosure may take the form of a computer program product embodied on one or more computer-usable non-transitory storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present disclosure is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the disclosure. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Thus far, the present disclosure has been described in detail. Some details that are well known in the art have not been described in order to avoid obscuring the concepts of the present disclosure. It will be fully apparent to those skilled in the art from the foregoing description how to practice the presently disclosed embodiments.
Although some specific embodiments of the present disclosure have been described in detail by way of example, it should be understood by those skilled in the art that the foregoing examples are for purposes of illustration only and are not intended to limit the scope of the present disclosure. It will be appreciated by those skilled in the art that modifications may be made to the above embodiments without departing from the scope and spirit of the present disclosure. The scope of the present disclosure is defined by the appended claims.

Claims (15)

1. A network subscription data acquisition method comprises the following steps:
receiving a first identifier and a second identifier sent by a terminal;
determining a subscription information query server corresponding to the first identifier;
sending the second identifier to the subscription information query server so that the subscription information query server queries the subscription network information of the terminal according to the second identifier; and
and sending the network signing data obtained based on the signing network information to the terminal.
2. The method for acquiring network subscription data according to claim 1, wherein sending the network subscription data obtained based on the subscription network information to the terminal includes:
receiving the signing network information returned by the signing information inquiry server;
determining a data storage server for storing network subscription data according to the subscription network information;
acquiring the network signing data in the data storage server; and
and sending the network subscription data to the terminal.
3. The method for acquiring network subscription data according to claim 1, wherein sending the network subscription data obtained based on the subscription network information to the terminal includes:
receiving the network subscription data sent by the subscription information query server, wherein the network subscription data is obtained by the subscription information query server in a corresponding data storage server based on the subscription network information; and
and sending the network subscription data to the terminal.
4. The method for acquiring network subscription data according to claim 1, wherein sending the network subscription data obtained based on the subscription network information to the terminal includes:
receiving the signing network information returned by the signing information inquiry server;
sending the signing network information to the terminal;
receiving a request for acquiring network subscription data sent by the terminal according to the subscription network information;
establishing connection with a corresponding data storage server according to the request;
acquiring the network signing data at the data storage server; and
and sending the network subscription data to the terminal.
5. The network subscription data acquisition method of any of claims 1 to 4, further comprising:
receiving first terminal authentication data which is sent by the terminal and used for an authentication server to authenticate the terminal;
determining an authentication server corresponding to the first identifier; and
and sending the first terminal authentication data to the authentication server so that the authentication server authenticates the terminal according to the first terminal authentication data.
6. The network subscription data acquisition method of any of claims 1 to 4, further comprising:
receiving first terminal authentication data used for an authentication server to authenticate the terminal and second terminal authentication data used for a current network to authenticate the terminal;
authenticating the terminal based on the second terminal authentication data; and
and sending the first terminal authentication data to the subscription information inquiry server so that the subscription information inquiry server authenticates the terminal by using the first terminal authentication data through the authentication server corresponding to the first identifier.
7. The network subscription data acquisition method of any one of claims 2 to 4,
the subscription network information includes at least one of an identifier of the data storage server, an address of the data storage server, and an identifier of a network in which the data storage server is located.
8. A network subscription data acquisition method comprises the following steps:
receiving a first identifier and a second identifier sent by a terminal;
determining a subscription information query server corresponding to the first identifier;
sending the second identifier to the subscription information query server;
receiving the signed network information of the terminal inquired by the signed information inquiry server according to the second identifier;
sending the signing network information to the terminal;
receiving a request for acquiring network subscription data sent by the terminal according to the subscription network information;
determining a data storage server for storing the network subscription data according to the request; and
and providing a user plane connection to the data storage server for the terminal so as to enable the terminal to acquire the network subscription data.
9. A network subscription data acquisition apparatus, comprising:
a first receiving unit configured to receive a first identifier and a second identifier transmitted by a terminal;
a server query unit configured to determine a subscription information query server corresponding to the first identifier;
a first sending unit, configured to send the second identifier to the subscription information query server, so that the subscription information query server queries subscription network information of the terminal according to the second identifier; and
and the second sending unit is configured to send the network subscription data obtained based on the subscription network information to the terminal.
10. A network subscription data acquisition apparatus, comprising:
a first receiving unit configured to receive a first identifier and a second identifier transmitted by a terminal;
a server query unit configured to determine a subscription information query server corresponding to the first identifier;
a first sending unit configured to send the second identifier to the subscription information query server;
a second receiving unit configured to receive the subscription network information of the terminal queried by the subscription information query server according to the second identifier;
the terminal interaction unit is configured to send the signing network information to the terminal and receive a request for acquiring network signing data sent by the terminal according to the signing network information;
a server determination unit configured to determine, according to the request, a data storage server storing network subscription data; and
a second sending unit configured to provide the terminal with a user plane connection to the data storage server so as to enable the terminal to acquire network subscription data.
11. A network subscription data acquisition apparatus, comprising:
a memory; and
a processor coupled to the memory, the processor configured to perform the network subscription data acquisition method of any of claims 1 to 8 based on instructions stored in the memory.
12. A network subscription data acquisition system, comprising:
a network subscription data acquisition device as claimed in any one of claims 9 to 11;
the terminal is configured to send a first identifier and a second identifier to the network signing data acquisition device, and receive the network signing data sent by the network signing data acquisition device or acquire the network signing data in a data storage server through the network signing data acquisition device;
a subscription information query server configured to query subscription network information of the terminal according to the second identifier; and
a data storage server configured to store the network subscription data.
13. The network subscription data acquisition system of claim 12, further comprising:
and the authentication server is configured to receive first terminal authentication data sent by the network subscription data acquisition device and authenticate the terminal according to the first terminal authentication data, wherein the terminal is further configured to send the first terminal authentication data to the network subscription data acquisition device.
14. The network subscription data acquisition system of claim 12,
the terminal is further configured to send second terminal authentication data for authenticating the terminal with the current network to the network subscription data acquisition device.
15. A non-transitory computer readable storage medium having stored thereon computer program instructions which, when executed by a processor, implement the network subscription data acquisition method of any of claims 1 to 8.
CN202010420842.8A 2020-05-18 2020-05-18 Network subscription data acquisition method, device and system Active CN113691971B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010420842.8A CN113691971B (en) 2020-05-18 2020-05-18 Network subscription data acquisition method, device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010420842.8A CN113691971B (en) 2020-05-18 2020-05-18 Network subscription data acquisition method, device and system

Publications (2)

Publication Number Publication Date
CN113691971A true CN113691971A (en) 2021-11-23
CN113691971B CN113691971B (en) 2022-07-22

Family

ID=78575636

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010420842.8A Active CN113691971B (en) 2020-05-18 2020-05-18 Network subscription data acquisition method, device and system

Country Status (1)

Country Link
CN (1) CN113691971B (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101155068A (en) * 2006-09-27 2008-04-02 中兴通讯股份有限公司 System and method for acquiring information of terminal unit contractual capacity
US20140007200A1 (en) * 2010-11-08 2014-01-02 Samsung Electronics Co., Ltd. Providing access of a user equipment to a data network
WO2014014477A1 (en) * 2012-07-20 2014-01-23 Hewlett-Packard Development Company, L.P. Migrating applications between networks
EP2779715A1 (en) * 2011-11-24 2014-09-17 Huawei Technologies Co., Ltd. Method, device and system for processing closed subscriber group subscription data request
EP3157223A1 (en) * 2015-10-14 2017-04-19 Alcatel Lucent Method and systems for associating subscriber identification information with a subscriber-side network termination identifier
CN110650500A (en) * 2018-06-26 2020-01-03 电信科学技术研究院有限公司 AMF, network slice selection method and AMF
CN110808942A (en) * 2018-08-06 2020-02-18 华为技术有限公司 Subscription information configuration method and communication equipment

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101155068A (en) * 2006-09-27 2008-04-02 中兴通讯股份有限公司 System and method for acquiring information of terminal unit contractual capacity
US20140007200A1 (en) * 2010-11-08 2014-01-02 Samsung Electronics Co., Ltd. Providing access of a user equipment to a data network
EP2779715A1 (en) * 2011-11-24 2014-09-17 Huawei Technologies Co., Ltd. Method, device and system for processing closed subscriber group subscription data request
WO2014014477A1 (en) * 2012-07-20 2014-01-23 Hewlett-Packard Development Company, L.P. Migrating applications between networks
EP3157223A1 (en) * 2015-10-14 2017-04-19 Alcatel Lucent Method and systems for associating subscriber identification information with a subscriber-side network termination identifier
CN110650500A (en) * 2018-06-26 2020-01-03 电信科学技术研究院有限公司 AMF, network slice selection method and AMF
CN110808942A (en) * 2018-08-06 2020-02-18 华为技术有限公司 Subscription information configuration method and communication equipment

Also Published As

Publication number Publication date
CN113691971B (en) 2022-07-22

Similar Documents

Publication Publication Date Title
CN108737418B (en) Identity authentication method and system based on block chain
CN108768970B (en) Binding method of intelligent equipment, identity authentication platform and storage medium
KR102398276B1 (en) Method and apparatus for downloading and installing a profile
CN106851628B (en) Method and device for downloading files of operator
CN102684961B (en) Method, device and system for processing household appliance information
US20160301529A1 (en) Method and apparatus for managing a profile of a terminal in a wireless communication system
EP3389295A1 (en) Multi-terminal mapping system and method for virtual sim card
US20220295269A1 (en) Network access authentication method and device
US11838752B2 (en) Method and apparatus for managing a profile of a terminal in a wireless communication system
EP3972306B1 (en) Information verification method and related device
CN112956155B (en) Apparatus and method for negotiating digital certificate between SSP device and server
US20200228981A1 (en) Authentication method and device
CN106534082B (en) User registration method and device
CN105898733A (en) Machine changing method and device based on eSIM card, mobile terminal and server
CN111065090A (en) Method for establishing network connection and wireless routing equipment
CN112819454B (en) Payment method, gateway device, server and storage medium
US20160316311A1 (en) Method and apparatus for provisioning an operational subscription
US20230300596A1 (en) Remote subscription profile download
CN106685914B (en) Information verification method, server and client
CN113691971B (en) Network subscription data acquisition method, device and system
CN104898472A (en) Terminal control method and device
CN111132266B (en) Terminal access method and system and cloud server
US11178534B2 (en) Management of a subscriber entity
CN109729515B (en) Method for realizing machine-card binding, user identification card and Internet of things terminal
CN113676985B (en) Terminal access control method, device, system, terminal and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant