CN113691971B - Network subscription data acquisition method, device and system - Google Patents

Network subscription data acquisition method, device and system Download PDF

Info

Publication number
CN113691971B
CN113691971B CN202010420842.8A CN202010420842A CN113691971B CN 113691971 B CN113691971 B CN 113691971B CN 202010420842 A CN202010420842 A CN 202010420842A CN 113691971 B CN113691971 B CN 113691971B
Authority
CN
China
Prior art keywords
network
terminal
subscription
data
identifier
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010420842.8A
Other languages
Chinese (zh)
Other versions
CN113691971A (en
Inventor
田树一
赵嵩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Corp Ltd
Original Assignee
China Telecom Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Corp Ltd filed Critical China Telecom Corp Ltd
Priority to CN202010420842.8A priority Critical patent/CN113691971B/en
Publication of CN113691971A publication Critical patent/CN113691971A/en
Application granted granted Critical
Publication of CN113691971B publication Critical patent/CN113691971B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • H04W8/183Processing at user equipment or user record carrier
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • H04W8/20Transfer of user or subscriber data
    • H04W8/205Transfer to or from user equipment or user record carrier

Landscapes

  • Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Telephonic Communication Services (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a method, a device and a system for acquiring network subscription data, and relates to the technical field of wireless communication. The method comprises the following steps: receiving a first identifier and a second identifier sent by a terminal; determining a subscription information query server corresponding to the first identifier; sending the second identifier to a subscription information query server so that the subscription information query server queries the subscription network information of the terminal according to the second identifier; and sending the network signing data obtained based on the signing network information to the terminal. The method and the device can enable the terminal to acquire the network subscription data under the condition that the terminal does not need to provide the network information signed by the terminal to the network.

Description

Network subscription data acquisition method, device and system
Technical Field
The present disclosure relates to the field of wireless communication technologies, and in particular, to a method, an apparatus, and a system for acquiring network subscription data.
Background
More and more smart devices have wireless communication capabilities and are able to access the services provided by the network by connecting to the wireless communication network via subscription data and credentials stored in the SIM card. Some devices have removable SIM cards that can be removed by a network operator and used by a particular machine to enter subscription information and credentials for the device into the SIM card. Some SIM cards in the device are not pluggable, and subscription data and credentials of a specific network need to be recorded into the SIM card before the device leaves a factory, or the subscription data and credentials are acquired through the network after the device leaves the factory.
In the case where some smart devices do not have an input function, and a user cannot notify the smart device of which network the smart device has signed, since the smart device does not know which network the smart device has signed, it cannot indicate which network the smart device wants to acquire subscription data and credentials of which network, and thus the current network cannot verify the device, or cannot determine from which network the subscription data and credentials of the smart device have been retrieved.
Disclosure of Invention
One technical problem to be solved by the present disclosure is to provide a method, an apparatus, and a system for acquiring network subscription data, which enable a terminal to acquire the network subscription data without providing network information of its subscription to a network.
According to an aspect of the present disclosure, a method for acquiring network subscription data is provided, including: receiving a first identifier and a second identifier sent by a terminal; determining a subscription information query server corresponding to the first identifier; sending the second identifier to a subscription information query server so that the subscription information query server queries the subscription network information of the terminal according to the second identifier; and sending the network subscription data obtained based on the subscription network information to the terminal.
In some embodiments, sending the network subscription data obtained based on the subscription network information to the terminal includes: receiving signing network information returned by a signing information inquiry server; determining a data storage server for storing network subscription data according to the subscription network information; acquiring network subscription data from a data storage server; and sending the network subscription data to the terminal.
In some embodiments, sending the network subscription data obtained based on the subscription network information to the terminal includes: receiving network signing data sent by a signing information inquiry server, wherein the network signing data are obtained by the signing information inquiry server in a corresponding data storage server based on signing network information; and sending the network subscription data to the terminal.
In some embodiments, sending the network subscription data obtained based on the subscription network information to the terminal includes: receiving signing network information returned by a signing information inquiry server; sending the signing network information to a terminal; receiving a request for acquiring network subscription data sent by a terminal according to subscription network information; establishing connection with a corresponding data storage server according to the request; acquiring network signing data from a data storage server; and sending the network subscription data to the terminal.
In some embodiments, first terminal authentication data sent by a terminal for an authentication server to authenticate the terminal is received; determining an authentication server corresponding to the first identifier; and sending the first terminal authentication data to an authentication server so that the authentication server authenticates the terminal according to the first terminal authentication data.
In some embodiments, first terminal authentication data for an authentication server to authenticate a terminal and second terminal authentication data for a current network to authenticate the terminal are received; authenticating the terminal based on the second terminal authentication data; and sending the first terminal authentication data to the subscription information inquiry server so that the subscription information inquiry server authenticates the terminal by using the first terminal authentication data through the authentication server corresponding to the first identifier.
In some embodiments, the subscription network information comprises at least one of an identifier of the data storage server, an address of the data storage server, and an identifier of a network in which the data storage server is located.
According to another aspect of the present disclosure, a method for acquiring network subscription data is further provided, including: receiving a first identifier and a second identifier sent by a terminal; determining a subscription information query server corresponding to the first identifier; sending the second identifier to a subscription information query server, receiving subscription network information of a subscription information query server according to the second identifier query terminal; transmitting the signing network information to a terminal; receiving a request for acquiring network subscription data sent by a terminal according to subscription network information; determining a data storage server for storing the network subscription data according to the request; and providing a user plane connection to the data storage server to the terminal so that the terminal acquires the network subscription data.
According to another aspect of the present disclosure, a network subscription data obtaining apparatus is further provided, including: a first receiving unit configured to receive a first identifier and a second identifier transmitted by a terminal; a server query unit configured to determine a subscription information query server corresponding to the first identifier; a first sending unit configured to send the second identifier to a subscription information query server so that the subscription information query server queries subscription network information of the terminal according to the second identifier; and a second transmitting unit configured to transmit the network subscription data obtained based on the subscription network information to the terminal.
According to another aspect of the present disclosure, a network subscription data obtaining apparatus is further provided, including: a first receiving unit configured to receive a first identifier and a second identifier transmitted by a terminal; a server query unit configured to determine a subscription information query server corresponding to the first identifier; a first transmitting unit configured to transmit the second identifier to a subscription information query server; a second receiving unit configured to receive subscription network information of the subscription information inquiry server inquiring the terminal according to the second identifier; the interaction unit is configured to send the signing network information to the terminal and receive a request for acquiring network signing data sent by the terminal according to the signing network information; a server determination unit configured to determine, according to the request, a data storage server storing the network subscription data; and a second sending unit configured to provide the terminal with a user plane connection to the data storage server to cause the terminal to acquire the network subscription data.
According to another aspect of the present disclosure, a network subscription data obtaining apparatus is further provided, including: a memory; and a processor coupled to the memory, the processor configured to perform the network subscription data acquisition method as described above based on instructions stored in the memory.
According to another aspect of the present disclosure, a network subscription data acquiring system is further provided, including: the above-mentioned network subscription data acquisition device; the terminal is configured to send the first identifier and the second identifier to the network signing data acquisition device, and receive the network signing data sent by the network signing data acquisition device or acquire the network signing data from the data storage server through the network signing data acquisition device; a subscription information query server configured to query subscription network information of the terminal according to the second identifier; and a data storage server configured to store the network subscription data.
In some embodiments, the system further includes an authentication server configured to receive the first terminal authentication data sent by the network subscription data obtaining device, and authenticate the terminal according to the first terminal authentication data, wherein the terminal is further configured to send the first terminal authentication data to the network subscription data obtaining device.
In some embodiments, the terminal is further configured to send second terminal authentication data for authenticating the terminal with the current network to the network subscription data acquisition device.
According to another aspect of the present disclosure, a non-transitory computer-readable storage medium is also presented, on which computer program instructions are stored, which when executed by a processor implement the above-mentioned network subscription data acquisition method.
In the embodiment of the disclosure, after the subscription information query server corresponding to the first identifier is determined, the second identifier is sent to the subscription information query server, so that the subscription information query server queries the subscription network information of the terminal according to the second identifier, and sends the network subscription data obtained based on the subscription network information to the terminal. The terminal can acquire the network subscription data under the condition that the terminal does not need to provide the network information signed by the terminal to the network.
Other features of the present disclosure and advantages thereof will become apparent from the following detailed description of exemplary embodiments thereof, which proceeds with reference to the accompanying drawings.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the description, serve to explain the principles of the disclosure.
The present disclosure may be more clearly understood from the following detailed description, taken with reference to the accompanying drawings, in which:
fig. 1 is a flowchart illustrating some embodiments of a network subscription data acquisition method according to the present disclosure.
Fig. 2 is a flowchart illustrating a network subscription data acquisition method according to another embodiment of the disclosure.
Fig. 3 is a flowchart illustrating a network subscription data acquisition method according to another embodiment of the disclosure.
Fig. 4 is a flowchart illustrating a network subscription data acquisition method according to another embodiment of the disclosure.
Fig. 5 is a flowchart illustrating a network subscription data acquisition method according to another embodiment of the disclosure.
Fig. 6 is a flowchart illustrating a network subscription data acquisition method according to another embodiment of the disclosure.
Fig. 7 is a network architecture diagram of some embodiments of the present disclosure.
Fig. 8 is a flowchart illustrating a network subscription data acquisition method according to another embodiment of the disclosure.
Fig. 9 is a network architecture diagram of some embodiments of the present disclosure.
Fig. 10 is a flowchart illustrating a network subscription data acquisition method according to another embodiment of the disclosure.
Fig. 11 is a network architecture diagram of some embodiments of the present disclosure.
Fig. 12 is a schematic structural diagram of some embodiments of the network subscription data acquisition device of the present disclosure.
Fig. 13 is a schematic structural diagram of another embodiment of a network subscription data acquiring device according to the present disclosure.
Fig. 14 is a schematic structural diagram of another embodiment of a network subscription data acquisition device according to the present disclosure.
Fig. 15 is a schematic structural diagram of some embodiments of a network subscription data acquisition system according to the present disclosure.
Detailed Description
Various exemplary embodiments of the present disclosure will now be described in detail with reference to the accompanying drawings. It should be noted that: the relative arrangement of parts and steps, numerical expressions and numerical values set forth in these embodiments do not limit the scope of the present disclosure unless specifically stated otherwise.
Meanwhile, it should be understood that the sizes of the respective portions shown in the drawings are not drawn in an actual proportional relationship for the convenience of description.
The following description of at least one exemplary embodiment is merely illustrative in nature and is in no way intended to limit the disclosure, its application, or uses.
Techniques, methods, and apparatus known to those of ordinary skill in the relevant art may not be discussed in detail but are intended to be part of the specification where appropriate.
In all examples shown and discussed herein, any particular value should be construed as exemplary only and not as limiting. Thus, other examples of the exemplary embodiments may have different values.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be discussed further in subsequent figures.
For the purpose of promoting a better understanding of the objects, aspects and advantages of the present disclosure, reference is made to the following detailed description taken in conjunction with the accompanying drawings.
Fig. 1 is a flowchart illustrating some embodiments of a network subscription data acquisition method according to the present disclosure. This embodiment is performed by a network contract data acquisition apparatus that is located in a network having a contract data provision function.
In step 110, the first identifier and the second identifier transmitted by the terminal are received.
In some embodiments, the first identifier is a terminal manufacturer identifier, an identifier agreed with a third party, an identifier of a network having a function of providing subscription data, or an identifier of a network in which a data storage server storing the network subscription data is located, so that the current network can query an authentication server and a subscription information query server corresponding to the terminal. The authentication server can authenticate the terminal, and the subscription information inquiry server provides subscription information inquiry service for the terminal.
The second identifier is, for example, a terminal identifier, and the subscription information query server can identify the terminal based on the terminal identifier.
In some embodiments, the terminal may transmit the first identifier and the second identifier separately, or may transmit the first identifier and the second identifier by integrating the first identifier and the second identifier into one identifier.
At step 120, a subscription information query server corresponding to the first identifier is determined.
In step 130, the second identifier is sent to the subscription information query server, so that the subscription information query server queries the subscription network information of the terminal according to the second identifier. For example, the subscription information inquiry server inquires the subscription network information of the terminal according to the terminal identifier. The subscription network information includes, for example, an identifier of a data storage server storing network subscription data corresponding to the terminal, an address of the data storage server, an identifier of a network in which the data storage server is located, and the like.
In step 140, the network subscription data obtained based on the subscription network information is transmitted to the terminal. The network subscription data includes, for example, subscription credentials.
For example, a data storage server storing network subscription data is selected based on network information of the terminal subscription, and the network subscription data is retrieved from the data storage server.
In the above embodiment, after determining the subscription information query server corresponding to the first identifier, the network subscription data acquisition device sends the second identifier to the subscription information query server, so that the subscription information query server queries the subscription network information of the terminal according to the second identifier, and sends the network subscription data obtained based on the subscription network information to the terminal. The terminal can acquire the network subscription data under the condition that the terminal does not need to provide the network information signed by the terminal to the network.
Fig. 2 is a flowchart illustrating a network subscription data acquisition method according to another embodiment of the disclosure. This embodiment is performed by a network subscription data acquisition device.
In step 210, a first identifier, a second identifier and first terminal authentication data for an authentication server to authenticate a terminal are received, wherein the first identifier and the second identifier are sent by the terminal. The first terminal authentication data is for example a terminal manufacturer certificate.
At step 220, an authentication server corresponding to the first identifier is determined.
In step 230, the first terminal authentication data is sent to the authentication server.
In step 240, in response to the authentication server authenticating the terminal according to the first terminal authentication data, the subscription information query server corresponding to the first identifier is determined.
At step 250, the second identifier is sent to the subscription information query server.
In step 260, the subscription network information of the terminal queried by the subscription information query server according to the second identifier is received.
In step 270, a data storage server storing the network subscription data is determined according to the subscription network information.
At step 280, network subscription data is obtained in the data storage server.
In step 290, the network subscription data is transmitted to the terminal.
In the above embodiment, the network subscription data obtaining device obtains the network subscription data according to the subscription network information of the terminal, and sends the network subscription data to the terminal, so that the terminal obtains the network subscription data through the current network under the condition that the terminal cannot provide the subscription network.
Fig. 3 is a flowchart illustrating a network subscription data acquisition method according to another embodiment of the disclosure. This embodiment is performed by a network subscription data acquisition device.
In step 310, a first identifier, a second identifier and first terminal authentication data for an authentication server to authenticate a terminal are received, wherein the first identifier and the second identifier are sent by the terminal.
At step 320, an authentication server corresponding to the first identifier is determined.
In step 330, the first terminal authentication data is sent to the authentication server.
In step 340, in response to the authentication server passing the authentication of the terminal according to the first terminal authentication data, the subscription information query server corresponding to the first identifier is determined.
In step 350, the second identifier is sent to the subscription information query server, so that the subscription information query server queries the subscription network information of the terminal according to the second identifier.
In step 360, network subscription data sent by the subscription information query server is received, where the network subscription data is obtained by the subscription information query server in a corresponding data storage server based on the subscription network information.
For example, the subscription information query server belongs to the terminal manufacturer network, and the data storage server is a private factory network, and the subscription information query server in the terminal manufacturer network may obtain the network subscription data of the terminal from the data storage server in the private factory network.
In step 370, the network subscription data is transmitted to the terminal.
In the above embodiment, the network subscription data obtaining device determines the authentication server and the subscription information query server, and receives the network subscription data sent by the subscription information query server, so that the terminal can obtain the network subscription data through the current network even when the terminal cannot provide the subscription network.
Fig. 4 is a flowchart illustrating a network subscription data acquiring method according to another embodiment of the disclosure. This embodiment is performed by a network subscription data acquisition device.
In step 410, a first identifier, a second identifier and first terminal authentication data for an authentication server to authenticate a terminal are received, wherein the first identifier and the second identifier are sent by the terminal.
At step 420, an authentication server corresponding to the first identifier is determined.
The first terminal authentication data is sent to the authentication server, step 430.
In step 440, in response to the authentication server passing the authentication of the terminal according to the first terminal authentication data, the subscription information query server corresponding to the first identifier is determined.
At step 450, the second identifier is sent to the subscription information query server.
In step 460, the subscription network information of the terminal queried by the subscription information querying server according to the second identifier is received.
In step 470, the subscription network information is transmitted to the terminal.
In step 480, the receiving terminal receives the request for acquiring the network subscription data sent by the subscription network information. For example, the terminal sends a request for acquiring the network subscription data through the network control plane.
At step 490, a connection is established with the corresponding data storage server upon request. For example, the network subscription data acquisition device establishes a connection with the data storage server through the control plane.
At step 4100, network subscription data is obtained at the data store server.
In step 4110, the network subscription data is sent to the terminal.
In the above embodiments, the terminal can obtain the subscription data through the network without knowing the subscription network.
Fig. 5 is a flowchart illustrating a network subscription data acquisition method according to another embodiment of the disclosure. This embodiment is performed by a network subscription data acquisition device.
In step 510, a first identifier and a second identifier transmitted by a terminal are received.
At step 520, a subscription information query server corresponding to the first identifier is determined.
In some embodiments, before step 520, the network subscription data obtaining apparatus may further receive first terminal authentication data for the authentication server to authenticate the terminal, determine an authentication server corresponding to the first identifier, and send the first terminal authentication data to the authentication server, so that the authentication server authenticates the terminal according to the first terminal authentication data. And if the terminal passes the authentication, determining a subscription information inquiry server corresponding to the first identifier.
At step 530, the second identifier is sent to the subscription information query server.
In step 540, the receiving subscription information query server queries the subscription network information of the terminal according to the second identifier.
In step 550, the subscription network information is transmitted to the terminal.
In step 560, the receiving terminal receives the request for acquiring the network subscription data sent by the subscription network information. For example, the terminal sends a request to acquire network subscription data through the network user plane.
At step 570, a data storage server storing the network subscription data is determined according to the request.
At step 580, a user plane connection is provided to the terminal to the data storage server to enable the terminal to retrieve the network subscription data.
In the above embodiments, the terminal can obtain the subscription data through the network without knowing the subscription network.
In some embodiments of the present disclosure, the network subscription data obtaining device may further receive second terminal authentication data for authenticating the terminal by the current network, and authenticate the terminal based on the second terminal authentication data. The second terminal authentication data is for example a current network credential.
In this embodiment, if the terminal stores the subscription information of the current network, the terminal may be verified.
In other embodiments of the disclosure, the network subscription data obtaining device may further send the first terminal authentication data to the subscription information query server, so that the subscription information query server authenticates the terminal by using the first terminal authentication data through the authentication server corresponding to the first identifier.
In some embodiments, the network subscription data acquisition device is located in a first network, the data storage server is located in a second network, and the authentication server and the subscription information query server are located in a third network. The first network, the second network and the third network may be the same network or different networks. For example, the first Network is, for example, SNPN (Stand-alone Non-Public Network), PLMN (Public Land Mobile Network), PNI-NPN (Public Network Integrated Non-Public Network), etc., the second Network is, for example, a private factory Network, a terminal manufacturer Network, SNPN, PNI-NPN, etc., and the third Network is, for example, a terminal manufacturer Network, SNPN, PNI-NPN, PLMN, etc.
In the embodiment shown in fig. 6 and 8, the first network where the network subscription Data acquiring device is located is, for example, SNPN1, and the SNPN1 includes an Access and Mobility Management Function (AMF) and a Unified Data Management Function (UDM). The second network where the data storage server is located is, for example, SNPN2, and the third network where the authentication server and the subscription information inquiry server are located is, for example, the terminal manufacturer's own network. The terminal owns the manufacturer Identifier, the manufacturer digital certificate, the Permanent Equipment Identifier (PEI). The user of the terminal has a contract with the SNPN2, and the data storage server of the SNPN2 stores the contract data of the terminal in the SNPN 2. The terminal does not have subscription information of the SNPN1 and the SNPN2, and does not know which SNPN the terminal has subscribed to.
The embodiment shown in fig. 6 includes the following steps 610-680. The corresponding network architecture of this embodiment is shown in fig. 7.
At step 610, the terminal sends the manufacturer identifier, manufacturer digital certificate, PEI to the AMF of SNPN 1.
At step 620, the AMF of SNPN1 selects a manufacturer authentication server based on the manufacturer identifier.
At step 630, the AMF of SNPN1 sends the manufacturer digital certificate to the authentication server.
The authentication server verifies that the terminal is a legitimate terminal based on the manufacturer certificate in step 640.
At step 650, the AMF of SNPN1 sends subscription data retrieval signaling to the UDM of SNPN 1.
At step 660, the UDM of SNPN1 selects a manufacturer subscription information query server based on the manufacturer identifier and sends the terminal PEI to the subscription information query server.
In step 670, the subscription information query server queries that the terminal has subscribed to SNPN2 through PEI, and then sends the SNPN2 identifier to the UDM of SNPN 1.
In this embodiment, the data storage server address or identifier of SNPN2 may also be sent to the UDM of SNPN 1.
At step 680, the UDM of SNPN1 selects the data storage server of SNPN2 based on the SNPN2 identifier, retrieves the subscription data for the terminal at SNPN2 from it and sends it to the terminal.
In some embodiments, the SNPN1 may also provide the terminal with a user plane connection for the terminal to a data storage server of the SNPN2, with the terminal obtaining subscription data from the SNPN 2.
The embodiment shown in fig. 8 includes the following steps 710-780. The corresponding network architecture of this embodiment is shown in fig. 9.
At step 810, the terminal sends the manufacturer identifier, manufacturer digital certificate, PEI to the AMF of SNPN 1.
At step 820, the AMF of the SNPN1 selects a manufacturer authentication server based on the manufacturer identifier.
At step 830, the AMF of SNPN1 sends the manufacturer digital certificate to the authentication server.
The authentication server verifies that the terminal is a legitimate terminal based on the manufacturer certificate in step 840.
At step 850, the AMF of the SNPN1 selects a manufacturer contract information inquiry server according to the manufacturer identifier, and transmits a terminal PEI to the contract information inquiry server.
In step 860, the contract information inquiry server inquires that the terminal has contracted the SNPN2 through the PEI, and then sends the data storage server address of the SNPN2 to the AMF of the SNPN 1.
At step 870, the AMF of SNPN1 gives the terminal the data storage server address of SNPN 2.
In step 880, the terminal establishes a connection with the data storage server of SNPN2 in SNPN1 via the data storage server address of SNPN2 and retrieves the subscription data for the terminal at SNPN2 therefrom.
In the embodiments shown in fig. 6 and 8, the current network retrieves the network information signed by the terminal from the manufacturer network, and then retrieves the subscription data of the terminal from the terminal signed network, which can solve the problem that the terminal does not have the subscription information of SNPN1 and SNPN2, and does not know which SNPN the terminal signs up to, so that the subscription data cannot be obtained.
Fig. 10 is a flowchart illustrating a network subscription data acquisition method according to another embodiment of the disclosure. The first network where the network subscription data acquisition device is located is, for example, a PLMN, and includes an AMF, a UDM, and an Authentication Server Function (AUSF). The second network where the data storage server is located is for example a private factory network. The third network where the authentication server and the subscription information inquiry server are located is the terminal manufacturer's own network. The subscription information query server in the terminal manufacturer network may obtain the subscription credentials of the terminal from the data storage server in the private factory network. The user of the terminal has signed an agreement with both the PLMN and the private factory network, and the terminal can only access the private factory network through a specific slice in the PLMN, for which PLMN subscription data and credentials and private factory network credentials need to be provided. The terminal has a manufacturer identifier, a manufacturer digital certificate, PEI, PLMN subscription data and a certificate, but the terminal does not have the certificate of the private factory network and does not know which private factory network the terminal subscribes to. The corresponding network architecture of this embodiment is shown in fig. 11.
In step 1010, the terminal sends the PLMN AMF a manufacturer identifier, a manufacturer digital certificate, PEI, PLMN credentials.
In step 1020, the AMF of the PLMN verifies the terminal as a valid terminal according to the PLMN credential through AUSF in the PLMN.
At step 1030, the AMF of the PLMN sends subscription data retrieval signaling to the UDM of the PLMN.
In step 1040, the UDM of the PLMN selects a manufacturer subscription information query server according to the manufacturer identifier, and sends the terminal PEI and the manufacturer digital certificate to the subscription information query server.
In step 1050, the subscription information querying server verifies that the terminal is a valid terminal according to the manufacturer digital certificate through the manufacturer authentication server.
In step 1060, the contract information query server retrieves the certificate of the terminal in the private factory network from the data storage server of the private factory network according to the PEI and the contract information of the terminal.
In step 1070, the subscription information query server sends the credentials of the private factory network to the UDM of the PLMN.
The UDM of the PLMN sends the terminal's credentials at the private factory network to the terminal in step 1080.
In the above embodiments, the terminal is able to acquire the subscription data through the network, and the terminal does not need to provide the network with information of the network it subscribes to.
Fig. 12 is a schematic structural diagram of some embodiments of a network subscription data acquisition device according to the present disclosure. The network subscription data acquiring device includes a first receiving unit 1210, a server querying unit 1220, a first sending unit 1230, and a second sending unit 1240. The functions of the first receiving unit 1210, the server querying unit 1220, the first transmitting unit 1230, and the second transmitting unit 1240 may be implemented by the AMF and the UDM.
The first receiving unit 1210 is configured to receive a first identifier and a second identifier transmitted by a terminal.
In some embodiments, the first identifier is a terminal manufacturer identifier, an identifier agreed with a third party, an identifier of a network having a function of providing subscription data, or an identifier of a network in which a data storage server storing the network subscription data is located, and the like, and the second identifier is, for example, a terminal identifier.
The server querying unit 1220 is configured to determine a subscription information query server corresponding to the first identifier.
The first transmitting unit 1230 is configured to transmit the second identifier to the subscription information query server, so that the subscription information query server queries the subscription network information of the terminal according to the second identifier. For example, the subscription information inquiry server inquires the subscription network information of the terminal according to the terminal identifier. The subscription network information includes, for example, an identifier of a data storage server storing network subscription data corresponding to the terminal, an address of the data storage server, an identifier of a network in which the data storage server is located, and the like.
The second transmitting unit 1240 is configured to transmit network subscription data obtained based on the subscription network information to the terminal.
In the above embodiment, after determining the subscription information query server corresponding to the first identifier, the network subscription data acquisition device sends the second identifier to the subscription information query server, so that the subscription information query server queries the subscription network information of the terminal according to the second identifier, and sends the network subscription data obtained based on the subscription network information to the terminal. The terminal can acquire the network subscription data under the condition that the terminal does not need to provide the network information signed by the terminal to the network.
Fig. 13 is a schematic structural diagram of another embodiment of a network subscription data acquisition device according to the present disclosure. The network subscription data acquiring apparatus includes a first receiving unit 1110, a server querying unit 1220, a first sending unit 1230, a second sending unit 1240, a second receiving unit 1310, and a server determining unit 1320.
The first receiving unit 1210 is configured to receive a first identifier, a second identifier, and first terminal authentication data for an authentication server to authenticate a terminal, which are transmitted by the terminal.
In some embodiments, the first receiving unit 1210 is further configured to receive second terminal authentication data for authenticating the terminal by the current network.
The server querying unit 1220 is configured to determine an authentication server corresponding to the first identifier.
The first transmitting unit 1230 is configured to transmit the second identifier to the subscription information query server.
In some embodiments, the first sending unit 1230 is further configured to send the first terminal authentication data to an authentication server, which authenticates the terminal.
In some embodiments, the server querying unit 1220 is configured to determine the subscription information querying server corresponding to the first identifier in response to the authentication server authenticating the terminal according to the first terminal authentication data.
The first sending unit 1230 is further configured to send the second identifier to the subscription information query server.
The second receiving unit 1310 is configured to receive the subscription network information of the terminal queried by the subscription information query server according to the second identifier.
The server determining unit 1320 is configured to determine a data storage server storing the network subscription data according to the subscription network information.
The second transmitting unit 1240 is configured to acquire the network subscription data in the data storage server and transmit the network subscription data to the terminal.
In some embodiments, the second receiving unit 1310 is further configured to receive network subscription data sent by the subscription information query server, where the network subscription data is obtained by the subscription information query server in a corresponding data storage server based on the subscription network information. The second transmitting unit 1240 is configured to transmit the network subscription data transmitted by the subscription information query server to the terminal.
In other embodiments of the present disclosure, the system further includes a terminal interaction unit 1330 configured to send the subscription network information to the terminal, and receive a request for acquiring network subscription data sent by the terminal according to the subscription network information. For example, the terminal sends a request to acquire network subscription data through the control plane. The server determining unit 1320 is further configured to establish a connection with a corresponding data storage server according to the request. For example, a connection is established with a data storage server through a control plane. The second transmitting unit 1240 is configured to acquire the network subscription data in the data storage server and transmit the network subscription data to the terminal.
In other embodiments, the terminal interaction unit 1330 is configured to send the subscription network information to the terminal, and receive a request for acquiring network subscription data sent by the terminal according to the subscription network information. For example, the terminal sends a request for acquiring network subscription data through the user plane. The server determining unit 1320 is further configured to determine a data storage server storing the network subscription data according to the request. The second sending unit 1240 is configured to provide the terminal with a user plane connection to the data storage server to enable the terminal to acquire the network subscription data.
Fig. 14 is a schematic structural diagram of another embodiment of a network subscription data acquisition device according to the present disclosure. The apparatus includes a memory 1410 and a processor 1420. Wherein: the memory 1410 may be a magnetic disk, flash memory, or any other non-volatile storage medium. The memory is used to store instructions in the embodiments corresponding to fig. 1-11. Processor 1420 is coupled to memory 1410 and may be implemented as one or more integrated circuits, such as a microprocessor or microcontroller. The processor 1420 is configured to execute instructions stored in the memory.
In some embodiments, processor 1420 is coupled to memory 1410 through BUS BUS 1430. The electronic device 1400 may also be connected to an external storage system 1450 via a storage interface 1440 for accessing external data, and may also be connected to a network or another computer system (not shown) via a network interface 1460. And will not be described in detail herein.
In this embodiment, the terminal is enabled to acquire the network subscription data without providing the network information of its subscription to the network.
Fig. 15 is a schematic structural diagram of some embodiments of a network subscription data acquisition system according to the present disclosure. The system includes a network subscription data acquisition device 1510, a terminal 1520, a subscription information inquiry server 1530, and a data storage server 1540, where the network subscription data acquisition device 1510 has been described in detail in the above embodiments.
The terminal 1520 is configured to transmit the first identifier and the second identifier to the network contract data acquisition device 1510, and receive the network contract data transmitted by the network contract data acquisition device 1510 or acquire the network contract data at the data storage server 1540 through the network contract data acquisition device 1510.
In some embodiments, the terminal 1520 is further configured to send first terminal authentication data for the authentication server to authenticate the terminal and second terminal authentication data for the current network to authenticate the terminal to the network subscription data obtaining means 1510.
In some embodiments, the terminal 1520 is further configured to send a request to the network subscription data acquisition device 1510 to acquire network subscription data.
The subscription information query server 1530 is configured to query the subscription network information of the terminal according to the second identifier.
The data storage server 1540 is configured to store network subscription data.
In some embodiments, the system further includes an authentication server 1550 configured to receive the first terminal authentication data sent by the network subscription data acquisition device, and authenticate the terminal according to the first terminal authentication data.
In other embodiments, a computer-readable storage medium has stored thereon computer program instructions which, when executed by a processor, implement the steps of the method in the embodiments corresponding to fig. 1-11. As will be appreciated by one of skill in the art, embodiments of the present disclosure may be provided as a method, apparatus, or computer program product. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present disclosure may take the form of a computer program product embodied on one or more computer-usable non-transitory storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and so forth) having computer-usable program code embodied therein.
The present disclosure is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the disclosure. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Thus far, the present disclosure has been described in detail. Some details well known in the art have not been described in order to avoid obscuring the concepts of the present disclosure. Those skilled in the art can now fully appreciate how to implement the teachings disclosed herein, in view of the foregoing description.
Although some specific embodiments of the present disclosure have been described in detail by way of example, it should be understood by those skilled in the art that the foregoing examples are for purposes of illustration only and are not intended to limit the scope of the present disclosure. It will be appreciated by those skilled in the art that modifications may be made to the above embodiments without departing from the scope and spirit of the present disclosure. The scope of the present disclosure is defined by the appended claims.

Claims (15)

1. A network subscription data acquisition method comprises the following steps:
receiving a first identifier and a second identifier sent by a terminal;
determining a subscription information query server corresponding to the first identifier;
sending the second identifier to the subscription information query server so that the subscription information query server queries the subscription network information of the terminal according to the second identifier; and
and sending the network signing data obtained based on the signing network information to the terminal.
2. The method for acquiring network subscription data according to claim 1, wherein sending the network subscription data obtained based on the subscription network information to the terminal includes:
receiving the signing network information returned by the signing information inquiry server;
determining a data storage server for storing network subscription data according to the subscription network information;
acquiring the network signing data in the data storage server; and
and sending the network subscription data to the terminal.
3. The method for acquiring network subscription data according to claim 1, wherein sending the network subscription data obtained based on the subscription network information to the terminal includes:
receiving the network signing data sent by the signing information inquiry server, wherein the network signing data are obtained by the signing information inquiry server in a corresponding data storage server based on the signing network information; and
and sending the network subscription data to the terminal.
4. The method for acquiring network subscription data according to claim 1, wherein sending the network subscription data obtained based on the subscription network information to the terminal includes:
receiving the signing network information returned by the signing information inquiry server;
sending the signing network information to the terminal;
receiving a request for acquiring network subscription data sent by the terminal according to the subscription network information;
establishing connection with a corresponding data storage server according to the request;
acquiring the network signing data at the data storage server; and
and sending the network subscription data to the terminal.
5. The network subscription data acquisition method of any of claims 1 to 4, further comprising:
receiving first terminal authentication data which is sent by the terminal and used for an authentication server to authenticate the terminal;
determining an authentication server corresponding to the first identifier; and
and sending the first terminal authentication data to the authentication server so that the authentication server authenticates the terminal according to the first terminal authentication data.
6. The network subscription data acquisition method of any of claims 1 to 4, further comprising:
receiving first terminal authentication data used for an authentication server to authenticate the terminal and second terminal authentication data used for a current network to authenticate the terminal;
authenticating the terminal based on the second terminal authentication data; and
and sending the first terminal authentication data to the subscription information inquiry server so that the subscription information inquiry server authenticates the terminal by using the first terminal authentication data through the authentication server corresponding to the first identifier.
7. The network subscription data acquisition method of any one of claims 2 to 4,
the subscription network information includes at least one of an identifier of the data storage server, an address of the data storage server, and an identifier of a network in which the data storage server is located.
8. A network subscription data acquisition method comprises the following steps:
receiving a first identifier and a second identifier sent by a terminal;
determining a subscription information query server corresponding to the first identifier;
sending the second identifier to the subscription information query server;
receiving the signed network information of the terminal inquired by the signed information inquiry server according to the second identifier;
sending the signing network information to the terminal;
receiving a request for acquiring network subscription data sent by the terminal according to the subscription network information;
determining a data storage server for storing the network subscription data according to the request; and
and providing a user plane connection to the data storage server for the terminal so that the terminal acquires the network subscription data.
9. A network subscription data acquisition apparatus, comprising:
a first receiving unit configured to receive a first identifier and a second identifier transmitted by a terminal;
a server query unit configured to determine a subscription information query server corresponding to the first identifier;
a first sending unit, configured to send the second identifier to the subscription information query server, so that the subscription information query server queries subscription network information of the terminal according to the second identifier; and
and the second sending unit is configured to send the network subscription data obtained based on the subscription network information to the terminal.
10. A network subscription data acquisition apparatus, comprising:
a first receiving unit configured to receive a first identifier and a second identifier transmitted by a terminal;
a server query unit configured to determine a subscription information query server corresponding to the first identifier;
a first sending unit configured to send the second identifier to the subscription information query server;
a second receiving unit configured to receive the subscription network information of the terminal queried by the subscription information query server according to the second identifier;
the terminal interaction unit is configured to send the signing network information to the terminal and receive a request for acquiring network signing data sent by the terminal according to the signing network information;
a server determination unit configured to determine, according to the request, a data storage server storing network subscription data; and
a second sending unit, configured to provide the terminal with a user plane connection to the data storage server, so as to enable the terminal to obtain network subscription data.
11. A network subscription data acquisition apparatus, comprising:
a memory; and
a processor coupled to the memory, the processor configured to perform the network subscription data acquisition method of any of claims 1 to 8 based on instructions stored in the memory.
12. A network subscription data acquisition system, comprising:
a network subscription data acquisition device as claimed in any one of claims 9 to 11;
the terminal is configured to send a first identifier and a second identifier to the network signing data acquisition device, and receive the network signing data sent by the network signing data acquisition device or acquire the network signing data in a data storage server through the network signing data acquisition device;
a subscription information query server configured to query subscription network information of the terminal according to the second identifier; and
a data storage server configured to store the network subscription data.
13. The network subscription data acquisition system of claim 12, further comprising:
and the authentication server is configured to receive the first terminal authentication data sent by the network subscription data acquisition device and authenticate the terminal according to the first terminal authentication data, wherein the terminal is further configured to send the first terminal authentication data to the network subscription data acquisition device.
14. The network subscription data acquisition system of claim 12,
the terminal is further configured to send second terminal authentication data for authenticating the terminal by the current network to the network subscription data acquisition device.
15. A non-transitory computer readable storage medium having stored thereon computer program instructions which, when executed by a processor, implement the network subscription data acquisition method of any of claims 1 to 8.
CN202010420842.8A 2020-05-18 2020-05-18 Network subscription data acquisition method, device and system Active CN113691971B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010420842.8A CN113691971B (en) 2020-05-18 2020-05-18 Network subscription data acquisition method, device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010420842.8A CN113691971B (en) 2020-05-18 2020-05-18 Network subscription data acquisition method, device and system

Publications (2)

Publication Number Publication Date
CN113691971A CN113691971A (en) 2021-11-23
CN113691971B true CN113691971B (en) 2022-07-22

Family

ID=78575636

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010420842.8A Active CN113691971B (en) 2020-05-18 2020-05-18 Network subscription data acquisition method, device and system

Country Status (1)

Country Link
CN (1) CN113691971B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101155068A (en) * 2006-09-27 2008-04-02 中兴通讯股份有限公司 System and method for acquiring information of terminal unit contractual capacity
WO2014014477A1 (en) * 2012-07-20 2014-01-23 Hewlett-Packard Development Company, L.P. Migrating applications between networks
EP2779715A1 (en) * 2011-11-24 2014-09-17 Huawei Technologies Co., Ltd. Method, device and system for processing closed subscriber group subscription data request
EP3157223A1 (en) * 2015-10-14 2017-04-19 Alcatel Lucent Method and systems for associating subscriber identification information with a subscriber-side network termination identifier
CN110650500A (en) * 2018-06-26 2020-01-03 电信科学技术研究院有限公司 AMF, network slice selection method and AMF
CN110808942A (en) * 2018-08-06 2020-02-18 华为技术有限公司 Subscription information configuration method and communication equipment

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2485239B (en) * 2010-11-08 2014-08-27 Samsung Electronics Co Ltd Providing access of a user equipment to a data network

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101155068A (en) * 2006-09-27 2008-04-02 中兴通讯股份有限公司 System and method for acquiring information of terminal unit contractual capacity
EP2779715A1 (en) * 2011-11-24 2014-09-17 Huawei Technologies Co., Ltd. Method, device and system for processing closed subscriber group subscription data request
WO2014014477A1 (en) * 2012-07-20 2014-01-23 Hewlett-Packard Development Company, L.P. Migrating applications between networks
EP3157223A1 (en) * 2015-10-14 2017-04-19 Alcatel Lucent Method and systems for associating subscriber identification information with a subscriber-side network termination identifier
CN110650500A (en) * 2018-06-26 2020-01-03 电信科学技术研究院有限公司 AMF, network slice selection method and AMF
CN110808942A (en) * 2018-08-06 2020-02-18 华为技术有限公司 Subscription information configuration method and communication equipment

Also Published As

Publication number Publication date
CN113691971A (en) 2021-11-23

Similar Documents

Publication Publication Date Title
US10285050B2 (en) Method and apparatus for managing a profile of a terminal in a wireless communication system
US20190294426A1 (en) Method and Device for Downloading Profile of Operator
EP3284274B1 (en) Method and apparatus for managing a profile of a terminal in a wireless communication system
CN102684961B (en) Method, device and system for processing household appliance information
EP3389295A1 (en) Multi-terminal mapping system and method for virtual sim card
US20220295269A1 (en) Network access authentication method and device
EP3972306B1 (en) Information verification method and related device
KR102209031B1 (en) Apparatus and method for subscribing to network in wireless communication system
EP3824594B1 (en) Apparatus and method for ssp device and server to negotiate digital certificates
US20190268765A1 (en) Method and apparatus for managing a profile of a terminal in a wireless communication system
CN106534082B (en) User registration method and device
CN112819454B (en) Payment method, gateway device, server and storage medium
CN105898733A (en) Machine changing method and device based on eSIM card, mobile terminal and server
CN111065090A (en) Method for establishing network connection and wireless routing equipment
US20160316311A1 (en) Method and apparatus for provisioning an operational subscription
US20230300596A1 (en) Remote subscription profile download
CN113691971B (en) Network subscription data acquisition method, device and system
CN104898472A (en) Terminal control method and device
CN111132266B (en) Terminal access method and system and cloud server
US11178534B2 (en) Management of a subscriber entity
CN113676985B (en) Terminal access control method, device, system, terminal and electronic equipment
CN114339716A (en) Subscription data transmission method, system and server
CN112333770A (en) Network slice selection method and device, slice mapping system and network equipment
CN108093380B (en) Registration state determining method, device and system and CSE
CN102547700A (en) Authentication method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant