CN114513787A - Method and device for testing consistency of code number downloading process of eSIM (embedded subscriber identity Module) terminal - Google Patents
Method and device for testing consistency of code number downloading process of eSIM (embedded subscriber identity Module) terminal Download PDFInfo
- Publication number
- CN114513787A CN114513787A CN202111637161.8A CN202111637161A CN114513787A CN 114513787 A CN114513787 A CN 114513787A CN 202111637161 A CN202111637161 A CN 202111637161A CN 114513787 A CN114513787 A CN 114513787A
- Authority
- CN
- China
- Prior art keywords
- configuration file
- esim
- downloading
- consistency
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 129
- 238000012360 testing method Methods 0.000 title claims abstract description 115
- 230000008569 process Effects 0.000 title claims abstract description 74
- 238000012795 verification Methods 0.000 claims description 49
- 238000004590 computer program Methods 0.000 claims description 23
- 230000004913 activation Effects 0.000 claims description 15
- 238000009434 installation Methods 0.000 claims description 13
- 238000013475 authorization Methods 0.000 claims description 10
- 238000003860 storage Methods 0.000 claims description 10
- 230000003213 activating effect Effects 0.000 claims description 4
- 230000005540 biological transmission Effects 0.000 claims description 3
- 238000010998 test method Methods 0.000 claims description 2
- 230000002457 bidirectional effect Effects 0.000 claims 1
- 230000006870 function Effects 0.000 description 25
- 238000010586 diagram Methods 0.000 description 19
- 238000007726 management method Methods 0.000 description 14
- 230000004044 response Effects 0.000 description 12
- 238000012545 processing Methods 0.000 description 9
- BCJVBDBJSMFBRW-UHFFFAOYSA-N 4-diphenylphosphanylbutyl(diphenyl)phosphane Chemical compound C=1C=CC=CC=1P(C=1C=CC=CC=1)CCCCP(C=1C=CC=CC=1)C1=CC=CC=C1 BCJVBDBJSMFBRW-UHFFFAOYSA-N 0.000 description 6
- 238000004891 communication Methods 0.000 description 5
- 230000003993 interaction Effects 0.000 description 5
- 238000013500 data storage Methods 0.000 description 4
- 238000012790 confirmation Methods 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000009849 deactivation Effects 0.000 description 3
- 238000012217 deletion Methods 0.000 description 3
- 230000037430 deletion Effects 0.000 description 3
- 238000007639 printing Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000000750 progressive effect Effects 0.000 description 2
- 108010001267 Protein Subunits Proteins 0.000 description 1
- 239000007795 chemical reaction product Substances 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000008676 import Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000002360 preparation method Methods 0.000 description 1
- 238000000926 separation method Methods 0.000 description 1
- 230000011664 signaling Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/069—Authentication using certificates or pre-shared keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/40—Security arrangements using identity modules
- H04W12/42—Security arrangements using identity modules using virtual identity modules
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W24/00—Supervisory, monitoring or testing arrangements
- H04W24/02—Arrangements for optimising operational condition
Abstract
The invention provides a method and a device for testing consistency of code number downloading processes of an eSIM terminal, wherein the method comprises the following steps: the local configuration file assistant retrieves the EID of the tested equipment, and the eSIM server generates a configuration file uniquely corresponding to the tested equipment according to the EID of the tested equipment; carrying out consistency test on the downloading process of the configuration file and a pre-stored standard process, and downloading the configuration file; and after the downloading is successful, the configuration file is installed, activated and the like. Compared with other test platforms, the method and the device for testing the consistency of the code number downloading flow of the eSIM terminal can generate the configuration files bound by the EID in batches, support the simultaneous downloading test of a plurality of tested devices, and save manpower resources and test time.
Description
Technical Field
The application belongs to the technical field of eSIM terminal equipment, and particularly relates to a method and a device for testing consistency of code number downloading processes of an eSIM terminal.
Background
The consistency test of the code number downloading flow of the consumer electronic eSIM terminal is a necessary link for ensuring the interoperability between the eSIM terminal and a mobile communication network and the safety of user information. An eSIM card, i.e., Embedded-SIM, Embedded SIM card. The eSIM card realizes the separation of a card hardware carrier and a card configuration file, wherein the card hardware carrier is a universal integrated chip eUICC embedded in an eSIM terminal and has a unique identifier EID, the card configuration file can be downloaded from a remote management platform through OTA, and the functions of a traditional SIM card, such as a common call short message, and the like can be realized after the installation and activation.
In order to ensure that the eSIM terminal can be normally used, a series of tests need to be performed before being marketed.
The consistency test of the code number downloading process of the current consumer electronic eSIM terminal is based on SGP.22 of GSMA specification, a test object is an eSIM terminal, test contents are the eSIM code number downloading process and operations such as activation, deactivation, deletion and the like of a card configuration file, and the test system comprises an eSIM server (namely a remote management platform SM-DP +: supporting generation, issuing and authentication verification of the eSIM card configuration file, and supporting interaction and log printing of relevant interfaces such as ES8+, ES9 +) and a tested terminal. The existing system for testing consistency of code number downloading processes of the eSIM terminals does not support simultaneous generation of binding configuration files of a plurality of EIDs, and does not support simultaneous downloading tests of a plurality of terminals to be tested, so that the test progress is slow, and human resources are wasted; and the commercial platform of the operator has huge functional system and high deployment cost, and is not suitable for testing.
Disclosure of Invention
The application provides a method and a device for testing consistency of an eSIM terminal code number downloading flow, which at least solve the problem that the existing system for testing consistency of the eSIM terminal code number downloading flow does not support the simultaneous generation of binding configuration files of a plurality of EIDs and the simultaneous downloading of a plurality of terminals to be tested.
According to a first aspect of the present application, an eSIM terminal under test is taken as an execution subject, and a method for testing consistency of code number downloading procedures of the eSIM terminal is provided, which includes:
the local configuration file assistant retrieves the EID so that the eSIM server generates a configuration file uniquely corresponding to the tested equipment according to the EID information of the tested equipment;
carrying out consistency test on the downloading process of the configuration file and a pre-stored standard process, and downloading the configuration file;
and after the downloading is successful, the configuration file is installed, activated and the like.
In an embodiment, the method for testing consistency of the code number downloading process of the eSIM terminal further includes:
server access authentication is performed by the eSIM server prior to downloading the configuration file.
In an embodiment, downloading the configuration file and comparing the configuration file with the pre-stored standard file in real time during the downloading process includes:
verifying whether the authorized key identifier list on the tested device and the authorized key identifier list on the eSIM server have the same authorized key identifier, and if not, returning to an error state, and stopping the process;
through signing and de-signing the response data, the certificates used in the verification test process are the same root certificate, and any verification failure returns an error state and stops the process;
in one embodiment, performing server access authentication by an eSIM server prior to downloading a configuration file includes:
the local TLS certificate is sent to the eSIM server to verify the validity of the local TLS certificate.
According to another aspect of the present application, a method for testing consistency of an eSIM terminal code number downloading flow by taking an eSIM server as an execution subject, includes:
generating a configuration file uniquely corresponding to the tested equipment according to the EID information of the tested equipment;
performing server access verification on the tested equipment;
after the verification is passed, receiving a server verification request sent by the tested device, performing data signature by using a server identity verification private key corresponding to the same authorization key identifier in the authorization key identifier list on the tested device and the authorization key identifier list on the eSIM server, and returning signature data to the tested device;
and subsequently, the configuration file is encrypted and issued to the tested equipment, and a notification message of operations such as configuration file installation, activation and the like uploaded by the tested equipment is received.
According to a third aspect of the present application, an eSIM terminal under test is used as an execution subject, and an eSIM terminal code number downloading flow consistency testing apparatus is further provided, including:
the local configuration file assistant is used for retrieving the EID of the tested equipment, forwarding request and response data between the eUICC and the eSIM, and performing operations such as installation, activation and the like on the downloaded configuration file;
the consistency test unit is used for carrying out consistency test on the downloading process of the configuration file and a pre-stored standard process and downloading the configuration file;
in an embodiment, the device for testing consistency of code number downloading process of an eSIM terminal further includes:
and the server access authority verification unit is used for performing server access authority verification through the eSIM server before downloading the configuration file.
In one embodiment, the conformance test unit comprises:
the judging module is used for judging whether the authorized key identifier list on the tested equipment and the authorized key identifier list on the eSIM server have the same authorized key identifier or not, and if not, an error state is returned, and the process is stopped;
through signing and de-signing the response data, the certificates used in the verification test process are the same root certificate, and any verification failure returns an error state and stops the process;
and the downloading module is used for receiving the configuration file and executing the configuration file operation such as installation, activation and the like.
In one embodiment, the right verifying unit includes:
a validity verification module to send the local TLS certificate to the eSIM server to verify the validity of the local TLS certificate.
According to another aspect of the present application, an eSIM is taken as an execution subject, and an eSIM terminal code number downloading flow consistency testing apparatus is further provided, including:
the configuration file generating unit is used for generating a configuration file uniquely corresponding to the tested equipment according to the EID information of the tested equipment;
the authority verification unit is used for verifying the server access authority of the tested equipment;
the two-way verification unit is used for mutual verification between the eSIM server and the tested equipment based on the response data and the same-root certificate;
and the transmission unit is used for transmitting request and response data between the eSIM server and the tested equipment.
According to a fifth aspect of the present application, there is also provided an electronic device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements the steps of the method for testing consistency of the code number downloading flow of the eSIM terminal when executing the program.
According to a sixth aspect of the present application, there is also provided a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the eSIM terminal code number download procedure consistency test method.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a block diagram of a system for testing consistency of an eSIM terminal code number downloading process provided in the present application.
Fig. 2 is a flowchart of a method for testing consistency of an eSIM terminal code number downloading process by using a terminal to be tested as an execution subject according to the present application.
Fig. 3 is a flowchart illustrating a real-time comparison between a configuration file and a pre-stored standard file during a downloading process according to an embodiment of the present disclosure.
Fig. 4 is a flowchart of a method for testing consistency of an eSIM terminal code number downloading process using an eSIM server as an execution subject according to an embodiment of the present application.
Fig. 5 is a block diagram illustrating a structure of an eSIM terminal code number downloading process consistency testing apparatus using a terminal to be tested as an execution subject according to the present application.
FIG. 6 is a block diagram of a conformance testing unit in an embodiment of the present application.
Fig. 7 is a block diagram illustrating a configuration of an apparatus for testing consistency of an eSIM terminal code number downloading process by using an eSIM server as an execution subject according to the present application.
Fig. 8 is a specific implementation of an electronic device in an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The consistency test of the code number downloading process of the current consumer electronic eSIM terminal is based on SGP.22 of GSMA specification, a test object is an eSIM terminal, test contents are the eSIM code number downloading process and operations such as activation, deactivation, deletion and the like of a card configuration file, and the test system comprises an eSIM server (namely a remote management platform SM-DP +: supporting generation, issuing and authentication verification of the eSIM card configuration file, and supporting interaction and log printing of relevant interfaces such as ES8+, ES9 +) and a tested terminal. The existing system for testing consistency of code number downloading processes of the eSIM terminals does not support simultaneous generation of binding configuration files of a plurality of EIDs, and does not support simultaneous downloading tests of a plurality of terminals to be tested, so that the test progress is slow, and human resources are wasted; and the commercial platform of the operator has huge functional system and high deployment cost, and is not suitable for testing.
The application provides a system for testing consistency of code number downloading flows of a consumer electronics eSIM terminal, which is used for testing and verifying the standard conformance of interactive flows and signaling between an eUICC and an eSIM terminal and between a remote management platform, and the remote management platform can be opened to external personnel, is convenient to debug, can generate configuration files bound by EIDs in batches, and supports simultaneous downloading of multiple terminals to be tested.
As shown in fig. 1, a schematic structural diagram of a system for testing consistency of a code number downloading process of a consumer electronic eSIM terminal includes an eSIM server, a terminal to be tested, and a card reader, where the card reader is suitable for use when an embedded universal integrated circuit card (eUICC) is separated from a terminal device. The eSIM server can simulate the SM-DP + capability of an operator and is responsible for generating and issuing configuration files, ES8+, ES9+ and other related interface interaction and log printing, a DP certificate and an auth certificate which are the same as a Certificate Issuer (CI) are arranged on the server, and one EID corresponds to one unique matchingID, so that the download test of a plurality of terminals to be tested can be guaranteed; simultaneously, roles can be added, different authorities are given, and for external personnel, authorities for checking and downloading logs can be given to the external personnel, so that the safety of the platform can be ensured, and the external personnel can be conveniently tested.
In a specific embodiment, the structure of the eSIM server includes a platform management unit, a data storage unit, a data cache unit, and a background processing unit. The functions of each unit are respectively as follows:
a platform management unit: the system is used for deploying SM-DP + platform management end service and realizing the early preparation work of equipment test and the checking and downloading functions of subsequent logs; specifically, the platform management unit may be a Tomcat server, which is a free Web application server with open source codes, belongs to a lightweight application server, and is mainly used for deploying SM-DP + platform management side services, and implementing the functions of preparing the device test in the early stage and checking and downloading subsequent logs.
A data storage unit: the system is used for storing and managing all data of the system; specifically, the data storage unit is a MySQL database, and the database service is a fully hosted database service and is mainly used for storing and managing all data of the system.
A data caching unit: the method is used for temporary data storage and quick acquisition in the system; specifically, the data caching unit may be a Redis database, where the Redis is a cross-platform non-relational database, and is mainly used for storing and quickly acquiring temporary data in the system.
A background processing unit: the method is used for a management side configuration file creating function, data personalization is carried out asynchronously, and a protected configuration file package (ppp) required by downloading is generated.
When the eSIM terminal to be tested is separated from the eUICC, the eUICC and the server have the same root certificate issued by the same certificate issuing authority.
As shown in fig. 2, in order to use the eSIM terminal in fig. 1 as an execution subject, a method for testing consistency of a code number downloading flow of the eSIM terminal is provided, which includes:
s201: the local profile assistant retrieves the EID to cause the eSIM server to generate a profile from the device under test EID that uniquely corresponds to the device under test.
S202: and carrying out consistency test on the downloading process of the configuration file and a pre-stored standard process, and downloading the configuration file.
S203: and after the downloading is successful, the configuration file is installed, activated and the like.
In an embodiment, the method for testing consistency of the code number downloading process of the eSIM terminal further includes:
server access right verification is performed by the eSIM server before downloading the configuration file.
In an embodiment, downloading the configuration file and comparing the configuration file with the pre-stored standard file in real time during the downloading process, as shown in fig. 3, includes:
s301: and judging whether the authorization key identifier list on the tested device and the authorization key identifier list on the eSIM server have the same authorization key identifier or not, if not, returning to an error state, and stopping the process.
S302: by signing and de-signing the response data, the certificates used in the verification test process are the same root certificate, and any verification failure returns an error state and stops the flow.
S303: receiving configuration files and executing configuration file operations such as installation, activation and the like.
In one embodiment, the server access right verification by the eSIM server before downloading the configuration file includes:
the local TLS certificate is sent to the eSIM server to verify the validity of the local TLS certificate.
In a specific embodiment, before testing, the EID and the built-in certificate of the terminal to be tested need to be known, so as to ensure that the device to be tested and the server have the same root certificate issued by the same certificate issuing authority, and a configuration file bound by the EID is generated. According to the certificate chain public and private key technology, the eSIM server management platform needs to import a server certificate in advance, which is cert.dpauth.ecdsa, cert.dppb.ecdsa, cert.dp.tls, cert.ci.ecdsa; the eSIM device to be tested needs built-in card certificates CERT.EUICC.ECDSA and CERT.EUM.ECDSA; . Because the test platform is adopted, interaction with an operator is not needed, so that the limit of downloading times is not set in the test process, and a confirmation code is not used; and skipping an account opening and signing process, and generating a configuration file for binding the EID of the tested equipment by the eSIM server management platform, wherein the configuration file corresponds to a unique MatchingID. Then the terminal initiates a configuration file downloading service application, and selects a service application channel in any one of three application modes according to the capability supported by the terminal downloading application, wherein the three application modes are respectively as follows: downloading in a mode of presetting an address of an eSIM server, inputting corresponding information of the server on a terminal interface, downloading and downloading in a two-dimensional code scanning mode.
Authentication interaction is required during downloading, and if the eSIM server passes the verification, the user download confirmation is carried out. After the user confirms, the configuration file is installed, in the downloading and installing process, the consistency test is carried out on the downloading process of the configuration file and the pre-stored standard process, and after the downloading is successful, the operations of installing, activating and the like are carried out on the configuration file.
According to another aspect of the present application, there is provided a method for testing consistency of a code number downloading process of an eSIM terminal, using an eSIM server as an execution subject, as shown in fig. 4, the method includes:
s401: and generating a configuration file uniquely corresponding to the tested device according to the EID information of the tested device.
S402: and carrying out server access verification on the tested device.
S403: after the verification is passed, receiving a server verification request sent by the tested device, performing data signature by using a server identity verification private key corresponding to the same authorization key identifier in the authorization key identifier list on the tested device and the authorization key identifier list on the eSIM server, and returning signature data to the tested device;
s404: and encrypting and issuing the configuration file to the tested equipment, and receiving a notification message of operations such as configuration file installation, activation and the like uploaded by the tested equipment.
In a specific embodiment, a terminal service application request sent by a device to be tested is received, a certificate issued by a certificate issuing authority having the same public key identifier list in the request and a server certificate is verified, a public key identifier corresponding to one certificate is selected as a signing data parameter according to priority, signing is carried out on the signing data by using CERT.DPauth.ECDSA, and response data and signing data are returned to the device to be tested; subsequently receiving a client verification request sent by the tested equipment, and verifying the integrity of the signing data and the validity of the card certificate; and entering a downloading flow after the two-way verification is passed, receiving a message of confirmation or rejection of downloading by the user, and receiving configuration file operation notifications such as installation and activation sent by the tested equipment after the downloading is finished.
Specifically, the relevant verification interfaces involved in the whole test process comprise ES8+, ES9+, ES10a, ES10b, ES12 and the like;
the related relevant interface functions include:
ES10a.GetEuicConfigardress, ES10b.GetEUICCInfo, ES10b.GeteUICCchallenge, ES9+. Initiate Automation, ES10b.AutothenateServer, ES9+. Autothenticate client, ES8+. StoreMetaData, and the like.
The Local Profile Assistant (LPA) calls the "es10b.geteuccinfo" function and the "es10b.geteuccchalenge" function to obtain euiccinfo1 and euicchalenge from the eUICC;
the method comprises the steps that an https connection is established between an LPA and a server, the LPA can verify whether CERT.DP.TLS is valid or not during the https connection, if the CERT.DP.TLS is invalid, connection establishment fails, and a process is stopped;
the LPA uploads euicciinfo 1, euicccellege, SVN and SM-DP Address to an SM-DP + server by calling an 'ES 9+. initiateauthentization' function, wherein the SVN indicates the version number of eUICC specification in eUICCinfo1, and the SM-DP Address is in the last service application request;
the SM-DP + server verifies the euiccCiPKIdListForVerification in SM-DP Address and euiccinfo1, and after the verification is passed, the SM-DP + server generates a TransactionID for unique identification of the whole test flow; generating smdpchange for subsequent eUICC identity authentication; selecting a CI public key supported by both the server and the terminal according to the priority, and placing the CI public key in the euicCiPKIdToBeused; generating a smdpcigned 1 data structure which comprises a transactioniD, euicchallenge, smdpcchallenge and SM-DP Address; and the smdpSigned1 is signed by using SK.DPauth.ECDSA to obtain smdpSignature 1.
The SM-DP + server returns TransactionID, smdpSigned1, smdpSignature1, euicCiPKIdToBeused and CERT.DPauth.ECDSA to the LPA;
the LPA verifies whether the SM-DP Address is consistent with the previous uploading; generating a data structure of ctxParams1, wherein the data structure comprises MatchingID and equipment information, the MatchingID is obtained from an activation code if the MatchingID uses the activation code to apply for service downloading, and the MatchingID is set as a null character string if the MatchingID uses a default SM-DP + address to download;
calling an 'ES10b.AuthenticatedServer' function by the LPA, and transmitting smdpSigned1, smdpSignature1, euicCiPKIdToBeused, CERT.DPauth.ECDSA and ctxPaams 1 to the eUICC;
the eUICC verifies CERT.DPauth.ECDSA by using related PK.CI.ECDSA, and after the verification is passed, the SMdSignature 1 is verified by using the CERT.DPauth.ECDSA, so that the smdAddress, the euiccChanllenge and the transactioniD in the smdSigned 1 are not changed; meanwhile, the method verifies that the euiccipkidtobeused is supported and the related certificate can be used for signing;
the eUICC generates an euicsigned 1 data structure, which includes: TransactionID, smxxChallenge, eUICCInfo2 and ctxParams1, and euiccSigned1 is signed by using SK.EUICC.ECDSA related to euiccCiPKIdToBeused to obtain euiccSignature 1;
the eUICC returns euiccSigned1, euiccSignature1, CERT.EUICC.ECDSA and CERT.EUM.ECDSA to the LPA;
the LPA calls an 'ES 9+. AutothenticatecClient' function to upload the euiccSigned1, euiccSignature1, CERT.EUICC.ECDSA and CERT.EUM.ECDSA to the SM-DP + server;
the SM-DP + server verifies whether CERT.EUICC.ECDSA and CERT.EUM.ECDSA are effective or not; when the verification is passed, the use of PK.EUICC.ECDSA (contained in CERT.EUICC.ECDSA) to verify the euicSignature 1 ensures that the TransactionID and smdpchange in the euicSigned 1 are consistent with those generated before, and verifies that the SVN in the euicinfo 2 is consistent with the SVN uploaded before.
Calling an 'ES10b.PrepareDownload' function by the LPA, and transmitting smdpSigned2, smdpSignature2 and CERT.DPpb.ECDSA to the eUICC;
the eUICC verifies that CERT.DPpb.ECDSA and CERT.DPauth.ECDSA are issued by the same CI; verifying smdpSignature2 by using PK.DPpb.ECDSA, and confirming that the transactioniD in smdpSigned2 is consistent with the transactioniD of the current session, wherein the PK.DPpb.ECDSA is in CERT.DPauth.ECDSA;
the eUICC generates a one-time key pair (otpk. eUICC. ecka, otsk. eUICC. ecka); generating an euicsigned 2 data structure containing TransactionID, otpk. euicc. ecka; signing the euicsigned 2 by using SK.EUICC.ECDSA to obtain euicsigned 2; returning the euicsigned 2 and euicsignature 2 to the LPA;
the LPA calls an 'ES 9+. GetBundProfilePack' function to upload the euicSigned 2 and the euicSignature 2 to the SM-DP + server;
the SM-DP + server verifies the euiccSignature2 by using PK.EUICC.ECDSA, and ensures that the transactioniD in the euiccSigned2 is consistent with the transactioniD of the whole session; subsequently, an elliptic curve cryptography algorithm identical to cert.dppb.ecdsa is used to generate a one-time key pair of ECKA (otpk.dp.ecka, otsk.dp.ecka); generating a session key using the CRT, the otPK, the eUCC, the ECKA and the otSK, the DP, the ECKA;
and the SM-DP + server returns the transactioniD and the generated configuration file of the bound EID to the LPA, and sets a download command related to the Profile to be in a 'Downloaded' state.
In addition to the method for testing consistency of the code number downloading process of the eSIM terminal, in a specific embodiment of the present application, the method further includes managing a downloaded local profile, where a management object is a profile that has been downloaded and installed successfully but is not yet enabled on the eUICC.
A user views a list of installed configuration files and the current state (enabled or disabled) in the eUICC through a user interface; the user selects one of the forbidden configuration files to be enabled, and the LPA calls an ISD-R 'ES10c.EnableProfile' function to inform the eUICC of activating the configuration files; the eUICC issues an update command, and the ISD-R enables the configuration file.
A user views a list of installed configuration files and a current state (enabled or disabled) in the eUICC through a user interface; the user selects one enabled configuration file to be disabled, and the LPA calls an ISD-R 'ES10c.DisableProfile' function to inform the eUICC of disabling the configuration file; the eUICC issues an update command and the ISD-R disables the configuration file.
A user views a list of installed configuration files and the current state (enabled or disabled) in the eUICC through a user interface; the user selects one forbidden configuration file to delete, and the LPA calls an ISD-R 'ES10c.deletedProfile' function to inform the eUICC to delete the configuration file; the eUICC sends an update command, and the ISD-R deletes the configuration file.
If the state of the configuration file changes, such as activation, deactivation, deletion and the like, the eUICC generates and stores a notification message, and the notification message is uploaded to the SM-DP + server through the LPA; and then the eUICC deletes the notification message.
Based on the same inventive concept, the embodiment of the present application further provides a device for testing consistency of an eSIM terminal code number downloading process, which can be used to implement the method described in the above embodiments, as described in the following embodiments. The principle of the device for testing consistency of the code number downloading process of the eSIM terminal is similar to that of a method for testing consistency of the code number downloading process of the eSIM terminal. As used hereinafter, the term "unit" or "module" may be a combination of software and/or hardware that implements a predetermined function. While the system described in the embodiments below is preferably implemented in software, implementations in hardware, or a combination of software and hardware are also possible and contemplated.
With an eSIM terminal under test as an execution subject, the present application further provides an eSIM terminal code number downloading flow consistency testing apparatus, as shown in fig. 5, including:
a terminal service application unit 501, configured to retrieve the EID by using a local profile assistant, so that the EID of the device under test on the eSIM server generates a profile uniquely corresponding to the device under test;
a consistency test unit 502, configured to perform consistency test on a downloading process of the configuration file and a pre-stored standard process, and download the configuration file;
the file installation unit 503 is configured to perform operations such as installation and activation on the configuration file after the download is successful.
In an embodiment, the device for testing consistency of code number downloading process of an eSIM terminal further includes:
and the authority verification unit is used for performing authority verification through the eSIM server before the configuration file is downloaded.
In one embodiment, as shown in FIG. 6, the conformance test unit 502 comprises:
a determining module 601, configured to determine whether the local TLS is matched with the eSIM server TLS certificate;
a response data generation module 602, configured to, if the eSIM server or the device under test is not used, use a corresponding public-private key to sign to generate response data or to sign off the response data;
and the downloading module 603 is configured to receive the configuration file and perform configuration file operations such as installation and activation.
In one embodiment, the right verifying unit includes:
a validity verification module to send the local TLS certificate to the eSIM server to verify the validity of the local TLS certificate.
According to another aspect of the present application, an eSIM is taken as an execution subject, and an eSIM terminal code number downloading flow consistency testing apparatus is further provided, as shown in fig. 7, including:
a configuration file generating unit 701, configured to generate a configuration file uniquely corresponding to the device under test according to the EID information of the device under test;
an authority verification unit 702, configured to verify a server access authority of the device under test;
the response data unit 703 is used for generating a signature of the response data in the test process and performing signature release after the verification is passed;
and a transmission unit 704 for transmitting data between the eSIM server and the device under test.
Compared with other test platforms, the method and the device for testing the consistency of the code number downloading flow of the eSIM terminal can generate the configuration files bound by the EID in batches, support the simultaneous downloading test of a plurality of tested devices, and save manpower resources and test time.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The principle and the implementation mode of the invention are explained by applying specific embodiments in the invention, and the description of the embodiments is only used for helping to understand the method and the core idea of the invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.
An embodiment of the present application further provides a specific implementation manner of an electronic device capable of implementing all steps in the method in the foregoing embodiment, and referring to fig. 8, the electronic device specifically includes the following contents:
a processor (processor)801, a memory 802, a communication Interface 803, a bus 804, and a non-volatile memory 805;
the processor 801, the memory 802 and the communication interface 803 complete mutual communication through the bus 804;
the processor 801 is configured to call the computer programs in the memory 802 and the non-volatile memory 805, and when the processor executes the computer programs, the processor implements all the steps in the method in the foregoing embodiments, for example, when the processor executes the computer programs, the processor implements the following steps:
s201: the local profile assistant retrieves the EID to cause the eSIM server to generate a profile from the device under test EID that uniquely corresponds to the device under test.
S202: and carrying out consistency test on the downloading process of the configuration file and a pre-stored standard process, and downloading the configuration file.
S203: and after the downloading is successful, the configuration file is installed, activated and the like.
Embodiments of the present application also provide a computer-readable storage medium capable of implementing all the steps of the method in the above embodiments, where the computer-readable storage medium stores thereon a computer program, and the computer program when executed by a processor implements all the steps of the method in the above embodiments, for example, the processor implements the following steps when executing the computer program:
s201: the local profile assistant retrieves the EID to cause the eSIM server to generate a profile from the device under test EID that uniquely corresponds to the device under test.
S202: and carrying out consistency test on the downloading process of the configuration file and a pre-stored standard process, and downloading the configuration file.
S203: and after the downloading is successful, the configuration file is installed, activated and the like.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the hardware + program class embodiment, since it is substantially similar to the method embodiment, the description is simple, and the relevant points can be referred to the partial description of the method embodiment. Although the embodiments herein provide method operation steps as described in the embodiments or flowcharts, more or fewer operation steps may be included based on conventional or non-inventive means. The order of steps recited in the embodiments is merely one manner of performing the steps in a multitude of orders and does not represent the only order of execution. When an actual apparatus or end product executes, it may execute sequentially or in parallel (e.g., parallel processors or multi-threaded environments, or even distributed data processing environments) according to the method shown in the embodiment or the figures. The terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, the presence of additional identical or equivalent elements in a process, method, article, or apparatus that comprises the recited elements is not excluded. For convenience of description, the above devices are described as being divided into various modules by functions, and are described separately. Of course, in implementing the embodiments of the present description, the functions of each module may be implemented in one or more software and/or hardware, or a module implementing the same function may be implemented by a combination of multiple sub-modules or sub-units, and the like. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form. The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks. As will be appreciated by one skilled in the art, embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, embodiments of the present description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present description may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and so forth) having computer-usable program code embodied therein. The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment. In the description herein, references to the description of "one embodiment" or "a particular embodiment" or the like are intended to mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the embodiments herein. In this specification, the schematic representations of the terms used above are not necessarily intended to refer to the same embodiment or example. Furthermore, various embodiments or examples and features of different embodiments or examples described in this specification can be combined and combined by one skilled in the art without contradiction. The above description is only an example of the embodiments of the present disclosure, and is not intended to limit the embodiments of the present disclosure. Various modifications and variations to the embodiments described herein will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement or the like made within the spirit and principle of the embodiments of the present invention should be included in the scope of the claims of the embodiments of the present invention.
Claims (12)
1. A method for testing consistency of code number downloading processes of an eSIM terminal is characterized by comprising the following steps:
generating a terminal service application request according to EID information of the tested equipment and sending the terminal service application request to an eSIM server so as to enable a local configuration file assistant to retrieve EID, wherein the eSIM server generates a configuration file uniquely corresponding to the tested equipment according to the EID information of the tested equipment;
carrying out consistency test on the downloading process of the configuration file and a pre-stored standard process, and downloading the configuration file;
and after the downloading is successful, the configuration file is installed and activated.
2. The method for testing consistency of code number downloading procedures of eSIM terminals according to claim 1, further comprising:
performing server access authentication by the eSIM server before downloading the configuration file.
3. The method for testing the code number downloading process consistency of the eSIM terminal according to claim 2, wherein the downloading the configuration file and comparing the configuration file with a pre-stored standard file in real time in the downloading process comprises:
judging whether the public key certificate bound by the configuration file and a pre-stored public key certificate used for identity verification are issued by the same certificate issuing authority to carry out consistency test;
if so, generating a first key pair, signing and sending the first key pair to an eSIM server so that the eSIM server generates a second key pair by adopting an elliptic curve encryption algorithm according to the first key pair and returns the second key pair and the configuration file;
receiving the configuration file and executing the installation and activation operation of the configuration file.
4. The method for testing consistency of code number downloading procedures of eSIM terminals according to claim 3, wherein the performing server access verification by the eSIM server before downloading the configuration file comprises:
sending a local TLS certificate to the eSIM server to verify a validity of the local TLS certificate.
5. A method for testing consistency of code number downloading processes of an eSIM terminal is characterized by comprising the following steps:
generating a configuration file uniquely corresponding to the tested equipment according to EID information in a terminal service application request sent by the tested equipment;
performing server access verification on the tested device;
after the verification is passed, receiving a first key pair sent by the tested equipment, and encrypting the first key pair through an elliptic curve encryption algorithm to generate a second key pair;
and transmitting the second key pair and the configuration file to the tested device.
6. An eSIM terminal code number downloading flow consistency testing device is characterized by comprising:
the terminal service application unit is used for generating a terminal service application request according to the EID information of the tested equipment and sending the terminal service application request to the eSIM server so as to enable the local configuration file assistant to retrieve the EID, and the eSIM server generates a configuration file uniquely corresponding to the tested equipment according to the EID information of the tested equipment;
the consistency test unit is used for carrying out consistency test on the downloading process of the configuration file and a pre-stored standard process and downloading the configuration file;
and the file installation unit is used for installing and activating the configuration file after the downloading is successful.
7. The device for testing consistency of the code number downloading process of the eSIM terminal according to claim 6, further comprising:
and the server access authority verification unit is used for performing server access verification through the eSIM server before downloading the configuration file.
8. The device for testing consistency of the code number downloading process of the eSIM terminal according to claim 7, wherein the consistency testing unit comprises:
the judging module is used for judging whether the public key certificate bound by the configuration file and a public key certificate prestored in the eSIM server and used for identity verification are issued by the same certificate issuing authority to carry out consistency test;
the two-way verification module is used for generating a first key pair and adding a signature and then sending the first key pair to the eSIM server so that the eSIM server generates a second key pair according to the first key pair by adopting an elliptic curve encryption algorithm and returns the second key pair and the configuration file;
and the downloading module is used for receiving the configuration file, executing installation and activating the configuration file.
9. The eSIM terminal code number download process consistency testing apparatus as defined in claim 8, wherein the authorization verification unit comprises:
a validity verification module to send a local TLS certificate to the eSIM server to verify the validity of the local TLS certificate.
10. An eSIM terminal code number downloading flow consistency testing device is characterized by comprising:
the configuration file generating unit is used for generating a configuration file uniquely corresponding to the tested equipment according to the EID information of the tested equipment;
the server access authority verification unit is used for verifying the server access authority of the tested equipment;
the bidirectional verification unit is used for receiving a first key pair sent by the tested equipment after the access verification of the server is passed, and encrypting the first key pair by an elliptic curve encryption algorithm to generate a second key pair;
and the transmission unit is used for transmitting the second key pair and the configuration file to the tested device.
11. An electronic device comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the processor implements the steps of the method for testing the code number download process consistency of an eSIM terminal according to any one of claims 1 to 5 when executing the program.
12. A computer-readable storage medium having stored thereon a computer program, wherein the computer program, when executed by a processor, implements the steps of the eSIM terminal code number download procedure consistency test method of any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111637161.8A CN114513787A (en) | 2021-12-29 | 2021-12-29 | Method and device for testing consistency of code number downloading process of eSIM (embedded subscriber identity Module) terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111637161.8A CN114513787A (en) | 2021-12-29 | 2021-12-29 | Method and device for testing consistency of code number downloading process of eSIM (embedded subscriber identity Module) terminal |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114513787A true CN114513787A (en) | 2022-05-17 |
Family
ID=81547939
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111637161.8A Pending CN114513787A (en) | 2021-12-29 | 2021-12-29 | Method and device for testing consistency of code number downloading process of eSIM (embedded subscriber identity Module) terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114513787A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117014860A (en) * | 2023-09-27 | 2023-11-07 | 紫光同芯微电子有限公司 | Method and device for downloading configuration file, ESIM card and storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2018018419A1 (en) * | 2016-07-26 | 2018-02-01 | 华为技术有限公司 | Configuration file batch-obtaining and downloading method, and server and terminal |
| CN108353462A (en) * | 2016-03-03 | 2018-07-31 | 华为技术有限公司 | A kind of configuration file method for down loading and relevant device, system |
| CN109417545A (en) * | 2016-06-24 | 2019-03-01 | 奥兰治 | For downloading the technology of network insertion profile |
| CN109474650A (en) * | 2017-09-08 | 2019-03-15 | 中国移动通信有限公司研究院 | A kind of configuration file method for down loading and terminal |
| CN109792604A (en) * | 2017-01-16 | 2019-05-21 | 华为技术有限公司 | A kind of eUICC configuration file management method and relevant apparatus |
| CN110446201A (en) * | 2019-09-20 | 2019-11-12 | 恒宝股份有限公司 | A kind of communications module that realizing eSIM Remote configuration, communication means and system |
-
2021
- 2021-12-29 CN CN202111637161.8A patent/CN114513787A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108353462A (en) * | 2016-03-03 | 2018-07-31 | 华为技术有限公司 | A kind of configuration file method for down loading and relevant device, system |
| CN109417545A (en) * | 2016-06-24 | 2019-03-01 | 奥兰治 | For downloading the technology of network insertion profile |
| WO2018018419A1 (en) * | 2016-07-26 | 2018-02-01 | 华为技术有限公司 | Configuration file batch-obtaining and downloading method, and server and terminal |
| CN109792604A (en) * | 2017-01-16 | 2019-05-21 | 华为技术有限公司 | A kind of eUICC configuration file management method and relevant apparatus |
| CN109474650A (en) * | 2017-09-08 | 2019-03-15 | 中国移动通信有限公司研究院 | A kind of configuration file method for down loading and terminal |
| CN110446201A (en) * | 2019-09-20 | 2019-11-12 | 恒宝股份有限公司 | A kind of communications module that realizing eSIM Remote configuration, communication means and system |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117014860A (en) * | 2023-09-27 | 2023-11-07 | 紫光同芯微电子有限公司 | Method and device for downloading configuration file, ESIM card and storage medium |
| CN117014860B (en) * | 2023-09-27 | 2024-01-05 | 紫光同芯微电子有限公司 | Method and device for downloading configuration file, ESIM card and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108768970B (en) | Binding method of intelligent equipment, identity authentication platform and storage medium | |
| CN106304074B (en) | Auth method and system towards mobile subscriber | |
| CN109417545B (en) | Method, security module, mobile terminal and medium for downloading a network access profile | |
| CN106209726B (en) | Mobile application single sign-on method and device | |
| CN109756447A (en) | A kind of safety certifying method and relevant device | |
| CN109905312B (en) | Message pushing method, device and system | |
| CN108848496A (en) | Authentication method, TEE terminal and the management platform of virtual eSIM card based on TEE | |
| CN110381103B (en) | Method, device and system for downloading operator configuration file | |
| CN110381075B (en) | Block chain-based equipment identity authentication method and device | |
| CN109729535B (en) | Base station opening method and device, computer storage medium and equipment | |
| CN109587142B (en) | Data security access module and equipment for service flow | |
| CN108990047B (en) | Test method, device and medium for subscription relationship management data preparation platform | |
| CN102984046B (en) | A kind of processing method of instant messaging business and the corresponding network equipment | |
| CN112203271A (en) | Communication connection method, device and system | |
| CN112910826B (en) | Initial configuration method and terminal equipment | |
| CN114513787A (en) | Method and device for testing consistency of code number downloading process of eSIM (embedded subscriber identity Module) terminal | |
| CN105704296A (en) | Application environment cloning method and device | |
| CN109451483B (en) | eSIM data processing method, equipment and readable storage medium | |
| JP2018036940A (en) | Cloud storage system | |
| CN112478966B (en) | Elevator and debugging method, debugging platform and debugging terminal thereof | |
| CN105812370A (en) | Smart card processing method, device and system | |
| CN105577657A (en) | SSL/TLS algorithm suite expansion method | |
| CN105721515A (en) | Cloud agent device, cloud storage and file transfer method | |
| CN113672264B (en) | System upgrading method and device of embedded universal integrated circuit card and electronic equipment | |
| CN104753927A (en) | Unified verification method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |