CN115002745A - eSIM card authentication method, terminal and eSIM card - Google Patents
eSIM card authentication method, terminal and eSIM card Download PDFInfo
- Publication number
- CN115002745A CN115002745A CN202210426721.3A CN202210426721A CN115002745A CN 115002745 A CN115002745 A CN 115002745A CN 202210426721 A CN202210426721 A CN 202210426721A CN 115002745 A CN115002745 A CN 115002745A
- Authority
- CN
- China
- Prior art keywords
- esim card
- card
- encryption result
- terminal
- side encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 69
- 230000003213 activating effect Effects 0.000 claims description 14
- 230000004913 activation Effects 0.000 claims description 13
- 239000000126 substance Substances 0.000 claims description 9
- 238000004891 communication Methods 0.000 claims description 7
- 230000009849 deactivation Effects 0.000 claims description 5
- 230000037430 deletion Effects 0.000 claims description 3
- 238000012217 deletion Methods 0.000 claims description 3
- 230000008569 process Effects 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 238000010295 mobile communication Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/18—Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
- H04W8/183—Processing at user equipment or user record carrier
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/40—Security arrangements using identity modules
- H04W12/42—Security arrangements using identity modules using virtual identity modules
Abstract
The application relates to an eSIM card authentication method, a terminal and an eSIM card, relating to the technical field of eSIM cards, wherein the method comprises the following steps: acquiring a first random number from the eSIM card based on an eSIM card standard interface, and encrypting according to a preset algorithm to obtain a terminal side encryption result; sending the terminal side encryption result to the eSIM card so that the eSIM card compares the terminal side encryption result with the card side encryption result, and if the terminal side encryption result is consistent with the card side encryption result, the authentication is passed; the card side encryption result is obtained by encrypting the eSIM card based on the first random number according to a preset algorithm. The method and the device for authenticating the terminal equipment based on the standard interface of the eSIM card effectively realize the corresponding authentication work of the terminal equipment and the eSIM card, and have certain advantages in compatibility.
Description
Technical Field
The application relates to the technical field of an eSIM card, in particular to an eSIM card authentication method, a terminal and an eSIM card.
Background
An eSIM (Embedded SIM) is an Embedded SIM card that enables SIM card information to be integrated onto a device chip rather than being added to the device as a separate removable component.
In an eSIM card architecture defined by GSMA (global system for mobile communications association) specifications, an eUICC (i.e., an eSIM card) can flexibly perform operations on a profile, such as downloading, activating, deactivating or deleting, and when the operations are performed, the operations can be performed correctly only if an operation instruction format meets the specification requirements, thereby meeting the requirement of a user for switching code numbers at any time to a certain extent.
In some special scenarios, both the LPA application and the eSIM card on the terminal device are customized, and in an actual use process, an eSIM card issuer does not want LPA applications of other manufacturers to control the eSIM cards issued by the LPA applications, so that the eSIM cards are authenticated. The authentication method adopted in the prior art needs to add a specific interface or instruction for support, and compatibility problems can be caused on many devices because the customized method is not supported.
Therefore, in order to meet the requirements of the existing eSIM card authentication, a new eSIM card authentication technology is provided.
Disclosure of Invention
The application provides an eSIM card authentication method and device, which effectively realize corresponding authentication work of terminal equipment and an eSIM card based on an eSIM card standard interface and have certain advantages in compatibility.
In a first aspect, the present application provides an eSIM card authentication method, including:
acquiring a first random number from the eSIM card based on an eSIM card standard interface, and encrypting according to a preset algorithm to obtain a terminal side encryption result;
sending the terminal side encryption result to the eSIM card so that the eSIM card can compare the terminal side encryption result with a card side encryption result, and if the terminal side encryption result is consistent with the card side encryption result, the eSIM card passes authentication; wherein, the first and the second end of the pipe are connected with each other,
and the card side encryption result is obtained by encrypting the eSIM card according to the preset algorithm based on the first random number.
Specifically, based on an eSIM card standard specification interface, a first random number is obtained from an eSIM card, and encryption is performed according to a preset algorithm to obtain a terminal side encryption result, wherein the method comprises the following steps:
and encrypting based on a second interface defined in the standard specification of the eSIM card according to the first random number and an authentication secret key preset on the eSIM card to obtain an encryption result at the terminal side.
Specifically, based on an eSIM card standard specification interface, a first random number is obtained from an eSIM card, and encryption is performed according to a preset algorithm to obtain a terminal side encryption result, wherein the method comprises the following steps:
acquiring a first random number from an eSIM card based on a Get Euric Challenge Request interface defined in an eSIM card standard specification;
and encrypting the first random number according to a preset algorithm based on a Cancel Session Request interface defined in the standard specification of the eSIM card to obtain an encryption result at the terminal side.
Specifically, the terminal side encryption result is sent to the eSIM card, and the method includes the following steps:
and configuring the encryption result of the terminal equipment in a TransactionId field in a command data field, and sending the encryption result to the eSIM card.
In a second aspect, the present application provides an eSIM card authentication method, including:
encrypting according to a preset algorithm based on the first random number to obtain a card side encryption result;
and receiving a terminal side encryption result sent by the terminal, comparing the terminal side encryption result with the card side encryption result, and if the terminal side encryption result is consistent with the card side encryption result, passing the authentication.
Specifically, the eSIM card presets an operation restriction state; wherein the content of the first and second substances,
the operation restriction state is used for forbidding to respond to downloading, activating, deactivating and deleting operation instructions aiming at the profile when the eSIM card is not authenticated.
Specifically, the method further comprises the following steps:
and encrypting according to a preset algorithm based on the first random number and an authentication secret key preset by the eSIM card to obtain a card side encryption result.
Specifically, the method for presetting the operation restriction state of the eSIM card comprises the following steps:
configuring a first specific value to a Reason field in a Cancel Session Request instruction corresponding to an eSIM card, so that the eSIM prohibits responding to download, activation, deactivation and deletion operation instructions aiming at the profile.
In a third aspect, the present application provides an eSIM card authentication terminal, including:
the terminal authentication encryption module is used for acquiring a first random number from the eSIM card based on an eSIM card standard interface, and encrypting according to a preset algorithm to obtain a terminal side encryption result;
a terminal communication module, configured to send the terminal-side encryption result to the eSIM card, so that the eSIM card compares the terminal-side encryption result with a card-side encryption result, and if the terminal-side encryption result and the card-side encryption result are consistent, the terminal communication module passes authentication; wherein the content of the first and second substances,
the card side encryption result is obtained by encrypting the eSIM card according to the preset algorithm based on the first random number.
In a fourth aspect, the present application provides an eSIM card, including:
the card side authentication encryption module is used for encrypting according to a preset algorithm based on the first random number to obtain a card side encryption result;
and the card side authentication comparison module is used for receiving a terminal side encryption result sent by the terminal, comparing the terminal side encryption result with the card side encryption result, and if the terminal side encryption result is consistent with the card side encryption result, passing the authentication.
The technical scheme who provides this application brings beneficial effect includes:
the method and the device for authenticating the terminal equipment and the eSIM card effectively realize the corresponding authentication work of the terminal equipment and the eSIM card based on the standard interface of the eSIM card without a specific interface or a specific instruction, and have certain advantages in compatibility.
Drawings
Interpretation of terms:
eSIM: Embedded-SIM, Embedded SIM card, i.e. electronic SIM card;
SIM: subscriber Identity Module, called Subscriber Identity card;
GSMA: global system for mobile communications association;
an eUICC: embedded Universal Integrated Circuit Card, Embedded Universal Integrated Circuit Card;
LPA: local Profile asset, Local Profile agent, i.e. Local configuration agent.
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a flowchart illustrating steps of an eSIM card authentication method provided in an embodiment of the present application;
fig. 2 is a flowchart illustrating steps of another method for authenticating an eSIM card according to an embodiment of the present application;
fig. 3 is a block diagram of an eSIM card authentication terminal provided in an embodiment of the present application;
fig. 4 is a block diagram of an eSIM card provided in an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Embodiments of the present application will be described in further detail below with reference to the accompanying drawings.
The embodiment of the application provides an eSIM card authentication method and device, which can effectively realize corresponding authentication work of terminal equipment and an eSIM card based on an eSIM card standard specification interface without a specific interface or a specific instruction, and have certain advantages in compatibility.
In order to achieve the technical effects, the general idea of the application is as follows:
an eSIM card authentication method, at a terminal side, includes the steps of:
a1, acquiring a first random number from the eSIM card based on the standard interface of the eSIM card, and encrypting according to a preset algorithm to obtain an encryption result at the terminal side;
a2, sending the terminal side encryption result to the eSIM card, so that the eSIM card compares the terminal side encryption result with the card side encryption result, and if the terminal side encryption result and the card side encryption result are consistent, the eSIM card passes the authentication; wherein the content of the first and second substances,
the card side encryption result is obtained by encrypting the eSIM card based on the first random number according to a preset algorithm.
In addition, on the eSIM card side, the method includes the steps of:
b1, encrypting according to a preset algorithm based on the first random number to obtain a card side encryption result;
and B2, receiving the terminal side encryption result sent by the terminal, comparing the terminal side encryption result with the card side encryption result, and if the terminal side encryption result is consistent with the card side encryption result, passing the authentication.
Embodiments of the present application will be described in further detail below with reference to the accompanying drawings.
In a first aspect, referring to fig. 1, an embodiment of the present application provides an eSIM card authentication method, where an execution subject is a terminal device in which an eSIM card is installed, the method including the following steps:
a1, acquiring a first random number from the eSIM card based on the standard interface of the eSIM card, and encrypting according to a preset algorithm to obtain an encryption result at the terminal side;
a2, sending the terminal side encryption result to the eSIM card, so that the eSIM card compares the terminal side encryption result with the card side encryption result, and if the terminal side encryption result and the card side encryption result are consistent, the eSIM card passes the authentication; wherein the content of the first and second substances,
the card side encryption result is obtained by encrypting the eSIM card according to a preset algorithm based on the first random number.
According to the method and the device, the corresponding authentication work of the terminal equipment and the eSIM card is effectively realized without a specific interface or a specific instruction but based on the standard interface of the eSIM card, and certain advantages in compatibility are achieved.
Specifically, based on an eSIM card standard specification interface, a first random number is obtained from an eSIM card, and encryption is performed according to a preset algorithm to obtain a terminal side encryption result, wherein the method comprises the following steps:
and encrypting based on a second interface defined in the standard specification of the eSIM card according to the first random number and an authentication secret key preset on the eSIM card to obtain an encryption result at the terminal side.
Specifically, based on an eSIM card standard specification interface, a first random number is obtained from an eSIM card, and encryption is performed according to a preset algorithm to obtain a terminal side encryption result, wherein the method comprises the following steps:
acquiring a first random number from an eSIM card based on a Get Euric Challenge Request interface defined in an eSIM card standard specification;
and encrypting the first random number according to a preset algorithm based on a Cancel Session Request interface defined in the standard specification of the eSIM card to obtain an encryption result at the terminal side.
Specifically, the terminal side encryption result is sent to the eSIM card, and the method includes the following steps:
and configuring the encryption result of the terminal equipment in a TransactionId field in a command data field, and sending the encryption result to the eSIM card.
The technical scheme of the embodiment of the application has the following technical advantages:
calling an eSIM card standard specification interface for authentication through an LPA of the terminal equipment, wherein the used interface and the used instruction conform to format requirements in the eSIM card standard specification, and the compatibility of the authenticated equipment is ensured;
the authentication between the LPA and the eSIM card of the terminal equipment is completed through a reasonable distribution form of the authentication key, and a one-to-one or one-to-many authentication scene of the LPA and the eSIM card is realized, so that only a specified LPA can access the eSIM card;
and the profile operation is limited, and the reliability of the method is improved.
Further, in the method, the eSIM card is configured in advance to an operation restriction state; wherein the content of the first and second substances,
the operation restriction state is used for forbidding to respond to downloading, activating, deactivating and deleting operation instructions aiming at the profile when the eSIM card is not authenticated.
Further, in the method, the eSIM card is configured with an authentication key.
According to the technical scheme of the embodiment of the application, the method comprises the following operation flows in specific implementation:
firstly, before the eSIM card leaves a factory, the function of the eSIM card is modified, the operation aiming at the profile in the eSIM card in an unauthenticated state is limited, and a key of a specific version is prefabricated on the eSIM card and is used as an authentication key;
wherein, the profile operation is limited, including the profile operation instructions of downloading, activating, deactivating and deleting,
the specific limiting method can be to expand the Reason field in the Cancel Session Request instruction to realize the accurate control of the operation to be limited, for example, when the value of the Reason field is set to 10, the download limitation is released, when the value is set to 11, the activation limitation is released, when the value is set to 20, the download and activation limitations are simultaneously released,
the restriction and release can be performed individually for each function, for example: limited download only, limited activation only, limited deactivation only, etc.
And secondly, calling a GetEuicChallengeRequest interface defined in the standard specification of the eSIM card on terminal equipment LPA after the eSIM card leaves a factory, and acquiring a random number with the length of 16 bytes from the eSIM card.
And thirdly, calling a Cancel Session Request interface defined in the standard specification of the eSIM card through the terminal equipment LPA, encrypting the random number obtained in the last step by using the authentication key, and sending the encryption result to the eSIM card as a Transaction Id field in a command data domain.
Fourthly, after the eSIM card receives the Cancel Session Request command, the eSIM card encrypts the generated random number by using the authentication key, compares the encryption result with the transmitted Transaction Id field, passes the authentication if the encryption result is consistent with the transmitted Transaction Id field, and releases the operation limit on the profile.
It should be noted that all the called interfaces and instructions in the above steps are directly used in the standard specification of the eSIM card, and can support any device, and the encryption mode can be performed by using an encryption algorithm of any form as long as the basic function of authentication can be completed.
In a second aspect, referring to fig. 2, an embodiment of the present application provides an eSIM card authentication method based on the eSIM card authentication method mentioned in the first aspect, where an execution subject of the method is an eSIM card, and the method includes the following steps:
b1, encrypting according to a preset algorithm based on the first random number to obtain a card side encryption result;
b2, receiving a terminal side encryption result sent by the terminal, comparing the terminal side encryption result with the card side encryption result, and if the terminal side encryption result is consistent with the card side encryption result, passing the authentication.
According to the method and the device, the corresponding authentication work of the terminal equipment and the eSIM card is effectively realized without a specific interface or a specific instruction but based on the standard interface of the eSIM card, and certain advantages in compatibility are achieved.
Specifically, the eSIM card presets an operation restriction state; wherein the content of the first and second substances,
the operation restriction state is used for forbidding responding to downloading, activating, deactivating and deleting operation instructions aiming at the profile when the eSIM card is not authenticated.
Specifically, the method further comprises the following steps:
and encrypting according to a preset algorithm based on the first random number and an authentication secret key preset by the eSIM card to obtain a card side encryption result.
Specifically, in the configuration operation restriction state of the eSIM card, the method includes the following steps:
configuring a first specific numerical value to a Reason field in a Cancel Session Request instruction corresponding to an eSIM card, so that the eSIM prohibits responding to downloading, activating, deactivating and deleting operation instructions aiming at a profile;
the Reason field in the Cancel Session Request instruction is expanded, so that the operation to be limited can be further accurately controlled, for example, when the value of the Reason field is set to 10, the download limitation is released, when the value of the Reason field is set to 11, the activation limitation is released, when the value of the Reason field is set to 20, the download and activation limitations are simultaneously released, and similarly, various scenes can be defined according to actual needs;
it should be noted that the configuring of the operation restriction state for the eSIM card may specifically be a production device that produces or pre-configures the eSIM card.
Specifically, the first specific numerical values corresponding to the downloading, activating, deactivating and deleting operation instructions for the profile are different.
Specifically, when the authentication is passed, the eSIM card may release the operation restriction state;
the operation of releasing the operation restriction state of the eSIM card comprises the following steps:
and configuring a second specific value to a Reason field in a Cancel Session Request instruction corresponding to the eSIM card, so that the eSIM allows responding to downloading, activating, deactivating and deleting operation instructions aiming at the profile.
In a third aspect, referring to fig. 3, an embodiment of the present application provides an eSIM card authentication terminal capable of installing an eSIM card based on the eSIM card authentication method mentioned in the first aspect, where the terminal includes:
the terminal authentication encryption module is used for acquiring a first random number from the eSIM card based on an eSIM card standard interface, and encrypting according to a preset algorithm to obtain a terminal side encryption result;
a terminal communication module, configured to send the terminal-side encryption result to the eSIM card, so that the eSIM card compares the terminal-side encryption result with a card-side encryption result, and if the terminal-side encryption result and the card-side encryption result are consistent, the terminal communication module passes authentication; wherein the content of the first and second substances,
the card side encryption result is obtained by encrypting the eSIM card according to the preset algorithm based on the first random number.
According to the method and the device, the corresponding authentication work of the terminal equipment and the eSIM card is effectively realized without a specific interface or a specific instruction but based on the standard interface of the eSIM card, and certain advantages in compatibility are achieved.
Specifically, the terminal authentication encryption module obtains a first random number from the eSIM card based on the eSIM card standard specification interface, and performs encryption according to a preset algorithm to obtain a terminal side encryption result, and specifically executes the following operations:
and encrypting based on a second interface defined in the standard specification of the eSIM card according to the first random number and an authentication secret key preset on the eSIM card to obtain an encryption result at the terminal side.
Specifically, the terminal authentication encryption module obtains a first random number from the eSIM card based on the eSIM card standard specification interface, and performs encryption according to a preset algorithm to obtain a terminal side encryption result, and specifically executes the following operations:
acquiring a first random number from an eSIM card based on a Get Euric Challenge Request interface defined in an eSIM card standard specification;
and encrypting the first random number according to a preset algorithm based on a Cancel Session Request interface defined in the standard specification of the eSIM card to obtain an encryption result at the terminal side.
Specifically, when the terminal communication module sends the terminal side encryption result to the eSIM card, the following operations are specifically executed:
and configuring the encryption result of the terminal equipment in a TransactionId field in a command data field, and sending the encryption result to the eSIM card.
The technical scheme of the embodiment of the application has the following technical advantages:
calling an eSIM card standard specification interface for authentication through an LPA of the terminal equipment, wherein the used interface and the used instruction conform to format requirements in the eSIM card standard specification, and the compatibility of the authenticated equipment is ensured;
the authentication between the LPA and the eSIM card of the terminal equipment is completed through a reasonable distribution form of the authentication key, and a one-to-one or one-to-many authentication scene of the LPA and the eSIM card is realized, so that only a specified LPA can access the eSIM card;
and the profile operation is limited, and the reliability of the method is improved.
It should be noted that, in the embodiment of the present application, the eSIM card is configured in advance to be in an operation restriction state; wherein, the first and the second end of the pipe are connected with each other,
the operation restriction state is used for forbidding to respond to downloading, activating, deactivating and deleting operation instructions aiming at the profile when the eSIM card is not authenticated.
In addition, in the embodiment of the present application, the eSIM card is configured with an authentication key.
According to the technical scheme of the embodiment of the application, the method comprises the following operation flows in specific implementation:
firstly, before the eSIM card leaves a factory, the function of the eSIM card is modified, the operation aiming at the profile in the eSIM card in an unauthenticated state is limited, and a key of a specific version is prefabricated on the eSIM card and is used as an authentication key;
wherein, the profile operation is limited, including the profile operation instructions of downloading, activating, deactivating and deleting,
the specific limiting method can be to expand the Reason field in the Cancel Session Request instruction to realize the accurate control of the operation to be limited, for example, when the value of the Reason field is set to 10, the download limitation is released, when the value is set to 11, the activation limitation is released, when the value is set to 20, the download and activation limitations are simultaneously released,
the restriction and release can be performed individually for each function, for example: limited download only, limited activation only, limited deactivation only, etc.
And secondly, calling a GetEuiccChallengeRequest interface defined in the standard specification of the eSIM card on terminal equipment LPA after the eSIM card leaves a factory, and acquiring a random number with the length of 16 bytes from the eSIM card.
And thirdly, calling a Cancel Session Request interface defined in the standard specification of the eSIM card through the terminal equipment LPA, encrypting the random number acquired in the last step by using an authentication key, and sending the encryption result to the eSIM card as a Transaction Id field in a command data domain.
Fourthly, after the eSIM card receives the Cancel Session Request command, the eSIM card encrypts the generated random number by using the authentication key, compares the encryption result with the transmitted Transaction Id field, passes the authentication if the encryption result is consistent with the transmitted Transaction Id field, and releases the operation limit on the profile.
It should be noted that all the called interfaces and instructions in the above operations are directly used in the standard specification of the eSIM card, and can support any device, and the encryption mode can be performed by using an encryption algorithm of any form as long as the basic function of authentication can be completed.
In a fourth aspect, referring to fig. 4, an embodiment of the present application provides an eSIM card based on the technology of the eSIM card authentication method mentioned in the second aspect, where the eSIM card includes:
the card side authentication encryption module is used for encrypting according to a preset algorithm based on the first random number to obtain a card side encryption result;
and the card side authentication comparison module is used for receiving a terminal side encryption result sent by the terminal, comparing the terminal side encryption result with the card side encryption result, and if the terminal side encryption result is consistent with the card side encryption result, passing the authentication.
According to the method and the device, the corresponding authentication work of the terminal equipment and the eSIM card is effectively realized without a specific interface or a specific instruction but based on the standard interface of the eSIM card, and certain advantages in compatibility are achieved.
Specifically, the eSIM card presets an operation restriction state; wherein the content of the first and second substances,
the operation restriction state is used for forbidding responding to downloading, activating, deactivating and deleting operation instructions aiming at the profile when the eSIM card is not authenticated.
Specifically, the card side authentication encryption module encrypts the card side authentication result according to a preset algorithm based on the first random number and an authentication key preset by the eSIM card.
Specifically, the preset operation restriction state of the eSIM card specifically includes the following operations:
configuring a first specific numerical value to a Reason field in a Cancel Session Request instruction corresponding to an eSIM card, so that the eSIM prohibits responding to downloading, activating, deactivating and deleting operation instructions aiming at a profile;
the Reason field in the Cancel Session Request instruction is expanded, so that the operation to be limited can be further accurately controlled, for example, when the value of the Reason field is set to 10, the download limitation is released, when the value of the Reason field is set to 11, the activation limitation is released, when the value of the Reason field is set to 20, the download and activation limitations are simultaneously released, and similarly, various scenes can be defined according to actual needs;
it should be noted that the configuring of the operation restriction state for the eSIM card may specifically be a production device that produces or pre-configures the eSIM card.
Specifically, the first specific numerical values corresponding to the downloading, activating, deactivating and deleting operation instructions for the profile are different.
Specifically, the eSIM card further includes a restriction removal module for removing an operation restriction state of the eSIM card when the authentication is passed;
and in the operation of releasing the limitation state of the eSIM card, the limitation releasing module executes the following operations:
and configuring a second specific value to a Reason field in a Cancel Session Request instruction corresponding to the eSIM card, so that the eSIM allows responding to download, activation, deactivation and deletion operation instructions aiming at the profile.
It is noted that, in this application, relational terms such as "first" and "second," and the like, are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The foregoing are merely exemplary embodiments of the present application and are presented to enable those skilled in the art to understand and practice the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (10)
1. An eSIM card authentication method, the method comprising:
acquiring a first random number from the eSIM card based on an eSIM card standard interface, and encrypting according to a preset algorithm to obtain a terminal side encryption result;
sending the terminal side encryption result to the eSIM card so that the eSIM card can compare the terminal side encryption result with a card side encryption result, and if the terminal side encryption result is consistent with the card side encryption result, the eSIM card passes authentication; wherein, the first and the second end of the pipe are connected with each other,
the card side encryption result is obtained by encrypting the eSIM card according to the preset algorithm based on the first random number.
2. The method for authenticating the eSIM card according to claim 1, wherein the method comprises the steps of obtaining a first random number from the eSIM card based on an eSIM card standard specification interface, and encrypting the first random number according to a preset algorithm to obtain a terminal-side encryption result, wherein the method comprises the following steps:
and encrypting based on a second interface defined in the standard specification of the eSIM card according to the first random number and an authentication secret key preset on the eSIM card to obtain an encryption result at the terminal side.
3. The method for authenticating the eSIM card according to claim 1, wherein the method comprises the steps of obtaining a first random number from the eSIM card based on an eSIM card standard specification interface, and encrypting the first random number according to a preset algorithm to obtain a terminal-side encryption result, wherein the method comprises the following steps:
acquiring a first random number from an eSIM card based on a Get Euric Challenge Request interface defined in an eSIM card standard specification;
and encrypting the first random number according to a preset algorithm based on a CancelSession Request interface defined in the standard specification of the eSIM card to obtain an encryption result at the terminal side.
4. The eSIM card authentication method of claim 1, wherein the terminal-side encryption result is transmitted to the eSIM card, the method comprising the steps of:
and configuring the encryption result of the terminal equipment in a TransactionId field in a command data field, and sending the encryption result to the eSIM card.
5. An eSIM card authentication method, the method comprising:
encrypting according to a preset algorithm based on the first random number to obtain a card side encryption result;
and receiving a terminal side encryption result sent by the terminal, comparing the terminal side encryption result with the card side encryption result, and if the terminal side encryption result is consistent with the card side encryption result, passing the authentication.
6. The eSIM card authentication method of claim 5, wherein:
the eSIM card presets an operation limiting state; wherein the content of the first and second substances,
the operation restriction state is used for forbidding to respond to downloading, activating, deactivating and deleting operation instructions aiming at the profile when the eSIM card is not authenticated.
7. The eSIM card authentication method of claim 5, further comprising the steps of:
and encrypting according to a preset algorithm based on the first random number and an authentication secret key preset by the eSIM card to obtain a card side encryption result.
8. The eSIM card authentication method of claim 5, wherein the eSIM card presets an operation restriction state, comprising the steps of:
configuring a first specific value to a Reason field in a Cancel Session Request instruction corresponding to an eSIM card, so that the eSIM prohibits responding to download, activation, deactivation and deletion operation instructions for a profile.
9. An eSIM card authentication terminal, the terminal comprising:
the terminal authentication encryption module is used for acquiring a first random number from the eSIM card based on an eSIM card standard interface, and encrypting according to a preset algorithm to obtain a terminal side encryption result;
a terminal communication module, configured to send the terminal-side encryption result to the eSIM card, so that the eSIM card compares the terminal-side encryption result with a card-side encryption result, and if the terminal-side encryption result and the card-side encryption result are consistent, the terminal communication module passes authentication; wherein, the first and the second end of the pipe are connected with each other,
the card side encryption result is obtained by encrypting the eSIM card according to the preset algorithm based on the first random number.
10. An eSIM card, comprising:
the card side authentication encryption module is used for encrypting according to a preset algorithm based on the first random number to obtain a card side encryption result;
and the card side authentication comparison module is used for receiving a terminal side encryption result sent by the terminal, comparing the terminal side encryption result with the card side encryption result, and if the terminal side encryption result is consistent with the card side encryption result, passing the authentication.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210426721.3A CN115002745A (en) | 2022-04-21 | 2022-04-21 | eSIM card authentication method, terminal and eSIM card |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210426721.3A CN115002745A (en) | 2022-04-21 | 2022-04-21 | eSIM card authentication method, terminal and eSIM card |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115002745A true CN115002745A (en) | 2022-09-02 |
Family
ID=83025659
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210426721.3A Pending CN115002745A (en) | 2022-04-21 | 2022-04-21 | eSIM card authentication method, terminal and eSIM card |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115002745A (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101155212A (en) * | 2006-09-30 | 2008-04-02 | 中兴通讯股份有限公司 | Method for limiting use of mobile terminal |
| CN101163290A (en) * | 2006-10-09 | 2008-04-16 | 中兴通讯股份有限公司 | Method of limiting use of mobile terminal through machine-card mutual authentication |
| CN101692730A (en) * | 2009-09-01 | 2010-04-07 | 厦门敏讯信息技术股份有限公司 | Encrypted interaction mode for SIM card and special public telephone terminal and special public telephone terminal |
| CN107925868A (en) * | 2016-04-12 | 2018-04-17 | 华为技术有限公司 | A kind of method for remote management and equipment |
| CN108040044A (en) * | 2017-12-07 | 2018-05-15 | 恒宝股份有限公司 | A kind of management method and system for realizing eSIM card security authentications |
| CN110380852A (en) * | 2019-07-22 | 2019-10-25 | 中国联合网络通信集团有限公司 | Mutual authentication method and communication system |
| CN111464998A (en) * | 2020-03-27 | 2020-07-28 | 郑州信大捷安信息技术股份有限公司 | Burning and accessing method and system for private network SIM card |
| CN113132990A (en) * | 2021-04-19 | 2021-07-16 | 东信和平科技股份有限公司 | Profile remote subscription method based on eSIM, server and terminal equipment |
-
2022
- 2022-04-21 CN CN202210426721.3A patent/CN115002745A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101155212A (en) * | 2006-09-30 | 2008-04-02 | 中兴通讯股份有限公司 | Method for limiting use of mobile terminal |
| CN101163290A (en) * | 2006-10-09 | 2008-04-16 | 中兴通讯股份有限公司 | Method of limiting use of mobile terminal through machine-card mutual authentication |
| CN101692730A (en) * | 2009-09-01 | 2010-04-07 | 厦门敏讯信息技术股份有限公司 | Encrypted interaction mode for SIM card and special public telephone terminal and special public telephone terminal |
| CN107925868A (en) * | 2016-04-12 | 2018-04-17 | 华为技术有限公司 | A kind of method for remote management and equipment |
| CN108040044A (en) * | 2017-12-07 | 2018-05-15 | 恒宝股份有限公司 | A kind of management method and system for realizing eSIM card security authentications |
| CN110380852A (en) * | 2019-07-22 | 2019-10-25 | 中国联合网络通信集团有限公司 | Mutual authentication method and communication system |
| CN111464998A (en) * | 2020-03-27 | 2020-07-28 | 郑州信大捷安信息技术股份有限公司 | Burning and accessing method and system for private network SIM card |
| CN113132990A (en) * | 2021-04-19 | 2021-07-16 | 东信和平科技股份有限公司 | Profile remote subscription method based on eSIM, server and terminal equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR100506432B1 (en) | Method for enabling pki functions in a smart card | |
| EP2919497A1 (en) | Soft sim card activating method and network-joining method and terminal, and network access device | |
| EP1827049B1 (en) | Authentication vector generating device, subscriber authentication module, mobile communication system and authentication vector generation method | |
| CN103974250A (en) | Configuration method and equipment | |
| CN111586671B (en) | Embedded user identification card configuration method and device, communication equipment and storage medium | |
| US20190357038A1 (en) | Technique for obtaining a network access profile | |
| CN110945887B (en) | Loading new subscription profiles into embedded subscriber identity modules | |
| CN113038451A (en) | Machine-card binding method and device, communication module and storage medium | |
| KR20140033213A (en) | Method for accessing at least one service and corresponding system | |
| JP6923582B2 (en) | Information processing equipment, information processing methods, and programs | |
| US11832348B2 (en) | Data downloading method, data management method, and terminal | |
| CN105357771A (en) | Connection establishing method and user terminal | |
| CN110798836A (en) | Switching method and device for eSIM (embedded subscriber identity Module) card terminal equipment | |
| WO2011023751A1 (en) | A chip card, an electronic system, a method being implemented by a chip card and a computer program product | |
| CN115002745A (en) | eSIM card authentication method, terminal and eSIM card | |
| CN104918244A (en) | Terminal and terminal communication method | |
| CN113678484A (en) | Method for providing subscription configuration file, user identity module and subscription server | |
| CN109547998B (en) | Management method, device and storage medium for virtual user identity identification card | |
| CN105245526B (en) | Call the method and apparatus of SIM card application | |
| CN111586673B (en) | Method, device, system and storage medium for reusing IMSI in configuration file | |
| CN111314901B (en) | Association method of application program and IMEI (International Mobile Equipment identity) carrying mobile terminal thereof | |
| CN110366161B (en) | Card opening method and device, related equipment and storage medium | |
| JP2021140482A (en) | Electronic information storage medium, information writing method and program | |
| KR0151901B1 (en) | Method for acknowledging mobile terminal using password | |
| KR100821168B1 (en) | Method for authenticating using authentication vector in switching device and the switching device thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |