WO2015081545A1 - 一种eUICC的安全控制方法和eUICC - Google Patents
一种eUICC的安全控制方法和eUICC Download PDFInfo
- Publication number
- WO2015081545A1 WO2015081545A1 PCT/CN2013/088693 CN2013088693W WO2015081545A1 WO 2015081545 A1 WO2015081545 A1 WO 2015081545A1 CN 2013088693 W CN2013088693 W CN 2013088693W WO 2015081545 A1 WO2015081545 A1 WO 2015081545A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- euicc
- entity
- authorization
- manage
- authorization information
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 47
- 238000013475 authorization Methods 0.000 claims abstract description 212
- 230000005540 biological transmission Effects 0.000 claims abstract description 19
- 230000003993 interaction Effects 0.000 claims abstract description 6
- 230000007246 mechanism Effects 0.000 claims description 32
- 238000009434 installation Methods 0.000 claims description 21
- 238000012795 verification Methods 0.000 claims description 12
- 238000010586 diagram Methods 0.000 description 9
- 238000004891 communication Methods 0.000 description 8
- 230000008569 process Effects 0.000 description 6
- 230000009286 beneficial effect Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 238000012790 confirmation Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000004590 computer program Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/006—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving public key infrastructure [PKI] trust models
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/30—Security of mobile devices; Security of mobile applications
- H04W12/35—Protecting application or service provisioning, e.g. securing SIM application provisioning
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/60—Subscription-based services using application servers or record carriers, e.g. SIM application toolkits
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/18—Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
Definitions
- the present invention relates to the field of communications, and in particular, to an eUICC security control method and eUICC.
- UICC Universal Integrated Circuit Card
- USIM Universal Integrated Circuit Card
- SIM card SIM card
- RUIM card embedded UICC
- embedded means that the UICC card, USIM card, SIM card or RUIM card is not used.
- the card holder is inserted into the M2M terminal, but directly soldered or embedded on the M2M terminal board.
- embedded cards are usually required for shockproof or miniaturization of M2M terminals.
- eUICC embedded UICC
- M2M terminals are usually in outdoor or remote venues or in harsh environments. Since the eUICC itself is embedded in the user equipment, it is difficult to perform replacement operations. Therefore, the network subscription change for these M2M terminals becomes a problem, and there is an urgent need for a remote and secure method for configuring network access credential information to the eUICC, and it is necessary to be able to proceed from one MNO (mobile network operator) to another. MNO's network signing changes.
- SM refers to the subscription manager
- DP refers to data preparation
- SR refers to secure routing.
- a profile is a combination of file structure, data, and application.
- An Enabled Profile whose files and/or applications (such as network access applications) can be selected via the UICC-Terminal interface.
- a profile is called a Provisioning profile. After the Provisioning profile is installed on the eUICC, it can be used to access the communication network, thus eUICC management between the eUICC and remote entities (such as SM-SR, SM-DP).
- Profile management provides transport capabilities.
- a profile is called an operational profile, and an Operational Profile contains one or more network applications and associated network access credentials.
- the SM-DP entity is responsible for generating the profile and downloading and installing the profile to the eUICC.
- the SM-DP can also be called a profile installer.
- the SM-SR entity is responsible for managing the profile on the eUICC and is also responsible for ensuring the security of communication between the eUICC and remote entities (such as SM-SR, SM-DP).
- SM-SR can also be called profile manager.
- MN0 mobile operator wants to SM-SR - - Configuring a profile-related service or an eUICC-related service with the SM-DP, for example, ordering a profile to the SM-DP, requesting the SM-SR to manage the profile on the eUICC (such as changing the profile status, deleting the profile, etc.).
- the eUICC may be ordered by the communication module provider, the terminal provider, the network operator, or the M2M industry customer to the eUICC provider, and the eUICC is embedded in the M2M terminal (also referred to as the user equipment). It should be noted that the eUICC is applicable not only to the M2M terminal but also to the non-M2M terminal or the traditional terminal, such as a smart phone. The eUICC is beneficial to the diversified ID (international designer) design of the smart phone, and is also convenient for the user to sign the new one conveniently. Operator. Applicants have discovered that current eUICC-based communication systems do not provide a means of securely controlling eUICC in user equipment. Summary of the invention
- the technical problem to be solved by the present invention is to provide an eUICC security control method and eUICC. It ensures the security of eUICC.
- the first aspect of the present invention provides a security control method for an eUICC, including:
- a secure transmission channel is established between the eUICC and the SM-SR entity, and the secure transmission channel is used for management interaction of the eUICC.
- the step of the eUICC verifying whether the SM-SR entity has the authority to manage the eUICC includes:
- the eUICC If the eUICC authenticates the SM-SR entity as a legal entity based on the public key infrastructure PKI mechanism, the eUICC verifies whether the SM-SR entity has authorization to manage the eUICC according to the first authorization information stored by the eUICC; or
- the eUICC verifies whether the SM-SR entity has authorization to manage the eUICC based on a symmetric key mechanism.
- the method further includes:
- the eUICC verifies that the subscription manager-data preparation SM-DP entity has an authorization to manage the eUICC; - If yes, a key set is established between the eUICC and the SM-DP entity, and the key set is used to protect the profile configuration operation of the eUICC by the SM-DP.
- the step of the eUICC verifying whether the SM-DP entity has the authorization to manage the eUICC includes:
- the eUICC If the eUICC authenticates the SM-DP entity as a legal entity based on the public key infrastructure PKI mechanism, the eUICC verifies whether the SM-DP entity has authorization to manage the eUICC according to the second authorization information stored by the eUICC; or
- the eUICC verifies whether the SM-DP entity has an authorization to manage the eUICC based on a symmetric key mechanism.
- the first authorization information includes:
- the SM-SR entity having the at least one authorization token has authorization to perform management operations on the eUICC.
- the first authorization information is stored in:
- the second authorization information includes:
- At least one authorization token the SM-DP entity having the at least one authorization token has authorization to perform management operations on the eUICC.
- the second authorization information is stored in:
- the method further includes: - the eUICC receives new first authorization information or second authorization information through the SM-SR entity; or
- the eUICC receives a new symmetric key through the SM-SR entity.
- the method further includes:
- the eUICC negotiates with the attached public land mobile network PLMN to generate new first authorization information or second authorization information; or
- the eUICC negotiates with the attached public land mobile network PLMN to generate a new symmetric key.
- the second aspect of the present invention further provides an eUICC, including:
- a second module configured to establish a secure transmission channel with the SM-SR entity if the verification result of the first module is yes.
- the first module is configured to: if the public-key infrastructure PKI mechanism is used to authenticate the SM-SR entity as a legal entity, verify the location according to the first authorization information stored by the first Whether the SM-SR entity has an authorization to manage itself; or a symmetric key mechanism verifies whether the SM-SR entity has authorization to manage itself.
- the method further includes:
- a third module configured to verify whether the subscription manager-data preparation SM-DP entity has an authorization to manage the eUICC
- a fourth module configured to establish a key set with the SM-DP entity if the verification result of the third module is yes, the key set is used to protect the profile profile of the SM-DP pair Configure the operation.
- the third module is used to:
- the public key infrastructure PKI mechanism is used to authenticate the SM-DP entity as a legal entity, verify whether the SM-DP entity has the authority to manage itself according to the second authorization information stored by itself; or verify the SM based on the symmetric key mechanism. Whether the DP entity has authorization to manage itself.
- the first authorization - - Information includes:
- the SM-SR entity having the at least one authorization token has authorization to perform management operations on the eUICC.
- the first authorization information is stored in:
- the second authorization information includes:
- At least one authorization token the SM-DP entity having the at least one authorization token has authorization to perform management operations on the eUICC.
- the second authorization information is stored in:
- the outline of the eUICC is installed in the certificate PIC or in the second PKI certificate of the eUICC.
- the method further includes:
- a fifth module configured to negotiate with the attached public land mobile network PLMN to generate new first authorization information or second authorization information
- a new symmetric key is generated in consultation with the attached public land mobile network PLMN.
- the method further includes:
- a sixth module configured to negotiate with the attached public land mobile network PLMN to generate new first authorization information or second authorization information
- a new symmetric key is generated in consultation with the attached public land mobile network PLMN.
- a third aspect of the present invention provides an eUICC, including storing a set of program codes in the memory, and the processor is configured to invoke program code stored in the memory to perform the following operations: - - Verify that the subscription manager-secure routing SM-SR entity has authorization to manage the eUICC;
- the step of performing, by the processor, the verification that the SM-SR entity has the management of the eUICC includes:
- the public key infrastructure PKI mechanism authenticates the SM-SR entity as a legal entity, verifying, according to the first authorization information stored by itself, whether the SM-SR entity has the authority to manage the eUICC; or
- the processor is further configured to: verify that the subscription manager-data preparation SM-DP entity has an authorization to manage the eUICC;
- the key set is used to protect the
- the SM-DP configures operations on the profile of the eUICC.
- the step of the processor performing the verification that the SM-DP entity has the authority to manage the eUICC includes:
- the eUICC If the eUICC authenticates the SM-DP entity as a legal entity based on the public key infrastructure PKI mechanism, the eUICC verifies whether the SM-DP entity has authorization to manage the eUICC according to the second authorization information stored by the eUICC; or
- the eUICC verifies whether the SM-DP entity has an authorization to manage the eUICC based on a symmetric key mechanism.
- the first authorization information includes:
- the SM-SR entity having the at least one authorization token has authorization to perform management operations on the eUICC.
- the first authorization information is stored in:
- the second authorization information includes:
- At least one authorization token the SM-DP entity having the at least one authorization token has authorization to perform management operations on the eUICC.
- the second authorization information is stored in:
- the outline of the eUICC is installed in the certificate PIC or in the second PKI certificate of the eUICC.
- the processor is further configured to perform:
- the processor is further configured to:
- a new symmetric key is generated in consultation with the attached public land mobile network PLMN.
- the eUICC performs authorization verification on the external SM-SR entity. If the authorization is verified, the SM-SR entity is allowed to communicate with itself, and the secure data connection between the eUICC and the SM-SR entity ensures the security of communication between the two. Can effectively prevent external entities from attacking eUICC.
- FIG. 1 is a schematic diagram of a prior art eUICC logical architecture
- FIG. 2 is a schematic flowchart of a security control method for an eUICC according to a first embodiment of the present invention
- FIG. 3 is a schematic flowchart of a security control method for an eUICC according to a second embodiment of the present invention
- FIG. 5 is a schematic diagram of a process of updating a key and a token
- FIG. 6 is a schematic structural diagram of an eUICC according to a first embodiment of the present invention.
- FIG. 7 is a schematic structural diagram of an eUICC according to a second embodiment of the present invention.
- FIG. 8 is a schematic structural diagram of an eUICC according to a third embodiment of the present invention. detailed description
- FIG. 2 is a schematic flowchart of a method for security control of an embedded universal integrated circuit card according to a first embodiment of the present invention.
- the method includes:
- the eUICC verifies that the SM-SR entity has an authorization to manage itself.
- the eUICC verifies whether the SM-SR entity has the right to manage the eUICC. For example, when the eUICC receives the profile installation request sent by the SM-SR entity, the eUICC verifies whether the SM-SR has the authorization to perform profile installation on the eUICC.
- the eUICC verifies that the SM-SR entity has authorization, it establishes a secure transmission channel with the SM-SR entity.
- the management interaction between the SM-SR entity and the eUICC is performed through the established secure transmission channel.
- FIG. 3 a security control of an embedded universal integrated circuit card according to a second embodiment of the present invention is shown. - A schematic flowchart of the method. In this embodiment, the method includes:
- the SM-DP entity sends a profile installation request to the SM-SR entity.
- the profile installation request carries an identifier (EID) of the eUICC, where the identifier of the eUICC indicates the identity of the eUICC that needs to perform a profile installation operation.
- EID identifier
- the SM-SR determines whether the eUICC corresponding to the EID is an eUICC served by the eUICC.
- the SM-SR entity queries the eUICC corresponding to the identifier of the eUICC in the profile installation request whether it is under its own service. If not, returns a failure message to the SM-DP entity, notifying the SM-DP entity that the service cannot be provided, and if so, Go to S203.
- the SM-SR entity sends the certificate and the signature to the eUICC.
- the SM-SR entity pre-stores a PKI certificate issued by the CA to itself (hereinafter referred to as
- the certificate of the SM-SR entity and generates a signature, and sends its own PKI certificate and signature to the eUICC pointed to by the eUICC identifier.
- the SM-SR entity also sends an eUICC management operation type (for example, profile installation, profile download, profile enable, profile disable, profile state switch, profile delete or associated SM-SR change) to eUICC.
- an eUICC management operation type for example, profile installation, profile download, profile enable, profile disable, profile state switch, profile delete or associated SM-SR change
- the eUICC uses the public key of the CA to verify the validity of the certificate of the SM-SR entity, obtains the public key of the SM-SR from the certificate of the SM-SR, and verifies the legality of the signature of the SM-SR by using the public key of the SM-SR. And verifying, according to the first authorization information, whether the SM-SR has an authorization to manage the eUICC.
- the eUICC uses the public key of the CA to verify whether the PKI certificate of the SM-SR is legal. If yes, obtain the public key of the SM-SR from the PKI certificate of the SM-SR entity, and verify the SM by using the public key of the SM-SR entity. - If the signature of the SR is legal, if yes, confirm that the SM-SR entity is a legal entity.
- the eUICC verifies whether the SM-SR entity is authorized according to the first authorization information, and the first authorization information may be an authorized SM-SR identifier list, which is included in the PMC (Contour Management Credential) of the eUICC or the first PKI certificate of the eUICC ( For example, as an extension in the certificate content).
- the first PKI certificate of eUICC is also part of the eUICC's PMC. If the SM-SR entity has authorization, execute S207; if the SM-SR entity does not have authorization, execute S205.
- the first authorization information is saved in the first PKI certificate of the eUICC, and the PKI certificate is an X.509 certificate.
- the X.509 digital certificate includes the following content:
- serial number of the certificate each certificate has a unique certificate serial number; - - the signature algorithm used by the certificate;
- the issuer name of the certificate the naming rules generally adopt the X.500 format
- the validity period of the certificate, the general-purpose certificate is generally in UTC time format, and its timing range is 1950-2049;
- the name of the certificate owner, the naming rules are generally in the X.500 format;
- the certificate issuer s signature of the certificate
- a new authorization information list is added to the extension field in the X.509 certificate.
- the table includes the identifier of the authorized SM-SR entity (SM-SR id-1).
- the eUICC records the authorization information list according to whether the SM-SR entity is recorded. In the middle to determine whether it is authorized.
- the list of authorization information may also contain the identification of multiple SM-SR entities.
- the eUICC sends a failure message to the SM-SR entity, where the failure message carries the identifier of the unlicensed SM-SR entity.
- the SM-SR entity sends a failure message to the SM-DP entity.
- the eUICC sends its own first PKI certificate and corresponding signature to the SM-SR entity. Specifically, the eUICC pre-stores the PKI certificate issued by the CA to itself, and sends its own first PKI certificate and signature to the SM-SR entity.
- the SM-SR entity uses the public key of the CA to verify the validity of the first PKI certificate of the eUICC, obtains the public key of the eUICC from the first PKI certificate of the eUICC, and verifies the signature validity of the eUICC by using the public key of the eUICC, and verifies whether the eUICC is verified. With authorization.
- the SM-SR entity verifies whether the eUICC is legally consistent with that in S204. If the eUICC is verified to have authorization, S209 and S210 are performed; if the eUICC is authenticated, S211 is executed.
- the SM-SR entity sends a failure message to the SM-DP entity, where the failure message carries the identifier of the eUICC.
- the SM-SR entity sends a failure message to the eUICC, where the failure message carries the identifier of the eUICC.
- a secure transmission channel is established between the SM-SR entity and the eUICC.
- the interaction between the SM-SR entity and the eUICC is established through a secure transmission channel.
- the SM-SR creates a profile Container in the eUICC.
- the SM-DP entity and the eUICC use the PKI certificate for mutual authentication.
- the SM-DP entity and the eUICC use the PKI certificate and the signature sent by the other party to verify the validity of the other party. If the eUICC verifies that the SM-DP entity is a legal entity, S213 is performed.
- the eUICC verifies whether the SM-DP entity has authorization according to the second authorization information, and the second authorization information adopts an authorized SM-DP list, which is included in the PIC (Contour Installer Credential) or the eUICC certificate or exists separately. If the eUICC verifies that the SM-DP entity has authorization, S216 is performed; if the eUICC verifies that the SM-DP entity does not have authorization, S214 and S215 are performed.
- the eUICC sends a failure message to the SM-DP entity, where the failure message carries the identifier of the SM-DP entity.
- the SM-DP entity and the eUICC establish a security key set.
- the profile configuration management operation between the SM-DP entity and the eUICC is protected by the established security key set, for example, the profile is encrypted and the configuration management command is encrypted.
- S216, the SM-DP entity, and the eUICC perform profile download and installation operations to the profile container, and the related operations use key set encryption.
- the S217 and the SM-DP entity send the result of the profile installation to the SM-SR entity.
- the profile installation result carries the identifier of the successfully installed eUICC and the identifier of the profile.
- FIG. 4 is a schematic flowchart of a method for security control of an embedded universal integrated circuit card according to a third embodiment of the present invention.
- the method includes:
- the SM-DP entity sends a profile installation request to the SM-SR entity.
- the profile installation request carries an identifier (EID) of the eUICC, where the identifier of the eUICC indicates the identity of the eUICC that needs to perform a profile installation operation.
- EID identifier
- the SM-SR entity queries whether the eUICC corresponding to the EID is a home eUICC.
- the corresponding information is registered according to the configuration information stored in the profile.
- the SM-SR entity saves the identifier of the eUICC to the local, and the eUICC acts as the home eUICC of the SM-SR entity.
- the SM-SR entity queries whether the eUICC corresponding to the identifier of the eUICC in the profile installation request is under its own service, and if not, executes S303; if yes, executes S304.
- the SM-SR entity returns a failure message to the SM-DP entity.
- the failure message carries the identifier of the eUICC, and the SM-DP is notified that the eUICC corresponding to the identifier cannot be served.
- a symmetric key is used for mutual authentication between the SM-SR entity and the eUICC.
- the eUICC sends a failure message to the SM-SR entity.
- the failure message carries the identifier of the SM-SR entity.
- the SM-SR entity sends a failure message to the SM-DP entity.
- the SM-SR verifies whether the eUICC is legal.
- determining that the eUICC is a legal entity that is, the eUICC belongs to the SM-SR entity service
- performs S311 if the mutual authentication of the SM-SR entity and the eUICC does not pass, It is determined that the eUICC is an illegal entity, and S309 and S310 are performed.
- the SM-SR entity sends a failure message to the SM-DP.
- the failure message carries the identifier of the eUICC.
- the SM-SR entity sends a failure message to the eUICC.
- the failure message carries the identity of the eUICC.
- the two-way authentication and the two-way authorization between the SM-SR entity and the eUICC pass, and a secure transmission channel is established between the two, and communication between the two entities passes through the secure transmission channel, and at the same time, a key set is established between the two. , encrypting data exchanged between the SM-SR entity and the eUICC entity.
- the profile container creation process is performed between S311, the SM-SR entity, and the eUICC.
- the SM-SR entity sends a profile container creation confirmation message to the SM-DP entity.
- the confirmation message carries the identifier of the eUICC that successfully created the profile container.
- a SKI certificate is used between the S313, the SM-DP entity, and the eUICC for mutual authentication.
- the SM-DP entity and the eUICC use the PKI certificate and the signature sent by the peer to verify the validity of the other party. If the SM-DP entity verifies that the eUICC entity is a legal entity, S315 is performed.
- the SM-DP entity sends a token (Token) to the eUICC.
- Token a token
- the eUICC verifies whether the Token sent by the SM-DP is correct. eToCC's local Token - - Saved in PIC (Contour Installer Credential) or the second PKI certificate or exists separately. The local Token saved by the eUICC is called the second authorization information.
- the eUICC uses the locally saved second authorization information to verify whether the Token is correct. If yes, it determines that the SM-DP entity has authorization, and executes S317; if not, executes S316.
- the second authorization information of the eUICC is included in the PIC or eUICC certificate (as extended information) or exists separately.
- the authorization information is included in the X.509 certificate of the eUICC, and the format is: Certificate Extension (SM-DP Token: Tokenl), indicating that the SM-DP entity having the Token1 has authorization for management.
- the SM-DP Token information may include multiple Tokens (Tokenl, Token2, ...) to respectively authorize different management operation types, for example, Tokenl is used for profile load management operation type for authorization, Token2 Used for profile installation management operation types for authorization, and so on.
- Tokenl is used for profile load management operation type for authorization
- Token2 Used for profile installation management operation types for authorization
- the eUICC sends a failure message to the SM-DP entity.
- the failure message carries the identifier of the SM-DP entity.
- a key set is established between the SM-DP entity and the eUICC, and the related profile container initialization operation is performed.
- the SM-DP entity sends a profile installation result to the SM-SR entity, where the profile installation result carries the identifier of the eUICC and the profile identifier of the successfully installed profile.
- FIG. 5 is a schematic flowchart of a method for updating a symmetric key and a token, including: S401: The PLMN2 sends a profile management request to the PLMN1, where the profile management request carries an eUICC identifier, an SM-SR identifier, and an SM-DP identifier.
- the user equipment where the eUICC is located is attached to the PLMN1 by using the Provisioning Profile or the operational profile in the eUICC.
- a symmetric key and second authorization information (specifically one or more Tokens) are established between S403, PLMN1 and eUICC.
- the PLMN1 transmits the symmetric key to the SM-SR entity.
- the PLMN1 transmits the second authorization information to the SM-DP entity.
- FIG. 6 is a schematic structural diagram of an eUICC according to a first embodiment of the present invention, in this embodiment. - - , the eUICC includes a first module 10 and a second module 20,
- the first module 10 is configured to verify whether the subscription manager-secure route SM-SR entity has authorization to manage itself.
- the second module 20 is configured to establish a secure transmission channel with the SM-SR entity if the verification result of the first module is yes.
- the first embodiment and the first embodiment of the method are the same, and the technical effects are also the same.
- FIG. 7 is a schematic structural diagram of an eUICC according to a second embodiment of the present invention.
- the eUICC includes a first module 10 and a second module 20, and further includes a third module 30 and a fourth module 40. Five modules 50 and six modules 60,
- a third module 30, configured to verify whether the subscription manager-data preparation SM-DP entity has an authorization to manage the eUICC;
- a fourth module 40 configured to establish, with the SM-DP entity, a key set, if the verification result of the third module is yes, the key set is used to protect the contour of the SM-DP pair Profile configuration operation.
- a fifth module 50 configured to negotiate with the attached public land mobile network PLMN to generate new first authorization information or second authorization information;
- a new symmetric key is generated in consultation with the attached public land mobile network PLMN.
- a sixth module 60 configured to negotiate with the attached public land mobile network PLMN to generate new first authorization information or second authorization information;
- a new symmetric key is generated in consultation with the attached public land mobile network PLMN.
- the first module 10 is configured to:
- the public key infrastructure PKI mechanism is used to authenticate the SM-SR entity as a legal entity, verify whether the SM-SR entity has the authority to manage itself according to the first authorization information stored by itself; or the symmetric key mechanism to verify the SM-SR Whether the entity has authorization to manage itself.
- the third module 30 is configured to:
- the public key infrastructure PKI mechanism is used to authenticate the SM-DP entity as a legal entity, verify whether the SM-DP entity has the authority to manage itself according to the second authorization information stored by itself; or verify the SM based on the symmetric key mechanism. Whether the DP entity has authorization to manage itself.
- the present embodiment and the method embodiments 2 to 4 are in the same concept, and the technical effects thereof are also the same. For details, refer to the description of the foregoing embodiment, and details are not described herein again.
- the eUICCl includes a processor 71 and a memory 72.
- the number of processors 71 in the eUICCl may be one or more, FIG. Take a processor as an example.
- the processor 71 and the memory 72 may be connected by a bus or other means, and the bus connection is taken as an example in FIG.
- the memory 72 stores a set of program codes
- the processor 71 is configured to call the program code stored in the memory 72 for performing the following operations:
- the processor 61 performs an authentication step of verifying whether the SM-SR entity has the authority to manage the eUICC, including:
- the public key infrastructure PKI mechanism authenticates the SM-SR entity as a legal entity, verifying, according to the first authorization information stored by itself, whether the SM-SR entity has the authority to manage the eUICC; or
- the processor 61 is further configured to:
- the key set is used to protect the
- the SM-DP configures an operation of the profile profile of the eUICC.
- the processor 61 performs the step of verifying whether the SM-DP entity has authorization to manage the eUICC, including: If the eUICC authenticates the SM-DP entity as a legal entity based on the public key infrastructure PKI mechanism, the eUICC verifies whether the SM-DP entity has the authority to manage the eUICC according to the second authorization information stored by the eUICC. ; or
- the eUICC verifies whether the SM-DP entity has an authorization to manage the eUICC based on a symmetric key mechanism.
- the first authorization information includes:
- the SM-SR entity having the at least one authorization token has authorization to perform management operations on the eUICC.
- the first authorization information is stored in:
- the profile of the eUICC is managed in the certificate PMC or in the first PKI certificate of the eUICC.
- the second authorization information includes:
- At least one authorization token the SM-DP entity having the at least one authorization token has authorization to perform management operations on the eUICC.
- the second authorization information is stored in:
- the outline of the eUICC is installed in the certificate PIC or in the second PKI certificate of the eUICC.
- the processor 61 is further configured to:
- the processor 61 is further configured to:
- a new symmetric key is generated in consultation with the attached public land mobile network PLMN.
- the storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM), or a random access memory (RAM).
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Databases & Information Systems (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Description
Claims
Priority Applications (6)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201380008149.8A CN104904248A (zh) | 2013-12-05 | 2013-12-05 | 一种eUICC的安全控制方法和eUICC |
JP2016536839A JP2017500798A (ja) | 2013-12-05 | 2013-12-05 | Euiccのためのセキュリティ制御方法およびeuicc |
EP13898761.5A EP3073770A4 (en) | 2013-12-05 | 2013-12-05 | SECURITY CONTROL METHOD FOR EUICC AND EUICC |
PCT/CN2013/088693 WO2015081545A1 (zh) | 2013-12-05 | 2013-12-05 | 一种eUICC的安全控制方法和eUICC |
KR1020167017766A KR20160093692A (ko) | 2013-12-05 | 2013-12-05 | Euicc 보안 제어 방법, 및 euicc |
US15/101,882 US20160352698A1 (en) | 2013-12-05 | 2013-12-05 | Security control method for euicc and euicc |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/CN2013/088693 WO2015081545A1 (zh) | 2013-12-05 | 2013-12-05 | 一种eUICC的安全控制方法和eUICC |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2015081545A1 true WO2015081545A1 (zh) | 2015-06-11 |
Family
ID=53272768
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2013/088693 WO2015081545A1 (zh) | 2013-12-05 | 2013-12-05 | 一种eUICC的安全控制方法和eUICC |
Country Status (6)
Country | Link |
---|---|
US (1) | US20160352698A1 (zh) |
EP (1) | EP3073770A4 (zh) |
JP (1) | JP2017500798A (zh) |
KR (1) | KR20160093692A (zh) |
CN (1) | CN104904248A (zh) |
WO (1) | WO2015081545A1 (zh) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107690814A (zh) * | 2015-06-19 | 2018-02-13 | 苹果公司 | 在多个证书管理机构下管理电子用户身份模块 |
CN107846663A (zh) * | 2016-09-21 | 2018-03-27 | 中国电信股份有限公司 | 实现用户签约数据集远程管理的方法、装置和系统 |
CN108112011A (zh) * | 2016-11-24 | 2018-06-01 | 中国电信股份有限公司 | 远程管理嵌入式通用集成电路卡的方法、装置和系统 |
CN108235821A (zh) * | 2016-11-30 | 2018-06-29 | 华为技术有限公司 | 一种获取授权文件的方法及设备 |
CN108293043A (zh) * | 2015-11-13 | 2018-07-17 | 三星电子株式会社 | 用于下载关于终端的嵌入式通用集成电路卡的简档的方法和装置 |
WO2018129754A1 (zh) * | 2017-01-16 | 2018-07-19 | 华为技术有限公司 | 一种eUICC配置文件管理方法及相关装置 |
EP3429243A4 (en) * | 2016-04-12 | 2019-02-20 | Huawei Technologies Co., Ltd. | REMOTE MANAGEMENT METHOD AND DEVICE |
CN112839334A (zh) * | 2017-08-28 | 2021-05-25 | 华为技术有限公司 | 一种信息验证方法及相关设备 |
US12035140B2 (en) | 2021-12-06 | 2024-07-09 | Huawei Technologies Co., Ltd. | Information verification method and related device |
Families Citing this family (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR102303504B1 (ko) * | 2015-03-25 | 2021-09-17 | 삼성전자 주식회사 | 무선 통신 시스템에서 단말의 프로파일 설치 방법 및 장치 |
US10439823B2 (en) | 2015-04-13 | 2019-10-08 | Samsung Electronics Co., Ltd. | Technique for managing profile in communication system |
FR3038421B1 (fr) * | 2015-06-30 | 2017-08-18 | Oberthur Technologies | Procede de gestion de profils dans un element securise |
US10516540B2 (en) * | 2016-01-28 | 2019-12-24 | Apple Inc. | Management of profiles in an embedded universal integrated circuit card (eUICC) |
US9826403B2 (en) * | 2016-03-24 | 2017-11-21 | Verizon Patent And Licensing Inc. | Protected smart card profile management |
US9867037B2 (en) | 2016-03-24 | 2018-01-09 | Verizon Patent And Licensing Inc. | Profile deletion codes in subscription management systems |
KR20170143330A (ko) * | 2016-06-21 | 2017-12-29 | 삼성전자주식회사 | eUICC를 포함하는 전자 장치 및 eUICC를 포함하는 전자 장치의 운용 방법 |
FR3062767A1 (fr) | 2017-02-09 | 2018-08-10 | Orange | Technique d'administration d'une souscription aupres d'un operateur |
WO2019086110A1 (en) * | 2017-11-01 | 2019-05-09 | Telefonaktiebolaget Lm Ericsson (Publ) | Management of a subscriber entity |
US10530756B1 (en) * | 2018-01-16 | 2020-01-07 | Sprint Spectrum L.P. | Profile-deletion control for an embedded universal integrated circuit card |
WO2019161939A1 (en) * | 2018-02-26 | 2019-08-29 | Telefonaktiebolaget Lm Ericsson (Publ) | Methods, devices, and computer programs for provisioning or controlling operator profiles in terminals |
EP3592015A1 (en) | 2018-07-02 | 2020-01-08 | Soracom International, Pte. Ltd | Updating a subscriber identity module |
FR3105703A1 (fr) * | 2019-12-20 | 2021-06-25 | Orange | Technique d’administration d’un profil d’accès à un réseau de communication |
CN113079503B (zh) * | 2021-03-23 | 2022-11-15 | 中国联合网络通信集团有限公司 | 一种远程下载认证应用证书的方法及系统 |
EP4297458A1 (de) * | 2022-06-22 | 2023-12-27 | Giesecke+Devrient ePayments GmbH | Profil und teilnehmeridentitätsmodul mit profil |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101500214A (zh) * | 2008-02-03 | 2009-08-05 | 大唐移动通信设备有限公司 | 一种支持紧急呼叫服务的通信方法、系统及装置 |
CN103167465A (zh) * | 2013-02-04 | 2013-06-19 | 中国联合网络通信集团有限公司 | 一种嵌入式uicc卡激活处理方法和装置 |
Family Cites Families (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8027472B2 (en) * | 2005-12-30 | 2011-09-27 | Selim Aissi | Using a trusted-platform-based shared-secret derivation and WWAN infrastructure-based enrollment to establish a secure local channel |
CN1921383A (zh) * | 2006-07-21 | 2007-02-28 | 北京理工大学 | 一种基于门限ca和x.509公钥证书的密钥管理实现方法 |
US20110010543A1 (en) * | 2009-03-06 | 2011-01-13 | Interdigital Patent Holdings, Inc. | Platform validation and management of wireless devices |
CN101645889B (zh) * | 2009-06-26 | 2012-09-05 | 飞天诚信科技股份有限公司 | 一种下发数字证书的方法 |
US8924715B2 (en) * | 2010-10-28 | 2014-12-30 | Stephan V. Schell | Methods and apparatus for storage and execution of access control clients |
US10103887B2 (en) * | 2010-12-21 | 2018-10-16 | Koninklijke Kpn N.V. | Operator-assisted key establishment |
KR101954450B1 (ko) * | 2011-09-05 | 2019-05-31 | 주식회사 케이티 | 내장 uicc의 인증정보를 이용한 인증방법과, 그를 이용한 프로비저닝 및 mno 변경 방법, 그를 위한 내장 uicc, mno 시스템 및 기록매체 |
US8989806B2 (en) * | 2011-09-16 | 2015-03-24 | Alcatel Lucent | Network operator-neutral provisioning of mobile devices |
WO2013066016A1 (ko) * | 2011-11-04 | 2013-05-10 | 주식회사 케이티 | 신뢰관계 형성 방법 및 이를 위한 내장 uⅰcc |
KR101986312B1 (ko) * | 2011-11-04 | 2019-06-05 | 주식회사 케이티 | 신뢰관계 형성 방법 및 이를 위한 내장 uⅰcc |
EP3402235B1 (en) * | 2012-05-23 | 2024-03-06 | Samsung Electronics Co., Ltd. | Method for control and enforcement of policy rule and euicc |
CN102868912A (zh) * | 2012-08-16 | 2013-01-09 | 北京视博数字电视科技有限公司 | 基于cdn和p2p融合架构的媒体内容传输方法及系统 |
KR102164447B1 (ko) * | 2012-11-19 | 2020-10-13 | 삼성전자주식회사 | 단말 장치에 내장되어 설치되는 가입자 인증 모듈의 프로파일 구성 방법 및 이를 이용하는 장치 |
US9264413B2 (en) * | 2012-12-06 | 2016-02-16 | Qualcomm Incorporated | Management of network devices utilizing an authorization token |
US20150359026A1 (en) * | 2012-12-21 | 2015-12-10 | Nec Corporation | Radio communication system, radio access network node, communication device, and core network node |
US9100175B2 (en) * | 2013-11-19 | 2015-08-04 | M2M And Iot Technologies, Llc | Embedded universal integrated circuit card supporting two-factor authentication |
US9350550B2 (en) * | 2013-09-10 | 2016-05-24 | M2M And Iot Technologies, Llc | Power management and security for wireless modules in “machine-to-machine” communications |
-
2013
- 2013-12-05 KR KR1020167017766A patent/KR20160093692A/ko not_active Application Discontinuation
- 2013-12-05 CN CN201380008149.8A patent/CN104904248A/zh active Pending
- 2013-12-05 WO PCT/CN2013/088693 patent/WO2015081545A1/zh active Application Filing
- 2013-12-05 JP JP2016536839A patent/JP2017500798A/ja active Pending
- 2013-12-05 EP EP13898761.5A patent/EP3073770A4/en not_active Withdrawn
- 2013-12-05 US US15/101,882 patent/US20160352698A1/en not_active Abandoned
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101500214A (zh) * | 2008-02-03 | 2009-08-05 | 大唐移动通信设备有限公司 | 一种支持紧急呼叫服务的通信方法、系统及装置 |
CN103167465A (zh) * | 2013-02-04 | 2013-06-19 | 中国联合网络通信集团有限公司 | 一种嵌入式uicc卡激活处理方法和装置 |
Non-Patent Citations (1)
Title |
---|
See also references of EP3073770A4 * |
Cited By (22)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107690814B (zh) * | 2015-06-19 | 2020-11-27 | 苹果公司 | 管理信任圈的方法、嵌入式通用集成电路卡和无线设备 |
CN107690814A (zh) * | 2015-06-19 | 2018-02-13 | 苹果公司 | 在多个证书管理机构下管理电子用户身份模块 |
EP3311526A4 (en) * | 2015-06-19 | 2018-10-31 | Apple Inc. | Electronic subscriber identity module management under multiple certificate authorities |
EP3375165B1 (en) * | 2015-11-13 | 2023-06-14 | Samsung Electronics Co., Ltd. | Method and apparatus for downloading profile on embedded universal integrated circuit card of terminal |
CN108293043B (zh) * | 2015-11-13 | 2021-11-05 | 三星电子株式会社 | 用于下载关于终端的嵌入式通用集成电路卡的简档的方法和装置 |
CN108293043A (zh) * | 2015-11-13 | 2018-07-17 | 三星电子株式会社 | 用于下载关于终端的嵌入式通用集成电路卡的简档的方法和装置 |
US10887318B2 (en) | 2015-11-13 | 2021-01-05 | Samsung Electronics Co., Ltd. | Method and apparatus for downloading profile on embedded universal integrated circuit card of terminal |
US11076295B2 (en) | 2016-04-12 | 2021-07-27 | Huawei Technologies Co., Ltd. | Remote management method, and device |
EP3429243A4 (en) * | 2016-04-12 | 2019-02-20 | Huawei Technologies Co., Ltd. | REMOTE MANAGEMENT METHOD AND DEVICE |
EP3800909A1 (en) * | 2016-04-12 | 2021-04-07 | Huawei Technologies Co., Ltd. | Remote management method, and device |
EP4304222A1 (en) * | 2016-04-12 | 2024-01-10 | Huawei Technologies Co., Ltd. | Remote management method, and device |
CN107846663A (zh) * | 2016-09-21 | 2018-03-27 | 中国电信股份有限公司 | 实现用户签约数据集远程管理的方法、装置和系统 |
CN107846663B (zh) * | 2016-09-21 | 2021-01-12 | 中国电信股份有限公司 | 实现用户签约数据集远程管理的方法、装置和系统 |
CN108112011A (zh) * | 2016-11-24 | 2018-06-01 | 中国电信股份有限公司 | 远程管理嵌入式通用集成电路卡的方法、装置和系统 |
CN108235821B (zh) * | 2016-11-30 | 2020-05-08 | 华为技术有限公司 | 一种获取授权文件的方法及设备 |
CN108235821A (zh) * | 2016-11-30 | 2018-06-29 | 华为技术有限公司 | 一种获取授权文件的方法及设备 |
WO2018129754A1 (zh) * | 2017-01-16 | 2018-07-19 | 华为技术有限公司 | 一种eUICC配置文件管理方法及相关装置 |
CN109792604A (zh) * | 2017-01-16 | 2019-05-21 | 华为技术有限公司 | 一种eUICC配置文件管理方法及相关装置 |
CN112839334A (zh) * | 2017-08-28 | 2021-05-25 | 华为技术有限公司 | 一种信息验证方法及相关设备 |
CN112839334B (zh) * | 2017-08-28 | 2022-06-28 | 华为技术有限公司 | 一种信息验证方法及相关设备 |
US11234131B2 (en) | 2017-08-28 | 2022-01-25 | Huawei Technologies Co., Ltd. | Information verification method and related device |
US12035140B2 (en) | 2021-12-06 | 2024-07-09 | Huawei Technologies Co., Ltd. | Information verification method and related device |
Also Published As
Publication number | Publication date |
---|---|
US20160352698A1 (en) | 2016-12-01 |
KR20160093692A (ko) | 2016-08-08 |
EP3073770A1 (en) | 2016-09-28 |
JP2017500798A (ja) | 2017-01-05 |
CN104904248A (zh) | 2015-09-09 |
EP3073770A4 (en) | 2016-10-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2015081545A1 (zh) | 一种eUICC的安全控制方法和eUICC | |
US10462668B2 (en) | Method for forming a trust relationship, and embedded UICC therefor | |
EP3800909B1 (en) | Remote management method, and device | |
CN110855621B (zh) | 用于控制对车载无线网络的访问的方法 | |
US8079064B2 (en) | Service verifying system, authentication requesting terminal, service utilizing terminal, and service providing method | |
EP2197167B1 (en) | Device and method for short range communication | |
US20180091978A1 (en) | Universal Integrated Circuit Card Having A Virtual Subscriber Identity Module Functionality | |
KR101363981B1 (ko) | 개별 전자 장치를 통한 모바일 사용자를 위한 서비스의 사용, 제공, 맞춤화 및 과금 | |
KR101825118B1 (ko) | 무선 네트워크에 대한 액세스 권리를 관리하는 장치 및 방법 | |
WO2017152676A1 (zh) | 物联网设备控制方法及装置 | |
US20040255243A1 (en) | System for creating and editing mark up language forms and documents | |
JP2017050875A (ja) | 複数のアクセス制御クライアントをサポートするモバイル装置、及び対応する方法 | |
WO2018107718A1 (zh) | 智能卡的空中配号方法及装置 | |
KR102093574B1 (ko) | 모바일 통신 네트워크의 분산 데이터베이스 내에 어써션들을 발행하고 사물 인터넷 디바이스들을 개인화하기 위한 방법 및 장치 | |
KR20150093737A (ko) | 인가 토큰을 이용하는 네트워크 디바이스들의 관리 | |
JP4620755B2 (ja) | ワイヤレスホームエリアネットワークを動作させる方法及び装置 | |
US20120300927A1 (en) | Method of registering smart phone when accessing security authentication device and method of granting access permission to registered smart phone | |
KR20030076625A (ko) | 스마트 카드에서 pki 기능들을 인에이블링시키는 방법 | |
KR20190002613A (ko) | 연결된 디바이스의 상태를 관리하기 위한 방법 | |
CN108353278A (zh) | 嵌入式通用集成电路卡eUICC的管理方法及装置 | |
CN112533211B (zh) | eSIM卡的证书更新方法和系统以及存储介质 | |
CN109963275B (zh) | 签约数据的发送方法、接收方法及签约数据的处理系统 | |
WO2018107723A1 (zh) | 智能卡的远程签约管理平台切换方法及装置、智能卡、sm-sr | |
JP2005217679A (ja) | 通信相手の認証を行う認証サーバ | |
CN112565209B (zh) | 一种网元设备访问控制方法及设备 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 13898761 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 15101882 Country of ref document: US |
|
ENP | Entry into the national phase |
Ref document number: 2016536839 Country of ref document: JP Kind code of ref document: A |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
REEP | Request for entry into the european phase |
Ref document number: 2013898761 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2013898761 Country of ref document: EP |
|
ENP | Entry into the national phase |
Ref document number: 20167017766 Country of ref document: KR Kind code of ref document: A |