WO2017120745A1 - Method, device, and system for processing profile - Google Patents

Method, device, and system for processing profile Download PDF

Info

Publication number
WO2017120745A1
WO2017120745A1 PCT/CN2016/070617 CN2016070617W WO2017120745A1 WO 2017120745 A1 WO2017120745 A1 WO 2017120745A1 CN 2016070617 W CN2016070617 W CN 2016070617W WO 2017120745 A1 WO2017120745 A1 WO 2017120745A1
Authority
WO
WIPO (PCT)
Prior art keywords
profile
information
euicc
tag
tag data
Prior art date
Application number
PCT/CN2016/070617
Other languages
French (fr)
Chinese (zh)
Inventor
高林毅
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to PCT/CN2016/070617 priority Critical patent/WO2017120745A1/en
Priority to CN201680075522.5A priority patent/CN108476400B/en
Publication of WO2017120745A1 publication Critical patent/WO2017120745A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/22Processing or transfer of terminal data, e.g. status or physical capabilities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup

Definitions

  • the embodiments of the present invention relate to communication technologies, and in particular, to a method, an apparatus, and a system for processing a profile.
  • the existing Subscriber Identity Module (SIM) card or the Universal Integrated Circuit Card (UICC) card is generally centralized by the Mobile Network Operator (MNO).
  • MNO Mobile Network Operator
  • the card merchant subscribes, so the subscription information required to access the mobile operator's network, including the International Mobile Subscriber Identification Number (IMSI) necessary for accessing the mobile operator's network, is already available before leaving the factory.
  • Ki the encryption algorithm parameters, etc. are downloaded to the card, and the user can access the network by inserting the SIM card or the UICC card and inserting it into the terminal.
  • IMSI International Mobile Subscriber Identification Number
  • Ki the encryption algorithm parameters, etc.
  • EDUICC embedded universal integrated circuit it is not necessarily purchased by the operator, or it may be purchased by the terminal manufacturer and integrated into the terminal for sale. Therefore, before the eUICC leaves the factory, it is not known who will be used.
  • the eUICC may not contain data that can be accessed to the mobile network.
  • the remote management technology can be used, through the contract management-data.
  • the Subscription Manager (Data Preparation+, SM-DP+ for short) downloads the profile to the eUICC, and then the eUICC can use the profile to access the network.
  • the local profile assistant (LPA) and the eUICC are included in the terminal.
  • the local profile download (LPD) and the local user interface (LUI) are included in the LPA.
  • the LPD is responsible for downloading.
  • the profile that is, the LPD downloads the profile from the SM-DP+ to the LPD through a Hypertext Transfer Protocol Server (HTTPS) secure connection, and then sends the downloaded profile to the eUICC.
  • HTTPS Hypertext Transfer Protocol Server
  • the LUI provides interaction logic and interface with the user.
  • the user can manage the profile through the LUI, such as downloading a new profile, activating a profile, activating a profile, and deleting a profile.
  • the current method for downloading profiles from SM-DP+ comes from the Global System for Mobile Communications Assembly (GSMA).
  • GSMA Global System for Mobile Communications Assembly
  • the eUICC specification for consumer electronics, including the profile download process uses an activation code to download the profile. However, each time you download a profile, you need to use an activation code. Once the profile is bound, it cannot be reused, and the terminal manufacturer must apply for a large amount of activation code for testing, maintenance, and maintenance. The cost is high, and it is inconvenient to use and manage. .
  • the embodiment of the invention provides a method, a device and a system for processing a profile, so as to realize the reuse of the profile and the tag data, reduce the cost, and prevent the replay attack and improve the security.
  • an embodiment of the present invention provides a method for processing a profile, including:
  • tag information including tag data and/or tag identifiers
  • the processing method of the profile described above not only realizes the reuse of profile and tag data, but also reduces the cost by associating one tag data with multiple profiles.
  • the method before the sending the profile download request to the subscription management device, the method further includes:
  • the method of encrypting or public-private key encryption is applicable to any encryption method that can protect the marked data.
  • Sending a profile download request to the subscription management device including:
  • the subscription management device Sending a profile download request to the subscription management device, where the profile download request includes security-protected tag data, the tag identifier, and the signature information.
  • the processing method of the above profile can prevent the attacking of the tag data and improve the security.
  • the method further includes:
  • any one of the first to the second possible implementation manners of the first aspect in a third possible implementation manner of the first aspect, the using the challenge information of the subscription management device Secure the tag data, including:
  • the challenge information of the subscription management device and the tag data are hashed.
  • the profile download request further includes specific indication information
  • the specific indication information is used to indicate that the profile that the subscription management device needs to download is a specific type profile.
  • the specific type profile in the present invention may be applied to any profile that needs to be reused, including a test applied to a scenario such as testing and maintenance. Profile.
  • the processing method of the above profile may be used to indicate that the profile that the SM-DP+ needs to download is a specific type profile by using specific indication information. For example, if the specific indication information indicates that the profile to be downloaded is the test profile, the download process of the test profile is executed according to the specific indication information SM-DP+.
  • any one of the first to fourth possible implementations of the first aspect in a fifth possible implementation manner of the first aspect, the receiving, by the subscription management device, After a profile, it also includes:
  • the profile first deletion notification includes at least one of the following information: a profile identifier or an eUICC identifier, so that the subscription management device obtains the first deletion notification according to the profile.
  • the profile identifies a first profile corresponding to at least one of the eUICC identifiers, and restores the first profile to a second profile.
  • the method before the sending the profile first deletion notification to the subscription management device, the method further includes:
  • the processing of the profile can be performed only by receiving and displaying the profile information corresponding to the profile type, so that the subsequent step only processes the profile corresponding to the profile information, and protects other types of profiles to improve security.
  • a seventh possible implementation manner of the first aspect after the receiving and displaying the profile information that is sent by the eUICC and corresponding to the profile type, :
  • the method before the sending the profile first deletion notification to the subscription management device, the method further includes:
  • the mobile network operator MNO is notified that the profile download is completed.
  • an embodiment of the present invention provides a method for processing a profile, including:
  • the processing method of the profile described above not only realizes the reuse of profile and tag data, but also reduces the cost by associating one tag data with multiple profiles.
  • the method before the receiving the profile download request sent by the terminal device, the method further includes:
  • first information sent by the terminal device where the first information includes at least challenge information of the embedded universal integrated circuit card eUICC;
  • the profile download request sent by the receiving terminal device includes:
  • the selecting one of the at least one second profile associated with the tag data to generate the first profile comprises:
  • the acquiring, according to the marking identifier, acquiring corresponding marking data, and performing the security protection according to the marking data After the tag data is verified including:
  • the encryption method is applicable to any encryption method that can protect the tag data.
  • the processed tag data is compared with the tag data after the security protection, and if they are the same, the verification is passed.
  • the processing method of the above profile can prevent the attacking of the tag data and improve the security.
  • the at least one second profile associated with the tag data after the verification is passed Select one to generate the first profile, including:
  • any one of the first to the third possible implementation manners of the second aspect, in a fourth possible implementation manner of the second aspect, before the acquiring the first information sent by the terminal device ,Also includes:
  • the tag information including the tag data and the tag identifier
  • a subscription response is returned to the MNO, the subscription response including the tag information.
  • the possible implementation of the first to the third aspect of the second aspect, in a fifth possible implementation manner of the second aspect, before the acquiring the first information sent by the terminal device ,Also includes:
  • the tag information including the tag data and the tag identifier, and generating at least one second profile
  • An order response is returned to the MNO.
  • any one of the first to fifth possible implementation manners of the second aspect in a sixth possible implementation manner of the second aspect, it also includes:
  • the profile first deletion notification includes at least one of the following information: a profile identifier or an eUICC identifier;
  • the method further includes:
  • An encryption key is generated, and the second profile is decrypted and then re-encrypted using the encryption key.
  • the recovering the first profile to the second profile includes:
  • an embodiment of the present invention provides a terminal device, including:
  • An obtaining module configured to obtain tag information, where the tag information includes tag data and/or tag identifiers;
  • a sending module configured to send a profile download request to the subscription management device, where the profile download request includes at least the tag data
  • a receiving module configured to receive a first profile sent by the subscription management device, where the first profile is generated by the subscription management device according to one selected from the at least one second profile associated with the tag data.
  • the method further includes: a security protection module
  • the receiving module is further configured to receive first information of the embedded universal integrated circuit card eUICC;
  • the sending module is further configured to send the first information to the subscription management device, where the first information includes at least the challenge information of the eUICC;
  • the receiving module is further configured to receive second information returned by the subscription management device, where the second information includes at least challenge information of the subscription management device;
  • the security protection module is configured to perform security protection on the tag data by using challenge information of the subscription management device;
  • the sending module is further configured to send the third information to the eUICC, so that the eUICC generates signature information by using the third information, where the third information includes at least the security-protected tag data and the tag Identification
  • the receiving module is further configured to receive fourth information of the eUICC, where the fourth information includes at least the signature information;
  • the sending module is specifically configured to send a profile download request to the subscription management device, where the profile download request includes security-protected tag data, the tag identifier, and the signature information.
  • the sending module is further configured to send a profile information acquisition message to the eUICC, where The profile information acquisition message includes a profile type.
  • the receiving module is further configured to receive and display profile information corresponding to the profile type sent by the eUICC.
  • the security protection module is specifically used for The challenge information of the contract management device and the tag data are hashed.
  • the profile download request further includes specific indication information,
  • the specific indication information is used to indicate that the profile that the subscription management device needs to download is a specific type profile.
  • the sending module is further configured to The subscription management device sends a profile first deletion notification, where the profile first deletion notification includes at least one of the following information: a profile identifier or an eUICC identifier, so that the subscription management device acquires the profile identifier according to the profile first deletion notification. Or the first profile corresponding to the at least one information in the eUICC identifier, and restore the first profile to the second profile.
  • the sending module is further configured to send a profile information acquisition message to the eUICC, where the profile information is obtained.
  • the message includes a profile type
  • the receiving module is further configured to receive and display profile information corresponding to the profile type sent by the eUICC.
  • the method further includes: deleting a module
  • the obtaining module is further configured to acquire a profile deletion instruction input by the user;
  • the deleting module is configured to delete the corresponding one in the eUICC according to the profile deletion instruction A specific type of profile.
  • the receiving module is further configured to receive a second deletion notification of the profile sent by the eUICC, the profile The second deletion notification is sent after the eUICC detects that a specific type profile is stored and deletes the specific type profile after receiving the eUICC challenge instruction or the profile activation instruction.
  • the sending module is further configured to use the mobile network
  • the operator MNO informs that the profile download is complete.
  • an embodiment of the present invention provides a subscription management device, including:
  • a receiving module configured to receive a profile download request sent by the terminal device, where the profile download request includes at least the tag data acquired by the terminal device;
  • a selection module configured to select one of the at least one second profile associated with the tag data to generate a first profile
  • a sending module configured to send the first profile to the terminal device.
  • the method further includes: acquiring a module
  • the selection module includes: a verification unit and a profile generation unit;
  • the acquiring module is configured to acquire first information sent by the terminal device, where the first information includes at least challenge information of the embedded universal integrated circuit card eUICC;
  • the sending module is further configured to send second information to the terminal device, where the second information includes at least challenge information of the subscription management device;
  • the receiving module is specifically configured to receive a profile download request sent by the terminal device, where the profile download request includes a mark that the terminal device uses the challenge information of the subscription management device to perform security protection on the acquired tag data.
  • the verification unit is configured to obtain corresponding tag data according to the tag identifier, and verify the security-protected tag data according to the tag data;
  • the profile generating unit is configured to select one of the at least one second profile associated with the tag data to generate a first profile after the verification is passed.
  • the verification unit is configured to acquire the tag data corresponding to the tag identifier, and use the challenge information pair.
  • the tag data is subjected to security protection processing; the processed tag data is compared with the security-protected tag data, and if they are the same, the verification is passed.
  • the profile generating unit is configured to obtain, corresponding to the tag identifier, Marking at least one second profile associated with the data, and selecting one of the second profiles; adding the fifth information to the selected second profile to generate the first profile, the fifth information including at least initializing secure channel information and a configuration profile Security domain command.
  • the possible implementation manner of any one of the first to the third aspect, the fourth possible implementation manner of the fourth aspect, further includes: the first generating module and the first association Module
  • the first generating module is configured to generate at least one second profile and one tag information according to a subscription request of the mobile network operator MNO, where the tag information includes the tag data and the tag identifier;
  • the first association module is configured to associate the at least one second profile with the tag data
  • the sending module is further configured to return an order response to the MNO, where the order response includes the tag information.
  • the method further includes: the second generating module and the second association Module
  • a second generating module configured to acquire, according to a subscription request of the mobile network operator MNO, a tag information, where the tag information includes the tag data and the tag identifier, and generate at least one second profile;
  • a second association module configured to associate the at least one second profile with the tag data
  • the sending module is further configured to return an order response to the MNO.
  • any one of the first to the fifth possible implementation manners of the fourth aspect, the sixth possible implementation manner of the fourth aspect further includes: a recovery module;
  • the receiving module is further configured to receive a first deletion notification of the profile sent by the terminal device,
  • the profile first deletion notification includes at least one of the following information: a profile identifier or an eUICC identifier; and acquiring, according to the profile first deletion notification, a first profile corresponding to at least one of the profile identifier or the eUICC identifier;
  • the recovery module is configured to restore the first profile to a second profile.
  • the method further includes:
  • an encryption module configured to generate an encryption key, and decrypt the second profile and use the encryption key to re-encrypt.
  • the recovery module is specifically configured to: use the fifth information in the first profile The generating the second profile is removed, and the fifth information includes at least an initialization security channel information and a configuration profile security domain command.
  • an embodiment of the present invention provides a terminal device, including:
  • a processor configured to acquire tag information, where the tag information includes tag data and/or tag identifiers;
  • a sender configured to send a profile download request to the subscription management device, where the profile download request includes at least the tag data
  • a receiver configured to receive a first profile sent by the subscription management device, where the first profile is generated by the subscription management device according to one selected from the at least one second profile associated with the tag data.
  • the processor is further configured to obtain first information of an embedded universal integrated circuit card eUICC;
  • the transmitter is further configured to send the first information to a subscription management device, where the first information includes at least challenge information of the eUICC;
  • the receiver is further configured to receive second information returned by the subscription management device, where the second information includes at least challenge information of the subscription management device;
  • the processor is further configured to perform security protection on the tag data by using challenge information of the subscription management device;
  • the processor is further configured to control to transmit third information to the eUICC, so that the eUICC generates signature information by using the third information, where the third information includes at least security protection Marking data and the mark identifier; acquiring fourth information of the eUICC, the fourth information including at least the signature information;
  • the transmitter is specifically configured to send a profile download request to the subscription management device, where the profile download request includes security-protected tag data, the tag identifier, and the signature information.
  • the processor is further configured to control to send a profile information acquisition message to the eUICC,
  • the profile information acquisition message includes a profile type, and acquires and controls display of profile information corresponding to the profile type sent by the eUICC.
  • any one of the first to the second possible implementation manners of the fifth aspect in a third possible implementation manner of the fifth aspect, the processor is specifically configured to The challenge information of the contract management device and the tag data are hashed.
  • the profile download request further includes specific indication information,
  • the specific indication information is used to indicate that the profile that the subscription management device needs to download is a specific type profile.
  • the transmitter is further configured to The subscription management device sends a profile first deletion notification, where the profile first deletion notification includes at least one of the following information: a profile identifier or an eUICC identifier, so that the subscription management device acquires the profile identifier according to the profile first deletion notification. Or the first profile corresponding to the at least one information in the eUICC identifier, and restore the first profile to the second profile.
  • the processor is further configured to control to send a profile information acquisition message to the eUICC, where the profile information is Obtaining a message includes a profile type; acquiring and controlling to display profile information corresponding to the profile type sent by the eUICC.
  • the processor is further configured to acquire a profile deletion instruction input by a user; and delete according to the profile deletion instruction A specific type profile corresponding to the eUICC.
  • the processor is further configured to acquire a profile second deletion notification sent by the eUICC, where the profile second deletion notification is that the eUICC detects the storage after receiving the eUICC challenge command or the profile activation command.
  • the profile second deletion notification is that the eUICC detects the storage after receiving the eUICC challenge command or the profile activation command.
  • the transmitter is further used for the mobile network
  • the operator MNO informs that the profile download is complete.
  • an embodiment of the present invention provides a subscription management device, including:
  • a receiver configured to receive a profile download request sent by the terminal device, where the profile download request includes at least the tag data acquired by the terminal device;
  • a processor configured to select one of the at least one second profile associated with the tag data to generate a first profile
  • a transmitter configured to send the first profile to the terminal device.
  • the receiver is further configured to acquire first information that is sent by the terminal device, where the first information includes at least an embedded universal integrated circuit card eUICC Challenge information;
  • the transmitter is further configured to send second information to the terminal device, where the second information includes at least challenge information of the subscription management device;
  • the receiver is specifically configured to receive a profile download request sent by the terminal device, where the profile download request includes a mark that the terminal device uses the challenge information of the subscription management device to perform security protection on the acquired tag data.
  • the processor is further configured to obtain corresponding tag data according to the tag identifier, verify the security-protected tag data according to the tag data, and at least one associated with the tag data after the verification is passed Select one of the second profiles to generate the first profile.
  • the processor is configured to obtain the tag data corresponding to the tag identifier, and use the challenge information pair.
  • the tag data is subjected to security protection processing; the processed tag data is compared with the security-protected tag data, and if they are the same, the verification is passed.
  • the processor is specifically configured to acquire at least one second profile associated with the tag data corresponding to the tag identifier, and select one of the second profiles; add the selected second profile
  • the fifth information generates the first profile, and the fifth information includes at least an initialization security channel information and a configuration profile security domain command.
  • the processor is further used according to the mobile network operator MNO
  • the order request generates at least one second profile and a tag information, the tag information including the tag data and the tag identifier; associating the at least one second profile with the tag data;
  • the transmitter is further configured to return an order response to the MNO, where the order response includes the tag information.
  • the processor is further used according to the mobile network operator MNO
  • the order request acquires a tag information, the tag information including the tag data and the tag identifier, and generates at least one second profile; associating the at least one second profile with the tag data;
  • the transmitter is further configured to return an order response to the MNO.
  • the receiver is further configured to receive the sending by the terminal device a first deletion notification, the profile first deletion notification includes at least one of the following information: a profile identifier or an eUICC identifier; and the first deletion notification according to the profile acquires at least one of the profile identifier or the eUICC identifier.
  • the profile first deletion notification includes at least one of the following information: a profile identifier or an eUICC identifier; and the first deletion notification according to the profile acquires at least one of the profile identifier or the eUICC identifier.
  • the processor is further configured to restore the first profile to a second profile.
  • the processor is further configured to generate an encryption key, and use the second profile after decrypting The encryption key is re-encrypted.
  • the processor is configured to use the fifth information in the first profile
  • the generating the second profile is removed, and the fifth information includes at least an initialization security channel information and a configuration profile security domain command.
  • the seventh aspect of the present invention provides a communication device, including: a terminal device, a subscription management device, and an embedded universal integrated circuit card eUICC; wherein the terminal device adopts the third aspect, the first aspect of the third aspect to The device of any one of the first to eighth aspects of the fourth aspect, the device of any one of the first to the eighth aspects of the fourth aspect.
  • the eighth aspect of the present invention provides a communication device, including: a terminal device, a subscription management device, and an embedded universal integrated circuit card eUICC; wherein the terminal device adopts the fifth aspect, the first aspect of the fifth aspect to The device according to any one of the possible implementations of the ninth aspect, wherein the subscription management device is the device according to any one of the first to eighth aspects of the sixth aspect.
  • the processing method, device and system of the profile of the embodiment of the present invention through the association of a tag data with multiple profiles, and the security protection of the tag data, not only realize the reuse of the tag data, reduce the cost, but also prevent the replay attack. Increased security.
  • FIG. 1 is a flow chart of an embodiment of a processing method of a profile of the present invention
  • FIG. 2 is a schematic structural diagram of a communication system
  • FIG. 3 is a flow chart of another embodiment of a processing method of a profile of the present invention.
  • FIG. 4 is a flow chart of still another embodiment of a processing method of a profile of the present invention.
  • FIG. 5 is a flowchart of a fourth embodiment of a processing method of a profile according to the present invention.
  • FIG. 6 is a flowchart of a fifth embodiment of a processing method of a profile according to the present invention.
  • FIG. 7 is a schematic structural diagram of an embodiment of a terminal device according to the present invention.
  • FIG. 8 is a schematic structural diagram of another embodiment of a terminal device according to the present invention.
  • FIG. 9 is a schematic structural diagram of still another embodiment of a terminal device according to the present invention.
  • FIG. 10 is a schematic structural diagram of an embodiment of a subscription management device according to the present invention.
  • FIG. 11 is a schematic structural diagram of another embodiment of a subscription management device according to the present invention.
  • FIG. 12 is a schematic structural diagram of still another embodiment of a subscription management device according to the present invention.
  • FIG. 13 is a schematic structural diagram of a fourth embodiment of a subscription management device according to the present invention.
  • FIG. 14 is a schematic structural diagram of a fifth embodiment of a subscription management device according to the present invention.
  • FIG. 15 is a schematic structural diagram of a fourth embodiment of a terminal device according to the present invention.
  • FIG. 16 is a schematic structural diagram of a sixth embodiment of a subscription management device according to the present invention.
  • Figure 17 is a block diagram showing the structure of an embodiment of a communication system of the present invention.
  • a method for processing a profile of the present invention includes a method for downloading and deleting a profile, and the method is applicable to a communication system including a subscription management device.
  • the terminal device and the eUICC, the profile in the present invention may be user subscription management information, which may be a set of file structure, data, a combination of applications, etc., when the carrier data is included, the profile may be used to access the operator's network for use.
  • Services provided by the operator; the functions of the contract management device may include generating a profile, securing a profile, binding a profile to a specific eUICC, storing a profile, and downloading a profile.
  • 2 is a schematic structural diagram of a communication system.
  • the terminal device has an LPA.
  • the eUICC can also be used as a component independent of the terminal device.
  • the eUICC can also be used as a component of the terminal device.
  • the LPA includes LPD and LUI, and the LPD is responsible for downloading the profile, that is, the LPD downloads the profile from the SM-DP+ to the LPD through the HTTPS secure connection, and then sends the downloaded profile to the eUICC.
  • the LUI provides the interaction logic and interface with the user.
  • the interaction interface can also be provided by other terminals associated with the terminal device.
  • the user can manage the profile through the LUI, such as downloading a new profile, activating the profile, deactivating the profile, and deleting. Profile, etc.
  • the subscription management device may be the SM-DP+ described above.
  • S101, SM-DP+ receive the subscription request sent by the MNO;
  • the terminal manufacturer usually orders the profile from the MNO. For example, if the terminal manufacturer's employee repairs the terminal device, Management, update, etc., need to use the test profile dedicated to testing, then these test profiles will be ordered from MNO.
  • the MNO makes a profile order to the SM-DP+ according to the ordering request of the terminal manufacturer.
  • the SM-DP+ generates at least one profile and one tag information according to the ordering request of the MNO, where the tag information includes tag data and a tag identifier, and associates at least one profile with the tag data;
  • the SM-DP+ generates at least one profile and one tag information according to the subscription request of the MNO, and the tag data in the tag information is used to match the profile download request sent by the terminal device and at least one profile, and the tag identifier is an index of the tag data.
  • the tag data and the tag identifier in the tag information may be, for example, a token and a token id.
  • the token and the token id may be two strings respectively, or may be in a string, some fields identify a token id, and the remaining fields identify a token.
  • a tag information is associated with at least one profile.
  • the SM-DP+ can generate the tag information by itself as well as the tag information, and the tag information can be sent by the MNO in the order request.
  • S103, SM-DP+ return an order response to the MNO, and the order response includes the tag information.
  • the SM-DP+ sends a subscription response to the MNO. If the tag information is generated by the SM-DP+, the tag response needs to be included in the order response; if the tag information is generated by the MNO, the tag response may not include the tag information.
  • the MNO sends the tag information to the terminal manufacturer requesting the profile order, and the process by which the terminal manufacturer requests the eUICC to apply for the profile ends.
  • the terminal manufacturer's employees can then use the above-mentioned tag information to download the profile and use the profile to operate the terminal device, including testing, repairing, managing, and using.
  • the terminal manufacturer subscribes at least one profile from the SM-DP+ through the MNO, and the at least one profile is associated with one tag data, so that the terminal manufacturer can focus on the profile. Use, reduce costs.
  • the user can input the information into the terminal device by using a keyboard, a touch, a scanning QR code, etc., and the terminal device recognizes the operation corresponding to the information, and starts a corresponding function, for example, the user inputs a personal identification password (Personal Identification) Number, abbreviation: PIN), the terminal device recognizes that the PIN is a preset instruction to enable the LPA, so the terminal device starts the LPA function, so that the terminal device enters a state of testing, maintenance, and the like.
  • the information input by the user in the foregoing manner may include two types, one type of information used to trigger the terminal device to start the LPA, such as the PIN, and the other information is other information such as the tag information after the LPA is activated.
  • the terminal device enters a state of testing, maintenance, etc., and can be considered as an engineering mode or a test mode of the terminal device.
  • the LPA can be used as an application (application, abbreviation: APP) or a setting function of the terminal device.
  • APP application, abbreviation: APP
  • the terminal device prompts the user to input the verification information, and the user inputs the PIN code, and the LPA verifies the user.
  • the entered PIN code is a preset PIN code entering a specific mode instead of the PIN code set by the user, the specific mode can be entered, and the next action is performed in the specific mode.
  • the user inputs a specific character string on the dialing interface of the terminal device, and then triggers the terminal device to automatically enter the specific mode of the LPA, and the like.
  • FIG. 3 is a flowchart of another embodiment of a processing method of a profile of the present invention. As shown in FIG. 3, the method of this embodiment is also applicable to the communication system shown in FIG. 2. After the process of ordering the profile, the method in this embodiment may include:
  • the terminal device sends a profile information acquisition message to the eUICC, where the profile information acquisition message includes a profile type.
  • the terminal device can obtain the profile information by sending the profile information to the eUICC, and carry the profile type in the message, so as to know whether the profile corresponding to the profile type already exists in the eUICC. For example, the terminal device sends GetProfileInfo information to the eUICC, wherein the criteria for setting the search include an indication that the profile type is a specific type.
  • the terminal device receives and displays the profile information corresponding to the profile type sent by the eUICC.
  • the profile information may include a number of profile elements and a status.
  • the terminal device may display the profile information to the user. If the eUICC does not match the profile matching the profile type, the terminal device displays empty. This allows users to view the eUICC Whether the profile is the profile you need, if not, you can operate the terminal device to download or delete the profile.
  • the terminal device can learn whether the eUICC has a qualified profile by using the information exchange with the eUICC, so that the following steps can be performed according to the storage situation of the profile, for example, if the profile in the eUICC is not the profile required by the user, The profile can be downloaded or deleted according to the user's operation.
  • FIG. 4 is a flow chart of still another embodiment of a processing method of a profile of the present invention. As shown in FIG. 4, the method of this embodiment is also applicable to the communication system shown in FIG. 2. After the step s202 of the method embodiment shown in FIG. 3, the method of this embodiment may include:
  • the terminal device acquires the tag information.
  • the terminal device may obtain the tag information previously obtained by the user by using a keyboard input, a touch input, a scan QR code, and the like, and the tag information may include tag data such as a token, and may further include a tag identifier, such as a token id. .
  • the terminal device receives the first information of the eUICC, where the first information includes at least the challenge information of the eUICC.
  • the terminal device sends the first information to the SM-DP+.
  • the terminal device receives the second information returned by the SM-DP+, where the second information includes at least the challenge information of the SM-DP+.
  • the terminal device uses the challenge information of the SM-DP+ to secure the tag data.
  • the terminal device can hash the SM-DP+ challenge information and the tag data for security protection.
  • the terminal device may further encrypt the challenge information and the tag data of the SM-DP+ by using a symmetric key pre-agreed with the SM-DP+. In this way, even if the profile is downloaded, the token needs to be provided to the SM-DP+, and the token is protected to prevent the replay attack, thereby improving the security.
  • the terminal device sends the third information to the eUICC, so that the eUICC generates the signature information by using the third information, where the third information includes at least the security-protected tag data and the tag identifier.
  • the tag data and the tag identifier after the security protection can be sent to the eUICC, and the third information may further include information such as a confirmation code.
  • the eUICC signs the received third information.
  • the terminal device receives fourth information of the eUICC, where the fourth information includes at least signature information.
  • the fourth information may also include some information related to the eUICC itself, such as a certificate of the eUICC, an eUICC capacity, and the like, where the eUICC certificate includes an eUICC identifier.
  • the terminal device sends a profile download request to the SM-DP+, where the profile download request includes the tag data, the tag identifier, and the signature information after the security protection.
  • the terminal device After the terminal device has the information such as the tag data, the tag identifier, and the signature information of the eUICC after the security protection, the terminal device can request the profile download from the SM-DP+.
  • the profile download request further includes specific indication information, where the specific indication information is used to indicate that the profile that the SM-DP+ needs to download is a specific type profile. For example, if the specific indication information indicates that the profile to be downloaded is the test profile, the download process of the test profile is executed according to the specific indication information SM-DP+.
  • S309 and SM-DP+ obtain the corresponding tag data according to the tag identifier, and verify the tag data after the security protection according to the tag data;
  • the SM-DP+ After receiving the profile download request, the SM-DP+ needs to ensure that the security-protected tag data in the profile download request corresponds to the locally-queried tag data, and the SM-DP+ locally obtains the tag corresponding to the tag identifier in the profile download request. Data, using its own challenge information to securely protect the tag data, that is, performing the same hash operation on its own challenge information and the tag data, and then hashing the tag data with the same hash operation. The tag data after security protection is compared. If they are the same, the verification is confirmed.
  • the SM-DP+ may search for a corresponding symmetric key according to the tag identifier, and then decrypt the received encrypted tag data to obtain decryption.
  • the subsequent token data (token) compares the decrypted token with the token corresponding to the token identifier, or SM-DP+ can also encrypt the token and challenge information corresponding to the token identifier using the symmetric key, and compare the encrypted result. Whether it is the same as the received encrypted tag data.
  • S310, SM-DP+ select one of the at least one second profile associated with the tag data to generate the first profile after the verification is passed;
  • the profile generated by the SM-DP+ according to the MNO subscription request is plaintext data that has not been secured, that is, an unprotected profile package (UPP), and then SM- DP+ generates an encryption key, encrypts and integrity protects the UPP, and forms a protected profile package (PPP).
  • UPP unprotected profile package
  • PPP protected profile package
  • SM-DP+ associates at least one PPP with one tag data, and PPP is the second. Profile.
  • the tag data is obtained according to the tag identifier, and the corresponding at least one second profile is found according to the tag data, and the SM-DP+ selects a profile corresponding to the tag data, that is, the second profile. PPP).
  • the SM-DP+ can also directly obtain the tag data, and then find the corresponding at least one second profile according to the tag data, and the SM-DP+ selects a profile corresponding to the tag data, that is, the second profile (PPP).
  • the SM-DP+ adds the fifth information to the first profile to generate the first profile.
  • the fifth information includes at least the initialization security channel information and the configuration profile security domain command, where the profile security domain is a secure container for storing a profile, such as issuing security.
  • the domain profile issuer security domain-profile, ISD-P
  • the Profile Domain command is a secure container for storing a profile, such as issuing security.
  • the SM-DP+ generates an ISD-P command to obtain the metadata of the profile, and uses the SM-DP+ and eUICC to perform session key encryption to generate the ISD-P command and profile metadata, and then initialize the security channel information.
  • InitialiseSecureChannel is added to the selected profile to form a first profile (bound profile package (BPP)).
  • BPP bound profile package
  • the SM-DP+ stores the record as the record that the first profile has been downloaded, and updates the association relationship with the token, that is, the first profile and the token. Associated with the token being originally associated with the token by the second profile prior to generating the first profile. Therefore, among the multiple profiles corresponding to the token, some may be PPP, and some are already BPP. However, when the SM-DP+ receives the profile download request, only one of the second profiles (PPPs) corresponding to the token is selected. Generate a first profile (BPP).
  • SM-DP+ can also store the first profile as a flag that the profile has been downloaded.
  • the terminal device receives the first profile sent by the SM-DP+.
  • the terminal device sends the first profile to the eUICC
  • the terminal device notifies the MNO that the profile download is completed.
  • the terminal device can notify the SM-DP+ first, and then the SM-DP+ notifies the MNO that the download is completed, so that the MNO performs related configuration.
  • the association between the tag data and the plurality of profiles is performed, and the tag data is entered.
  • Line security protection not only realizes the reuse of profile and tag data, reduces costs, but also prevents replay attacks and improves security.
  • FIG. 5 is a flowchart of a fourth embodiment of a processing method of a profile according to the present invention. As shown in FIG. 5, the method of this embodiment is also applicable to the communication system shown in FIG. 2. After the step s202 of the method embodiment shown in FIG. 3, the method of this embodiment may include:
  • the terminal device acquires a profile deletion instruction input by the user.
  • the method in this embodiment is a process of deleting a profile after the terminal device downloads the profile.
  • the user can also input information into the terminal device by using a keyboard, a touch, a scanning QR code, etc., the terminal device recognizes the operation corresponding to the information, and activates the corresponding function, so that the terminal device enters the test, Maintenance and other conditions.
  • the terminal device can display the profile information to the user, so that the user can view whether the profile in the eUICC is a profile to be deleted, and if so, the terminal device can be operated to delete the profile.
  • the user can enter the profile delete command by clicking the delete option.
  • the terminal device deletes a specific type profile corresponding to the eUICC according to the profile deletion command.
  • the terminal device deletes the profile corresponding to the profile identifier in the eUICC. For example, the user's test work on the terminal device is completed. The previously downloaded test profile for testing is no longer used, so to delete it, the terminal device learns that the type of the profile to be deleted is the test profile according to the foregoing steps. It is deleted. Specifically, in the foregoing step, the terminal device obtains the profile that needs to be deleted from the eUICC, so that the profile identifier of the profile to be deleted is carried in the deletion instruction sent to the eUICC, and the corresponding profile is deleted by the eUICC.
  • the terminal device sends a profile first deletion notification to the SM-DP+, where the first deletion notification includes at least one of the following information: a profile identifier or an eUICC identifier.
  • the first profile corresponding to at least one of the profile identifier or the eUICC identifier is notified that the SM-DP+ has been deleted on the eUICC.
  • the SM-DP+ obtains the first profile corresponding to at least one of the profile identifier or the eUICC identifier according to the first deletion notification of the profile;
  • the SM-DP+ acquires a first profile corresponding to at least one of the profile identifier or the eUICC identifier.
  • the SM-DP+ removes the fifth information in the first profile to generate a second profile, and the fifth information includes at least initializing the secure channel information and configuring the ISD-P command.
  • the SM-DP+ removes the initial security channel information (InitialiseSecureChannel) in front of the first profile, the session key encryption generated by the SM-DP+ and the eUICC, and the information such as CI, SM, PPK, etc., and the first profile (BPP) ) Revert to the second profile (PPP).
  • the second profile thus restored can be re-added with the new fifth information to form a new first profile, thereby being reused.
  • S406 and SM-DP+ generate an encryption key, and decrypt the second profile and then re-encrypt the encryption key.
  • SM-DP+ can randomly generate a new encryption key for security, decrypt the second profile with the original key, and then re-encrypt it with a new encryption key.
  • the profile can be reused, the cost is reduced, and the security is improved by re-encrypting the second profile.
  • FIG. 6 is a flowchart of a fifth embodiment of a processing method of a profile according to the present invention. As shown in FIG. 6, the method of this embodiment is also applicable to the communication system shown in FIG. 2. The method of this embodiment may include:
  • S501 The terminal device receives a profile second deletion notification sent by the eUICC, where the second deletion notification is sent by the eUICC after detecting that the eUICC challenge command or the profile activation command is received, and the specific type profile is stored, and the specific type profile is deleted.
  • the user does not actively delete the profile that is no longer used, and if other users need to replace the profile with their own profile after obtaining the terminal device, or the user needs to activate the profile, the eUICC is triggered to detect whether there is another.
  • a profile of type exists. For example, the maintenance personnel use the test profile to maintain the terminal device. After the user of the terminal device retrieves the terminal device, download or use its own profile. At this time, the eUICC is triggered to detect whether the test profile of the previous test is not deleted.
  • the eUICC detects that a specific type profile is stored after receiving the eUICC challenge command or the profile activation command sent by the terminal device, it is deleted. The eUICC notifies the terminal device after deleting the specific type of profile.
  • the terminal device sends a profile first deletion notification to the SM-DP+, where the first deletion notification includes at least one of the following information: a profile identifier or an eUICC identifier.
  • the SM-DP+ obtains the first profile corresponding to at least one of the profile identifier or the eUICC identifier according to the first deletion notification of the profile;
  • S505 and SM-DP+ generate an encryption key, and decrypt the second profile and then re-encrypt the encryption key.
  • Steps s502 to s505 are similar to the implementation principles of steps s403 to s406 of the foregoing method embodiments, and are not described herein again.
  • the profile can be reused, the cost is reduced, and the security is improved by re-encrypting the second profile.
  • FIG. 7 is a schematic structural diagram of an embodiment of a terminal device according to the present invention.
  • the device in this embodiment may include: an obtaining module 11, a sending module 12, and a receiving module 13, wherein the obtaining module 11 is configured to obtain Marking information, the tag information includes tag data and/or tag identifier; the sending module 12 is configured to send a profile download request to the subscription management device, the profile download request includes at least the tag data, and the receiving module 13 is configured to receive And the first profile sent by the subscription management device, where the first profile is generated by the subscription management device according to one selected from the at least one second profile associated with the tag data.
  • the device in this embodiment may be used to implement the technical solution of the foregoing method embodiment, and the implementation principle and the technical effect are similar, and details are not described herein again.
  • FIG. 8 is a schematic structural diagram of another embodiment of a terminal device according to the present invention.
  • the device in this embodiment may further include: a security protection module 14 on the basis of the device structure shown in FIG.
  • the receiving module 13 is further configured to receive the first information of the embedded universal integrated circuit card eUICC;
  • the sending module 12 is further configured to send the first information to the subscription management device, where the first information includes at least The information about the challenge of the eUICC;
  • the receiving module 13 is further configured to receive the second information returned by the subscription management device, where the second information includes at least the challenge information of the subscription management device;
  • the security protection module 14 The method for securely protecting the tag data by using the challenge information of the subscription management device;
  • the sending module 12 is further configured to send the third information to the eUICC, so that the eUICC uses the third
  • the information generates signature information, the third information includes at least the security-protected tag data and the tag identifier, and the receiving module 13 is further configured to receive the fourth information of
  • the device in this embodiment may be used to implement the technical solution of the foregoing method embodiment, and the implementation principle and the technical effect are similar, and details are not described herein again.
  • the sending module 12 is further configured to send a profile information acquisition message to the eUICC, where the profile information acquisition message includes a profile type
  • the receiving module 13 is further configured to receive and display the Profile information corresponding to the profile type.
  • the security protection module 14 is specifically configured to perform hash operation on the challenge information of the subscription management device and the tag data.
  • the profile download request further includes specific indication information, where the specific indication information is used to indicate that the profile that the subscription management device needs to download is a specific type profile.
  • the sending module 12 is further configured to send a profile first deletion notification to the subscription management device, where the profile first deletion notification includes at least one of the following information: a profile identifier or an eUICC identifier, so that the subscription management The device acquires a first profile corresponding to at least one of the profile identifier or the eUICC identifier according to the profile first deletion notification, and restores the first profile to a second profile.
  • the sending module 12 is further configured to send a profile information acquisition message to the eUICC, where the profile information acquisition message includes a profile type
  • the receiving module 13 is further configured to receive and display the Profile information corresponding to the profile type.
  • FIG. 9 is a schematic structural diagram of still another embodiment of a terminal device according to the present invention.
  • the device in this embodiment may further include: a deletion module 15 on the basis of the device structure shown in FIG.
  • the obtaining module 11 is further configured to acquire a profile deletion command input by the user
  • the deleting module 15 is configured to delete a specific type profile corresponding to the eUICC according to the profile deletion instruction.
  • the receiving module 13 is further configured to receive a second deletion notification sent by the eUICC, where the second deletion notification is that the eUICC detects the storage after receiving the eUICC challenge command or the profile activation command.
  • the second deletion notification is that the eUICC detects the storage after receiving the eUICC challenge command or the profile activation command.
  • the sending module 12 is further configured to notify the mobile network operator MNO that the profile download is completed.
  • the apparatus of this embodiment may include: a receiving module 21, a selecting module 22, and a sending module 23, where the receiving module 21 is configured to Receiving a profile download request sent by the terminal device, where the profile download request includes at least the tag data acquired by the terminal device, and the selecting module 22 is configured to select one of the at least one second profile associated with the tag data.
  • the device in this embodiment may be used to implement the technical solution of the foregoing method embodiment, and the implementation principle and the technical effect are similar, and details are not described herein again.
  • FIG. 11 is a schematic structural diagram of another embodiment of a subscription management device according to the present invention.
  • the device of the present embodiment further includes: an acquisition module 24, based on the device structure shown in FIG.
  • the selection module 22 includes a verification unit 221 and a profile generation unit 222.
  • the obtaining module 24 is configured to acquire first information that is sent by the terminal device, where the first information includes at least challenge information of the embedded universal integrated circuit card eUICC, and the sending module 23 is further configured to send to the terminal device
  • the receiving module 21 is configured to receive a profile download request sent by the terminal device, where the profile download request includes the terminal device usage
  • the verification unit 221 is configured to obtain corresponding tag data according to the tag identifier. And verifying the security-protected tag data according to the tag data; the profile generating unit 222, configured to: after the verification succeeds, select one of the at least one second profile associated with the tag data to generate a first Profile.
  • the device in this embodiment may be used to implement the technical solution of the foregoing method embodiment, and the implementation principle and the technical effect are similar, and details are not described herein again.
  • the verification unit 221 is specifically configured to acquire the tag data corresponding to the tag identifier, and perform security protection processing on the tag data by using the challenge information; and the processed tag data and the security-protected tag. The data is compared, and if they are the same, the verification is passed.
  • the selecting module 22 is configured to acquire at least one second profile associated with the tag data, and select one of the second profiles, and add the fifth information to the selected second profile to generate the first profile.
  • the fifth information includes at least an initialization security channel information and a configuration profile security domain command.
  • FIG. 12 is a schematic structural diagram of still another embodiment of the subscription management device of the present invention.
  • the device of this embodiment is further configured to include: a first generation module, based on the device structure shown in FIG. 25 and a first association module 26.
  • the first generating module 25 is configured to generate at least one second profile and one tag information according to a subscription request of the mobile network operator MNO, where the tag information includes the tag data, and the first association module 26 is configured to: Associate the at least one second profile with the tag data;
  • the sending module 23 is further configured to return an order response to the MNO, the order response including the tag information.
  • the device in this embodiment may be used to implement the technical solution of the foregoing method embodiment, and the implementation principle and the technical effect are similar, and details are not described herein again.
  • FIG. 13 is a schematic structural diagram of a fourth embodiment of the subscription management device of the present invention.
  • the device of the embodiment is further configured to include: second generation. Module 27 and second association module 28.
  • a second generating module 27 configured to acquire, according to a subscription request of the mobile network operator MNO, a tag information, where the tag information includes the tag data, and generate at least one second profile; and a second association module 28, configured to The at least one second profile is associated with the tag data;
  • the sending module 23 is further configured to return an order response to the MNO.
  • the device in this embodiment may be used to implement the technical solution of the foregoing method embodiment, and the implementation principle and the technical effect are similar, and details are not described herein again.
  • FIG. 14 is a schematic structural diagram of a fifth embodiment of the subscription management device of the present invention.
  • the device of the embodiment is based on the device structure shown in FIG. 10, and further includes: a recovery module 29 And encryption module 30.
  • the receiving module 21 is further configured to receive a profile first deletion notification that is sent by the terminal device, where the profile first deletion notification includes a profile identifier or an eUICC identifier, and obtains the profile identifier according to the profile first deletion notification. Or the first profile corresponding to the eUICC identifier; the recovery module 28 is configured to restore the first profile to the second profile.
  • the encryption module 30 is configured to generate an encryption key, and decrypt the second profile and use the encryption key to re-encrypt.
  • the device in this embodiment may be used to implement the technical solution of the foregoing method embodiment, and the implementation principle and the technical effect are similar, and details are not described herein again.
  • the recovery module 29 is specifically configured to: use the fifth information in the first profile The generating the second profile is removed, and the fifth information includes at least an initialization security channel information and a configuration profile security domain command.
  • FIG. 15 is a schematic structural diagram of a fourth embodiment of a terminal device according to the present invention.
  • the device in this embodiment may include: a processor 41, a transmitter 42, a receiver 43, an input unit, and an output unit, where The processor 41 typically controls the overall operation of the terminal device, such as operations associated with display, telephone calls, data communications, camera operations, and recording operations.
  • the processor 41 can execute instructions to perform all or part of the steps of the above method.
  • processor 41 may include one or more modules to facilitate interaction between processor 41 and other components.
  • processor 41 may include a multimedia module to facilitate interaction between the multimedia component and processor 41.
  • Transmitter 42 and receiver 43 are configured to facilitate wired or wireless communication between the terminal device and other devices.
  • the terminal device can access a wireless network based on a communication standard, such as Wireless-Fidelity (WiFi), 2G or 3G, or a combination thereof.
  • a communication standard such as Wireless-Fidelity (WiFi), 2G or 3G, or a combination thereof.
  • the transmitter 42 and the receiver 43 receive broadcast signals or broadcast associated information from an external broadcast management system via a broadcast channel.
  • the transmitter 42 and the receiver 43 further include a Near Field Communication (NFC) module to facilitate short range communication.
  • the NFC module can be based on Radio Frequency Identification (RFID) technology, Infrared Data Association (IrDA) technology, Ultra Wideband (UWB) technology, Bluetooth (Bluetooth, Abbreviation: BT) technology and other technologies to achieve.
  • RFID Radio Frequency Identification
  • IrDA Infrared Data Association
  • UWB Ultra Wideband
  • Bluetooth Bluetooth, Abbreviation: BT
  • the input unit and the output unit receive digital or various character information, and may include input keys and function keys for setting various functions and controlling functions of the terminal device. More specifically, the input unit and the output unit may include a key for requesting movement. For example, a user can operate an input unit and an output unit to move a focus on a menu page or menu page.
  • the keys for requesting movement may include a keyboard (arrow key or volume key), a spherical rocker, an optical joystick, a scroll wheel key, and the like.
  • the input unit and the output unit may include a determination key for executing the selected (focused) menu item.
  • the input unit and the output unit may be constituted by one of a button type keyboard, a spherical rocker, an optical joystick, a scroll key, or the like, or a combination thereof.
  • the memory of the terminal device is configured to store various types of data to support operation at the terminal device. Examples of such data include instructions for any application or method operating on the terminal device, contact data, phone book data, messages, pictures, videos, and the like.
  • the memory can be implemented by any type of volatile or non-volatile storage device or a combination thereof, such as static random access Memory Random Access Memory (SRAM), Electrically Erasable Programmable Read-Only Memory (EEPROM), Erasable Programmable Read Only Memory (Erasable Programmable Read Only Memory) , abbreviated as: EPROM), Programmable Red-Only Memory (PROM), Read-Only Memory (ROM), magnetic memory, flash memory, disk or optical disk.
  • SRAM static random access Memory Random Access Memory
  • EEPROM Electrically Erasable Programmable Read-Only Memory
  • EPROM Programmable Red-Only Memory
  • PROM Programmable Red-Only Memory
  • ROM Read-Only Memory
  • the processor 41 is configured to acquire the tag information, where the tag information includes the tag data and/or the tag identifier, and the sender 42 is configured to send a profile download request to the subscription management device, where the profile download request includes at least the tag data;
  • the receiver 43 is configured to receive a first profile sent by the subscription management device, where the first profile is generated by the subscription management device according to one selected from the at least one second profile associated with the tag data.
  • the device in this embodiment may be used to implement the technical solution of the foregoing method embodiment, and the implementation principle and the technical effect are similar, and details are not described herein again.
  • the tag information further includes a tag identifier; the processor 41 is further configured to acquire first information of the embedded universal integrated circuit card eUICC; the transmitter 42 is further configured to send the first information
  • the first information includes at least the challenge information of the eUICC;
  • the receiver 43 is further configured to receive the second information returned by the subscription management device, where the second information includes at least the subscription Managing the challenge information of the device;
  • the processor 41 is further configured to: use the challenge information of the subscription management device to secure the tag data; the processor 41 is further configured to control to transmit the third information to the
  • the eUICC is configured to enable the eUICC to generate signature information by using the third information, where the third information includes at least the security-protected tag data and the tag identifier; and acquiring the fourth information of the eUICC, the fourth The information includes at least the signature information.
  • the sender 42 is specifically configured to send a profile download request to the subscription management device, where the profile download request includes a security-protected target. Data, the identification
  • the processor 41 is further configured to control to transmit a profile information acquisition message to the eUICC, where the profile information acquisition message includes a profile type, and obtain and control to display a profile corresponding to the profile type sent by the eUICC. information.
  • the processor 41 is specifically configured to perform hash operation on the challenge information of the subscription management device and the tag data.
  • the profile download request further includes specific indication information, where the specific indication information is used to indicate that the profile that the subscription management device needs to download is a specific type profile.
  • the sender 42 is further configured to send a profile first deletion notification to the subscription management device, where the profile first deletion notification includes at least one of the following information: a profile identifier or an eUICC identifier, so that the subscription management The device acquires a first profile corresponding to at least one of the profile identifier or the eUICC identifier according to the profile first deletion notification, and restores the first profile to a second profile.
  • the processor 41 is further configured to control to transmit a profile information acquisition message to the eUICC, where the profile information acquisition message includes a profile type, and obtain and control to display a profile corresponding to the profile type sent by the eUICC. information.
  • the processor 41 is further configured to acquire a profile deletion instruction input by the user, and delete a specific type profile corresponding to the eUICC according to the profile deletion instruction.
  • the processor 41 is further configured to acquire a profile second deletion notification sent by the eUICC, where the profile second deletion notification is that the eUICC detects the storage after receiving the eUICC challenge instruction or the profile activation instruction.
  • the profile second deletion notification is that the eUICC detects the storage after receiving the eUICC challenge instruction or the profile activation instruction.
  • the sender 42 is further configured to notify the mobile network operator MNO that the profile download is completed.
  • FIG. 16 is a schematic structural diagram of a sixth embodiment of a subscription management device according to the present invention.
  • the device in this embodiment may include: a receiver 51, a processor 52, and a transmitter 53, wherein the processor 52 is usually Controls the overall operation of the subscription management device, such as operations associated with display, telephone calls, data communications, camera operations, and recording operations.
  • Processor 52 can execute instructions to perform all or part of the steps of the above method.
  • processor 52 may include one or more modules to facilitate interaction between processor 52 and other components.
  • processor 52 may include a multimedia module to facilitate interaction between the multimedia component and processor 52.
  • Transmitter 53 and receiver 51 are configured to facilitate wired or wireless communication between the subscription management device and other devices.
  • the subscription management device can access a wireless network based on a communication standard, such as Wireless-Fidelity (WiFi), 2G or 3G, or a combination thereof.
  • a communication standard such as Wireless-Fidelity (WiFi), 2G or 3G, or a combination thereof.
  • the transmitter 53 and the receiver 51 receive broadcast signals or broadcast associated information from an external broadcast management system via a broadcast channel.
  • the transmitter 53 and the receiver The device 51 also includes a Near Field Communication (NFC) module to facilitate short-range communication.
  • the NFC module can be based on Radio Frequency Identification (RFID) technology, Infrared Data Association (IrDA) technology, Ultra Wideband (UWB) technology, Bluetooth (Bluetooth, Abbreviation: BT) technology and other technologies to achieve.
  • RFID Radio Frequency Identification
  • IrDA Infrared Data Association
  • UWB Ultra Wideband
  • Bluetooth Bluetooth, Abbreviation: BT
  • the memory of the subscription management device is configured to store various types of data to support operation at the subscription management device. Examples of such data include instructions for any application or method operating on a subscription management device, contact data, phone book data, messages, pictures, videos, and the like.
  • the memory can be implemented by any type of volatile or non-volatile storage device or a combination thereof, such as Static Random Access Memory (SRAM), electrically erasable programmable read only memory (Electrically Erasable Programmable Read-Only Memory (EEPROM), Erasable Programmable Read Only Memory (EPROM), Programmable Red-Only Memory (PROM), only Read-Only Memory (ROM), magnetic memory, flash memory, disk or optical disk.
  • SRAM Static Random Access Memory
  • EEPROM Electrically erasable programmable read only memory
  • EPROM Erasable Programmable Read Only Memory
  • PROM Programmable Red-Only Memory
  • ROM Read-Only Memory
  • the receiver 51 is configured to receive a profile download request sent by the terminal device, where the profile download request includes at least the tag data acquired by the terminal device, and the processor 52 is configured to use at least one second associated with the tag data.
  • One of the profiles is selected to generate a first profile; a transmitter 53 is configured to send the first profile to the terminal device.
  • the device in this embodiment may be used to implement the technical solution of the foregoing method embodiment, and the implementation principle and the technical effect are similar, and details are not described herein again.
  • the receiver 51 is further configured to acquire first information sent by the terminal device, where the first information includes at least challenge information of the embedded universal integrated circuit card eUICC; the transmitter 53 is further used for The terminal device sends the second information, where the second information includes at least the challenge information of the subscription management device, and the receiver 51 is configured to receive a profile download request sent by the terminal device, where the profile download request includes the And the tag information, the tag identifier, and the signature information generated by the eUICC, where the terminal device uses the challenge information of the subscription management device, and the processor 52 is further configured to identify the identifier according to the identifier. Obtaining corresponding tag data, verifying the security-protected tag data according to the tag data; selecting one of the at least one second profile associated with the tag data after the verification is passed First profile.
  • the processor 52 is specifically configured to acquire tag data corresponding to the tag identifier, perform security protection processing on the tag data by using challenge information, and process the tagged data and the security-protected tag. The data is compared, and if they are the same, the verification is passed.
  • the processor 52 is specifically configured to acquire and select one at least one second profile associated with the tag data, and add a fifth information to the selected second profile to generate the The first profile, the fifth information includes at least an initialization security channel information and a configuration profile security domain command.
  • the processor 52 is further configured to generate, according to the subscription request of the mobile network operator MNO, at least one second profile and one tag information, where the tag information includes the tag data; and the at least one second profile Associated with the tag data; the transmitter 53 is further configured to return an order response to the MNO, the order response including the tag information.
  • the processor 52 is further configured to acquire, according to a subscription request of the mobile network operator MNO, a tag information, where the tag information includes the tag data, and generate at least one second profile; The second profile is associated with the tag data; the transmitter 53 is further configured to return an order response to the MNO.
  • the receiver 51 is further configured to receive a profile first deletion notification sent by the terminal device, where the profile first deletion notification includes a profile identifier or an eUICC identifier, and the first deletion notification is obtained according to the profile.
  • the profile identifier or the first profile corresponding to the eUICC identifier; the processor 52 is further configured to restore the first profile to the second profile.
  • the processor 52 is further configured to generate an encryption key, and decrypt the second profile and use the encryption key to re-encrypt.
  • the processor 52 is specifically configured to remove the fifth information in the first profile to generate the second profile, where the fifth information includes at least an initialization security channel information and a configuration profile security domain command.
  • FIG. 17 is a schematic structural diagram of an embodiment of a communication system according to the present invention.
  • the system of the present embodiment includes: a terminal device 61, a subscription management device 62, and an eUICC 63.
  • the structure of any device embodiment of FIG. 9 is correspondingly configured to perform the technical solution of any one of the method embodiments of FIG. 1 to FIG. 6.
  • the implementation principle and technical effects are similar, and details are not described herein again;
  • the subscription management device 62 may Using the structure of any of the apparatus embodiments of FIGS. 10 to 14, Correspondingly, the technical solution of any one of the method embodiments of FIG. 1 to FIG. 6 can be performed, and the implementation principle and the technical effect are similar, and details are not described herein again.
  • the terminal device 61 in the communication system of FIG. 17 may adopt the structure of the device embodiment shown in FIG. 15 , and correspondingly, the technical solution of any of the method embodiments in FIG. 1 to FIG. 6 may be performed, and the implementation principle thereof is implemented.
  • the technical solution is similar to the technical effect, and is not described here.
  • the contract management device 62 can adopt the structure of the device embodiment shown in FIG. 16 , and correspondingly, the technical solution of any one of the method embodiments of FIG. 1 to FIG. 6 can be implemented. The principle and technical effect are similar and will not be described here.
  • the disclosed apparatus and method may be implemented in other manners.
  • the device embodiments described above are merely illustrative.
  • the division of the unit is only a logical function division.
  • there may be another division manner for example, multiple units or components may be combined or Can be integrated into another system, or some features can be ignored or not executed.
  • the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, and may be in an electrical, mechanical or other form.
  • the units described as separate components may or may not be physically separated, and the components displayed as the unit may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. . Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of the embodiment.
  • each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.
  • the above integrated unit can be implemented in the form of hardware or in the form of hardware plus software functional units.
  • the above-described integrated unit implemented in the form of a software functional unit can be stored in a computer readable storage medium.
  • the above software functional unit is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) or a processor to perform the methods of the various embodiments of the present invention. Part of the steps.
  • the foregoing storage medium includes: a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk, and the like, which can store program codes. .

Abstract

The embodiments of the present invention provide a method, a device, and a system for processing a profile. The method for processing a profile in the present invention comprises: acquiring tag information, the tag information comprising tag data; sending a profile download request to a signed management device, the profile download request at least comprising the tag data; and receiving a first profile sent by the signed management device, the first profile being generated by the signed management device according to one selected from at least one second profile associated with the tag data. By means of associating the tag data with a plurality of profiles, and performing safety protection on the tag data, the embodiments of the present application not only achieve the reuse of the tag data and the reduction of the cost, but also can prevent replay attacks and improve the safety degree.

Description

profile的处理方法、装置及系统Profile processing method, device and system 技术领域Technical field
本发明实施例涉及通信技术,尤其涉及一种profile的处理方法、装置及系统。The embodiments of the present invention relate to communication technologies, and in particular, to a method, an apparatus, and a system for processing a profile.
背景技术Background technique
现有的客户识别模块(Subscriber Identity Module,简称:SIM)卡或通用集成电路卡(Universal Integrated Circuit Card,简称:UICC)卡一般是由移动网络运营商(Mobile Network Operator,简称:MNO)集中向卡商订购,所以在出厂前就已经将接入移动运营商网络所需的签约信息,包括接入移动运营商网络所必须的国际移动用户识别码(International Mobile Subscriber Identification Number,简称:IMSI),Ki,加密算法参数等下载到了卡中,用户购买SIM卡或UICC卡后插入终端中即可接入网络。而对于嵌入式通用集成电路卡(embedded UICC,简称:eUICC)来讲,并不一定是由运营商采购,也可能由终端制造商采购后集成在终端中出售。因此在eUICC出厂前并不知道会被谁使用,在哪使用,eUICC有可能并不包含可接入移动网络的数据,当eUICC嵌入到终端之后,可以使用远程管理技术,通过从签约管理-数据准备(Subscription Manager-Data Preparation+,简称:SM-DP+)将profile下载到eUICC中,之后eUICC就可以利用profile来接入网络。终端中有本地profile助理(Local Profile Assistant,简称:LPA)和eUICC,LPA中包括本地profile下载(local profile download,简称:LPD)和本地用户接口(local user interface,简称:LUI),LPD负责下载profile,即LPD通过超文本传送协议服务器(Hyper Text Transfer Protocol Server,简称:HTTPS)安全连接从SM-DP+下载profile到LPD中,然后将下载下来的profile再发送到eUICC中。LUI提供和用户的交互逻辑和界面,用户可以通过LUI来完成对profile的管理,如下载新的profile,激活profile,去激活profile,删除profile等。The existing Subscriber Identity Module (SIM) card or the Universal Integrated Circuit Card (UICC) card is generally centralized by the Mobile Network Operator (MNO). The card merchant subscribes, so the subscription information required to access the mobile operator's network, including the International Mobile Subscriber Identification Number (IMSI) necessary for accessing the mobile operator's network, is already available before leaving the factory. Ki, the encryption algorithm parameters, etc. are downloaded to the card, and the user can access the network by inserting the SIM card or the UICC card and inserting it into the terminal. For the embedded universal integrated circuit (EDUICC), it is not necessarily purchased by the operator, or it may be purchased by the terminal manufacturer and integrated into the terminal for sale. Therefore, before the eUICC leaves the factory, it is not known who will be used. Where it is used, the eUICC may not contain data that can be accessed to the mobile network. When the eUICC is embedded in the terminal, the remote management technology can be used, through the contract management-data. The Subscription Manager (Data Preparation+, SM-DP+ for short) downloads the profile to the eUICC, and then the eUICC can use the profile to access the network. The local profile assistant (LPA) and the eUICC are included in the terminal. The local profile download (LPD) and the local user interface (LUI) are included in the LPA. The LPD is responsible for downloading. The profile, that is, the LPD downloads the profile from the SM-DP+ to the LPD through a Hypertext Transfer Protocol Server (HTTPS) secure connection, and then sends the downloaded profile to the eUICC. The LUI provides interaction logic and interface with the user. The user can manage the profile through the LUI, such as downloading a new profile, activating a profile, activating a profile, and deleting a profile.
目前从SM-DP+下载profile的方法来自全球移动通信系统协会(Global System for Mobile Communications Assembly,简称:GSMA)正在制定的用 于消费电子产品的eUICC的规范,其中包括profile的下载流程,该下载流程使用一个激活码(activation code)来下载profile。但是,每次下载一个profile都需要使用一个activation code,一旦profile绑定后就无法重复利用,而且终端厂商必须申请大量activation code来进行测试、维护、维修等,成本较高,不方便使用和管理。The current method for downloading profiles from SM-DP+ comes from the Global System for Mobile Communications Assembly (GSMA). The eUICC specification for consumer electronics, including the profile download process, uses an activation code to download the profile. However, each time you download a profile, you need to use an activation code. Once the profile is bound, it cannot be reused, and the terminal manufacturer must apply for a large amount of activation code for testing, maintenance, and maintenance. The cost is high, and it is inconvenient to use and manage. .
另外,当用户对profile进行管理时,需要验证用户的身份,如密码或者指纹等,只有通过身份验证的用户才能管理profile。现有规范中当用户通过身份认证后,就可以无差别地查看和管理eUICC中的profile,无法区分不同用户的profile,安全度非常低。In addition, when a user manages a profile, it is necessary to verify the identity of the user, such as a password or a fingerprint, and only the authenticated user can manage the profile. In the existing specification, when the user passes the identity authentication, the profile in the eUICC can be viewed and managed indiscriminately, and the profiles of different users cannot be distinguished, and the security is very low.
发明内容Summary of the invention
本发明实施例提供一种profile的处理方法、装置及系统,以实现profile和标记数据的重复利用,降低成本,还可以防止重放攻击,提高了安全度。The embodiment of the invention provides a method, a device and a system for processing a profile, so as to realize the reuse of the profile and the tag data, reduce the cost, and prevent the replay attack and improve the security.
第一方面,本发明实施例提供一种profile的处理方法,包括:In a first aspect, an embodiment of the present invention provides a method for processing a profile, including:
获取标记信息,所述标记信息包括标记数据和/或标记标识;Obtaining tag information, the tag information including tag data and/or tag identifiers;
向签约管理设备发送profile下载请求,所述profile下载请求至少包括所述标记数据;Sending a profile download request to the subscription management device, where the profile download request includes at least the tag data;
接收所述签约管理设备发送的第一profile,所述第一profile为所述签约管理设备根据与所述标记数据关联的至少一个第二profile中选出的一个生成的。Receiving a first profile sent by the subscription management device, where the first profile is generated by the subscription management device according to one selected from the at least one second profile associated with the tag data.
上述profile的处理方法通过将一个标记数据与多个profile的关联,不但实现profile和标记数据的重复利用,降低成本。The processing method of the profile described above not only realizes the reuse of profile and tag data, but also reduces the cost by associating one tag data with multiple profiles.
结合第一方面,在第一方面的第一种可能的实现方式中,所述向签约管理设备发送profile下载请求之前,还包括:In conjunction with the first aspect, in a first possible implementation manner of the first aspect, before the sending the profile download request to the subscription management device, the method further includes:
接收嵌入式通用集成电路卡eUICC的第一信息,并将所述第一信息发送给签约管理设备,所述第一信息至少包括所述eUICC的挑战信息;Receiving the first information of the embedded universal integrated circuit card eUICC, and transmitting the first information to the subscription management device, where the first information includes at least the challenge information of the eUICC;
接收所述签约管理设备返回的第二信息,所述第二信息至少包括所述签约管理设备的挑战信息;Receiving second information returned by the subscription management device, where the second information includes at least challenge information of the subscription management device;
对所述签约管理设备的挑战信息和所述标记数据进行安全保护,本发明的安全保护可以包括哈希运算或加密运算,其中,加密运算可以包括使用对 称加密或公私密钥加密的方式,只要是可以对标记数据起到安全保护作用的加密方法,均适用于此;And performing security protection on the challenge information of the subscription management device and the tag data, where the security protection may include a hash operation or an encryption operation, where the encryption operation may include using a pair The method of encrypting or public-private key encryption is applicable to any encryption method that can protect the marked data.
将第三信息发送给所述eUICC,以使所述eUICC使用所述第三信息生成签名信息,所述第三信息至少包括安全保护后的标记数据和所述标记标识;Transmitting the third information to the eUICC, so that the eUICC generates signature information by using the third information, where the third information includes at least the security-protected tag data and the tag identifier;
接收所述eUICC的第四信息,所述第四信息至少包括所述签名信息;Receiving fourth information of the eUICC, where the fourth information includes at least the signature information;
所述向签约管理设备发送profile下载请求,包括:Sending a profile download request to the subscription management device, including:
向所述签约管理设备发送profile下载请求,所述profile下载请求包括安全保护后的标记数据、所述标记标识以及所述签名信息。Sending a profile download request to the subscription management device, where the profile download request includes security-protected tag data, the tag identifier, and the signature information.
上述profile的处理方法可以防止对标记数据重放攻击,提高了安全度。The processing method of the above profile can prevent the attacking of the tag data and improve the security.
结合第一方面或第一方面的第一种可能的实现方式,在第一方面的第二种可能的实现方式中,所述获取标记信息之前,还包括:In conjunction with the first aspect or the first possible implementation manner of the first aspect, in the second possible implementation manner of the first aspect, before the obtaining the marking information, the method further includes:
向所述eUICC发送profile信息获取消息,所述profile信息获取消息包括profile类型;Sending a profile information acquisition message to the eUICC, where the profile information acquisition message includes a profile type;
接收并显示所述eUICC发送的与所述profile类型对应的profile信息。Receiving and displaying profile information corresponding to the profile type sent by the eUICC.
结合第一方面、第一方面的第一种至第二种中任一种可能的实现方式,在第一方面的第三种可能的实现方式中,所述使用所述签约管理设备的挑战信息对所述标记数据进行安全保护,包括:With reference to the first aspect, any one of the first to the second possible implementation manners of the first aspect, in a third possible implementation manner of the first aspect, the using the challenge information of the subscription management device Secure the tag data, including:
对所述签约管理设备的挑战信息和所述标记数据进行哈希运算。The challenge information of the subscription management device and the tag data are hashed.
结合第一方面、第一方面的第一种至第三种中任一种可能的实现方式,在第一方面的第四种可能的实现方式中,所述profile下载请求还包括特定指示信息,所述特定指示信息用于指示所述签约管理设备需要下载的profile为特定类型profile,本发明中的特定类型profile可以是应用于任何profile需要重用的场景,包括应用于测试、维护等场景的test profile。With reference to the first aspect, any one of the first to the third possible implementation manners of the first aspect, in a fourth possible implementation manner of the first aspect, the profile download request further includes specific indication information, The specific indication information is used to indicate that the profile that the subscription management device needs to download is a specific type profile. The specific type profile in the present invention may be applied to any profile that needs to be reused, including a test applied to a scenario such as testing and maintenance. Profile.
上述profile的处理方法通过特定指示信息可以用于指示SM-DP+需要下载的profile为特定类型profile。例如,特定指示信息表示需要下载的profile为test profile,那么根据该特定指示信息SM-DP+执行test profile的下载流程。The processing method of the above profile may be used to indicate that the profile that the SM-DP+ needs to download is a specific type profile by using specific indication information. For example, if the specific indication information indicates that the profile to be downloaded is the test profile, the download process of the test profile is executed according to the specific indication information SM-DP+.
结合第一方面、第一方面的第一种至第四种中任一种可能的实现方式,在第一方面的第五种可能的实现方式中,所述接收所述签约管理设备发送的第一profile之后,还包括: With reference to the first aspect, any one of the first to fourth possible implementations of the first aspect, in a fifth possible implementation manner of the first aspect, the receiving, by the subscription management device, After a profile, it also includes:
向所述签约管理设备发送profile第一删除通知,所述profile第一删除通知包括以下至少一种信息:profile标识或eUICC标识,以使所述签约管理设备根据所述profile第一删除通知获取与所述profile标识或所述eUICC标识中至少一个信息对应的第一profile,并将所述第一profile恢复成第二profile。Sending a profile first deletion notification to the subscription management device, where the profile first deletion notification includes at least one of the following information: a profile identifier or an eUICC identifier, so that the subscription management device obtains the first deletion notification according to the profile. The profile identifies a first profile corresponding to at least one of the eUICC identifiers, and restores the first profile to a second profile.
结合第一方面的第五种可能的实现方式,在第一方面的第六种可能的实现方式中,所述向所述签约管理设备发送profile第一删除通知之前,还包括:With the fifth possible implementation of the first aspect, in a sixth possible implementation manner of the foregoing aspect, before the sending the profile first deletion notification to the subscription management device, the method further includes:
向所述eUICC发送profile信息获取消息,所述profile信息获取消息包括profile类型;Sending a profile information acquisition message to the eUICC, where the profile information acquisition message includes a profile type;
接收并显示所述eUICC发送的与所述profile类型对应的profile信息。Receiving and displaying profile information corresponding to the profile type sent by the eUICC.
上述profile的处理方法可以实现只对与profile类型对应的profile信息的接收和显示,使得后续步骤只对这类profile信息对应的profile进行处理,保护了其他类型的profile,提高安全度。The processing of the profile can be performed only by receiving and displaying the profile information corresponding to the profile type, so that the subsequent step only processes the profile corresponding to the profile information, and protects other types of profiles to improve security.
结合第一方面的第六种可能的实现方式,在第一方面的第七种可能的实现方式中,所述接收并显示所述eUICC发送的与所述profile类型对应的profile信息之后,还包括:With reference to the sixth possible implementation manner of the first aspect, in a seventh possible implementation manner of the first aspect, after the receiving and displaying the profile information that is sent by the eUICC and corresponding to the profile type, :
获取用户输入的profile删除指令;Obtaining a profile deletion instruction input by the user;
根据所述profile删除指令删除所述eUICC中对应的特定类型profile。Deleting a corresponding specific type profile in the eUICC according to the profile deletion instruction.
结合第一方面的第五种可能的实现方式,在第一方面的第八种可能的实现方式中,所述向所述签约管理设备发送profile第一删除通知之前,还包括:In conjunction with the fifth possible implementation of the first aspect, in the eighth possible implementation manner of the foregoing aspect, before the sending the profile first deletion notification to the subscription management device, the method further includes:
接收所述eUICC发送的profile第二删除通知,所述profile第二删除通知为所述eUICC在接收到获取eUICC挑战指令或profile激活指令之后检测到存储有特定类型profile,并删除所述特定类型profile之后发送的。Receiving a profile second deletion notification sent by the eUICC, where the profile second deletion notification is that the eUICC detects that a specific type profile is stored after receiving the eUICC challenge instruction or the profile activation instruction, and deletes the specific type profile. After sending it.
结合第一方面、第一方面的第一种至第八种中任一种可能的实现方式,在第一方面的第九种可能的实现方式中,所述接收所述签约管理设备发送的第一profile之后,还包括:With reference to the first aspect, any one of the first to the eighth possible implementation manners of the first aspect, in the ninth possible implementation manner of the first aspect, the receiving, by the subscription management device, After a profile, it also includes:
向移动网络运营商MNO通知profile下载完成。The mobile network operator MNO is notified that the profile download is completed.
第二方面,本发明实施例提供一种profile的处理方法,包括:In a second aspect, an embodiment of the present invention provides a method for processing a profile, including:
接收终端设备发送的profile下载请求,所述profile下载请求至少包括所 述终端设备获取到的标记数据;Receiving a profile download request sent by the terminal device, where the profile download request includes at least Describe the tag data obtained by the terminal device;
从与所述标记数据关联的至少一个第二profile中选择一个生成第一profile;Selecting one of the at least one second profile associated with the tag data to generate a first profile;
向所述终端设备发送所述第一profile。Sending the first profile to the terminal device.
上述profile的处理方法通过将一个标记数据与多个profile的关联,不但实现profile和标记数据的重复利用,降低成本。The processing method of the profile described above not only realizes the reuse of profile and tag data, but also reduces the cost by associating one tag data with multiple profiles.
结合第二方面,在第二方面的第一种可能的实现方式中,所述接收终端设备发送的profile下载请求之前,还包括:With reference to the second aspect, in a first possible implementation manner of the second aspect, before the receiving the profile download request sent by the terminal device, the method further includes:
获取终端设备发送的第一信息,所述第一信息至少包括嵌入式通用集成电路卡eUICC的挑战信息;Obtaining first information sent by the terminal device, where the first information includes at least challenge information of the embedded universal integrated circuit card eUICC;
向所述终端设备发送第二信息,所述第二信息至少包括签约管理设备的挑战信息;Sending, to the terminal device, second information, where the second information includes at least challenge information of the subscription management device;
所述接收终端设备发送的profile下载请求,包括:The profile download request sent by the receiving terminal device includes:
接收所述终端设备发送的profile下载请求,所述profile下载请求包括所述终端设备使用所述签约管理设备的挑战信息对获取到的标记数据进行安全保护后的标记数据、标记标识以及所述eUICC生成的签名信息;Receiving a profile download request sent by the terminal device, where the profile download request includes the tag data, the tag identifier, and the eUICC after the terminal device uses the challenge information of the subscription management device to perform security protection on the acquired tag data. Generated signature information;
所述从与所述标记数据关联的至少一个第二profile中选择一个生成第一profile,包括:The selecting one of the at least one second profile associated with the tag data to generate the first profile comprises:
根据所述标记标识获取对应的标记数据,根据所述标记数据对所述安全保护后的标记数据进行验证,并在验证通过后从与所述标记数据关联的至少一个第二profile中选择一个生成第一profile。Obtaining corresponding tag data according to the tag identifier, verifying the security-protected tag data according to the tag data, and selecting one of the at least one second profile associated with the tag data after the verification is passed First profile.
结合第二方面的第一种可能的实现方式,在第二方面的第二种可能的实现方式中,所述根据所述标记标识获取对应的标记数据,根据所述标记数据对所述安全保护后的标记数据进行验证,包括:With reference to the first possible implementation manner of the second aspect, in a second possible implementation manner of the second aspect, the acquiring, according to the marking identifier, acquiring corresponding marking data, and performing the security protection according to the marking data After the tag data is verified, including:
获取与所述标记标识对应的标记数据,使用挑战信息对所述标记数据进行安全保护处理,此处安全保护可以是哈希运算或加密运算,其中,加密运算可以包括使用对称加密或公私密钥加密的方式,只要是可以对标记数据起到安全保护作用的加密方法,均适用于此;Obtaining tag data corresponding to the tag identifier, and performing security protection processing on the tag data by using challenge information, where the security protection may be a hash operation or an encryption operation, where the encryption operation may include using symmetric encryption or a public-private key The encryption method is applicable to any encryption method that can protect the tag data.
将处理后的标记数据与所述安全保护后的标记数据进行比较,若相同则验证通过。 The processed tag data is compared with the tag data after the security protection, and if they are the same, the verification is passed.
上述profile的处理方法可以防止对标记数据重放攻击,提高了安全度。The processing method of the above profile can prevent the attacking of the tag data and improve the security.
结合第二方面的第一种或第二种可能的实现方式,在第二方面的第三种可能的实现方式中,所述在验证通过后从与所述标记数据关联的至少一个第二profile中选择一个生成第一profile,包括:In conjunction with the first or second possible implementation of the second aspect, in a third possible implementation of the second aspect, the at least one second profile associated with the tag data after the verification is passed Select one to generate the first profile, including:
获取与所述与所述标记标识对应的标记数据关联的至少一个第二profile,并从中选出一个;Obtaining at least one second profile associated with the tag data corresponding to the tag identifier, and selecting one of the second profiles;
在选出的第二profile中添加第五信息生成所述第一profile,所述第五信息至少包括初始化安全信道信息和配置profile安全域命令。And adding the fifth information to the selected second profile to generate the first profile, where the fifth information includes at least an initialization security channel information and a configuration profile security domain command.
结合第二方面、第二方面的第一种至第三种中任一种可能的实现方式,在第二方面的第四种可能的实现方式中,所述获取终端设备发送的第一信息之前,还包括:With reference to the second aspect, any one of the first to the third possible implementation manners of the second aspect, in a fourth possible implementation manner of the second aspect, before the acquiring the first information sent by the terminal device ,Also includes:
根据移动网络运营商MNO的订购请求生成至少一个第二profile和一个标记信息,所述标记信息包括所述标记数据和所述标记标识;Generating at least one second profile and one tag information according to a subscription request of the mobile network operator MNO, the tag information including the tag data and the tag identifier;
将所述至少一个第二profile与所述标记数据关联;Associating the at least one second profile with the tag data;
向所述MNO返回定购响应,所述订购响应包括所述标记信息。A subscription response is returned to the MNO, the subscription response including the tag information.
结合第二方面、第二方面的第一种至第三种中任一种可能的实现方式,在第二方面的第五种可能的实现方式中,所述获取终端设备发送的第一信息之前,还包括:With reference to the second aspect, the possible implementation of the first to the third aspect of the second aspect, in a fifth possible implementation manner of the second aspect, before the acquiring the first information sent by the terminal device ,Also includes:
根据移动网络运营商MNO的订购请求获取一个标记信息,所述标记信息包括所述标记数据和所述标记标识,并生成至少一个第二profile;Acquiring a tag information according to the subscription request of the mobile network operator MNO, the tag information including the tag data and the tag identifier, and generating at least one second profile;
将所述至少一个第二profile与所述标记数据关联;Associating the at least one second profile with the tag data;
向所述MNO返回定购响应。An order response is returned to the MNO.
结合第二方面、第二方面的第一种至第五种中任一种可能的实现方式,在第二方面的第六种可能的实现方式中,所述向所述终端设备发送所述第一profile之后,还包括:With reference to the second aspect, any one of the first to fifth possible implementation manners of the second aspect, in a sixth possible implementation manner of the second aspect, After a profile, it also includes:
接收所述终端设备发送的profile第一删除通知,所述profile第一删除通知包括以下至少一个信息:profile标识或eUICC标识;Receiving a profile first deletion notification sent by the terminal device, where the profile first deletion notification includes at least one of the following information: a profile identifier or an eUICC identifier;
根据所述profile第一删除通知获取与所述profile标识或所述eUICC标识中至少一个信息对应的第一profile;Obtaining, according to the profile first deletion notification, a first profile corresponding to at least one of the profile identifier or the eUICC identifier;
将所述第一profile恢复成第二profile。 Restoring the first profile to a second profile.
结合第二方面的第六种可能的实现方式,在第二方面的第七种可能的实现方式中,所述将所述第一profile恢复成第二profile之后,还包括:With the sixth possible implementation of the second aspect, in the seventh possible implementation of the second aspect, after the recovering the first profile to the second profile, the method further includes:
生成加密秘钥,并对所述第二profile解密后使用所述加密秘钥重新进行加密。An encryption key is generated, and the second profile is decrypted and then re-encrypted using the encryption key.
结合第二方面的第六种或第七种可能的实现方式,在第二方面的第八种可能的实现方式中,所述将所述第一profile恢复成第二profile,包括:With the sixth or the seventh possible implementation of the second aspect, in the eighth possible implementation of the second aspect, the recovering the first profile to the second profile includes:
将所述第一profile中的第五信息移除生成所述第二profile,所述第五信息至少包括初始化安全信道信息和配置profile安全域命令。And deleting the fifth information in the first profile to generate the second profile, where the fifth information includes at least an initialization security channel information and a configuration profile security domain command.
第三方面,本发明实施例提供一种终端设备,包括:In a third aspect, an embodiment of the present invention provides a terminal device, including:
获取模块,用于获取标记信息,所述标记信息包括标记数据和/或标记标识;An obtaining module, configured to obtain tag information, where the tag information includes tag data and/or tag identifiers;
发送模块,用于向签约管理设备发送profile下载请求,所述profile下载请求至少包括所述标记数据;a sending module, configured to send a profile download request to the subscription management device, where the profile download request includes at least the tag data;
接收模块,用于接收所述签约管理设备发送的第一profile,所述第一profile为所述签约管理设备根据与所述标记数据关联的至少一个第二profile中选出的一个生成的。a receiving module, configured to receive a first profile sent by the subscription management device, where the first profile is generated by the subscription management device according to one selected from the at least one second profile associated with the tag data.
结合第三方面,在第三方面的第一种可能的实现方式中,还包括:安全保护模块;With reference to the third aspect, in a first possible implementation manner of the third aspect, the method further includes: a security protection module;
所述接收模块,还用于接收嵌入式通用集成电路卡eUICC的第一信息;The receiving module is further configured to receive first information of the embedded universal integrated circuit card eUICC;
所述发送模块,还用于将所述第一信息发送给签约管理设备,所述第一信息至少包括所述eUICC的挑战信息;The sending module is further configured to send the first information to the subscription management device, where the first information includes at least the challenge information of the eUICC;
所述接收模块,还用于接收所述签约管理设备返回的第二信息,所述第二信息至少包括所述签约管理设备的挑战信息;The receiving module is further configured to receive second information returned by the subscription management device, where the second information includes at least challenge information of the subscription management device;
所述安全保护模块,用于使用所述签约管理设备的挑战信息对所述标记数据进行安全保护;The security protection module is configured to perform security protection on the tag data by using challenge information of the subscription management device;
所述发送模块,还用于将第三信息发送给所述eUICC,以使所述eUICC使用所述第三信息生成签名信息,所述第三信息至少包括安全保护后的标记数据和所述标记标识;The sending module is further configured to send the third information to the eUICC, so that the eUICC generates signature information by using the third information, where the third information includes at least the security-protected tag data and the tag Identification
所述接收模块,还用于接收所述eUICC的第四信息,所述第四信息至少包括所述签名信息; The receiving module is further configured to receive fourth information of the eUICC, where the fourth information includes at least the signature information;
所述发送模块,具体用于向所述签约管理设备发送profile下载请求,所述profile下载请求包括安全保护后的标记数据、所述标记标识以及所述签名信息。The sending module is specifically configured to send a profile download request to the subscription management device, where the profile download request includes security-protected tag data, the tag identifier, and the signature information.
结合第三方面或第三方面的第一种可能的实现方式,在第三方面的第二种可能的实现方式中,所述发送模块,还用于向所述eUICC发送profile信息获取消息,所述profile信息获取消息包括profile类型;With the third aspect or the first possible implementation manner of the third aspect, in a second possible implementation manner of the third aspect, the sending module is further configured to send a profile information acquisition message to the eUICC, where The profile information acquisition message includes a profile type.
所述接收模块,还用于接收并显示所述eUICC发送的与所述profile类型对应的profile信息。The receiving module is further configured to receive and display profile information corresponding to the profile type sent by the eUICC.
结合第三方面、第三方面的第一种至第二种中任一种可能的实现方式,在第三方面的第三种可能的实现方式中,所述安全保护模块,具体用于对所述签约管理设备的挑战信息和所述标记数据进行哈希运算。With reference to the third aspect, the first implementation of the first to the second aspect of the third aspect, in a third possible implementation manner of the third aspect, the security protection module is specifically used for The challenge information of the contract management device and the tag data are hashed.
结合第三方面、第三方面的第一种至第三种中任一种可能的实现方式,在第三方面的第四种可能的实现方式中,所述profile下载请求还包括特定指示信息,所述特定指示信息用于指示所述签约管理设备需要下载的profile为特定类型profile。With reference to the third aspect, any one of the first to the third possible implementation manners of the third aspect, in the fourth possible implementation manner of the third aspect, the profile download request further includes specific indication information, The specific indication information is used to indicate that the profile that the subscription management device needs to download is a specific type profile.
结合第三方面、第三方面的第一种至第四种中任一种可能的实现方式,在第三方面的第五种可能的实现方式中,所述发送模块,还用于向所述签约管理设备发送profile第一删除通知,所述profile第一删除通知包括以下至少一个信息:profile标识或eUICC标识,以使所述签约管理设备根据所述profile第一删除通知获取与所述profile标识或所述eUICC标识中至少一个信息对应的第一profile,并将所述第一profile恢复成第二profile。With reference to the third aspect, any one of the first to the fourth aspect of the third aspect, in a fifth possible implementation manner of the third aspect, the sending module is further configured to The subscription management device sends a profile first deletion notification, where the profile first deletion notification includes at least one of the following information: a profile identifier or an eUICC identifier, so that the subscription management device acquires the profile identifier according to the profile first deletion notification. Or the first profile corresponding to the at least one information in the eUICC identifier, and restore the first profile to the second profile.
结合第三方面的第五种可能的实现方式,在第三方面的第六种可能的实现方式中,所述发送模块,还用于向所述eUICC发送profile信息获取消息,所述profile信息获取消息包括profile类型;With the fifth possible implementation of the third aspect, in a sixth possible implementation manner of the third aspect, the sending module is further configured to send a profile information acquisition message to the eUICC, where the profile information is obtained. The message includes a profile type;
所述接收模块,还用于接收并显示所述eUICC发送的与所述profile类型对应的profile信息。The receiving module is further configured to receive and display profile information corresponding to the profile type sent by the eUICC.
结合第三方面的第六种可能的实现方式,在第三方面的第七种可能的实现方式中,还包括:删除模块;In conjunction with the sixth possible implementation of the third aspect, in a seventh possible implementation manner of the third aspect, the method further includes: deleting a module;
所述获取模块,还用于获取用户输入的profile删除指令;The obtaining module is further configured to acquire a profile deletion instruction input by the user;
所述删除模块,用于根据所述profile删除指令删除所述eUICC中对应的 特定类型profile。The deleting module is configured to delete the corresponding one in the eUICC according to the profile deletion instruction A specific type of profile.
结合第三方面的第五种可能的实现方式,在第三方面的第八种可能的实现方式中,所述接收模块,还用于接收所述eUICC发送的profile第二删除通知,所述profile第二删除通知为所述eUICC在接收到获取eUICC挑战指令或profile激活指令之后检测到存储有特定类型profile,并删除所述特定类型profile之后发送的。With reference to the fifth possible implementation manner of the third aspect, in an eighth possible implementation manner of the third aspect, the receiving module is further configured to receive a second deletion notification of the profile sent by the eUICC, the profile The second deletion notification is sent after the eUICC detects that a specific type profile is stored and deletes the specific type profile after receiving the eUICC challenge instruction or the profile activation instruction.
结合第三方面、第三方面的第一种至第八种中任一种可能的实现方式,在第三方面的第九种可能的实现方式中,所述发送模块,还用于向移动网络运营商MNO通知profile下载完成。With reference to the third aspect, any one of the first to the eighth possible implementation manners of the third aspect, in the ninth possible implementation manner of the third aspect, the sending module is further configured to use the mobile network The operator MNO informs that the profile download is complete.
第四方面,本发明实施例提供一种签约管理设备,包括:In a fourth aspect, an embodiment of the present invention provides a subscription management device, including:
接收模块,用于接收终端设备发送的profile下载请求,所述profile下载请求至少包括所述终端设备获取到的标记数据;a receiving module, configured to receive a profile download request sent by the terminal device, where the profile download request includes at least the tag data acquired by the terminal device;
选择模块,用于从与所述标记数据关联的至少一个第二profile中选择一个生成第一profile;a selection module, configured to select one of the at least one second profile associated with the tag data to generate a first profile;
发送模块,用于向所述终端设备发送所述第一profile。And a sending module, configured to send the first profile to the terminal device.
结合第四方面,在第四方面的第一种可能的实现方式中,还包括:获取模块;With reference to the fourth aspect, in a first possible implementation manner of the fourth aspect, the method further includes: acquiring a module;
所述选择模块包括:验证单元和profile生成单元;The selection module includes: a verification unit and a profile generation unit;
所述获取模块,用于获取终端设备发送的第一信息,所述第一信息至少包括嵌入式通用集成电路卡eUICC的挑战信息;The acquiring module is configured to acquire first information sent by the terminal device, where the first information includes at least challenge information of the embedded universal integrated circuit card eUICC;
所述发送模块,还用于向所述终端设备发送第二信息,所述第二信息至少包括签约管理设备的挑战信息;The sending module is further configured to send second information to the terminal device, where the second information includes at least challenge information of the subscription management device;
所述接收模块,具体用于接收所述终端设备发送的profile下载请求,所述profile下载请求包括所述终端设备使用所述签约管理设备的挑战信息对获取到的标记数据进行安全保护后的标记数据、标记标识以及所述eUICC生成的签名信息;The receiving module is specifically configured to receive a profile download request sent by the terminal device, where the profile download request includes a mark that the terminal device uses the challenge information of the subscription management device to perform security protection on the acquired tag data. Data, a tag identifier, and signature information generated by the eUICC;
所述验证单元,用于根据所述标记标识获取对应的标记数据,根据所述标记数据对所述安全保护后的标记数据进行验证;The verification unit is configured to obtain corresponding tag data according to the tag identifier, and verify the security-protected tag data according to the tag data;
所述profile生成单元,用于在验证通过后从与所述标记数据关联的至少一个第二profile中选择一个生成第一profile。 The profile generating unit is configured to select one of the at least one second profile associated with the tag data to generate a first profile after the verification is passed.
结合第四方面的第一种可能的实现方式,在第四方面的第二种可能的实现方式中,所述验证单元,具体用于获取与所述标记标识对应的标记数据,使用挑战信息对所述标记数据进行安全保护处理;将处理后的标记数据与所述安全保护后的标记数据进行比较,若相同则验证通过。With reference to the first possible implementation manner of the fourth aspect, in a second possible implementation manner of the fourth aspect, the verification unit is configured to acquire the tag data corresponding to the tag identifier, and use the challenge information pair. The tag data is subjected to security protection processing; the processed tag data is compared with the security-protected tag data, and if they are the same, the verification is passed.
结合第四方面的第一种或第二种可能的实现方式,在第四方面的第三种可能的实现方式中,所述profile生成单元,具体用于获取与所述与所述标记标识对应的标记数据关联的至少一个第二profile,并从中选出一个;在选出的第二profile中添加第五信息生成所述第一profile,所述第五信息至少包括初始化安全信道信息和配置profile安全域命令。With reference to the first or second possible implementation manner of the fourth aspect, in a third possible implementation manner of the fourth aspect, the profile generating unit is configured to obtain, corresponding to the tag identifier, Marking at least one second profile associated with the data, and selecting one of the second profiles; adding the fifth information to the selected second profile to generate the first profile, the fifth information including at least initializing secure channel information and a configuration profile Security domain command.
结合第四方面、第四方面的第一种至第三种中任一种可能的实现方式,在第四方面的第四种可能的实现方式中,还包括:第一生成模块和第一关联模块;With reference to the fourth aspect, the possible implementation manner of any one of the first to the third aspect, the fourth possible implementation manner of the fourth aspect, further includes: the first generating module and the first association Module
所述第一生成模块,用于根据移动网络运营商MNO的订购请求生成至少一个第二profile和一个标记信息,所述标记信息包括所述标记数据和所述标记标识;The first generating module is configured to generate at least one second profile and one tag information according to a subscription request of the mobile network operator MNO, where the tag information includes the tag data and the tag identifier;
所述第一关联模块,用于将所述至少一个第二profile与所述标记数据关联;The first association module is configured to associate the at least one second profile with the tag data;
所述发送模块,还用于向所述MNO返回定购响应,所述订购响应包括所述标记信息。The sending module is further configured to return an order response to the MNO, where the order response includes the tag information.
结合第四方面、第四方面的第一种至第三种中任一种可能的实现方式,在第四方面的第五种可能的实现方式中,还包括:第二生成模块和第二关联模块;With reference to the fourth aspect, the first to the third possible implementation manner of the fourth aspect, in a fifth possible implementation manner of the fourth aspect, the method further includes: the second generating module and the second association Module
第二生成模块,用于根据移动网络运营商MNO的订购请求获取一个标记信息,所述标记信息包括所述标记数据和所述标记标识,并生成至少一个第二profile;a second generating module, configured to acquire, according to a subscription request of the mobile network operator MNO, a tag information, where the tag information includes the tag data and the tag identifier, and generate at least one second profile;
第二关联模块,用于将所述至少一个第二profile与所述标记数据关联;a second association module, configured to associate the at least one second profile with the tag data;
所述发送模块,还用于向所述MNO返回定购响应。The sending module is further configured to return an order response to the MNO.
结合第四方面、第四方面的第一种至第五种中任一种可能的实现方式,在第四方面的第六种可能的实现方式中,还包括:恢复模块;With reference to the fourth aspect, any one of the first to the fifth possible implementation manners of the fourth aspect, the sixth possible implementation manner of the fourth aspect, further includes: a recovery module;
所述接收模块,还用于接收所述终端设备发送的profile第一删除通知, 所述profile第一删除通知包括以下至少一个信息:profile标识或eUICC标识;根据所述profile第一删除通知获取与所述profile标识或所述eUICC标识中至少一个信息对应的第一profile;The receiving module is further configured to receive a first deletion notification of the profile sent by the terminal device, The profile first deletion notification includes at least one of the following information: a profile identifier or an eUICC identifier; and acquiring, according to the profile first deletion notification, a first profile corresponding to at least one of the profile identifier or the eUICC identifier;
所述恢复模块,用于将所述第一profile恢复成第二profile。The recovery module is configured to restore the first profile to a second profile.
结合第四方面的第六种可能的实现方式,在第四方面的第七种可能的实现方式中,还包括:In conjunction with the sixth possible implementation of the fourth aspect, in a seventh possible implementation manner of the fourth aspect, the method further includes:
加密模块,用于生成加密秘钥,并对所述第二profile解密后使用所述加密秘钥重新进行加密。And an encryption module, configured to generate an encryption key, and decrypt the second profile and use the encryption key to re-encrypt.
结合第四方面的第六种或第七种可能的实现方式,在第四方面的第八种可能的实现方式中,所述恢复模块,具体用于将所述第一profile中的第五信息移除生成所述第二profile,所述第五信息至少包括初始化安全信道信息和配置profile安全域命令。With reference to the sixth or seventh possible implementation of the fourth aspect, in the eighth possible implementation manner of the fourth aspect, the recovery module is specifically configured to: use the fifth information in the first profile The generating the second profile is removed, and the fifth information includes at least an initialization security channel information and a configuration profile security domain command.
第五方面,本发明实施例提供一种终端设备,包括:In a fifth aspect, an embodiment of the present invention provides a terminal device, including:
处理器,用于获取标记信息,所述标记信息包括标记数据和/或标记标识;a processor, configured to acquire tag information, where the tag information includes tag data and/or tag identifiers;
发送器,用于向签约管理设备发送profile下载请求,所述profile下载请求至少包括所述标记数据;a sender, configured to send a profile download request to the subscription management device, where the profile download request includes at least the tag data;
接收器,用于接收所述签约管理设备发送的第一profile,所述第一profile为所述签约管理设备根据与所述标记数据关联的至少一个第二profile中选出的一个生成的。a receiver, configured to receive a first profile sent by the subscription management device, where the first profile is generated by the subscription management device according to one selected from the at least one second profile associated with the tag data.
结合第五方面,在第五方面的第一种可能的实现方式中,所述处理器,还用于获取嵌入式通用集成电路卡eUICC的第一信息;With reference to the fifth aspect, in a first possible implementation manner of the fifth aspect, the processor is further configured to obtain first information of an embedded universal integrated circuit card eUICC;
所述发送器,还用于将所述第一信息发送给签约管理设备,所述第一信息至少包括所述eUICC的挑战信息;The transmitter is further configured to send the first information to a subscription management device, where the first information includes at least challenge information of the eUICC;
所述接收器,还用于接收所述签约管理设备返回的第二信息,所述第二信息至少包括所述签约管理设备的挑战信息;The receiver is further configured to receive second information returned by the subscription management device, where the second information includes at least challenge information of the subscription management device;
所述处理器,还用于使用所述签约管理设备的挑战信息对所述标记数据进行安全保护;The processor is further configured to perform security protection on the tag data by using challenge information of the subscription management device;
所述处理器,还用于控制将第三信息传输给所述eUICC,以使所述eUICC使用所述第三信息生成签名信息,所述第三信息至少包括安全保护后 的标记数据和所述标记标识;获取所述eUICC的第四信息,所述第四信息至少包括所述签名信息;The processor is further configured to control to transmit third information to the eUICC, so that the eUICC generates signature information by using the third information, where the third information includes at least security protection Marking data and the mark identifier; acquiring fourth information of the eUICC, the fourth information including at least the signature information;
所述发送器,具体用于向所述签约管理设备发送profile下载请求,所述profile下载请求包括安全保护后的标记数据、所述标记标识以及所述签名信息。The transmitter is specifically configured to send a profile download request to the subscription management device, where the profile download request includes security-protected tag data, the tag identifier, and the signature information.
结合第五方面或第五方面的第一种可能的实现方式,在第五方面的第二种可能的实现方式中,所述处理器,还用于控制向所述eUICC传输profile信息获取消息,所述profile信息获取消息包括profile类型;获取并控制显示所述eUICC发送的与所述profile类型对应的profile信息。With reference to the fifth aspect, or the first possible implementation manner of the fifth aspect, in a second possible implementation manner of the fifth aspect, the processor is further configured to control to send a profile information acquisition message to the eUICC, The profile information acquisition message includes a profile type, and acquires and controls display of profile information corresponding to the profile type sent by the eUICC.
结合第五方面、第五方面的第一种至第二种中任一种可能的实现方式,在第五方面的第三种可能的实现方式中,所述处理器,具体用于对所述签约管理设备的挑战信息和所述标记数据进行哈希运算。With reference to the fifth aspect, any one of the first to the second possible implementation manners of the fifth aspect, in a third possible implementation manner of the fifth aspect, the processor is specifically configured to The challenge information of the contract management device and the tag data are hashed.
结合第五方面、第五方面的第一种至第三种中任一种可能的实现方式,在第五方面的第四种可能的实现方式中,所述profile下载请求还包括特定指示信息,所述特定指示信息用于指示所述签约管理设备需要下载的profile为特定类型profile。With reference to the fifth aspect, any one of the first to the third possible implementation manners of the fifth aspect, in a fourth possible implementation manner of the fifth aspect, the profile download request further includes specific indication information, The specific indication information is used to indicate that the profile that the subscription management device needs to download is a specific type profile.
结合第五方面、第五方面的第一种至第四种中任一种可能的实现方式,在第五方面的第五种可能的实现方式中,所述发送器,还用于向所述签约管理设备发送profile第一删除通知,所述profile第一删除通知包括以下至少一个信息:profile标识或eUICC标识,以使所述签约管理设备根据所述profile第一删除通知获取与所述profile标识或所述eUICC标识中至少一个信息对应的第一profile,并将所述第一profile恢复成第二profile。With reference to the fifth aspect, any one of the first to fourth possible implementation manners of the fifth aspect, in a fifth possible implementation manner of the fifth aspect, the transmitter is further configured to The subscription management device sends a profile first deletion notification, where the profile first deletion notification includes at least one of the following information: a profile identifier or an eUICC identifier, so that the subscription management device acquires the profile identifier according to the profile first deletion notification. Or the first profile corresponding to the at least one information in the eUICC identifier, and restore the first profile to the second profile.
结合第五方面的第五种可能的实现方式,在第五方面的第六种可能的实现方式中,所述处理器,还用于控制向所述eUICC传输profile信息获取消息,所述profile信息获取消息包括profile类型;获取并控制显示所述eUICC发送的与所述profile类型对应的profile信息。With reference to the fifth possible implementation manner of the fifth aspect, in a sixth possible implementation manner of the fifth aspect, the processor is further configured to control to send a profile information acquisition message to the eUICC, where the profile information is Obtaining a message includes a profile type; acquiring and controlling to display profile information corresponding to the profile type sent by the eUICC.
结合第五方面的第六种可能的实现方式,在第五方面的第七种可能的实现方式中,所述处理器,还用于获取用户输入的profile删除指令;根据所述profile删除指令删除所述eUICC中对应的特定类型profile。With reference to the sixth possible implementation manner of the fifth aspect, in a seventh possible implementation manner of the fifth aspect, the processor is further configured to acquire a profile deletion instruction input by a user; and delete according to the profile deletion instruction A specific type profile corresponding to the eUICC.
结合第五方面的第五种可能的实现方式,在第五方面的第八种可能的实 现方式中,所述处理器,还用于获取所述eUICC发送的profile第二删除通知,所述profile第二删除通知为所述eUICC在接收到获取eUICC挑战指令或profile激活指令之后检测到存储有特定类型profile,并删除所述特定类型profile之后发送的。In conjunction with the fifth possible implementation of the fifth aspect, the eighth possible implementation in the fifth aspect In the current mode, the processor is further configured to acquire a profile second deletion notification sent by the eUICC, where the profile second deletion notification is that the eUICC detects the storage after receiving the eUICC challenge command or the profile activation command. There is a specific type profile and is sent after deleting the specific type profile.
结合第五方面、第五方面的第一种至第八种中任一种可能的实现方式,在第五方面的第九种可能的实现方式中,所述发送器,还用于向移动网络运营商MNO通知profile下载完成。With reference to the fifth aspect, any one of the first to the eighth possible implementation manners of the fifth aspect, in the ninth possible implementation manner of the fifth aspect, the transmitter is further used for the mobile network The operator MNO informs that the profile download is complete.
第六方面,本发明实施例提供一种签约管理设备,包括:In a sixth aspect, an embodiment of the present invention provides a subscription management device, including:
接收器,用于接收终端设备发送的profile下载请求,所述profile下载请求至少包括所述终端设备获取到的标记数据;a receiver, configured to receive a profile download request sent by the terminal device, where the profile download request includes at least the tag data acquired by the terminal device;
处理器,用于从与所述标记数据关联的至少一个第二profile中选择一个生成第一profile;a processor, configured to select one of the at least one second profile associated with the tag data to generate a first profile;
发送器,用于向所述终端设备发送所述第一profile。And a transmitter, configured to send the first profile to the terminal device.
结合第六方面,在第六方面的第一种可能的实现方式中,所述接收器,还用于获取终端设备发送的第一信息,所述第一信息至少包括嵌入式通用集成电路卡eUICC的挑战信息;With reference to the sixth aspect, in a first possible implementation manner of the sixth aspect, the receiver is further configured to acquire first information that is sent by the terminal device, where the first information includes at least an embedded universal integrated circuit card eUICC Challenge information;
所述发送器,还用于向所述终端设备发送第二信息,所述第二信息至少包括签约管理设备的挑战信息;The transmitter is further configured to send second information to the terminal device, where the second information includes at least challenge information of the subscription management device;
所述接收器,具体用于接收所述终端设备发送的profile下载请求,所述profile下载请求包括所述终端设备使用所述签约管理设备的挑战信息对获取到的标记数据进行安全保护后的标记数据、标记标识以及所述eUICC生成的签名信息;The receiver is specifically configured to receive a profile download request sent by the terminal device, where the profile download request includes a mark that the terminal device uses the challenge information of the subscription management device to perform security protection on the acquired tag data. Data, a tag identifier, and signature information generated by the eUICC;
所述处理器,还用于根据所述标记标识获取对应的标记数据,根据所述标记数据对所述安全保护后的标记数据进行验证;在验证通过后从与所述标记数据关联的至少一个第二profile中选择一个生成第一profile。The processor is further configured to obtain corresponding tag data according to the tag identifier, verify the security-protected tag data according to the tag data, and at least one associated with the tag data after the verification is passed Select one of the second profiles to generate the first profile.
结合第六方面的第一种可能的实现方式,在第六方面的第二种可能的实现方式中,所述处理器,具体用于获取与所述标记标识对应的标记数据,使用挑战信息对所述标记数据进行安全保护处理;将处理后的标记数据与所述安全保护后的标记数据进行比较,若相同则验证通过。With reference to the first possible implementation manner of the sixth aspect, in a second possible implementation manner of the sixth aspect, the processor is configured to obtain the tag data corresponding to the tag identifier, and use the challenge information pair. The tag data is subjected to security protection processing; the processed tag data is compared with the security-protected tag data, and if they are the same, the verification is passed.
结合第六方面的第一种或第二种可能的实现方式,在第六方面的第三种 可能的实现方式中,所述处理器,具体用于获取与所述与所述标记标识对应的标记数据关联的至少一个第二profile,并从中选出一个;在选出的第二profile中添加第五信息生成所述第一profile,所述第五信息至少包括初始化安全信道信息和配置profile安全域命令。Combining the first or second possible implementation of the sixth aspect, the third in the sixth aspect In a possible implementation, the processor is specifically configured to acquire at least one second profile associated with the tag data corresponding to the tag identifier, and select one of the second profiles; add the selected second profile The fifth information generates the first profile, and the fifth information includes at least an initialization security channel information and a configuration profile security domain command.
结合第六方面、第六方面的第一种至第三种可能的实现方式,在第六方面的第四种可能的实现方式中,所述处理器,还用于根据移动网络运营商MNO的订购请求生成至少一个第二profile和一个标记信息,所述标记信息包括所述标记数据和所述标记标识;将所述至少一个第二profile与所述标记数据关联;With reference to the sixth aspect, the first to the third possible implementation manner of the sixth aspect, in a fourth possible implementation manner of the sixth aspect, the processor is further used according to the mobile network operator MNO The order request generates at least one second profile and a tag information, the tag information including the tag data and the tag identifier; associating the at least one second profile with the tag data;
所述发送器,还用于向所述MNO返回定购响应,所述订购响应包括所述标记信息。The transmitter is further configured to return an order response to the MNO, where the order response includes the tag information.
结合第六方面、第六方面的第一种至第三种可能的实现方式,在第六方面的第五种可能的实现方式中,所述处理器,还用于根据移动网络运营商MNO的订购请求获取一个标记信息,所述标记信息包括所述标记数据和所述标记标识,并生成至少一个第二profile;将所述至少一个第二profile与所述标记数据关联;With reference to the sixth aspect, the first to the third possible implementation manner of the sixth aspect, in a fifth possible implementation manner of the sixth aspect, the processor is further used according to the mobile network operator MNO The order request acquires a tag information, the tag information including the tag data and the tag identifier, and generates at least one second profile; associating the at least one second profile with the tag data;
所述发送器,还用于向所述MNO返回定购响应。The transmitter is further configured to return an order response to the MNO.
结合第六方面、第六方面的第一种至第五种可能的实现方式,在第六方面的第六种可能的实现方式中,所述接收器,还用于接收所述终端设备发送的profile第一删除通知,所述profile第一删除通知包括以下至少一个信息:profile标识或eUICC标识;根据所述profile第一删除通知获取与所述profile标识或所述eUICC标识中至少一个信息对应的第一profile;With reference to the sixth aspect, the first to fifth possible implementation manners of the sixth aspect, in a sixth possible implementation manner of the sixth aspect, the receiver is further configured to receive the sending by the terminal device a first deletion notification, the profile first deletion notification includes at least one of the following information: a profile identifier or an eUICC identifier; and the first deletion notification according to the profile acquires at least one of the profile identifier or the eUICC identifier. First profile;
所述处理器,还用于将所述第一profile恢复成第二profile。The processor is further configured to restore the first profile to a second profile.
结合第六方面的第六种可能的实现方式,在第六方面的第七种可能的实现方式中,所述处理器,还用于生成加密秘钥,并对所述第二profile解密后使用所述加密秘钥重新进行加密。With reference to the sixth possible implementation manner of the sixth aspect, in a seventh possible implementation manner of the sixth aspect, the processor is further configured to generate an encryption key, and use the second profile after decrypting The encryption key is re-encrypted.
结合第六方面的第六种或第七种可能的实现方式,在第六方面的第八种可能的实现方式中,所述处理器,具体用于将所述第一profile中的第五信息移除生成所述第二profile,所述第五信息至少包括初始化安全信道信息和配置profile安全域命令。 With reference to the sixth or the seventh possible implementation manner of the sixth aspect, in an eighth possible implementation manner of the sixth aspect, the processor is configured to use the fifth information in the first profile The generating the second profile is removed, and the fifth information includes at least an initialization security channel information and a configuration profile security domain command.
第七方面,本发明实施例提供一种通信设备,包括:终端设备、签约管理设备以及嵌入式通用集成电路卡eUICC;其中,所述终端设备采用第三方面、第三方面的第一种至第九种中任一种可能的实现方式所述的装置,所述签约管理设备采用第四方面、第四方面的第一种至第八种中任一种可能的实现方式所述的装置。The seventh aspect of the present invention provides a communication device, including: a terminal device, a subscription management device, and an embedded universal integrated circuit card eUICC; wherein the terminal device adopts the third aspect, the first aspect of the third aspect to The device of any one of the first to eighth aspects of the fourth aspect, the device of any one of the first to the eighth aspects of the fourth aspect.
第八方面,本发明实施例提供一种通信设备,包括:终端设备、签约管理设备以及嵌入式通用集成电路卡eUICC;其中,所述终端设备采用第五方面、第五方面的第一种至第九种中任一种可能的实现方式所述的设备,所述签约管理设备采用第六方面、第六方面的第一种至第八种中任一种可能的实现方式所述的设备。The eighth aspect of the present invention provides a communication device, including: a terminal device, a subscription management device, and an embedded universal integrated circuit card eUICC; wherein the terminal device adopts the fifth aspect, the first aspect of the fifth aspect to The device according to any one of the possible implementations of the ninth aspect, wherein the subscription management device is the device according to any one of the first to eighth aspects of the sixth aspect.
本发明实施例profile的处理方法、装置及系统,通过一个标记数据与多个profile的关联,并且对标记数据进行安全保护,不但实现标记数据的重复利用,降低成本,还可以防止重放攻击,提高了安全度。The processing method, device and system of the profile of the embodiment of the present invention, through the association of a tag data with multiple profiles, and the security protection of the tag data, not only realize the reuse of the tag data, reduce the cost, but also prevent the replay attack. Increased security.
附图说明DRAWINGS
为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作一简单地介绍,显而易见地,下面描述中的附图是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, a brief description of the drawings used in the embodiments or the prior art description will be briefly described below. Obviously, the drawings in the following description It is a certain embodiment of the present invention, and other drawings can be obtained from those skilled in the art without any inventive labor.
图1为本发明profile的处理方法的一个实施例的流程图;1 is a flow chart of an embodiment of a processing method of a profile of the present invention;
图2为通信系统的一个结构示意图;2 is a schematic structural diagram of a communication system;
图3为本发明profile的处理方法的另一个实施例的流程图;3 is a flow chart of another embodiment of a processing method of a profile of the present invention;
图4为本发明profile的处理方法的又一个实施例的流程图;4 is a flow chart of still another embodiment of a processing method of a profile of the present invention;
图5为本发明profile的处理方法的第四个实施例的流程图;FIG. 5 is a flowchart of a fourth embodiment of a processing method of a profile according to the present invention; FIG.
图6为本发明profile的处理方法的第五个实施例的流程图;6 is a flowchart of a fifth embodiment of a processing method of a profile according to the present invention;
图7为本发明终端设备的一个实施例的结构示意图;7 is a schematic structural diagram of an embodiment of a terminal device according to the present invention;
图8为本发明终端设备的另一个实施例的结构示意图;8 is a schematic structural diagram of another embodiment of a terminal device according to the present invention;
图9为本发明终端设备的再一个实施例的结构示意图;9 is a schematic structural diagram of still another embodiment of a terminal device according to the present invention;
图10为本发明签约管理设备的一个实施例的结构示意图;10 is a schematic structural diagram of an embodiment of a subscription management device according to the present invention;
图11为本发明签约管理设备的另一个实施例的结构示意图; 11 is a schematic structural diagram of another embodiment of a subscription management device according to the present invention;
图12为本发明签约管理设备的再一个实施例的结构示意图;12 is a schematic structural diagram of still another embodiment of a subscription management device according to the present invention;
图13为本发明签约管理设备的第四个实施例的结构示意图;FIG. 13 is a schematic structural diagram of a fourth embodiment of a subscription management device according to the present invention; FIG.
图14为本发明签约管理设备的第五个实施例的结构示意图;14 is a schematic structural diagram of a fifth embodiment of a subscription management device according to the present invention;
图15为本发明终端设备的第四个实施例的结构示意图;15 is a schematic structural diagram of a fourth embodiment of a terminal device according to the present invention;
图16为本发明签约管理设备的第六个实施例的结构示意图;16 is a schematic structural diagram of a sixth embodiment of a subscription management device according to the present invention;
图17为本发明通信系统的一个实施例的结构示意图。Figure 17 is a block diagram showing the structure of an embodiment of a communication system of the present invention.
具体实施方式detailed description
为使本发明实施例的目的、技术方案和优点更加清楚,下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The technical solutions in the embodiments of the present invention will be clearly and completely described in conjunction with the drawings in the embodiments of the present invention. It is a partial embodiment of the invention, and not all of the embodiments. All other embodiments obtained by those skilled in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.
图1为本发明profile的处理方法的一个实施例的流程图,如图1所示,本发明的profile的处理方法包括profile的下载、删除等方法,该方法适用于通信系统包括签约管理设备、终端设备以及eUICC,本发明中的profile可以是用户签约管理信息,其可以是一组文件结构、数据、应用的组合等,当包含运营商数据时,profile可用于接入运营商的网络来使用运营商提供的服务;签约管理设备的功能可以包括生成profile、对profile进行安全保护、绑定profile到特定eUICC、存储profile以及下载profile等。图2为通信系统的一个结构示意图,如图2所示,终端设备中有LPA,这里eUICC也可以作为独立于终端设备的部件,可选的,eUICC也可以作为终端设备的一个组成部件。LPA中包括LPD和LUI,LPD负责下载profile,即LPD通过HTTPS安全连接从SM-DP+下载profile到LPD中,然后将下载下来的profile再发送到eUICC中。LUI提供和用户的交互逻辑和界面,交互界面也可以由和该终端设备关联的其他终端提供,用户可以通过LUI来完成对profile的管理,如下载新的profile,激活profile,去激活profile,删除profile等。签约管理设备可以是上述SM-DP+。1 is a flowchart of an embodiment of a method for processing a profile of the present invention. As shown in FIG. 1 , a method for processing a profile of the present invention includes a method for downloading and deleting a profile, and the method is applicable to a communication system including a subscription management device. The terminal device and the eUICC, the profile in the present invention may be user subscription management information, which may be a set of file structure, data, a combination of applications, etc., when the carrier data is included, the profile may be used to access the operator's network for use. Services provided by the operator; the functions of the contract management device may include generating a profile, securing a profile, binding a profile to a specific eUICC, storing a profile, and downloading a profile. 2 is a schematic structural diagram of a communication system. As shown in FIG. 2, the terminal device has an LPA. Here, the eUICC can also be used as a component independent of the terminal device. Alternatively, the eUICC can also be used as a component of the terminal device. The LPA includes LPD and LUI, and the LPD is responsible for downloading the profile, that is, the LPD downloads the profile from the SM-DP+ to the LPD through the HTTPS secure connection, and then sends the downloaded profile to the eUICC. The LUI provides the interaction logic and interface with the user. The interaction interface can also be provided by other terminals associated with the terminal device. The user can manage the profile through the LUI, such as downloading a new profile, activating the profile, deactivating the profile, and deleting. Profile, etc. The subscription management device may be the SM-DP+ described above.
本实施例的方法可以包括:The method of this embodiment may include:
s101、SM-DP+接收MNO发送的订购请求; S101, SM-DP+ receive the subscription request sent by the MNO;
由于eUICC并不一定是由运营商采购,也可能由终端制造商采购后集成在终端中出售,因此终端制造商通常会向MNO订购profile,例如,终端制造商的员工如果对终端设备进行维修、管理、更新等,需要用到专用于测试的test profile,那么这些test profile就要向MNO订购。MNO根据终端制造商的订购请求向SM-DP+进行profile的订购。MNO可以在该订购请求中包含需要订购的profile的类型或属性,本发明统一用profile的类型来表示。例如:profile type=test,或者profile attribute=test,以告知SM-DP+本次订购的是用于测试的profile,订购请求中还可以包含需要的profile数量、profile标识等。Since the eUICC is not necessarily purchased by the operator, it may also be purchased by the terminal manufacturer and integrated into the terminal for sale. Therefore, the terminal manufacturer usually orders the profile from the MNO. For example, if the terminal manufacturer's employee repairs the terminal device, Management, update, etc., need to use the test profile dedicated to testing, then these test profiles will be ordered from MNO. The MNO makes a profile order to the SM-DP+ according to the ordering request of the terminal manufacturer. The MNO may include the type or attribute of the profile to be ordered in the subscription request, and the present invention is uniformly represented by the type of the profile. For example, profile type=test, or profile attribute=test, to inform SM-DP+ that this subscription is a profile for testing, and the subscription request may also include the required number of profiles, profile identifiers, and the like.
s102、SM-DP+根据MNO的订购请求生成至少一个profile和一个标记信息,标记信息包括标记数据和标记标识,将至少一个profile与标记数据关联;S102: The SM-DP+ generates at least one profile and one tag information according to the ordering request of the MNO, where the tag information includes tag data and a tag identifier, and associates at least one profile with the tag data;
SM-DP+根据MNO的订购请求生成至少一个profile和一个标记信息,该标记信息中的标记数据用于匹配终端设备发送的profile下载请求和至少一个profile,标记标识是标记数据的一个索引。该标记信息中的标记数据和标记标识例如可以是token和token id,token和token id可以分别是两个字符串,也可以在一个字符串中,某些字段标识token id,其余字段标识token,一个标记信息与至少一个profile关联。The SM-DP+ generates at least one profile and one tag information according to the subscription request of the MNO, and the tag data in the tag information is used to match the profile download request sent by the terminal device and at least one profile, and the tag identifier is an index of the tag data. The tag data and the tag identifier in the tag information may be, for example, a token and a token id. The token and the token id may be two strings respectively, or may be in a string, some fields identify a token id, and the remaining fields identify a token. A tag information is associated with at least one profile.
可选的,SM-DP+除了可以如上自己生成标记信息,也可以从MNO获取到标记信息,此时的标记信息由MNO可将其携带于订购请求中发送过来。Optionally, the SM-DP+ can generate the tag information by itself as well as the tag information, and the tag information can be sent by the MNO in the order request.
s103、SM-DP+向MNO返回定购响应,订购响应包括标记信息。S103, SM-DP+ return an order response to the MNO, and the order response includes the tag information.
SM-DP+向MNO发送订购响应,如果标记信息由SM-DP+生成,那么订购响应中就需要包含该标记信息;如果标记信息由MNO生成,那么订购响应中就可以不包含标记信息。The SM-DP+ sends a subscription response to the MNO. If the tag information is generated by the SM-DP+, the tag response needs to be included in the order response; if the tag information is generated by the MNO, the tag response may not include the tag information.
MNO将标记信息发送给申请profile订购的终端制造商,至此终端制造商为eUICC申请可使用的profile的流程结束。此后终端制造商的员工即可使用上述标记信息进行profile的下载,并使用profile对终端设备进行操作,包括测试、维修、管理、使用等。The MNO sends the tag information to the terminal manufacturer requesting the profile order, and the process by which the terminal manufacturer requests the eUICC to apply for the profile ends. The terminal manufacturer's employees can then use the above-mentioned tag information to download the profile and use the profile to operate the terminal device, including testing, repairing, managing, and using.
本实施例,终端制造商通过MNO从SM-DP+订购至少一个profile,而这至少一个profile与一个标记数据关联,可以实现终端制造商对profile的重 用,降低成本。In this embodiment, the terminal manufacturer subscribes at least one profile from the SM-DP+ through the MNO, and the at least one profile is associated with one tag data, so that the terminal manufacturer can focus on the profile. Use, reduce costs.
订购profile之后,用户可以通过键盘、触控、扫描二维码等方式将信息输入终端设备,终端设备识别该信息对应的操作,开启相应的功能,例如,用户输入某个个人识别密码(Personal Identification Number,简称:PIN),终端设备识别该PIN是预设的开启LPA的指令,因此终端设备启动LPA功能,以此终端设备进入测试、维修等状态。可选的,用户通过上述方式输入的信息可以包括两种,一种信息用于触发终端设备启动LPA,例如上述PIN,另一种信息是启动LPA后的标记信息等其他信息。After the profile is ordered, the user can input the information into the terminal device by using a keyboard, a touch, a scanning QR code, etc., and the terminal device recognizes the operation corresponding to the information, and starts a corresponding function, for example, the user inputs a personal identification password (Personal Identification) Number, abbreviation: PIN), the terminal device recognizes that the PIN is a preset instruction to enable the LPA, so the terminal device starts the LPA function, so that the terminal device enters a state of testing, maintenance, and the like. Optionally, the information input by the user in the foregoing manner may include two types, one type of information used to trigger the terminal device to start the LPA, such as the PIN, and the other information is other information such as the tag information after the LPA is activated.
另外,开启LPA功能,终端设备进入测试、维修等状态,可以认为是终端设备的工程模式或测试模式。具体的,LPA可以作为一个应用程序(application,简称:APP)或者终端设备的设置功能里面的一项,用户要启动LPA时,终端设备提示用户需要输入验证信息,用户输入PIN码,LPA验证用户输入的PIN码为预设的进入特定模式的PIN码而非用户自己设定的PIN码时,即可进入该特定模式,在该特定模式下才会执行下一步的动作。或者,用户在终端设备的拨号界面输入特定字符串,然后就触发终端设备自动进入LPA的特定模式等。In addition, when the LPA function is enabled, the terminal device enters a state of testing, maintenance, etc., and can be considered as an engineering mode or a test mode of the terminal device. Specifically, the LPA can be used as an application (application, abbreviation: APP) or a setting function of the terminal device. When the user starts the LPA, the terminal device prompts the user to input the verification information, and the user inputs the PIN code, and the LPA verifies the user. When the entered PIN code is a preset PIN code entering a specific mode instead of the PIN code set by the user, the specific mode can be entered, and the next action is performed in the specific mode. Alternatively, the user inputs a specific character string on the dialing interface of the terminal device, and then triggers the terminal device to automatically enter the specific mode of the LPA, and the like.
图3为本发明profile的处理方法的另一个实施例的流程图,如图3所示,本实施例的方法也适用于图2所示的通信系统。在上述订购profile的流程之后,本实施例的方法可以包括:FIG. 3 is a flowchart of another embodiment of a processing method of a profile of the present invention. As shown in FIG. 3, the method of this embodiment is also applicable to the communication system shown in FIG. 2. After the process of ordering the profile, the method in this embodiment may include:
s201、终端设备向eUICC发送profile信息获取消息,profile信息获取消息包括profile类型;S201: The terminal device sends a profile information acquisition message to the eUICC, where the profile information acquisition message includes a profile type.
终端设备可以通过向eUICC发送profile信息获取消息,并在该消息中携带profile类型,以此获知eUICC中是否已存在与该profile类型对应的profile。例如,终端设备向eUICC发送GetProfileInfo信息,其中设置搜索的准则包括profile type为特定类型的指示。The terminal device can obtain the profile information by sending the profile information to the eUICC, and carry the profile type in the message, so as to know whether the profile corresponding to the profile type already exists in the eUICC. For example, the terminal device sends GetProfileInfo information to the eUICC, wherein the criteria for setting the search include an indication that the profile type is a specific type.
s202、终端设备接收并显示eUICC发送的与profile类型对应的profile信息。S202: The terminal device receives and displays the profile information corresponding to the profile type sent by the eUICC.
上述profile信息可以包括profile元素数和状态。终端设备接收到eUICC的反馈后可以将profile信息显示给用户,如果eUICC中没有符合与profile类型匹配的profile,则终端设备显示为空。这样用户即可查看到eUICC中的 profile是否为自己需要的profile,如果不是则可以操作终端设备进行profile的下载或删除。The profile information may include a number of profile elements and a status. After receiving the feedback from the eUICC, the terminal device may display the profile information to the user. If the eUICC does not match the profile matching the profile type, the terminal device displays empty. This allows users to view the eUICC Whether the profile is the profile you need, if not, you can operate the terminal device to download or delete the profile.
本实施例,终端设备通过与eUICC之间的信息交互,可以获知eUICC中是否存在符合条件的profile,从而可以根据profile的存储情况进行后续步骤,例如,若eUICC中的profile不是用户需要的profile,则可以根据用户的操作进行profile的下载或删除。In this embodiment, the terminal device can learn whether the eUICC has a qualified profile by using the information exchange with the eUICC, so that the following steps can be performed according to the storage situation of the profile, for example, if the profile in the eUICC is not the profile required by the user, The profile can be downloaded or deleted according to the user's operation.
图4为本发明profile的处理方法的又一个实施例的流程图,如图4所示,本实施例的方法也适用于图2所示的通信系统。在图3所示的方法实施例的步骤s202之后,本实施例的方法可以包括:4 is a flow chart of still another embodiment of a processing method of a profile of the present invention. As shown in FIG. 4, the method of this embodiment is also applicable to the communication system shown in FIG. 2. After the step s202 of the method embodiment shown in FIG. 3, the method of this embodiment may include:
s301、终端设备获取标记信息;S301. The terminal device acquires the tag information.
同样的,终端设备可以通过用户的键盘输入、触控输入、扫描二维码等方式获取到用户预先获得的标记信息,该标记信息可以包括标记数据例如token,还可以包括标记标识,例如token id。Similarly, the terminal device may obtain the tag information previously obtained by the user by using a keyboard input, a touch input, a scan QR code, and the like, and the tag information may include tag data such as a token, and may further include a tag identifier, such as a token id. .
s302、终端设备接收eUICC的第一信息,第一信息至少包括eUICC的挑战信息;S302: The terminal device receives the first information of the eUICC, where the first information includes at least the challenge information of the eUICC.
s303、终端设备将第一信息发送给SM-DP+;S303. The terminal device sends the first information to the SM-DP+.
s304、终端设备接收SM-DP+返回的第二信息,第二信息至少包括SM-DP+的挑战信息;S304. The terminal device receives the second information returned by the SM-DP+, where the second information includes at least the challenge information of the SM-DP+.
s305、终端设备使用SM-DP+的挑战信息对标记数据进行安全保护;S305. The terminal device uses the challenge information of the SM-DP+ to secure the tag data.
终端设备可以对SM-DP+的挑战信息和标记数据进行哈希运算,以实现安全保护。可选的,终端设备还可以使用和SM-DP+预先约定的对称密钥对SM-DP+的挑战信息和标记数据进行加密。这样即使每次下载profile都需要向SM-DP+提供token,也由于对token进行了保护而防止重放攻击,提高了安全度。The terminal device can hash the SM-DP+ challenge information and the tag data for security protection. Optionally, the terminal device may further encrypt the challenge information and the tag data of the SM-DP+ by using a symmetric key pre-agreed with the SM-DP+. In this way, even if the profile is downloaded, the token needs to be provided to the SM-DP+, and the token is protected to prevent the replay attack, thereby improving the security.
s306、终端设备将第三信息发送给eUICC,以使eUICC使用第三信息生成签名信息,第三信息至少包括安全保护后的标记数据和标记标识;S306: The terminal device sends the third information to the eUICC, so that the eUICC generates the signature information by using the third information, where the third information includes at least the security-protected tag data and the tag identifier.
终端设备将标记数据进行安全保护后,即可将安全保护后的标记数据、标记标识发送给eUICC,此外第三信息中还可以包括确认码等信息。eUICC对接收到的第三信息进行签名。After the terminal device performs security protection on the tag data, the tag data and the tag identifier after the security protection can be sent to the eUICC, and the third information may further include information such as a confirmation code. The eUICC signs the received third information.
s307、终端设备接收eUICC的第四信息,第四信息至少包括签名信息; S307. The terminal device receives fourth information of the eUICC, where the fourth information includes at least signature information.
除了签名信息,第四信息中还可以包括一些与eUICC自身相关的信息,例如eUICC的证书、eUICC容量等,其中eUICC的证书中包括eUICC标识。In addition to the signature information, the fourth information may also include some information related to the eUICC itself, such as a certificate of the eUICC, an eUICC capacity, and the like, where the eUICC certificate includes an eUICC identifier.
s308、终端设备向SM-DP+发送profile下载请求,profile下载请求包括安全保护后的标记数据、标记标识以及签名信息;S308. The terminal device sends a profile download request to the SM-DP+, where the profile download request includes the tag data, the tag identifier, and the signature information after the security protection.
终端设备在具备了上述安全保护后的标记数据、标记标识、eUICC的签名信息等信息后,即可向SM-DP+请求进行profile下载。After the terminal device has the information such as the tag data, the tag identifier, and the signature information of the eUICC after the security protection, the terminal device can request the profile download from the SM-DP+.
可选的,profile下载请求还包括特定指示信息,特定指示信息用于指示SM-DP+需要下载的profile为特定类型profile。例如,特定指示信息表示需要下载的profile为test profile,那么根据该特定指示信息SM-DP+执行test profile的下载流程。Optionally, the profile download request further includes specific indication information, where the specific indication information is used to indicate that the profile that the SM-DP+ needs to download is a specific type profile. For example, if the specific indication information indicates that the profile to be downloaded is the test profile, the download process of the test profile is executed according to the specific indication information SM-DP+.
s309、SM-DP+根据标记标识获取对应的标记数据,根据标记数据对安全保护后的标记数据进行验证;S309 and SM-DP+ obtain the corresponding tag data according to the tag identifier, and verify the tag data after the security protection according to the tag data;
SM-DP+收到profile下载请求后,要确保profile下载请求中的安全保护后的标记数据与本地查询到的标记数据相对应,SM-DP+从本地获取与profile下载请求中的标记标识对应的标记数据,使用自身的挑战信息对该标记数据进行安全保护处理,即对自身的挑战信息和该标记数据进行相同的哈希运算,再将哈希运算后的标记数据与同样进行了哈希运算的安全保护后的标记数据进行比较,若相同则确认验证通过。可选的,如果对标记数据的安全保护采用的是对称密钥加密的方式,SM-DP+可以根据标记标识查找对应的对称密钥,然后对收到的加密后的标记数据进行解密,获取解密后的标记数据(token),对比解密后的token和与标记标识对应的token,或者,SM-DP+也可以使用对称密钥对与标记标识对应的token和挑战信息进行加密,对比加密后的结果与收到的加密后的标记数据是否一样。After receiving the profile download request, the SM-DP+ needs to ensure that the security-protected tag data in the profile download request corresponds to the locally-queried tag data, and the SM-DP+ locally obtains the tag corresponding to the tag identifier in the profile download request. Data, using its own challenge information to securely protect the tag data, that is, performing the same hash operation on its own challenge information and the tag data, and then hashing the tag data with the same hash operation. The tag data after security protection is compared. If they are the same, the verification is confirmed. Optionally, if the security protection of the tag data is a symmetric key encryption method, the SM-DP+ may search for a corresponding symmetric key according to the tag identifier, and then decrypt the received encrypted tag data to obtain decryption. The subsequent token data (token) compares the decrypted token with the token corresponding to the token identifier, or SM-DP+ can also encrypt the token and challenge information corresponding to the token identifier using the symmetric key, and compare the encrypted result. Whether it is the same as the received encrypted tag data.
s310、SM-DP+在验证通过后从与标记数据关联的至少一个第二profile中选择一个生成第一profile;S310, SM-DP+ select one of the at least one second profile associated with the tag data to generate the first profile after the verification is passed;
根据图1所示的方法实施例的步骤,SM-DP+根据MNO的订购请求初始生成的profile是尚未安全保护的明文数据,即未保护profile包(unprotected profile package,简称:UPP),然后SM-DP+生成一个加密密钥,对UPP进行加密和完整性保护,形成受保护的profile(protected profile package,简称PPP),SM-DP+将至少一个PPP与一个标记数据关联,而PPP即为第二 profile。当SM-DP+接收到profile下载请求,根据标记标识获取到标记数据,再根据标记数据找到对应的至少一个第二profile,SM-DP+从中选出一个与标记数据对应的profile即上述第二profile(PPP)。可选的,SM-DP+也可以直接获取标记数据,再根据标记数据找到对应的至少一个第二profile,SM-DP+从中选出一个与标记数据对应的profile即上述第二profile(PPP)。SM-DP+在选出的profile前添加第五信息生成第一profile,第五信息至少包括初始化安全信道信息和配置profile安全域命令,其中,profile安全域是存储一个profile的安全容器,例如发行安全域profile(issuer security domain-profile,简称:ISD-P)或Profile Domain命令。SM-DP+生成配置ISD-P命令,获取profile的元数据,使用SM-DP+和eUICC进行密钥协商后产生的会话密钥加密配置ISD-P命令和profile元数据,然后和初始化安全信道信息(InitialiseSecureChannel)一并添加到选出的profile前,形成第一profile(绑定后的profile(bound profile package,简称:BPP))。此时,该第一profile就和该eUICC绑定成功,因为除SM-DP+外,只有这个eUICC才能解密这个第一profile。According to the steps of the method embodiment shown in FIG. 1, the profile generated by the SM-DP+ according to the MNO subscription request is plaintext data that has not been secured, that is, an unprotected profile package (UPP), and then SM- DP+ generates an encryption key, encrypts and integrity protects the UPP, and forms a protected profile package (PPP). SM-DP+ associates at least one PPP with one tag data, and PPP is the second. Profile. When the SM-DP+ receives the profile download request, the tag data is obtained according to the tag identifier, and the corresponding at least one second profile is found according to the tag data, and the SM-DP+ selects a profile corresponding to the tag data, that is, the second profile. PPP). Optionally, the SM-DP+ can also directly obtain the tag data, and then find the corresponding at least one second profile according to the tag data, and the SM-DP+ selects a profile corresponding to the tag data, that is, the second profile (PPP). The SM-DP+ adds the fifth information to the first profile to generate the first profile. The fifth information includes at least the initialization security channel information and the configuration profile security domain command, where the profile security domain is a secure container for storing a profile, such as issuing security. The domain profile (issuer security domain-profile, ISD-P) or the Profile Domain command. The SM-DP+ generates an ISD-P command to obtain the metadata of the profile, and uses the SM-DP+ and eUICC to perform session key encryption to generate the ISD-P command and profile metadata, and then initialize the security channel information. InitialiseSecureChannel) is added to the selected profile to form a first profile (bound profile package (BPP)). At this time, the first profile is successfully bound to the eUICC, because except for the SM-DP+, only the eUICC can decrypt the first profile.
需要说明的是,SM-DP+在向终端设备发送了第一profile之后,会将其存储下来作为该第一profile已被下载的记录,同时更新与token的关联关系,即将该第一profile与token关联起来,而原本是由生成该第一profile之前的第二profile与该token关联。因此与token对应的多个profile中,有的可能是PPP,有的已经是BPP了,但是当SM-DP+收到profile下载请求时,只从与token对应的第二profile(PPP)中选择一个生成第一profile(BPP)。It should be noted that after the first profile is sent to the terminal device, the SM-DP+ stores the record as the record that the first profile has been downloaded, and updates the association relationship with the token, that is, the first profile and the token. Associated with the token being originally associated with the token by the second profile prior to generating the first profile. Therefore, among the multiple profiles corresponding to the token, some may be PPP, and some are already BPP. However, when the SM-DP+ receives the profile download request, only one of the second profiles (PPPs) corresponding to the token is selected. Generate a first profile (BPP).
另外SM-DP+还可以将第一profile存储起来,作为该profile已被下载的标志。In addition, SM-DP+ can also store the first profile as a flag that the profile has been downloaded.
s311、终端设备接收SM-DP+发送的第一profile;S311. The terminal device receives the first profile sent by the SM-DP+.
s312、终端设备将第一profile发送给eUICC;S312, the terminal device sends the first profile to the eUICC;
此时关于profile下载的流程结束。At this point, the process of downloading the profile ends.
s313、终端设备向MNO通知profile下载完成。S313. The terminal device notifies the MNO that the profile download is completed.
终端设备可以先通知SM-DP+,再由SM-DP+通知MNO下载完成,使得MNO进行相关的配置。The terminal device can notify the SM-DP+ first, and then the SM-DP+ notifies the MNO that the download is completed, so that the MNO performs related configuration.
本实施例,通过一个标记数据与多个profile的关联,并且对标记数据进 行安全保护,不但实现profile和标记数据的重复利用,降低成本,还可以防止重放攻击,提高了安全度。In this embodiment, the association between the tag data and the plurality of profiles is performed, and the tag data is entered. Line security protection not only realizes the reuse of profile and tag data, reduces costs, but also prevents replay attacks and improves security.
图5为本发明profile的处理方法的第四个实施例的流程图,如图5所示,本实施例的方法也适用于图2所示的通信系统。在图3所示的方法实施例的步骤s202之后,本实施例的方法可以包括:FIG. 5 is a flowchart of a fourth embodiment of a processing method of a profile according to the present invention. As shown in FIG. 5, the method of this embodiment is also applicable to the communication system shown in FIG. 2. After the step s202 of the method embodiment shown in FIG. 3, the method of this embodiment may include:
s401、终端设备获取用户输入的profile删除指令;S401. The terminal device acquires a profile deletion instruction input by the user.
本实施例的方法是终端设备下载profile完成后,对profile进行删除的流程。同样的,本实施例中,用户也可以通过键盘、触控、扫描二维码等方式将信息输入终端设备,终端设备识别该信息对应的操作,开启相应的功能,以此终端设备进入测试、维修等状态。The method in this embodiment is a process of deleting a profile after the terminal device downloads the profile. Similarly, in this embodiment, the user can also input information into the terminal device by using a keyboard, a touch, a scanning QR code, etc., the terminal device recognizes the operation corresponding to the information, and activates the corresponding function, so that the terminal device enters the test, Maintenance and other conditions.
经过图3所示方法实施例的步骤,终端设备可以将profile信息显示给用户,这样用户即可查看到eUICC中的profile是否为需要删除的profile,如果是则可以操作终端设备进行profile的删除,用户可以通过点击删除选项输入profile删除指令。After the steps of the method embodiment shown in FIG. 3, the terminal device can display the profile information to the user, so that the user can view whether the profile in the eUICC is a profile to be deleted, and if so, the terminal device can be operated to delete the profile. The user can enter the profile delete command by clicking the delete option.
s402、终端设备根据profile删除指令删除eUICC中对应的特定类型profile;S402. The terminal device deletes a specific type profile corresponding to the eUICC according to the profile deletion command.
终端设备删除eUICC中与profile标识对应的profile。例如,用户对终端设备的测试工作完成,此前下载的用于测试的test profile已经没有用了,因此要将其删除,终端设备根据通过前述步骤获知要删除的profile的类型为test profile,就将其删除。具体的,结合前述步骤中终端设备从eUICC获取到需要删除的profile,从而可以将需要删除的profile的profile标识携带在发送给eUICC的删除指令中,由eUICC删除相应的profile。The terminal device deletes the profile corresponding to the profile identifier in the eUICC. For example, the user's test work on the terminal device is completed. The previously downloaded test profile for testing is no longer used, so to delete it, the terminal device learns that the type of the profile to be deleted is the test profile according to the foregoing steps. It is deleted. Specifically, in the foregoing step, the terminal device obtains the profile that needs to be deleted from the eUICC, so that the profile identifier of the profile to be deleted is carried in the deletion instruction sent to the eUICC, and the corresponding profile is deleted by the eUICC.
s403、终端设备向SM-DP+发送profile第一删除通知,profile第一删除通知包括以下至少一个信息:profile标识或eUICC标识;S403. The terminal device sends a profile first deletion notification to the SM-DP+, where the first deletion notification includes at least one of the following information: a profile identifier or an eUICC identifier.
在获知要删除的profile的profile标识后通知SM-DP+与profile标识或eUICC标识中至少一个信息对应的第一profile已经在eUICC上删除了。After the profile identifier of the profile to be deleted is obtained, the first profile corresponding to at least one of the profile identifier or the eUICC identifier is notified that the SM-DP+ has been deleted on the eUICC.
s404、SM-DP+根据profile第一删除通知获取与profile标识或eUICC标识中至少一个信息对应的第一profile;S404, the SM-DP+ obtains the first profile corresponding to at least one of the profile identifier or the eUICC identifier according to the first deletion notification of the profile;
SM-DP+获取到与profile标识或eUICC标识中至少一个信息对应的第一profile。 The SM-DP+ acquires a first profile corresponding to at least one of the profile identifier or the eUICC identifier.
s405、SM-DP+将第一profile恢复成第二profile。S405, SM-DP+ restores the first profile to the second profile.
SM-DP+将第一profile中的第五信息移除生成第二profile,第五信息至少包括初始化安全信道信息和配置ISD-P命令。例如,SM-DP+移除第一profile前面的初始化安全信道信息(InitialiseSecureChannel)、SM-DP+和eUICC进行密钥协商后产生的会话密钥加密CI、SM、PPK等信息,将第一profile(BPP)恢复成第二profile(PPP)。这样恢复了的第二profile可以被重新添加新的第五信息后形成新的第一profile,从而被重复利用。The SM-DP+ removes the fifth information in the first profile to generate a second profile, and the fifth information includes at least initializing the secure channel information and configuring the ISD-P command. For example, the SM-DP+ removes the initial security channel information (InitialiseSecureChannel) in front of the first profile, the session key encryption generated by the SM-DP+ and the eUICC, and the information such as CI, SM, PPK, etc., and the first profile (BPP) ) Revert to the second profile (PPP). The second profile thus restored can be re-added with the new fifth information to form a new first profile, thereby being reused.
s406、SM-DP+生成加密密钥,并对第二profile解密后使用加密密钥重新进行加密。S406 and SM-DP+ generate an encryption key, and decrypt the second profile and then re-encrypt the encryption key.
对于恢复的第二profile,SM-DP+为了提高安全性,可以随机生成新的加密密钥,对该第二profile用原密钥解密后再用新的加密密钥对其进行重新加密。For the restored second profile, SM-DP+ can randomly generate a new encryption key for security, decrypt the second profile with the original key, and then re-encrypt it with a new encryption key.
本实施例,通过将要删除的第一profile恢复成第二profile,使得profile可以被重复利用,降低成本,再通过对第二profile的重新加密提高安全性。In this embodiment, by restoring the first profile to be deleted to the second profile, the profile can be reused, the cost is reduced, and the security is improved by re-encrypting the second profile.
图6为本发明profile的处理方法的第五个实施例的流程图,如图6所示,本实施例的方法也适用于图2所示的通信系统。本实施例的方法可以包括:FIG. 6 is a flowchart of a fifth embodiment of a processing method of a profile according to the present invention. As shown in FIG. 6, the method of this embodiment is also applicable to the communication system shown in FIG. 2. The method of this embodiment may include:
s501、终端设备接收eUICC发送的profile第二删除通知,profile第二删除通知为eUICC在接收到获取eUICC挑战指令或profile激活指令之后检测到存储有特定类型profile,并删除特定类型profile之后发送的;S501: The terminal device receives a profile second deletion notification sent by the eUICC, where the second deletion notification is sent by the eUICC after detecting that the eUICC challenge command or the profile activation command is received, and the specific type profile is stored, and the specific type profile is deleted.
本实施例中,用户没有主动删除不再用的profile,而如果是其他用户拿到终端设备后需要将profile更换成自己的profile,或用户要对profile进行激活,这样触发了eUICC检测是否有其他类型的profile存在。例如,维修人员使用test profile对终端设备进行了维护,终端设备的用户拿回终端设备后,下载或使用自己的profile,此时触发了eUICC检测是否有先前测试时的test profile未删除。当eUICC在接收到终端设备发送的获取eUICC挑战指令或profile激活指令之后检测到存储有特定类型profile,则对其进行删除。eUICC删除特定类型的profile后通知终端设备。In this embodiment, the user does not actively delete the profile that is no longer used, and if other users need to replace the profile with their own profile after obtaining the terminal device, or the user needs to activate the profile, the eUICC is triggered to detect whether there is another. A profile of type exists. For example, the maintenance personnel use the test profile to maintain the terminal device. After the user of the terminal device retrieves the terminal device, download or use its own profile. At this time, the eUICC is triggered to detect whether the test profile of the previous test is not deleted. When the eUICC detects that a specific type profile is stored after receiving the eUICC challenge command or the profile activation command sent by the terminal device, it is deleted. The eUICC notifies the terminal device after deleting the specific type of profile.
s502、终端设备向SM-DP+发送profile第一删除通知,profile第一删除通知包括以下至少一个信息:profile标识或eUICC标识; S502: The terminal device sends a profile first deletion notification to the SM-DP+, where the first deletion notification includes at least one of the following information: a profile identifier or an eUICC identifier.
s503、SM-DP+根据profile第一删除通知获取与profile标识或eUICC标识中至少一个信息对应的第一profile;S503, the SM-DP+ obtains the first profile corresponding to at least one of the profile identifier or the eUICC identifier according to the first deletion notification of the profile;
s504、SM-DP+将第一profile恢复成第二profile;S504, SM-DP+ restore the first profile to the second profile;
s505、SM-DP+生成加密密钥,并对第二profile解密后使用加密密钥重新进行加密。S505 and SM-DP+ generate an encryption key, and decrypt the second profile and then re-encrypt the encryption key.
步骤s502~s505与上述方法实施例的步骤s403~s406的实现原理类似,此处不再赘述。Steps s502 to s505 are similar to the implementation principles of steps s403 to s406 of the foregoing method embodiments, and are not described herein again.
本实施例,通过将要删除的第一profile恢复成第二profile,使得profile可以被重复利用,降低成本,再通过对第二profile的重新加密提高安全性。In this embodiment, by restoring the first profile to be deleted to the second profile, the profile can be reused, the cost is reduced, and the security is improved by re-encrypting the second profile.
图7为本发明终端设备的一个实施例的结构示意图,如图7所示,本实施例的装置可以包括:获取模块11、发送模块12以及接收模块13,其中,获取模块11,用于获取标记信息,所述标记信息包括标记数据和/或标记标识;发送模块12,用于向签约管理设备发送profile下载请求,所述profile下载请求至少包括所述标记数据;接收模块13,用于接收所述签约管理设备发送的第一profile,所述第一profile为所述签约管理设备根据与所述标记数据关联的至少一个第二profile中选出的一个生成的。FIG. 7 is a schematic structural diagram of an embodiment of a terminal device according to the present invention. As shown in FIG. 7, the device in this embodiment may include: an obtaining module 11, a sending module 12, and a receiving module 13, wherein the obtaining module 11 is configured to obtain Marking information, the tag information includes tag data and/or tag identifier; the sending module 12 is configured to send a profile download request to the subscription management device, the profile download request includes at least the tag data, and the receiving module 13 is configured to receive And the first profile sent by the subscription management device, where the first profile is generated by the subscription management device according to one selected from the at least one second profile associated with the tag data.
本实施例的装置,可以用于执行上述方法实施例的技术方案,其实现原理和技术效果类似,此处不再赘述。The device in this embodiment may be used to implement the technical solution of the foregoing method embodiment, and the implementation principle and the technical effect are similar, and details are not described herein again.
图8为本发明终端设备的另一个实施例的结构示意图,如图8所示,本实施例的装置在图7所示装置结构的基础上,进一步地,还可以包括:安全保护模块14。所述接收模块13,还用于接收嵌入式通用集成电路卡eUICC的第一信息;所述发送模块12,还用于将所述第一信息发送给签约管理设备,所述第一信息至少包括所述eUICC的挑战信息;所述接收模块13,还用于接收所述签约管理设备返回的第二信息,所述第二信息至少包括所述签约管理设备的挑战信息;所述安全保护模块14,用于使用所述签约管理设备的挑战信息对所述标记数据进行安全保护;所述发送模块12,还用于将第三信息发送给所述eUICC,以使所述eUICC使用所述第三信息生成签名信息,所述第三信息至少包括安全保护后的标记数据和所述标记标识;所述接收模块13,还用于接收所述eUICC的第四信息,所述第四信息至少包括所述签名信息;所述发送模块12,具体用于向所述签约管理设备发送profile下载请求, 所述profile下载请求包括安全保护后的标记数据、所述标记标识以及所述签名信息。FIG. 8 is a schematic structural diagram of another embodiment of a terminal device according to the present invention. As shown in FIG. 8, the device in this embodiment may further include: a security protection module 14 on the basis of the device structure shown in FIG. The receiving module 13 is further configured to receive the first information of the embedded universal integrated circuit card eUICC; the sending module 12 is further configured to send the first information to the subscription management device, where the first information includes at least The information about the challenge of the eUICC; the receiving module 13 is further configured to receive the second information returned by the subscription management device, where the second information includes at least the challenge information of the subscription management device; the security protection module 14 The method for securely protecting the tag data by using the challenge information of the subscription management device; the sending module 12 is further configured to send the third information to the eUICC, so that the eUICC uses the third The information generates signature information, the third information includes at least the security-protected tag data and the tag identifier, and the receiving module 13 is further configured to receive the fourth information of the eUICC, where the fourth information includes at least The sending module 12 is specifically configured to send a profile download request to the subscription management device, The profile download request includes security-protected tag data, the tag identifier, and the signature information.
本实施例的装置,可以用于执行上述方法实施例的技术方案,其实现原理和技术效果类似,此处不再赘述。The device in this embodiment may be used to implement the technical solution of the foregoing method embodiment, and the implementation principle and the technical effect are similar, and details are not described herein again.
进一步的,所述发送模块12,还用于向所述eUICC发送profile信息获取消息,所述profile信息获取消息包括profile类型;所述接收模块13,还用于接收并显示所述eUICC发送的与所述profile类型对应的profile信息。Further, the sending module 12 is further configured to send a profile information acquisition message to the eUICC, where the profile information acquisition message includes a profile type, and the receiving module 13 is further configured to receive and display the Profile information corresponding to the profile type.
进一步的,所述安全保护模块14,具体用于对所述签约管理设备的挑战信息和所述标记数据进行哈希运算。Further, the security protection module 14 is specifically configured to perform hash operation on the challenge information of the subscription management device and the tag data.
进一步的,所述profile下载请求还包括特定指示信息,所述特定指示信息用于指示所述签约管理设备需要下载的profile为特定类型profile。Further, the profile download request further includes specific indication information, where the specific indication information is used to indicate that the profile that the subscription management device needs to download is a specific type profile.
进一步的,所述发送模块12,还用于向所述签约管理设备发送profile第一删除通知,所述profile第一删除通知包括以下至少一个信息:profile标识或eUICC标识,以使所述签约管理设备根据所述profile第一删除通知获取与所述profile标识或所述eUICC标识中至少一个信息对应的第一profile,并将所述第一profile恢复成第二profile。Further, the sending module 12 is further configured to send a profile first deletion notification to the subscription management device, where the profile first deletion notification includes at least one of the following information: a profile identifier or an eUICC identifier, so that the subscription management The device acquires a first profile corresponding to at least one of the profile identifier or the eUICC identifier according to the profile first deletion notification, and restores the first profile to a second profile.
进一步的,所述发送模块12,还用于向所述eUICC发送profile信息获取消息,所述profile信息获取消息包括profile类型;所述接收模块13,还用于接收并显示所述eUICC发送的与所述profile类型对应的profile信息。Further, the sending module 12 is further configured to send a profile information acquisition message to the eUICC, where the profile information acquisition message includes a profile type, and the receiving module 13 is further configured to receive and display the Profile information corresponding to the profile type.
图9为本发明终端设备的再一个实施例的结构示意图,如图9所示,本实施例的装置在图7所示装置结构的基础上,进一步地,还可以包括:删除模块15。所述获取模块11,还用于获取用户输入的profile删除指令;所述删除模块15,用于根据所述profile删除指令删除所述eUICC中对应的特定类型profile。FIG. 9 is a schematic structural diagram of still another embodiment of a terminal device according to the present invention. As shown in FIG. 9, the device in this embodiment may further include: a deletion module 15 on the basis of the device structure shown in FIG. The obtaining module 11 is further configured to acquire a profile deletion command input by the user, and the deleting module 15 is configured to delete a specific type profile corresponding to the eUICC according to the profile deletion instruction.
进一步的,所述接收模块13,还用于接收所述eUICC发送的profile第二删除通知,所述profile第二删除通知为所述eUICC在接收到获取eUICC挑战指令或profile激活指令之后检测到存储有特定类型profile,并删除所述特定类型profile之后发送的。Further, the receiving module 13 is further configured to receive a second deletion notification sent by the eUICC, where the second deletion notification is that the eUICC detects the storage after receiving the eUICC challenge command or the profile activation command. There is a specific type profile and is sent after deleting the specific type profile.
进一步的,所述发送模块12,还用于向移动网络运营商MNO通知profile下载完成。 Further, the sending module 12 is further configured to notify the mobile network operator MNO that the profile download is completed.
图10为本发明签约管理设备的一个实施例的结构示意图,如图10所示,本实施例的装置可以包括:接收模块21、选择模块22以及发送模块23,其中,接收模块21,用于接收终端设备发送的profile下载请求,所述profile下载请求至少包括所述终端设备获取到的标记数据;选择模块22,用于从与所述标记数据关联的至少一个第二profile中选择一个生成第一profile;发送模块23,用于向所述终端设备发送所述第一profile。10 is a schematic structural diagram of an embodiment of a subscription management device according to the present invention. As shown in FIG. 10, the apparatus of this embodiment may include: a receiving module 21, a selecting module 22, and a sending module 23, where the receiving module 21 is configured to Receiving a profile download request sent by the terminal device, where the profile download request includes at least the tag data acquired by the terminal device, and the selecting module 22 is configured to select one of the at least one second profile associated with the tag data. a profile sending module 23, configured to send the first profile to the terminal device.
本实施例的装置,可以用于执行上述方法实施例的技术方案,其实现原理和技术效果类似,此处不再赘述。The device in this embodiment may be used to implement the technical solution of the foregoing method embodiment, and the implementation principle and the technical effect are similar, and details are not described herein again.
图11为本发明签约管理设备的另一个实施例的结构示意图,如图11所示,本实施例的装置在图10所示装置结构的基础上,进一步地,还可以包括:获取模块24,并且所述选择模块22包括验证单元221和profile生成单元222。所述获取模块24,用于获取终端设备发送的第一信息,所述第一信息至少包括嵌入式通用集成电路卡eUICC的挑战信息;所述发送模块23,还用于向所述终端设备发送第二信息,所述第二信息至少包括签约管理设备的挑战信息;所述接收模块21,具体用于接收所述终端设备发送的profile下载请求,所述profile下载请求包括所述终端设备使用所述签约管理设备的挑战信息对获取到的标记数据进行安全保护后的标记数据、标记标识以及所述eUICC生成的签名信息;所述验证单元221,用于根据所述标记标识获取对应的标记数据,根据所述标记数据对所述安全保护后的标记数据进行验证;所述profile生成单元222,用于在验证通过后从与所述标记数据关联的至少一个第二profile中选择一个生成第一profile。FIG. 11 is a schematic structural diagram of another embodiment of a subscription management device according to the present invention. As shown in FIG. 11, the device of the present embodiment further includes: an acquisition module 24, based on the device structure shown in FIG. And the selection module 22 includes a verification unit 221 and a profile generation unit 222. The obtaining module 24 is configured to acquire first information that is sent by the terminal device, where the first information includes at least challenge information of the embedded universal integrated circuit card eUICC, and the sending module 23 is further configured to send to the terminal device The second information, the second information includes at least the challenge information of the subscription management device, and the receiving module 21 is configured to receive a profile download request sent by the terminal device, where the profile download request includes the terminal device usage The tag information of the subscription management device, the tag data, the tag identifier, and the signature information generated by the eUICC. The verification unit 221 is configured to obtain corresponding tag data according to the tag identifier. And verifying the security-protected tag data according to the tag data; the profile generating unit 222, configured to: after the verification succeeds, select one of the at least one second profile associated with the tag data to generate a first Profile.
本实施例的装置,可以用于执行上述方法实施例的技术方案,其实现原理和技术效果类似,此处不再赘述。The device in this embodiment may be used to implement the technical solution of the foregoing method embodiment, and the implementation principle and the technical effect are similar, and details are not described herein again.
进一步的,所述验证单元221,具体用于获取与所述标记标识对应的标记数据,使用挑战信息对所述标记数据进行安全保护处理;将处理后的标记数据与所述安全保护后的标记数据进行比较,若相同则验证通过。Further, the verification unit 221 is specifically configured to acquire the tag data corresponding to the tag identifier, and perform security protection processing on the tag data by using the challenge information; and the processed tag data and the security-protected tag. The data is compared, and if they are the same, the verification is passed.
进一步的,所述选择模块22,具体用于获取与所述标记数据关联的至少一个第二profile,并从中选出一个;在选出的第二profile中添加第五信息生成所述第一profile,所述第五信息至少包括初始化安全信道信息和配置profile安全域命令。 Further, the selecting module 22 is configured to acquire at least one second profile associated with the tag data, and select one of the second profiles, and add the fifth information to the selected second profile to generate the first profile. The fifth information includes at least an initialization security channel information and a configuration profile security domain command.
图12为本发明签约管理设备的再一个实施例的结构示意图,如图12所示,本实施例的装置在图11所示装置结构的基础上,进一步地,还可以包括:第一生成模块25和第一关联模块26。所述第一生成模块25,用于根据移动网络运营商MNO的订购请求生成至少一个第二profile和一个标记信息,所述标记信息包括所述标记数据;所述第一关联模块26,用于将所述至少一个第二profile与所述标记数据关联;所述发送模块23,还用于向所述MNO返回定购响应,所述订购响应包括所述标记信息。FIG. 12 is a schematic structural diagram of still another embodiment of the subscription management device of the present invention. As shown in FIG. 12, the device of this embodiment is further configured to include: a first generation module, based on the device structure shown in FIG. 25 and a first association module 26. The first generating module 25 is configured to generate at least one second profile and one tag information according to a subscription request of the mobile network operator MNO, where the tag information includes the tag data, and the first association module 26 is configured to: Associate the at least one second profile with the tag data; the sending module 23 is further configured to return an order response to the MNO, the order response including the tag information.
本实施例的装置,可以用于执行上述方法实施例的技术方案,其实现原理和技术效果类似,此处不再赘述。The device in this embodiment may be used to implement the technical solution of the foregoing method embodiment, and the implementation principle and the technical effect are similar, and details are not described herein again.
图13为本发明签约管理设备的第四个实施例的结构示意图,如图13所示,本实施例的装置在图11所示装置结构的基础上,进一步地,还可以包括:第二生成模块27和第二关联模块28。第二生成模块27,用于根据移动网络运营商MNO的订购请求获取一个标记信息,所述标记信息包括所述标记数据,并生成至少一个第二profile;第二关联模块28,用于将所述至少一个第二profile与所述标记数据关联;所述发送模块23,还用于向所述MNO返回定购响应。FIG. 13 is a schematic structural diagram of a fourth embodiment of the subscription management device of the present invention. As shown in FIG. 13 , the device of the embodiment is further configured to include: second generation. Module 27 and second association module 28. a second generating module 27, configured to acquire, according to a subscription request of the mobile network operator MNO, a tag information, where the tag information includes the tag data, and generate at least one second profile; and a second association module 28, configured to The at least one second profile is associated with the tag data; the sending module 23 is further configured to return an order response to the MNO.
本实施例的装置,可以用于执行上述方法实施例的技术方案,其实现原理和技术效果类似,此处不再赘述。The device in this embodiment may be used to implement the technical solution of the foregoing method embodiment, and the implementation principle and the technical effect are similar, and details are not described herein again.
图14为本发明签约管理设备的第五个实施例的结构示意图,如图14所示,本实施例的装置在图10所示装置结构的基础上,进一步地,还可以包括:恢复模块29和加密模块30。所述接收模块21,还用于接收所述终端设备发送的profile第一删除通知,所述profile第一删除通知包括profile标识或eUICC标识;根据所述profile第一删除通知获取与所述profile标识或所述eUICC标识对应的第一profile;所述恢复模块28,用于将所述第一profile恢复成第二profile。FIG. 14 is a schematic structural diagram of a fifth embodiment of the subscription management device of the present invention. As shown in FIG. 14, the device of the embodiment is based on the device structure shown in FIG. 10, and further includes: a recovery module 29 And encryption module 30. The receiving module 21 is further configured to receive a profile first deletion notification that is sent by the terminal device, where the profile first deletion notification includes a profile identifier or an eUICC identifier, and obtains the profile identifier according to the profile first deletion notification. Or the first profile corresponding to the eUICC identifier; the recovery module 28 is configured to restore the first profile to the second profile.
所述加密模块30,用于生成加密秘钥,并对所述第二profile解密后使用所述加密秘钥重新进行加密。The encryption module 30 is configured to generate an encryption key, and decrypt the second profile and use the encryption key to re-encrypt.
本实施例的装置,可以用于执行上述方法实施例的技术方案,其实现原理和技术效果类似,此处不再赘述。The device in this embodiment may be used to implement the technical solution of the foregoing method embodiment, and the implementation principle and the technical effect are similar, and details are not described herein again.
进一步的,所述恢复模块29,具体用于将所述第一profile中的第五信息 移除生成所述第二profile,所述第五信息至少包括初始化安全信道信息和配置profile安全域命令。Further, the recovery module 29 is specifically configured to: use the fifth information in the first profile The generating the second profile is removed, and the fifth information includes at least an initialization security channel information and a configuration profile security domain command.
图15为本发明终端设备的第四个实施例的结构示意图,如图15所示,本实施例的设备可以包括:处理器41、发送器42、接收器43,输入单元以及输出单元,其中,处理器41通常控制终端设备的整体操作,诸如与显示,电话呼叫,数据通信,相机操作和记录操作相关联的操作。处理器41可以执行指令,以完成上述的方法的全部或部分步骤。此外,处理器41可以包括一个或多个模块,便于处理器41和其他组件之间的交互。例如,处理器41可以包括多媒体模块,以方便多媒体组件和处理器41之间的交互。发送器42和接收器43被配置为便于终端设备和其他设备之间有线或无线方式的通信。终端设备可以接入基于通信标准的无线网络,如无线保真(WIreless-Fidelity,简称:WiFi),2G或3G,或它们的组合。在一个示例性实施例中,发送器42和接收器43经由广播信道接收来自外部广播管理系统的广播信号或广播相关信息。在一个示例性实施例中,发送器42和接收器43还包括近场通信(Near Field Communication,简称:NFC)模块,以促进短程通信。例如,在NFC模块可基于射频识别(Radio Frequency Identification,简称:RFID)技术,红外数据协会(Infrared Data Association,简称:IrDA)技术,超宽带(Ultra Wideband,简称:UWB)技术,蓝牙(Bluetooth,简称:BT)技术和其他技术来实现。输入单元和输出单元接收数字或各种字符信息,并且可包括输入键和用于设置各种功能和控制终端设备的功能的功能键。更具体地,输入单元和输出单元可包括用于请求移动的键。例如,用户可操作输入单元和输出单元以移动菜单页或菜单页上的焦点。用于请求移动的键可包括键盘(箭头键或音量键)、球形摇杆、光学摇杆、滚轮键等。此外,输入单元和输出单元可包括用于执行选择的(聚焦的)菜单项的确定键。可由按钮类型键盘、球形摇杆、光学摇杆、滚轮键等中的一种或者它们的组合来构成输入单元和输出单元。FIG. 15 is a schematic structural diagram of a fourth embodiment of a terminal device according to the present invention. As shown in FIG. 15, the device in this embodiment may include: a processor 41, a transmitter 42, a receiver 43, an input unit, and an output unit, where The processor 41 typically controls the overall operation of the terminal device, such as operations associated with display, telephone calls, data communications, camera operations, and recording operations. The processor 41 can execute instructions to perform all or part of the steps of the above method. Moreover, processor 41 may include one or more modules to facilitate interaction between processor 41 and other components. For example, processor 41 may include a multimedia module to facilitate interaction between the multimedia component and processor 41. Transmitter 42 and receiver 43 are configured to facilitate wired or wireless communication between the terminal device and other devices. The terminal device can access a wireless network based on a communication standard, such as Wireless-Fidelity (WiFi), 2G or 3G, or a combination thereof. In an exemplary embodiment, the transmitter 42 and the receiver 43 receive broadcast signals or broadcast associated information from an external broadcast management system via a broadcast channel. In an exemplary embodiment, the transmitter 42 and the receiver 43 further include a Near Field Communication (NFC) module to facilitate short range communication. For example, the NFC module can be based on Radio Frequency Identification (RFID) technology, Infrared Data Association (IrDA) technology, Ultra Wideband (UWB) technology, Bluetooth (Bluetooth, Abbreviation: BT) technology and other technologies to achieve. The input unit and the output unit receive digital or various character information, and may include input keys and function keys for setting various functions and controlling functions of the terminal device. More specifically, the input unit and the output unit may include a key for requesting movement. For example, a user can operate an input unit and an output unit to move a focus on a menu page or menu page. The keys for requesting movement may include a keyboard (arrow key or volume key), a spherical rocker, an optical joystick, a scroll wheel key, and the like. Further, the input unit and the output unit may include a determination key for executing the selected (focused) menu item. The input unit and the output unit may be constituted by one of a button type keyboard, a spherical rocker, an optical joystick, a scroll key, or the like, or a combination thereof.
另外,终端设备的存储器被配置为存储各种类型的数据以支持在终端设备的操作。这些数据的示例包括用于在终端设备上操作的任何应用程序或方法的指令,联系人数据,电话簿数据,消息,图片,视频等。存储器可以由任何类型的易失性或非易失性存储设备或者它们的组合实现,如静态随机存 取存储器(Static Random Access Memory,简称:SRAM),电可擦除可编程只读存储器(Electrically Erasable Programmable Read-Only Memory,简称:EEPROM),可擦除可编程只读存储器(Erasable Programmable Read Only Memory,简称:EPROM),可编程只读存储器(Programmable Red-Only Memory,简称:PROM),只读存储器(Read-Only Memory,简称:ROM),磁存储器,快闪存储器,磁盘或光盘。In addition, the memory of the terminal device is configured to store various types of data to support operation at the terminal device. Examples of such data include instructions for any application or method operating on the terminal device, contact data, phone book data, messages, pictures, videos, and the like. The memory can be implemented by any type of volatile or non-volatile storage device or a combination thereof, such as static random access Memory Random Access Memory (SRAM), Electrically Erasable Programmable Read-Only Memory (EEPROM), Erasable Programmable Read Only Memory (Erasable Programmable Read Only Memory) , abbreviated as: EPROM), Programmable Red-Only Memory (PROM), Read-Only Memory (ROM), magnetic memory, flash memory, disk or optical disk.
处理器41,用于获取标记信息,所述标记信息包括标记数据和/或标记标识;发送器42,用于向签约管理设备发送profile下载请求,所述profile下载请求至少包括所述标记数据;接收器43,用于接收所述签约管理设备发送的第一profile,所述第一profile为所述签约管理设备根据与所述标记数据关联的至少一个第二profile中选出的一个生成的。The processor 41 is configured to acquire the tag information, where the tag information includes the tag data and/or the tag identifier, and the sender 42 is configured to send a profile download request to the subscription management device, where the profile download request includes at least the tag data; The receiver 43 is configured to receive a first profile sent by the subscription management device, where the first profile is generated by the subscription management device according to one selected from the at least one second profile associated with the tag data.
本实施例的装置,可以用于执行上述方法实施例的技术方案,其实现原理和技术效果类似,此处不再赘述。The device in this embodiment may be used to implement the technical solution of the foregoing method embodiment, and the implementation principle and the technical effect are similar, and details are not described herein again.
进一步的,所述标记信息还包括标记标识;所述处理器41,还用于获取嵌入式通用集成电路卡eUICC的第一信息;所述发送器42,还用于将所述第一信息发送给签约管理设备,所述第一信息至少包括所述eUICC的挑战信息;所述接收器43,还用于接收所述签约管理设备返回的第二信息,所述第二信息至少包括所述签约管理设备的挑战信息;所述处理器41,还用于使用所述签约管理设备的挑战信息对所述标记数据进行安全保护;所述处理器41,还用于控制将第三信息传输给所述eUICC,以使所述eUICC使用所述第三信息生成签名信息,所述第三信息至少包括安全保护后的标记数据和所述标记标识;获取所述eUICC的第四信息,所述第四信息至少包括所述签名信息;所述发送器42,具体用于向所述签约管理设备发送profile下载请求,所述profile下载请求包括安全保护后的标记数据、所述标记标识以及所述签名信息。Further, the tag information further includes a tag identifier; the processor 41 is further configured to acquire first information of the embedded universal integrated circuit card eUICC; the transmitter 42 is further configured to send the first information For the subscription management device, the first information includes at least the challenge information of the eUICC; the receiver 43 is further configured to receive the second information returned by the subscription management device, where the second information includes at least the subscription Managing the challenge information of the device; the processor 41 is further configured to: use the challenge information of the subscription management device to secure the tag data; the processor 41 is further configured to control to transmit the third information to the The eUICC is configured to enable the eUICC to generate signature information by using the third information, where the third information includes at least the security-protected tag data and the tag identifier; and acquiring the fourth information of the eUICC, the fourth The information includes at least the signature information. The sender 42 is specifically configured to send a profile download request to the subscription management device, where the profile download request includes a security-protected target. Data, the identification and the signature information flag.
进一步的,所述处理器41,还用于控制向所述eUICC传输profile信息获取消息,所述profile信息获取消息包括profile类型;获取并控制显示所述eUICC发送的与所述profile类型对应的profile信息。Further, the processor 41 is further configured to control to transmit a profile information acquisition message to the eUICC, where the profile information acquisition message includes a profile type, and obtain and control to display a profile corresponding to the profile type sent by the eUICC. information.
进一步的,所述处理器41,具体用于对所述签约管理设备的挑战信息和所述标记数据进行哈希运算。 Further, the processor 41 is specifically configured to perform hash operation on the challenge information of the subscription management device and the tag data.
进一步的,所述profile下载请求还包括特定指示信息,所述特定指示信息用于指示所述签约管理设备需要下载的profile为特定类型profile。Further, the profile download request further includes specific indication information, where the specific indication information is used to indicate that the profile that the subscription management device needs to download is a specific type profile.
进一步的,所述发送器42,还用于向所述签约管理设备发送profile第一删除通知,所述profile第一删除通知包括以下至少一个信息:profile标识或eUICC标识,以使所述签约管理设备根据所述profile第一删除通知获取与所述profile标识或所述eUICC标识中至少一个信息对应的第一profile,并将所述第一profile恢复成第二profile。Further, the sender 42 is further configured to send a profile first deletion notification to the subscription management device, where the profile first deletion notification includes at least one of the following information: a profile identifier or an eUICC identifier, so that the subscription management The device acquires a first profile corresponding to at least one of the profile identifier or the eUICC identifier according to the profile first deletion notification, and restores the first profile to a second profile.
进一步的,所述处理器41,还用于控制向所述eUICC传输profile信息获取消息,所述profile信息获取消息包括profile类型;获取并控制显示所述eUICC发送的与所述profile类型对应的profile信息。Further, the processor 41 is further configured to control to transmit a profile information acquisition message to the eUICC, where the profile information acquisition message includes a profile type, and obtain and control to display a profile corresponding to the profile type sent by the eUICC. information.
进一步的,所述处理器41,还用于获取用户输入的profile删除指令;根据所述profile删除指令删除所述eUICC中对应的特定类型profile。Further, the processor 41 is further configured to acquire a profile deletion instruction input by the user, and delete a specific type profile corresponding to the eUICC according to the profile deletion instruction.
进一步的,所述处理器41,还用于获取所述eUICC发送的profile第二删除通知,所述profile第二删除通知为所述eUICC在接收到获取eUICC挑战指令或profile激活指令之后检测到存储有特定类型profile,并删除所述特定类型profile之后发送的。Further, the processor 41 is further configured to acquire a profile second deletion notification sent by the eUICC, where the profile second deletion notification is that the eUICC detects the storage after receiving the eUICC challenge instruction or the profile activation instruction. There is a specific type profile and is sent after deleting the specific type profile.
进一步的,所述发送器42,还用于向移动网络运营商MNO通知profile下载完成。Further, the sender 42 is further configured to notify the mobile network operator MNO that the profile download is completed.
图16为本发明签约管理设备的第六个实施例的结构示意图,如图16所示,本实施例的设备可以包括:接收器51、处理器52以及发送器53,其中,处理器52通常控制签约管理设备的整体操作,诸如与显示,电话呼叫,数据通信,相机操作和记录操作相关联的操作。处理器52可以执行指令,以完成上述的方法的全部或部分步骤。此外,处理器52可以包括一个或多个模块,便于处理器52和其他组件之间的交互。例如,处理器52可以包括多媒体模块,以方便多媒体组件和处理器52之间的交互。发送器53和接收器51被配置为便于签约管理设备和其他设备之间有线或无线方式的通信。签约管理设备可以接入基于通信标准的无线网络,如无线保真(WIreless-Fidelity,简称:WiFi),2G或3G,或它们的组合。在一个示例性实施例中,发送器53和接收器51经由广播信道接收来自外部广播管理系统的广播信号或广播相关信息。在一个示例性实施例中,发送器53和接收 器51还包括近场通信(Near Field Communication,简称:NFC)模块,以促进短程通信。例如,在NFC模块可基于射频识别(Radio Frequency Identification,简称:RFID)技术,红外数据协会(Infrared Data Association,简称:IrDA)技术,超宽带(Ultra Wideband,简称:UWB)技术,蓝牙(Bluetooth,简称:BT)技术和其他技术来实现。FIG. 16 is a schematic structural diagram of a sixth embodiment of a subscription management device according to the present invention. As shown in FIG. 16, the device in this embodiment may include: a receiver 51, a processor 52, and a transmitter 53, wherein the processor 52 is usually Controls the overall operation of the subscription management device, such as operations associated with display, telephone calls, data communications, camera operations, and recording operations. Processor 52 can execute instructions to perform all or part of the steps of the above method. Moreover, processor 52 may include one or more modules to facilitate interaction between processor 52 and other components. For example, processor 52 may include a multimedia module to facilitate interaction between the multimedia component and processor 52. Transmitter 53 and receiver 51 are configured to facilitate wired or wireless communication between the subscription management device and other devices. The subscription management device can access a wireless network based on a communication standard, such as Wireless-Fidelity (WiFi), 2G or 3G, or a combination thereof. In an exemplary embodiment, the transmitter 53 and the receiver 51 receive broadcast signals or broadcast associated information from an external broadcast management system via a broadcast channel. In an exemplary embodiment, the transmitter 53 and the receiver The device 51 also includes a Near Field Communication (NFC) module to facilitate short-range communication. For example, the NFC module can be based on Radio Frequency Identification (RFID) technology, Infrared Data Association (IrDA) technology, Ultra Wideband (UWB) technology, Bluetooth (Bluetooth, Abbreviation: BT) technology and other technologies to achieve.
另外,签约管理设备的存储器被配置为存储各种类型的数据以支持在签约管理设备的操作。这些数据的示例包括用于在签约管理设备上操作的任何应用程序或方法的指令,联系人数据,电话簿数据,消息,图片,视频等。存储器可以由任何类型的易失性或非易失性存储设备或者它们的组合实现,如静态随机存取存储器(Static Random Access Memory,简称:SRAM),电可擦除可编程只读存储器(Electrically Erasable Programmable Read-Only Memory,简称:EEPROM),可擦除可编程只读存储器(Erasable Programmable Read Only Memory,简称:EPROM),可编程只读存储器(Programmable Red-Only Memory,简称:PROM),只读存储器(Read-Only Memory,简称:ROM),磁存储器,快闪存储器,磁盘或光盘。Additionally, the memory of the subscription management device is configured to store various types of data to support operation at the subscription management device. Examples of such data include instructions for any application or method operating on a subscription management device, contact data, phone book data, messages, pictures, videos, and the like. The memory can be implemented by any type of volatile or non-volatile storage device or a combination thereof, such as Static Random Access Memory (SRAM), electrically erasable programmable read only memory (Electrically Erasable Programmable Read-Only Memory (EEPROM), Erasable Programmable Read Only Memory (EPROM), Programmable Red-Only Memory (PROM), only Read-Only Memory (ROM), magnetic memory, flash memory, disk or optical disk.
接收器51,用于接收终端设备发送的profile下载请求,所述profile下载请求至少包括所述终端设备获取到的标记数据;处理器52,用于从与所述标记数据关联的至少一个第二profile中选择一个生成第一profile;发送器53,用于向所述终端设备发送所述第一profile。The receiver 51 is configured to receive a profile download request sent by the terminal device, where the profile download request includes at least the tag data acquired by the terminal device, and the processor 52 is configured to use at least one second associated with the tag data. One of the profiles is selected to generate a first profile; a transmitter 53 is configured to send the first profile to the terminal device.
本实施例的装置,可以用于执行上述方法实施例的技术方案,其实现原理和技术效果类似,此处不再赘述。The device in this embodiment may be used to implement the technical solution of the foregoing method embodiment, and the implementation principle and the technical effect are similar, and details are not described herein again.
进一步的,所述接收器51,还用于获取终端设备发送的第一信息,所述第一信息至少包括嵌入式通用集成电路卡eUICC的挑战信息;所述发送器53,还用于向所述终端设备发送第二信息,所述第二信息至少包括签约管理设备的挑战信息;所述接收器51,具体用于接收所述终端设备发送的profile下载请求,所述profile下载请求包括所述终端设备使用所述签约管理设备的挑战信息对获取到的标记数据进行安全保护后的标记数据、标记标识以及所述eUICC生成的签名信息;所述处理器52,还用于根据所述标记标识获取对应的标记数据,根据所述标记数据对所述安全保护后的标记数据进行验证;在验证通过后从与所述标记数据关联的至少一个第二profile中选择一个生成 第一profile。Further, the receiver 51 is further configured to acquire first information sent by the terminal device, where the first information includes at least challenge information of the embedded universal integrated circuit card eUICC; the transmitter 53 is further used for The terminal device sends the second information, where the second information includes at least the challenge information of the subscription management device, and the receiver 51 is configured to receive a profile download request sent by the terminal device, where the profile download request includes the And the tag information, the tag identifier, and the signature information generated by the eUICC, where the terminal device uses the challenge information of the subscription management device, and the processor 52 is further configured to identify the identifier according to the identifier. Obtaining corresponding tag data, verifying the security-protected tag data according to the tag data; selecting one of the at least one second profile associated with the tag data after the verification is passed First profile.
进一步的,所述处理器52,具体用于获取与所述标记标识对应的标记数据,使用挑战信息对所述标记数据进行安全保护处理;将处理后的标记数据与所述安全保护后的标记数据进行比较,若相同则验证通过。Further, the processor 52 is specifically configured to acquire tag data corresponding to the tag identifier, perform security protection processing on the tag data by using challenge information, and process the tagged data and the security-protected tag. The data is compared, and if they are the same, the verification is passed.
进一步的,所述处理器52,具体用于获取与所述与所述标记数据关联的至少一个第二profile,并从中选出一个;在选出的第二profile中添加第五信息生成所述第一profile,所述第五信息至少包括初始化安全信道信息和配置profile安全域命令。Further, the processor 52 is specifically configured to acquire and select one at least one second profile associated with the tag data, and add a fifth information to the selected second profile to generate the The first profile, the fifth information includes at least an initialization security channel information and a configuration profile security domain command.
进一步的,所述处理器52,还用于根据移动网络运营商MNO的订购请求生成至少一个第二profile和一个标记信息,所述标记信息包括所述标记数据;将所述至少一个第二profile与所述标记数据关联;所述发送器53,还用于向所述MNO返回定购响应,所述订购响应包括所述标记信息。Further, the processor 52 is further configured to generate, according to the subscription request of the mobile network operator MNO, at least one second profile and one tag information, where the tag information includes the tag data; and the at least one second profile Associated with the tag data; the transmitter 53 is further configured to return an order response to the MNO, the order response including the tag information.
进一步的,所述处理器52,还用于根据移动网络运营商MNO的订购请求获取一个标记信息,所述标记信息包括所述标记数据,并生成至少一个第二profile;将所述至少一个第二profile与所述标记数据关联;所述发送器53,还用于向所述MNO返回定购响应。Further, the processor 52 is further configured to acquire, according to a subscription request of the mobile network operator MNO, a tag information, where the tag information includes the tag data, and generate at least one second profile; The second profile is associated with the tag data; the transmitter 53 is further configured to return an order response to the MNO.
进一步的,所述接收器51,还用于接收所述终端设备发送的profile第一删除通知,所述profile第一删除通知包括profile标识或eUICC标识;根据所述profile第一删除通知获取与所述profile标识或所述eUICC标识对应的第一profile;所述处理器52,还用于将所述第一profile恢复成第二profile。Further, the receiver 51 is further configured to receive a profile first deletion notification sent by the terminal device, where the profile first deletion notification includes a profile identifier or an eUICC identifier, and the first deletion notification is obtained according to the profile. The profile identifier or the first profile corresponding to the eUICC identifier; the processor 52 is further configured to restore the first profile to the second profile.
进一步的,所述处理器52,还用于生成加密秘钥,并对所述第二profile解密后使用所述加密秘钥重新进行加密。Further, the processor 52 is further configured to generate an encryption key, and decrypt the second profile and use the encryption key to re-encrypt.
进一步的,所述处理器52,具体用于将所述第一profile中的第五信息移除生成所述第二profile,所述第五信息至少包括初始化安全信道信息和配置profile安全域命令。Further, the processor 52 is specifically configured to remove the fifth information in the first profile to generate the second profile, where the fifth information includes at least an initialization security channel information and a configuration profile security domain command.
图17为本发明通信系统的一个实施例的结构示意图,如图17所示,本实施例的系统包括:终端设备61、签约管理设备62以及eUICC 63,其中,终端设备61可以采用图7~图9任一装置实施例的结构,其对应地,可以执行图1~图6中任一方法实施例的技术方案,其实现原理和技术效果类似,此处不再赘述;签约管理设备62可以采用图10~图14任一装置实施例的结构, 其对应地,可以执行图1~图6中任一方法实施例的技术方案,其实现原理和技术效果类似,此处不再赘述。FIG. 17 is a schematic structural diagram of an embodiment of a communication system according to the present invention. As shown in FIG. 17, the system of the present embodiment includes: a terminal device 61, a subscription management device 62, and an eUICC 63. The structure of any device embodiment of FIG. 9 is correspondingly configured to perform the technical solution of any one of the method embodiments of FIG. 1 to FIG. 6. The implementation principle and technical effects are similar, and details are not described herein again; the subscription management device 62 may Using the structure of any of the apparatus embodiments of FIGS. 10 to 14, Correspondingly, the technical solution of any one of the method embodiments of FIG. 1 to FIG. 6 can be performed, and the implementation principle and the technical effect are similar, and details are not described herein again.
进一步的,图17所述的通信系统中终端设备61可以采用图15所示设备实施例的结构,其对应地,可以执行图1~图6中任一方法实施例的技术方案,其实现原理和技术效果类似,此处不再赘述;签约管理设备62可以采用图16所示设备实施例的结构,其对应地,可以执行图1~图6中任一方法实施例的技术方案,其实现原理和技术效果类似,此处不再赘述。Further, the terminal device 61 in the communication system of FIG. 17 may adopt the structure of the device embodiment shown in FIG. 15 , and correspondingly, the technical solution of any of the method embodiments in FIG. 1 to FIG. 6 may be performed, and the implementation principle thereof is implemented. The technical solution is similar to the technical effect, and is not described here. The contract management device 62 can adopt the structure of the device embodiment shown in FIG. 16 , and correspondingly, the technical solution of any one of the method embodiments of FIG. 1 to FIG. 6 can be implemented. The principle and technical effect are similar and will not be described here.
在本发明所提供的几个实施例中,应该理解到,所揭露的装置和方法,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。In the several embodiments provided by the present invention, it should be understood that the disclosed apparatus and method may be implemented in other manners. For example, the device embodiments described above are merely illustrative. For example, the division of the unit is only a logical function division. In actual implementation, there may be another division manner, for example, multiple units or components may be combined or Can be integrated into another system, or some features can be ignored or not executed. In addition, the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, and may be in an electrical, mechanical or other form.
所述该作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separated, and the components displayed as the unit may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. . Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of the embodiment.
另外,在本发明各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用硬件加软件功能单元的形式实现。In addition, each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit. The above integrated unit can be implemented in the form of hardware or in the form of hardware plus software functional units.
上述以软件功能单元的形式实现的集成的单元,可以存储在一个计算机可读取存储介质中。上述软件功能单元存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)或处理器(processor)执行本发明各个实施例所述方法的部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(Read-Only Memory,ROM)、随机存取存储器(Random Access Memory,RAM)、磁碟或者光盘等各种可以存储程序代码的介质。The above-described integrated unit implemented in the form of a software functional unit can be stored in a computer readable storage medium. The above software functional unit is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) or a processor to perform the methods of the various embodiments of the present invention. Part of the steps. The foregoing storage medium includes: a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk, and the like, which can store program codes. .
本领域技术人员可以清楚地了解到,为描述的方便和简洁,仅以上述各 功能模块的划分进行举例说明,实际应用中,可以根据需要而将上述功能分配由不同的功能模块完成,即将装置的内部结构划分成不同的功能模块,以完成以上描述的全部或者部分功能。上述描述的装置的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。Those skilled in the art will clearly understand that for the convenience and brevity of the description, only the above The division of the function modules is exemplified. In practical applications, the above function assignments may be completed by different functional modules as needed, that is, the internal structure of the device is divided into different functional modules to complete all or part of the functions described above. For the specific working process of the device described above, refer to the corresponding process in the foregoing method embodiment, and details are not described herein again.
最后应说明的是:以上各实施例仅用以说明本发明的技术方案,而非对其限制;尽管参照前述各实施例对本发明进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分或者全部技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本发明各实施例技术方案的范围。 Finally, it should be noted that the above embodiments are merely illustrative of the technical solutions of the present invention, and are not intended to be limiting; although the present invention has been described in detail with reference to the foregoing embodiments, those skilled in the art will understand that The technical solutions described in the foregoing embodiments may be modified, or some or all of the technical features may be equivalently replaced; and the modifications or substitutions do not deviate from the technical solutions of the embodiments of the present invention. range.

Claims (59)

  1. 一种profile的处理方法,其特征在于,包括:A method for processing a profile, comprising:
    获取标记信息,所述标记信息包括标记数据;Obtaining tag information, the tag information including tag data;
    向签约管理设备发送profile下载请求,所述profile下载请求至少包括所述标记数据;Sending a profile download request to the subscription management device, where the profile download request includes at least the tag data;
    接收所述签约管理设备发送的第一profile,所述第一profile为所述签约管理设备根据与所述标记数据关联的至少一个第二profile中选出的一个生成的。Receiving a first profile sent by the subscription management device, where the first profile is generated by the subscription management device according to one selected from the at least one second profile associated with the tag data.
  2. 根据权利要求1所述的方法,其特征在于,所述标记信息还包括标记标识;所述向签约管理设备发送profile下载请求之前,还包括:The method according to claim 1, wherein the tag information further includes a tag identifier; and before the sending the profile download request to the subscription management device, the method further includes:
    接收嵌入式通用集成电路卡eUICC的第一信息,并将所述第一信息发送给签约管理设备,所述第一信息至少包括所述eUICC的挑战信息;Receiving the first information of the embedded universal integrated circuit card eUICC, and transmitting the first information to the subscription management device, where the first information includes at least the challenge information of the eUICC;
    接收所述签约管理设备返回的第二信息,所述第二信息至少包括所述签约管理设备的挑战信息;Receiving second information returned by the subscription management device, where the second information includes at least challenge information of the subscription management device;
    使用所述签约管理设备的挑战信息对所述标记数据进行安全保护;Using the challenge information of the subscription management device to secure the tag data;
    将第三信息发送给所述eUICC,以使所述eUICC使用所述第三信息生成签名信息,所述第三信息至少包括安全保护后的标记数据和所述标记标识;Transmitting the third information to the eUICC, so that the eUICC generates signature information by using the third information, where the third information includes at least the security-protected tag data and the tag identifier;
    接收所述eUICC的第四信息,所述第四信息至少包括所述签名信息;Receiving fourth information of the eUICC, where the fourth information includes at least the signature information;
    所述向签约管理设备发送profile下载请求,包括:Sending a profile download request to the subscription management device, including:
    向所述签约管理设备发送profile下载请求,所述profile下载请求包括安全保护后的标记数据、所述标记标识以及所述签名信息。Sending a profile download request to the subscription management device, where the profile download request includes security-protected tag data, the tag identifier, and the signature information.
  3. 根据权利要求1或2所述的方法,其特征在于,所述获取标记信息之前,还包括:The method according to claim 1 or 2, wherein before the obtaining the tag information, the method further comprises:
    向所述eUICC发送profile信息获取消息,所述profile信息获取消息包括profile类型;Sending a profile information acquisition message to the eUICC, where the profile information acquisition message includes a profile type;
    接收并显示所述eUICC发送的与所述profile类型对应的profile信息。Receiving and displaying profile information corresponding to the profile type sent by the eUICC.
  4. 根据权利要求1~3中任一项所述的方法,其特征在于,所述使用所述签约管理设备的挑战信息对所述标记数据进行安全保护,包括:The method according to any one of claims 1 to 3, wherein the using the challenge information of the subscription management device to secure the tag data comprises:
    对所述签约管理设备的挑战信息和所述标记数据进行哈希运算。The challenge information of the subscription management device and the tag data are hashed.
  5. 根据权利要求1~4中任一项所述的方法,其特征在于,所述profile 下载请求还包括特定指示信息,所述特定指示信息用于指示所述签约管理设备需要下载的profile为特定类型profile。The method according to any one of claims 1 to 4, wherein the profile The download request further includes specific indication information, which is used to indicate that the profile that the subscription management device needs to download is a specific type profile.
  6. 根据权利要求1~5中任一项所述的方法,其特征在于,所述接收所述签约管理设备发送的第一profile之后,还包括:The method according to any one of claims 1 to 5, further comprising: after receiving the first profile sent by the subscription management device, further comprising:
    向所述签约管理设备发送profile第一删除通知,所述profile第一删除通知包括以下至少一个信息:profile标识或eUICC标识,以使所述签约管理设备根据所述profile第一删除通知获取与所述profile标识或所述eUICC标识中至少一个信息对应的第一profile,并将所述第一profile恢复成第二profile。Sending a profile first deletion notification to the subscription management device, where the profile first deletion notification includes at least one of the following information: a profile identifier or an eUICC identifier, so that the subscription management device obtains the location according to the profile first deletion notification. Determining, by the profile identifier, the first profile corresponding to the at least one information in the eUICC identifier, and restoring the first profile to the second profile.
  7. 根据权利要求6所述的方法,其特征在于,所述向所述签约管理设备发送profile第一删除通知之前,还包括:The method according to claim 6, wherein before the sending the profile first deletion notification to the subscription management device, the method further includes:
    向所述eUICC发送profile信息获取消息,所述profile信息获取消息包括profile类型;Sending a profile information acquisition message to the eUICC, where the profile information acquisition message includes a profile type;
    接收并显示所述eUICC发送的与所述profile类型对应的profile信息。Receiving and displaying profile information corresponding to the profile type sent by the eUICC.
  8. 根据权利要求7所述的方法,其特征在于,所述接收并显示所述eUICC发送的与所述profile类型对应的profile信息之后,还包括:The method according to claim 7, wherein after receiving and displaying the profile information corresponding to the profile type sent by the eUICC, the method further includes:
    获取用户输入的profile删除指令;Obtaining a profile deletion instruction input by the user;
    根据所述profile删除指令删除所述eUICC中对应的特定类型profile。Deleting a corresponding specific type profile in the eUICC according to the profile deletion instruction.
  9. 根据权利要求6所述的方法,其特征在于,所述向所述签约管理设备发送profile第一删除通知之前,还包括:The method according to claim 6, wherein before the sending the profile first deletion notification to the subscription management device, the method further includes:
    接收所述eUICC发送的profile第二删除通知,所述profile第二删除通知为所述eUICC在接收到获取eUICC挑战指令或profile激活指令之后检测到存储有特定类型profile,并删除所述特定类型profile之后发送的。Receiving a profile second deletion notification sent by the eUICC, where the profile second deletion notification is that the eUICC detects that a specific type profile is stored after receiving the eUICC challenge instruction or the profile activation instruction, and deletes the specific type profile. After sending it.
  10. 根据权利要求1~9中任一项所述的方法,其特征在于,所述接收所述签约管理设备发送的第一profile之后,还包括:The method according to any one of claims 1 to 9, wherein after receiving the first profile sent by the subscription management device, the method further includes:
    向移动网络运营商MNO通知profile下载完成。The mobile network operator MNO is notified that the profile download is completed.
  11. 一种profile的处理方法,其特征在于,包括:A method for processing a profile, comprising:
    接收终端设备发送的profile下载请求,所述profile下载请求至少包括所述终端设备获取到的标记数据;Receiving a profile download request sent by the terminal device, where the profile download request includes at least the tag data acquired by the terminal device;
    从与所述标记数据关联的至少一个第二profile中选择一个生成第一profile; Selecting one of the at least one second profile associated with the tag data to generate a first profile;
    向所述终端设备发送所述第一profile。Sending the first profile to the terminal device.
  12. 根据权利要求11所述的方法,其特征在于,所述profile下载请求还包括标记标识;所述接收终端设备发送的profile下载请求之前,还包括:The method according to claim 11, wherein the profile download request further includes a tag identifier; and before the receiving the profile download request sent by the terminal device, the method further includes:
    获取终端设备发送的第一信息,所述第一信息至少包括嵌入式通用集成电路卡eUICC的挑战信息;Obtaining first information sent by the terminal device, where the first information includes at least challenge information of the embedded universal integrated circuit card eUICC;
    向所述终端设备发送第二信息,所述第二信息至少包括签约管理设备的挑战信息;Sending, to the terminal device, second information, where the second information includes at least challenge information of the subscription management device;
    所述接收终端设备发送的profile下载请求,包括:The profile download request sent by the receiving terminal device includes:
    接收所述终端设备发送的profile下载请求,所述profile下载请求包括所述终端设备使用所述签约管理设备的挑战信息对获取到的标记数据进行安全保护后的标记数据、标记标识以及所述eUICC生成的签名信息;Receiving a profile download request sent by the terminal device, where the profile download request includes the tag data, the tag identifier, and the eUICC after the terminal device uses the challenge information of the subscription management device to perform security protection on the acquired tag data. Generated signature information;
    所述从与所述标记数据关联的至少一个第二profile中选择一个生成第一profile,包括:The selecting one of the at least one second profile associated with the tag data to generate the first profile comprises:
    根据所述标记标识获取对应的标记数据,根据所述标记数据对所述安全保护后的标记数据进行验证,并在验证通过后从与所述标记数据关联的至少一个第二profile中选择一个生成第一profile。Obtaining corresponding tag data according to the tag identifier, verifying the security-protected tag data according to the tag data, and selecting one of the at least one second profile associated with the tag data after the verification is passed First profile.
  13. 根据权利要求12所述的方法,其特征在于,所述根据所述标记标识获取对应的标记数据,根据所述标记数据对所述安全保护后的标记数据进行验证,包括:The method according to claim 12, wherein the obtaining the corresponding tag data according to the tag identifier, and verifying the security-protected tag data according to the tag data comprises:
    获取与所述标记标识对应的标记数据,使用挑战信息对所述标记数据进行安全保护处理;Obtaining tag data corresponding to the tag identifier, and performing security protection processing on the tag data by using challenge information;
    将处理后的标记数据与所述安全保护后的标记数据进行比较,若相同则验证通过。The processed tag data is compared with the tag data after the security protection, and if they are the same, the verification is passed.
  14. 根据权利要求11~13中任一项所述的方法,其特征在于,所述从与所述标记数据关联的至少一个第二profile中选择一个生成第一profile,包括:The method according to any one of claims 11 to 13, wherein the selecting one of the at least one second profile associated with the tag data to generate the first profile comprises:
    获取与所述标记数据关联的至少一个第二profile,并从中选出一个;Obtaining at least one second profile associated with the tag data and selecting one of them;
    在选出的第二profile中添加第五信息生成所述第一profile,所述第五信息至少包括初始化安全信道信息和配置profile安全域命令。And adding the fifth information to the selected second profile to generate the first profile, where the fifth information includes at least an initialization security channel information and a configuration profile security domain command.
  15. 根据所述权利要求11~14中任一项所述的方法,其特征在于,所述 获取终端设备发送的第一信息之前,还包括:The method according to any one of claims 11 to 14, wherein said Before obtaining the first information sent by the terminal device, the method further includes:
    根据移动网络运营商MNO的订购请求生成至少一个第二profile和一个标记信息,所述标记信息包括所述标记数据;Generating at least one second profile and one tag information according to a subscription request of the mobile network operator MNO, the tag information including the tag data;
    将所述至少一个第二profile与所述标记数据关联;Associating the at least one second profile with the tag data;
    向所述MNO返回定购响应,所述订购响应包括所述标记信息。A subscription response is returned to the MNO, the subscription response including the tag information.
  16. 根据所述权利要求11~14中任一项所述的方法,其特征在于,所述获取终端设备发送的第一信息之前,还包括:The method according to any one of claims 11 to 14, wherein before the acquiring the first information sent by the terminal device, the method further includes:
    根据移动网络运营商MNO的订购请求获取一个标记信息,所述标记信息包括所述标记数据,并生成至少一个第二profile;Acquiring a tag information according to the subscription request of the mobile network operator MNO, the tag information including the tag data, and generating at least one second profile;
    将所述至少一个第二profile与所述标记数据关联;Associating the at least one second profile with the tag data;
    向所述MNO返回定购响应。An order response is returned to the MNO.
  17. 根据权利要求11~16中任一项所述的方法,其特征在于,所述向所述终端设备发送所述第一profile之后,还包括:The method according to any one of claims 11 to 16, wherein after the sending the first profile to the terminal device, the method further includes:
    接收所述终端设备发送的profile第一删除通知,所述profile第一删除通知包括以下至少一个信息:profile标识或eUICC标识;Receiving a profile first deletion notification sent by the terminal device, where the profile first deletion notification includes at least one of the following information: a profile identifier or an eUICC identifier;
    根据所述profile第一删除通知获取与所述profile标识或所述eUICC标识中至少一个信息对应的第一profile;Obtaining, according to the profile first deletion notification, a first profile corresponding to at least one of the profile identifier or the eUICC identifier;
    将所述第一profile恢复成第二profile。Restoring the first profile to a second profile.
  18. 根据权利要求17所述的方法,其特征在于,所述将所述第一profile恢复成第二profile之后,还包括:The method according to claim 17, wherein after the recovering the first profile to the second profile, the method further comprises:
    生成加密秘钥,并对所述第二profile解密后使用所述加密秘钥重新进行加密。An encryption key is generated, and the second profile is decrypted and then re-encrypted using the encryption key.
  19. 根据权利要求17或18所述的方法,其特征在于,所述将所述第一profile恢复成第二profile,包括:The method according to claim 17 or 18, wherein the restoring the first profile to the second profile comprises:
    将所述第一profile中的第五信息移除生成所述第二profile,所述第五信息至少包括初始化安全信道信息和配置profile安全域命令。And deleting the fifth information in the first profile to generate the second profile, where the fifth information includes at least an initialization security channel information and a configuration profile security domain command.
  20. 一种终端设备,其特征在于,包括:A terminal device, comprising:
    获取模块,用于获取标记信息,所述标记信息包括标记数据;An obtaining module, configured to obtain tag information, where the tag information includes tag data;
    发送模块,用于向签约管理设备发送profile下载请求,所述profile下载请求至少包括所述标记数据; a sending module, configured to send a profile download request to the subscription management device, where the profile download request includes at least the tag data;
    接收模块,用于接收所述签约管理设备发送的第一profile,所述第一profile为所述签约管理设备根据与所述标记数据关联的至少一个第二profile中选出的一个生成的。a receiving module, configured to receive a first profile sent by the subscription management device, where the first profile is generated by the subscription management device according to one selected from the at least one second profile associated with the tag data.
  21. 根据权利要求20所述的装置,其特征在于,所述标记信息还包括标记标识;所述装置还包括:安全保护模块;The device according to claim 20, wherein the tag information further comprises a tag identifier; the device further comprising: a security protection module;
    所述接收模块,还用于接收嵌入式通用集成电路卡eUICC的第一信息;The receiving module is further configured to receive first information of the embedded universal integrated circuit card eUICC;
    所述发送模块,还用于将所述第一信息发送给签约管理设备,所述第一信息至少包括所述eUICC的挑战信息;The sending module is further configured to send the first information to the subscription management device, where the first information includes at least the challenge information of the eUICC;
    所述接收模块,还用于接收所述签约管理设备返回的第二信息,所述第二信息至少包括所述签约管理设备的挑战信息;The receiving module is further configured to receive second information returned by the subscription management device, where the second information includes at least challenge information of the subscription management device;
    所述安全保护模块,用于使用所述签约管理设备的挑战信息对所述标记数据进行安全保护;The security protection module is configured to perform security protection on the tag data by using challenge information of the subscription management device;
    所述发送模块,还用于将第三信息发送给所述eUICC,以使所述eUICC使用所述第三信息生成签名信息,所述第三信息至少包括安全保护后的标记数据和所述标记标识;The sending module is further configured to send the third information to the eUICC, so that the eUICC generates signature information by using the third information, where the third information includes at least the security-protected tag data and the tag Identification
    所述接收模块,还用于接收所述eUICC的第四信息,所述第四信息至少包括所述签名信息;The receiving module is further configured to receive fourth information of the eUICC, where the fourth information includes at least the signature information;
    所述发送模块,具体用于向所述签约管理设备发送profile下载请求,所述profile下载请求包括安全保护后的标记数据、所述标记标识以及所述签名信息。The sending module is specifically configured to send a profile download request to the subscription management device, where the profile download request includes security-protected tag data, the tag identifier, and the signature information.
  22. 根据权利要求20或21所述的装置,其特征在于,所述发送模块,还用于向所述eUICC发送profile信息获取消息,所述profile信息获取消息包括profile类型;The device according to claim 20 or 21, wherein the sending module is further configured to send a profile information acquisition message to the eUICC, where the profile information acquisition message includes a profile type;
    所述接收模块,还用于接收并显示所述eUICC发送的与所述profile类型对应的profile信息。The receiving module is further configured to receive and display profile information corresponding to the profile type sent by the eUICC.
  23. 根据权利要求20~22中任一项所述的装置,其特征在于,所述安全保护模块,具体用于对所述签约管理设备的挑战信息和所述标记数据进行哈希运算。The device according to any one of claims 20 to 22, wherein the security protection module is specifically configured to perform hash operation on the challenge information of the subscription management device and the tag data.
  24. 根据权利要求20~23中任一项所述的装置,其特征在于,所述profile下载请求还包括特定指示信息,所述特定指示信息用于指示所述签约 管理设备需要下载的profile为特定类型profile。The device according to any one of claims 20 to 23, wherein the profile download request further includes specific indication information, the specific indication information being used to indicate the signing The profile that the management device needs to download is a specific type profile.
  25. 根据权利要求20~24中任一项所述的装置,其特征在于,所述发送模块,还用于向所述签约管理设备发送profile第一删除通知,所述profile第一删除通知包括以下至少一个信息:profile标识或eUICC标识,以使所述签约管理设备根据所述profile第一删除通知获取与所述profile标识或所述eUICC标识中至少一个信息对应的第一profile,并将所述第一profile恢复成第二profile。The device according to any one of claims 20 to 24, wherein the sending module is further configured to send a profile first deletion notification to the subscription management device, where the profile first deletion notification includes at least the following a first identifier of the profile identifier or the eUICC identifier, so that the subscription management device acquires a first profile corresponding to at least one of the profile identifier or the eUICC identifier according to the profile first deletion notification, and the A profile is restored to the second profile.
  26. 根据权利要求25所述的装置,其特征在于,所述发送模块,还用于向所述eUICC发送profile信息获取消息,所述profile信息获取消息包括profile类型;The device according to claim 25, wherein the sending module is further configured to send a profile information acquisition message to the eUICC, where the profile information acquisition message includes a profile type;
    所述接收模块,还用于接收并显示所述eUICC发送的与所述profile类型对应的profile信息。The receiving module is further configured to receive and display profile information corresponding to the profile type sent by the eUICC.
  27. 根据权利要求26所述的装置,其特征在于,还包括:删除模块;The device according to claim 26, further comprising: deleting a module;
    所述获取模块,还用于获取用户输入的profile删除指令;The obtaining module is further configured to acquire a profile deletion instruction input by the user;
    所述删除模块,用于根据所述profile删除指令删除所述eUICC中对应的特定类型profile。The deleting module is configured to delete a specific type profile corresponding to the eUICC according to the profile deletion instruction.
  28. 根据权利要求25所述的装置,其特征在于,所述接收模块,还用于接收所述eUICC发送的profile第二删除通知,所述profile第二删除通知为所述eUICC在接收到获取eUICC挑战指令或profile激活指令之后检测到存储有特定类型profile,并删除所述特定类型profile之后发送的。The device according to claim 25, wherein the receiving module is further configured to receive a second deletion notification sent by the eUICC, where the second deletion notification is that the eUICC receives the eUICC challenge. After the instruction or profile activation instruction detects that a particular type profile is stored and deletes the specific type profile.
  29. 根据权利要求20~28中任一项所述的装置,其特征在于,所述发送模块,还用于向移动网络运营商MNO通知profile下载完成。The device according to any one of claims 20 to 28, wherein the sending module is further configured to notify the mobile network operator MNO that the profile download is completed.
  30. 一种签约管理设备,其特征在于,包括:A contract management device, comprising:
    接收模块,用于接收终端设备发送的profile下载请求,所述profile下载请求至少包括所述终端设备获取到的标记数据;a receiving module, configured to receive a profile download request sent by the terminal device, where the profile download request includes at least the tag data acquired by the terminal device;
    选择模块,用于从与所述标记数据关联的至少一个第二profile中选择一个生成第一profile;a selection module, configured to select one of the at least one second profile associated with the tag data to generate a first profile;
    发送模块,用于向所述终端设备发送所述第一profile。And a sending module, configured to send the first profile to the terminal device.
  31. 根据权利要求30所述的装置,其特征在于,所述profile下载请求还包括标记标识;所述装置还包括:获取模块; The device according to claim 30, wherein the profile download request further comprises a tag identifier; the device further comprising: an acquisition module;
    所述选择模块包括:验证单元和profile生成单元;The selection module includes: a verification unit and a profile generation unit;
    所述获取模块,用于获取终端设备发送的第一信息,所述第一信息至少包括嵌入式通用集成电路卡eUICC的挑战信息;The acquiring module is configured to acquire first information sent by the terminal device, where the first information includes at least challenge information of the embedded universal integrated circuit card eUICC;
    所述发送模块,还用于向所述终端设备发送第二信息,所述第二信息至少包括签约管理设备的挑战信息;The sending module is further configured to send second information to the terminal device, where the second information includes at least challenge information of the subscription management device;
    所述接收模块,具体用于接收所述终端设备发送的profile下载请求,所述profile下载请求包括所述终端设备使用所述签约管理设备的挑战信息对获取到的标记数据进行安全保护后的标记数据、标记标识以及所述eUICC生成的签名信息;The receiving module is specifically configured to receive a profile download request sent by the terminal device, where the profile download request includes a mark that the terminal device uses the challenge information of the subscription management device to perform security protection on the acquired tag data. Data, a tag identifier, and signature information generated by the eUICC;
    所述验证单元,用于根据所述标记标识获取对应的标记数据,根据所述标记数据对所述安全保护后的标记数据进行验证;The verification unit is configured to obtain corresponding tag data according to the tag identifier, and verify the security-protected tag data according to the tag data;
    所述profile生成单元,用于在验证通过后从与所述标记数据关联的至少一个第二profile中选择一个生成第一profile。The profile generating unit is configured to select one of the at least one second profile associated with the tag data to generate a first profile after the verification is passed.
  32. 根据权利要求31所述的装置,其特征在于,所述验证单元,具体用于获取与所述标记标识对应的标记数据,使用挑战信息对所述标记数据进行安全保护处理;将处理后的标记数据与所述安全保护后的标记数据进行比较,若相同则验证通过。The device according to claim 31, wherein the verification unit is configured to acquire tag data corresponding to the tag identifier, and perform security protection processing on the tag data by using challenge information; The data is compared with the security-protected tag data, and if they are the same, the verification is passed.
  33. 根据权利要求30~32中任一项所述的装置,其特征在于,所述选择模块,具体用于获取与所述标记数据关联的至少一个第二profile,并从中选出一个;在选出的第二profile中添加第五信息生成所述第一profile,所述第五信息至少包括初始化安全信道信息和配置profile安全域命令。The device according to any one of claims 30 to 32, wherein the selection module is configured to acquire at least one second profile associated with the tag data, and select one of them; Adding the fifth information to the second profile to generate the first profile, where the fifth information includes at least an initialization security channel information and a configuration profile security domain command.
  34. 根据权利要求30~33中任一项所述的装置,其特征在于,还包括:第一生成模块和第一关联模块;The apparatus according to any one of claims 30 to 33, further comprising: a first generation module and a first association module;
    所述第一生成模块,用于根据移动网络运营商MNO的订购请求生成至少一个第二profile和一个标记信息,所述标记信息包括所述标记数据;The first generating module is configured to generate at least one second profile and one tag information according to a subscription request of the mobile network operator MNO, where the tag information includes the tag data;
    所述第一关联模块,用于将所述至少一个第二profile与所述标记数据关联;The first association module is configured to associate the at least one second profile with the tag data;
    所述发送模块,还用于向所述MNO返回定购响应,所述订购响应包括所述标记信息。The sending module is further configured to return an order response to the MNO, where the order response includes the tag information.
  35. 根据权利要求30~33中任一项所述的装置,其特征在于,还包括: 第二生成模块和第二关联模块;The device according to any one of claims 30 to 33, further comprising: a second generation module and a second association module;
    第二生成模块,用于根据移动网络运营商MNO的订购请求获取一个标记信息,所述标记信息包括所述标记数据,并生成至少一个第二profile;a second generating module, configured to acquire, according to a subscription request of the mobile network operator MNO, a tag information, where the tag information includes the tag data, and generate at least one second profile;
    第二关联模块,用于将所述至少一个第二profile与所述标记数据关联;a second association module, configured to associate the at least one second profile with the tag data;
    所述发送模块,还用于向所述MNO返回定购响应。The sending module is further configured to return an order response to the MNO.
  36. 根据权利要求30~35中任一项所述的装置,其特征在于,还包括:恢复模块;The apparatus according to any one of claims 30 to 35, further comprising: a recovery module;
    所述接收模块,还用于接收所述终端设备发送的profile第一删除通知,所述profile第一删除通知包括以下至少一个信息:profile标识或eUICC标识;根据所述profile第一删除通知获取与所述profile标识或所述eUICC标识中至少一个信息对应的第一profile;The receiving module is further configured to receive a profile first deletion notification sent by the terminal device, where the profile first deletion notification includes at least one of the following information: a profile identifier or an eUICC identifier; and the first deletion notification is acquired according to the profile. a first profile corresponding to the at least one of the profile identifier or the eUICC identifier;
    所述恢复模块,用于将所述第一profile恢复成第二profile。The recovery module is configured to restore the first profile to a second profile.
  37. 根据权利要求36所述的装置,其特征在于,还包括:The device of claim 36, further comprising:
    加密模块,用于生成加密秘钥,并对所述第二profile解密后使用所述加密秘钥重新进行加密。And an encryption module, configured to generate an encryption key, and decrypt the second profile and use the encryption key to re-encrypt.
  38. 根据权利要求36或37所述的装置,其特征在于,所述恢复模块,具体用于将所述第一profile中的第五信息移除生成所述第二profile,所述第五信息至少包括初始化安全信道信息和配置profile安全域命令。The device according to claim 36 or 37, wherein the recovery module is specifically configured to remove the fifth information in the first profile to generate the second profile, where the fifth information includes at least Initialize the security channel information and configure the profile security domain command.
  39. 一种终端设备,其特征在于,包括:A terminal device, comprising:
    处理器,用于获取标记信息,所述标记信息包括标记数据;a processor, configured to acquire tag information, where the tag information includes tag data;
    发送器,用于向签约管理设备发送profile下载请求,所述profile下载请求至少包括所述标记数据;a sender, configured to send a profile download request to the subscription management device, where the profile download request includes at least the tag data;
    接收器,用于接收所述签约管理设备发送的第一profile,所述第一profile为所述签约管理设备根据与所述标记数据关联的至少一个第二profile中选出的一个生成的。a receiver, configured to receive a first profile sent by the subscription management device, where the first profile is generated by the subscription management device according to one selected from the at least one second profile associated with the tag data.
  40. 根据权利要求39所述的设备,其特征在于,所述标记信息还包括标记标识;所述处理器,还用于获取嵌入式通用集成电路卡eUICC的第一信息;The device according to claim 39, wherein the tag information further comprises a tag identifier; the processor is further configured to acquire first information of the embedded universal integrated circuit card eUICC;
    所述发送器,还用于将所述第一信息发送给签约管理设备,所述第一信息至少包括所述eUICC的挑战信息; The transmitter is further configured to send the first information to a subscription management device, where the first information includes at least challenge information of the eUICC;
    所述接收器,还用于接收所述签约管理设备返回的第二信息,所述第二信息至少包括所述签约管理设备的挑战信息;The receiver is further configured to receive second information returned by the subscription management device, where the second information includes at least challenge information of the subscription management device;
    所述处理器,还用于使用所述签约管理设备的挑战信息对所述标记数据进行安全保护;The processor is further configured to perform security protection on the tag data by using challenge information of the subscription management device;
    所述处理器,还用于控制将第三信息传输给所述eUICC,以使所述eUICC使用所述第三信息生成签名信息,所述第三信息至少包括安全保护后的标记数据和所述标记标识;获取所述eUICC的第四信息,所述第四信息至少包括所述签名信息;The processor is further configured to control to transmit the third information to the eUICC, so that the eUICC generates signature information by using the third information, where the third information includes at least the security-protected tag data and the Marking the identifier; acquiring fourth information of the eUICC, the fourth information including at least the signature information;
    所述发送器,具体用于向所述签约管理设备发送profile下载请求,所述profile下载请求包括安全保护后的标记数据、所述标记标识以及所述签名信息。The transmitter is specifically configured to send a profile download request to the subscription management device, where the profile download request includes security-protected tag data, the tag identifier, and the signature information.
  41. 根据权利要求39或40所述的设备,其特征在于,所述处理器,还用于控制向所述eUICC传输profile信息获取消息,所述profile信息获取消息包括profile类型;获取并控制显示所述eUICC发送的与所述profile类型对应的profile信息。The device according to claim 39 or 40, wherein the processor is further configured to control transmission of a profile information acquisition message to the eUICC, the profile information acquisition message includes a profile type, and obtain and control display Profile information corresponding to the profile type sent by the eUICC.
  42. 根据权利要求39~41中任一项所述的设备,其特征在于,所述处理器,具体用于对所述签约管理设备的挑战信息和所述标记数据进行哈希运算。The device according to any one of claims 39 to 41, wherein the processor is specifically configured to perform hash operation on challenge information of the subscription management device and the tag data.
  43. 根据权利要求39~42中任一项所述的设备,其特征在于,所述profile下载请求还包括特定指示信息,所述特定指示信息用于指示所述签约管理设备需要下载的profile为特定类型profile。The device according to any one of claims 39 to 42, wherein the profile download request further includes specific indication information, where the specific indication information is used to indicate that the profile management device needs to download a profile of a specific type. Profile.
  44. 根据权利要求39~43中任一项所述的设备,其特征在于,所述发送器,还用于向所述签约管理设备发送profile第一删除通知,所述profile第一删除通知包括以下至少一个信息:profile标识或eUICC标识,以使所述签约管理设备根据所述profile第一删除通知获取与所述profile标识或所述eUICC标识中至少一个信息对应的第一profile,并将所述第一profile恢复成第二profile。The device according to any one of claims 39 to 43, wherein the sender is further configured to send a profile first deletion notification to the subscription management device, where the profile first deletion notification includes at least the following a first identifier of the profile identifier or the eUICC identifier, so that the subscription management device acquires a first profile corresponding to at least one of the profile identifier or the eUICC identifier according to the profile first deletion notification, and the A profile is restored to the second profile.
  45. 根据权利要求44所述的设备,其特征在于,所述处理器,还用于控制向所述eUICC传输profile信息获取消息,所述profile信息获取消息包括profile类型;获取并控制显示所述eUICC发送的与所述profile类型对应的 profile信息。The device according to claim 44, wherein the processor is further configured to control transmission of a profile information acquisition message to the eUICC, the profile information acquisition message includes a profile type, and acquire and control display of the eUICC transmission. Corresponding to the profile type Profile information.
  46. 根据权利要求45所述的设备,其特征在于,所述处理器,还用于获取用户输入的profile删除指令;根据所述profile删除指令删除所述eUICC中对应的特定类型profile。The device according to claim 45, wherein the processor is further configured to acquire a profile deletion instruction input by a user, and delete a specific type profile corresponding to the eUICC according to the profile deletion instruction.
  47. 根据权利要求44所述的设备,其特征在于,所述处理器,还用于获取所述eUICC发送的profile第二删除通知,所述profile第二删除通知为所述eUICC在接收到获取eUICC挑战指令或profile激活指令之后检测到存储有特定类型profile,并删除所述特定类型profile之后发送的。The device according to claim 44, wherein the processor is further configured to acquire a profile second deletion notification sent by the eUICC, where the profile second deletion notification is that the eUICC receives the eUICC challenge After the instruction or profile activation instruction detects that a particular type profile is stored and deletes the specific type profile.
  48. 根据权利要求39~47中任一项所述的设备,其特征在于,所述发送器,还用于向移动网络运营商MNO通知profile下载完成。The device according to any one of claims 39 to 47, wherein the sender is further configured to notify the mobile network operator MNO that the profile download is complete.
  49. 一种签约管理设备,其特征在于,包括:A contract management device, comprising:
    接收器,用于接收终端设备发送的profile下载请求,所述profile下载请求至少包括所述终端设备获取到的标记数据;a receiver, configured to receive a profile download request sent by the terminal device, where the profile download request includes at least the tag data acquired by the terminal device;
    处理器,用于从与所述标记数据关联的至少一个第二profile中选择一个生成第一profile;a processor, configured to select one of the at least one second profile associated with the tag data to generate a first profile;
    发送器,用于向所述终端设备发送所述第一profile。And a transmitter, configured to send the first profile to the terminal device.
  50. 根据权利要求49所述的设备,其特征在于,所述profile下载请求还包括标记标识;所述接收器,还用于获取终端设备发送的第一信息,所述第一信息至少包括嵌入式通用集成电路卡eUICC的挑战信息;The device according to claim 49, wherein the profile download request further comprises a tag identifier; the receiver is further configured to acquire first information sent by the terminal device, where the first information includes at least an embedded universal Challenge information of the integrated circuit card eUICC;
    所述发送器,还用于向所述终端设备发送第二信息,所述第二信息至少包括签约管理设备的挑战信息;The transmitter is further configured to send second information to the terminal device, where the second information includes at least challenge information of the subscription management device;
    所述接收器,具体用于接收所述终端设备发送的profile下载请求,所述profile下载请求包括所述终端设备使用所述签约管理设备的挑战信息对获取到的标记数据进行安全保护后的标记数据、标记标识以及所述eUICC生成的签名信息;The receiver is specifically configured to receive a profile download request sent by the terminal device, where the profile download request includes a mark that the terminal device uses the challenge information of the subscription management device to perform security protection on the acquired tag data. Data, a tag identifier, and signature information generated by the eUICC;
    所述处理器,还用于根据所述标记标识获取对应的标记数据,根据所述标记数据对所述安全保护后的标记数据进行验证;在验证通过后从与所述标记数据关联的至少一个第二profile中选择一个生成第一profile。The processor is further configured to obtain corresponding tag data according to the tag identifier, verify the security-protected tag data according to the tag data, and at least one associated with the tag data after the verification is passed Select one of the second profiles to generate the first profile.
  51. 根据权利要求50所述的设备,其特征在于,所述处理器,具体用于获取与所述标记标识对应的标记数据,使用挑战信息对所述标记数据进行 安全保护处理;将处理后的标记数据与所述安全保护后的标记数据进行比较,若相同则验证通过。The device according to claim 50, wherein the processor is configured to acquire tag data corresponding to the tag identifier, and use the challenge information to perform the tag data. The security protection process compares the processed tag data with the security-protected tag data, and if the same, the verification passes.
  52. 根据权利要求49~51中任一项所述的设备,其特征在于,所述处理器,具体用于获取与所述标记数据关联的至少一个第二profile,并从中选出一个;在选出的第二profile中添加第五信息生成所述第一profile,所述第五信息至少包括初始化安全信道信息和配置profile安全域命令。The device according to any one of claims 49 to 51, wherein the processor is configured to acquire at least one second profile associated with the tag data, and select one of them; Adding the fifth information to the second profile to generate the first profile, where the fifth information includes at least an initialization security channel information and a configuration profile security domain command.
  53. 根据权利要求49~52中任一项所述的设备,其特征在于,所述处理器,还用于根据移动网络运营商MNO的订购请求生成至少一个第二profile和一个标记信息,所述标记信息包括所述标记数据;将所述至少一个第二profile与所述标记数据关联;The device according to any one of claims 49 to 52, wherein the processor is further configured to generate at least one second profile and one tag information according to a subscription request of a mobile network operator MNO, the tag The information includes the tag data; associating the at least one second profile with the tag data;
    所述发送器,还用于向所述MNO返回定购响应,所述订购响应包括所述标记信息。The transmitter is further configured to return an order response to the MNO, where the order response includes the tag information.
  54. 根据权利要求49~52中任一项所述的设备,其特征在于,所述处理器,还用于根据移动网络运营商MNO的订购请求获取一个标记信息,所述标记信息包括所述标记数据,并生成至少一个第二profile;将所述至少一个第二profile与所述标记数据关联;The device according to any one of claims 49 to 52, wherein the processor is further configured to acquire a tag information according to a subscription request of a mobile network operator MNO, where the tag information includes the tag data And generating at least one second profile; associating the at least one second profile with the tag data;
    所述发送器,还用于向所述MNO返回定购响应。The transmitter is further configured to return an order response to the MNO.
  55. 根据权利要求49~54中任一项所述的设备,其特征在于,所述接收器,还用于接收所述终端设备发送的profile第一删除请求,所述profile第一删除请求包括以下至少一个信息:profile标识或eUICC标识;根据所述profile第一删除通知获取与所述profile标识或所述eUICC标识中至少一个信息对应的第一profile;The device according to any one of claims 49 to 54, wherein the receiver is further configured to receive a profile first deletion request sent by the terminal device, where the profile first deletion request includes at least the following The first profile corresponding to the at least one of the profile identifier or the eUICC identifier is obtained according to the profile first deletion notification according to the profile identifier or the eUICC identifier;
    所述处理器,还用于将所述第一profile恢复成第二profile。The processor is further configured to restore the first profile to a second profile.
  56. 根据权利要求55所述的设备,其特征在于,所述处理器,还用于生成加密秘钥,并对所述第二profile解密后使用所述加密秘钥重新进行加密。The device according to claim 55, wherein the processor is further configured to generate an encryption key, and decrypt the second profile and use the encryption key to re-encrypt.
  57. 根据权利要求55或56所述的装置,其特征在于,所述处理器,具体用于将所述第一profile中的第五信息移除生成所述第二profile,所述第五信息至少包括初始化安全信道信息和配置profile安全域命令。The device according to claim 55 or 56, wherein the processor is specifically configured to remove the fifth information in the first profile to generate the second profile, where the fifth information includes at least Initialize the security channel information and configure the profile security domain command.
  58. 一种通信设备,其特征在于,包括:终端设备、签约管理设备以及 嵌入式通用集成电路卡eUICC;其中,所述终端设备采用权利要求20~29中任一项所述的装置,所述签约管理设备采用权利要求30~38中任一项所述的装置。A communication device, comprising: a terminal device, a subscription management device, and An embedded universal integrated circuit card (eUICC), wherein the terminal device employs the apparatus of any one of claims 20 to 29, and the contract management device employs the apparatus of any one of claims 30-38.
  59. 一种通信设备,其特征在于,包括:终端设备、签约管理设备以及嵌入式通用集成电路卡eUICC;其中,所述终端设备采用权利要求39~48中任一项所述的装置,所述签约管理设备采用权利要求49~57中任一项所述的装置。 A communication device, comprising: a terminal device, a subscription management device, and an embedded universal integrated circuit card eUICC; wherein the terminal device adopts the device according to any one of claims 39 to 48, the signing The management device employs the device of any one of claims 49 to 57.
PCT/CN2016/070617 2016-01-11 2016-01-11 Method, device, and system for processing profile WO2017120745A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/CN2016/070617 WO2017120745A1 (en) 2016-01-11 2016-01-11 Method, device, and system for processing profile
CN201680075522.5A CN108476400B (en) 2016-01-11 2016-01-11 Profile processing method, device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2016/070617 WO2017120745A1 (en) 2016-01-11 2016-01-11 Method, device, and system for processing profile

Publications (1)

Publication Number Publication Date
WO2017120745A1 true WO2017120745A1 (en) 2017-07-20

Family

ID=59310514

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/070617 WO2017120745A1 (en) 2016-01-11 2016-01-11 Method, device, and system for processing profile

Country Status (2)

Country Link
CN (1) CN108476400B (en)
WO (1) WO2017120745A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111434087A (en) * 2017-11-30 2020-07-17 三星电子株式会社 Method and electronic device for providing communication service
CN111970680A (en) * 2020-08-17 2020-11-20 东信和平科技股份有限公司 Profile downloading method and device based on eUICC subscription platform
CN112956224A (en) * 2019-10-10 2021-06-11 尤温洛克公司 Method and related system for generating digital certificates relating to messages transmitted by UWB wireless tags

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111328068B (en) * 2020-01-19 2022-09-06 深圳市广和通无线股份有限公司 Card writing method and device, computer equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130339305A1 (en) * 2012-06-15 2013-12-19 Kt Corporation Methods of backing up and restoring profile, and devices therefor
CN103747104A (en) * 2014-01-24 2014-04-23 中国联合网络通信集团有限公司 Method and system for migrating user information among internet of things equipment
WO2015076709A1 (en) * 2013-11-19 2015-05-28 Telefonaktiebolaget L M Ericsson (Publ) Profile integration management
CN104883674A (en) * 2014-02-28 2015-09-02 华为终端有限公司 Profile relating management method and apparatus
CN105050073A (en) * 2014-04-22 2015-11-11 三星电子株式会社 Method and apparatus for provisioning profiles

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9100810B2 (en) * 2010-10-28 2015-08-04 Apple Inc. Management systems for multiple access control entities
EP2747466B1 (en) * 2012-12-21 2017-10-04 Giesecke+Devrient Mobile Security GmbH Methods and devices for ota subscription management
CN104703170B (en) * 2013-12-05 2017-04-12 华为终端有限公司 Methods and equipment for downloading file of operator
KR102331692B1 (en) * 2014-06-30 2021-11-30 삼성전자 주식회사 Method and apparatus for selecting profile of terminal in a mobile network
CN105101165A (en) * 2015-07-28 2015-11-25 中国联合网络通信集团有限公司 eUICC contract-signing data management method and platform

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130339305A1 (en) * 2012-06-15 2013-12-19 Kt Corporation Methods of backing up and restoring profile, and devices therefor
WO2015076709A1 (en) * 2013-11-19 2015-05-28 Telefonaktiebolaget L M Ericsson (Publ) Profile integration management
CN103747104A (en) * 2014-01-24 2014-04-23 中国联合网络通信集团有限公司 Method and system for migrating user information among internet of things equipment
CN104883674A (en) * 2014-02-28 2015-09-02 华为终端有限公司 Profile relating management method and apparatus
CN105050073A (en) * 2014-04-22 2015-11-11 三星电子株式会社 Method and apparatus for provisioning profiles

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111434087A (en) * 2017-11-30 2020-07-17 三星电子株式会社 Method and electronic device for providing communication service
CN111434087B (en) * 2017-11-30 2022-12-02 三星电子株式会社 Method and electronic device for providing communication service
CN112956224A (en) * 2019-10-10 2021-06-11 尤温洛克公司 Method and related system for generating digital certificates relating to messages transmitted by UWB wireless tags
CN111970680A (en) * 2020-08-17 2020-11-20 东信和平科技股份有限公司 Profile downloading method and device based on eUICC subscription platform
CN111970680B (en) * 2020-08-17 2023-11-03 东信和平科技股份有限公司 Profile downloading method and device based on eUICC subscription platform

Also Published As

Publication number Publication date
CN108476400A (en) 2018-08-31
CN108476400B (en) 2021-03-02

Similar Documents

Publication Publication Date Title
JP5688458B2 (en) System and method for securely using multiple subscriber profiles in security components and portable communication devices
CN106664545B (en) Method and apparatus for installing configuration files for an eUICC
US8219811B2 (en) Secure software execution such as for use with a cell phone or mobile device
CN104662870B (en) Data safety management system
CN105308560B (en) Method and apparatus for profile to be arranged
AU2015261578B2 (en) Communication control apparatus, authentication device, central control apparatus and communication system
CN102761870B (en) Terminal authentication and service authentication method, system and terminal
WO2013100905A1 (en) Method and system for distributed off-line logon using one-time passwords
CN102739643A (en) Permitting access to a network
JP2019530265A (en) Method and apparatus for providing and acquiring graphic code information and terminal
US11394543B2 (en) System and method for secure sensitive data storage and recovery
CN107241339A (en) Auth method, device and storage medium
CN105101183A (en) Method and system for protecting private contents at mobile terminal
WO2017120745A1 (en) Method, device, and system for processing profile
CN110795737A (en) Method and terminal equipment for upgrading service application range of electronic identity card
US11405782B2 (en) Methods and systems for securing and utilizing a personal data store on a mobile device
KR20170124953A (en) Method and system for automating user authentication with decrypting encrypted OTP using fingerprint in mobile phone
CN113553572A (en) Resource information acquisition method and device, computer equipment and storage medium
CN103973646A (en) Method, client device and system for storing services by aid of public cloud
CN111614698A (en) Method and device for erasing terminal data
JP5678150B2 (en) User terminal, key management system, and program
JP2015138336A (en) Management method of electronic data, program therefor, and recording medium for program
Bala WhatsApp forensics and its challenges for android smartphone
KR101289990B1 (en) Method for switching use mode of mobile device and mobile device using the same
JP2014026383A (en) Portable terminal, authentication system of portable terminal, authentication method of portable terminal, and program

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16884308

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16884308

Country of ref document: EP

Kind code of ref document: A1