WO2017185511A1 - 一种数据处理的方法、装置以及终端 - Google Patents
一种数据处理的方法、装置以及终端 Download PDFInfo
- Publication number
- WO2017185511A1 WO2017185511A1 PCT/CN2016/087586 CN2016087586W WO2017185511A1 WO 2017185511 A1 WO2017185511 A1 WO 2017185511A1 CN 2016087586 W CN2016087586 W CN 2016087586W WO 2017185511 A1 WO2017185511 A1 WO 2017185511A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- profile data
- terminal
- management platform
- remote management
- isd
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/18—Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/18—Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
- H04W8/20—Transfer of user or subscriber data
- H04W8/205—Transfer to or from user equipment or user record carrier
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/18—Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
- H04W8/183—Processing at user equipment or user record carrier
Definitions
- the present invention relates to the field of terminal technologies, and in particular, to a data processing method, apparatus, and terminal.
- a SIM card has a user subscription profile data
- the user can migrate the profile data between different communication terminals by installing and disassembling the SIM (Subscriber Identity Module) card to different communication terminals.
- SIM Subscriber Identity Module
- the communication terminal needs to generate profile data according to the operator's definition file through the remote management platform, and downloads the eUICC (embedded Universal Integrated Circuit Card) embedded in the communication terminal in an encrypted form.
- eUICC embedded Universal Integrated Circuit Card
- Universal integrated circuit card at least one eSIM card is stored in the eUICC, and each eSIM card has a user subscription profile data similar to the SIM card. Since the eUICC is not detachable, profile data cannot be implemented between different communication terminals. The migration cannot meet the user's need to change the communication terminal without replacing the profile data.
- the prior art proposes a method for migrating user information between IoT devices, including: the remote management platform receives the migration of the first user information from the first device to the second device. After the triggering message, deleting the first user information in the embedded universal integrated circuit card eUICC of the first device; after the deletion is successful, the remote management platform re-encrypts the first user information, and then re-encrypted The first user information is downloaded to the eUICC of the second device; the remote management platform updates the eUICC corresponding to the first user information to the eUICC of the second device. It can be seen that all the above operations (such as downloading, encrypting, etc. of user information) need to be through a remote management platform, so that the computing burden and communication load of the remote management platform are further emphasized for the remote management platform that needs to manage and deploy all eSIMs. , enhanced the dependence on the remote management platform.
- the technical problem to be solved by the embodiments of the present invention is to provide a data processing method and device As well as the terminal, the communication terminal can avoid the remote management platform and directly transfer the user profile profile data, thereby reducing the communication load and dependence on the remote management platform.
- the embodiment of the present invention provides a data processing method, where the method includes:
- the first terminal directly acquires the user subscription profile data corresponding to the eSIM card stored in the second terminal by using a data communication connection established with the second terminal;
- the method further includes:
- the remote management platform After the remote management platform confirms that the profile data is successfully migrated, the profile data that is encrypted is saved to the remote management platform, and the remote management platform determines that the profile data migration succeeds. And selecting an ISD-P key from the ISD-P key set to encrypt and save the profile data to the remote management platform.
- the method further includes:
- the remote management platform After the remote management platform confirms that the profile data is successfully migrated, the profile data that is encrypted is saved to the remote management platform, and the remote management platform determines that the profile data migration succeeds. And saving the encrypted profile data and the ISD-P key set to the remote management platform.
- the directly acquiring the user subscription profile data corresponding to the eSIM card stored in the second terminal includes:
- the method further includes:
- the method further includes:
- an embodiment of the present invention provides an apparatus for data processing, where the apparatus includes:
- An acquiring module configured to directly acquire, by using a data communication connection established with the second terminal, user subscription profile data corresponding to the eSIM card stored in the second terminal;
- a sending module configured to send the migration notification information including the profile data to the remote management platform, so that the remote management platform saves the encrypted profile data to the remote after confirming that the profile data migration succeeds In the management platform.
- the sending module is further configured to send the pre-generated ISD-P key set to the remote management platform; wherein the ISD-P key set includes at least one ISD-P key; the remote management platform After confirming that the profile data migration is successful, saving the profile data after encryption to The remote management platform includes: after the remote management platform determines that the profile data is successfully migrated, selecting an ISD-P key from the ISD-P key set to encrypt and save the profile data. Go to the remote management platform.
- the device further includes:
- An encryption module configured to perform an encryption process on the profile data by selecting an ISD-P key from the pre-generated ISD-P key set, to obtain profile data after encryption; wherein the ISD-P key set includes At least one ISD-P key;
- the sending module is further configured to send the encrypted profile data and the ISD-P key set to the remote management platform; after confirming that the profile data migration succeeds, the remote management platform Saving the profile data after the encryption to the remote management platform, the remote management platform, after determining that the profile data migration is successful, the encrypted profile data and the ISD-P key The collection is saved to the remote management platform.
- the obtaining module includes:
- a negotiating unit configured to negotiate, with the second terminal, a first temporary key for encrypting and transmitting the profile data, so that the second terminal encrypts the profile data according to the first temporary key Obtaining first profile data, and sending the first profile data to the first terminal;
- a receiving unit configured to receive the first profile data sent by the second terminal
- a decryption unit configured to perform decryption processing on the received first profile data according to the first temporary key, to obtain the profile data after decryption.
- the device further includes:
- a saving module configured to save the encrypted profile data obtained by the encryption module to the ISD-P area of the first terminal.
- the device further includes:
- a receiving module configured to receive, by the third terminal, an acquisition request for requesting acquiring the profile data in the first terminal
- a decryption module configured to perform decryption processing on the encrypted profile data according to the ISD-P key to obtain the profile data after decryption;
- a negotiation module configured to negotiate with the third terminal for encrypting and transmitting the profile data Temporary key
- the encryption module is further configured to perform encryption processing on the profile data according to the second temporary key to obtain second profile data.
- the sending module is further configured to send the second profile data to the third terminal, so that the third terminal decrypts the second profile data according to the second temporary key to obtain decryption.
- the profile data that follows.
- an embodiment of the present invention further provides a terminal, where the terminal includes the data processing apparatus.
- the first terminal may directly acquire the user subscription profile data corresponding to the eSIM card stored in the second terminal by using a data communication connection established with the second terminal, and then send the data to the remote management platform, including the The migration notification information of the profile data, so that the remote management platform saves the encrypted profile data to the remote management platform after confirming that the profile data is successfully migrated;
- the transmission of data avoids the remote management platform, thereby reducing the dependence on the remote management platform and the communication load.
- FIG. 1 is a schematic structural diagram of a network architecture according to an embodiment of the present invention.
- FIG. 2 is a schematic flow chart of a data processing method according to an embodiment of the present invention.
- FIG. 3 is a schematic flow chart of another data processing method according to an embodiment of the present invention.
- FIG. 4 is a schematic flow chart of another data processing method according to an embodiment of the present invention.
- FIG. 5 is a schematic flowchart diagram of another data processing method according to an embodiment of the present invention.
- FIG. 6 is a schematic structural diagram of a data processing apparatus according to an embodiment of the present invention.
- FIG. 7 is a schematic structural diagram of another data processing apparatus according to an embodiment of the present invention.
- FIG. 8 is a schematic structural diagram of a terminal according to an embodiment of the present invention.
- the embodiment of the invention discloses a method, a device and a terminal for data processing, which are beneficial to reducing the communication load of the remote management platform. The details are described below separately.
- FIG. 1 is a schematic structural diagram of a network architecture according to an embodiment of the present disclosure.
- the network architecture diagram may include a first terminal, a second terminal, and a remote management platform.
- the remote management platform may refer to a service system, a server, a service host, a service platform, and the like of a mobile operator (MNO); the first terminal and the second terminal are different.
- MNO mobile operator
- the communication terminal, the number of the communication terminals may refer to one or more, and the communication terminal may include but is not limited to an in-vehicle device, a mobile phone, a mobile computer, a tablet computer, a personal digital assistant (PDA), and a media.
- PDA personal digital assistant
- User equipment such as players, smart TVs, smart watches, smart glasses, smart bracelets, etc.
- the first terminal and the second terminal may directly communicate with each other through a wired/wireless network, or the first terminal and the second terminal may communicate with the remote management platform through a network respectively. connection.
- FIG. 2 is a schematic flowchart of a data processing method according to an embodiment of the present invention.
- the method in the embodiment of the present invention can be applied to, for example, a smart phone, a tablet, and a smart wearable.
- a terminal with a communication network function such as a device, specifically by the communication terminal
- the processor is implemented.
- the method of the embodiment of the invention further includes the following steps.
- the first terminal directly acquires user subscription profile data corresponding to the eSIM card stored in the second terminal by using a data communication connection established with the second terminal.
- an eUICC embedded Universal Integrated Circuit Card
- the eUICC stores one or more eSIMs (embedded Subscriber Identity Modules).
- a customer identification module) card each eSIM card corresponding to a user subscription profile data, wherein one eUICC corresponds to a unique EID (eUICC ID, eUICC number).
- the first terminal may establish a data communication connection with the second terminal by using a wireless or wired network (such as Wifi, Bluetooth, etc.), and the first terminal may directly acquire the second terminal from the second terminal and store the second terminal.
- User profile information corresponding to the eSIM card is embedded in the first terminal and the second terminal, and the eUICC stores one or more eSIMs (embedded Subscriber Identity Modules).
- a customer identification module) card each eSIM card corresponding to a user subscription profile data, wherein one eUICC corresponds to a unique EID (eUICC ID, eUICC number).
- the first terminal may
- the user subscription profile data refers to some data corresponding to the SIM/eSIM card, such as user card opening information, ordering traffic package information, and the like, which are not limited in the embodiment of the present invention.
- the directly acquiring the user subscription profile data corresponding to the eSIM card stored in the second terminal includes:
- the first terminal may negotiate with the second communication terminal to determine a first temporary key for performing encrypted transmission on the profile data, so as to facilitate the The second terminal performs encryption processing on the profile data according to the first temporary key to obtain the first profile data after the encryption, and the second terminal may further send the first profile data to the first terminal.
- the first terminal may receive the first profile data sent by the second terminal, and the first terminal may further perform decryption processing on the received first profile data according to the first temporary key. , the profile data after decryption is obtained.
- the profile data is passed through an ISD-P (Issuer Security Domain Profile) key generated by the second terminal.
- An ISD-P key in the set is subjected to an encryption process, and finally stored in the second terminal in the form of profile data after the encryption process, and then the second terminal is in accordance with the first temporary key pair.
- the second terminal may further perform decryption processing on the profile data after the encryption process according to the certain ISD-P key to obtain the decrypted profile data; The second terminal encrypts the profile data according to the first temporary key to obtain first profile data after encryption.
- the first terminal and the second terminal are different communication terminals, and the communication terminal may include a smart phone (such as an Android mobile phone, an IOS mobile phone, etc.), a personal computer, a tablet computer, a palmtop computer, and a mobile internet device (The Internet device such as the MID (Mobile Internet Devices) or the wearable smart device is not limited in the embodiment of the present invention.
- the first terminal may further send the migration notification information including the profile data to the remote management platform;
- the migration notification information is used to notify the remote management platform, that is, an SM-SR (Subscription Manager Secure Routing) entity and an SM-DP (Subscription Management Data Preparation) entity.
- the migration of the profile data performed between the first terminal and the second terminal.
- the remote management platform may send, to the second terminal, one or more confirmation information for confirming whether the migration of the profile data is valid. If the remote management platform confirms that the profile data migration is successful, the remote management platform may save the encrypted profile data to the remote management platform; otherwise, the remote management platform determines The profile data migration is abnormal, and the saving of the profile data after encryption is terminated.
- the method further includes:
- An ISD-P key set including at least one ISD-P key is automatically generated.
- the first terminal may automatically generate an ISD-P key set including at least one ISD-P key in the first terminal in advance.
- the method further includes:
- the remote management platform After the remote management platform confirms that the profile data is successfully migrated, the profile data that is encrypted is saved to the remote management platform, and the remote management platform determines that the profile data migration succeeds. And selecting an ISD-P key from the ISD-P key set to encrypt and save the profile data to the remote management platform.
- the first terminal may send the pre-generated ISD-P key set to the remote management platform before sending the migration notification information including the profile data to the remote management platform; or After the terminal sends the migration notification information including the profile data to the remote management platform, the terminal may send the pre-generated ISD-P key set to the remote management platform; or the first terminal may And compressing the pre-generated ISD-P key set and the profile data into the migration notification information, and sending the migration notification information together to the remote management platform, that is, the migration
- the notification information may include the ISD-P key set and the profile data; wherein the ISD-P key set includes at least one ISD-P key.
- the remote management platform may arbitrarily select from the received ISD-P key set or pre-customize (such as an algorithm) according to the user/system.
- An ISD-P key encrypts the profile data to obtain encrypted profile data; the remote management platform may save the encrypted profile data and the ISD-P key set to the remote In the management platform.
- the method further includes:
- the encrypted device After the remote management platform confirms that the profile data is successfully migrated, the encrypted device is Saving the profile data to the remote management platform, the remote management platform saves the encrypted profile data and the ISD-P key set to the portal after determining that the profile data migration is successful. In the remote management platform.
- the first terminal may arbitrarily select the pre-generated ISD-P key set or encrypt the profile data according to an ISD-P key preset by the user/system to obtain the encrypted data.
- the profile data may be saved by the first terminal to the ISD-P area in the first terminal, that is, the first terminal encrypts and saves the profile data.
- the remote management platform may receive the migration notification information, and after confirming that the profile data is successfully migrated, save the encrypted profile data and the ISD-P key set to the remote management platform.
- the method further includes:
- the first terminal may further receive, by the third terminal, a request for acquiring the first terminal.
- the obtaining request of the profile data in the terminal the first terminal may perform decryption processing on the encrypted profile data stored in the first terminal according to the ISD-P key in response to the obtaining request, to obtain Decoding the profile data;
- the first terminal may further negotiate with the third terminal to determine a second temporary key for encrypting and transmitting the profile data, where the second temporary key may refer to a key that is known by the two terminals of the first terminal and the third terminal;
- the first terminal performs encryption processing on the profile data according to the second temporary key, to obtain second profile data after encryption;
- the first terminal may further send the second profile data to the third terminal, so that after the third terminal receives the second profile data, according to the second temporary key pair, The second profile data is decrypted and recovered to obtain the profile data.
- the first terminal may directly acquire the user subscription profile data corresponding to the eSIM card stored in the second terminal by using a data communication connection established with the second terminal, and then send the data to the remote management platform, including the The migration notification information of the profile data, so that the remote management platform saves the encrypted profile data to the remote management platform after confirming that the profile data is successfully migrated;
- the transmission of data avoids the remote management platform, thereby reducing the dependence on the remote management platform and the communication load.
- FIG. 3 is a schematic flowchart of another data processing method according to an embodiment of the present invention.
- the method in the embodiment of the present invention may include the following steps.
- the first terminal establishes a data communication connection relationship with the second terminal by using a wireless or wired network, and negotiates a first temporary key with the second terminal.
- the first terminal may establish a direct communication connection relationship with the second terminal by means of wireless communication (such as Wifi, Bluetooth, etc.) or a wired data connection, and the first terminal may also be configured with the first
- the second terminal negotiates a first temporary key for encrypting and transmitting the user subscription profile data corresponding to the eSIM card stored in the second terminal; if the second terminal, the second terminal is from the second terminal
- the ISD-P key set in the ISD-P key set is arbitrarily selected or pre-customized according to the user/system, and is used as an initial ISD-P key to encrypt the profile data, and finally
- step S202 is continued; if the second terminal does not encrypt and save the profile data in the second terminal, that is, the profile data is Directly saved in the second terminal, then step S203 is continued.
- the second terminal decrypts the encrypted profile data according to the initial ISD-P key in the second terminal, to obtain the profile data after decryption.
- the second terminal performs encryption processing on the profile data according to the first temporary key to obtain first profile data after encryption.
- the second terminal sends the first profile data to the first terminal.
- the first terminal receives the first profile data, and performs decryption processing on the first profile data according to the first temporary key to obtain the decrypted profile data.
- the first terminal automatically generates an ISD-P key set including at least one ISD-P key in advance.
- step S206 may be performed before or after any step in the step 201 to the step S205, which is not limited by the embodiment of the present invention.
- the first terminal selects an ISD-P key from the pre-generated ISD-P key set to perform encryption processing on the profile data to obtain profile data after encryption.
- the first terminal may further store the encrypted profile data into an ISD-P area in the first terminal.
- the first terminal sends, to the remote management platform, migration notification information including the profile data, where the migration notification information includes the ISD-P key set, the encrypted profile data, and the profile. data.
- the remote management platform sends the migration confirmation information to the second terminal, and determines whether the profile data is successfully migrated.
- the remote management platform may confirm, to the second terminal, whether the profile data is successfully migrated, and the second terminal may determine, according to the migration confirmation information, the migration of the profile data. If the success is successful, the migration success information or the migration failure information is sent to the remote management platform; if the remote management platform determines that the profile data migration is successful, step S208 is continued; otherwise, the process is terminated abnormally.
- the remote management platform After determining that the profile data is successfully migrated, the remote management platform saves the ISD-P key set and the encrypted profile data to the remote management platform.
- the first terminal may directly acquire the user subscription profile data corresponding to the eSIM card stored in the second terminal by using a data communication connection established with the second terminal, and then remotely The management platform sends the migration notification information including the profile data, so that the remote management platform saves the encrypted profile data to the remote management platform after confirming that the profile data migration is successful;
- the profile data can be transferred directly, avoiding the remote management platform, thereby reducing the dependence on the remote management platform and the communication load.
- FIG. 4 is a schematic flowchart of another data processing method according to an embodiment of the present invention.
- the method in the embodiment of the present invention may include the foregoing steps S201 to S206, and further includes the following steps.
- the first terminal sends the pre-generated ISD-P key set to the remote management platform, where the ISD-P key set includes at least one ISD-P key.
- step S301 may be performed before or after any step of the step S302 to the step S303, which is not limited by the embodiment of the present invention.
- the first terminal sends migration notification information including the profile data to a remote management platform.
- the first terminal may first send the migration notification information to a mobile network operator (MNO), and the MNO sends the migration notification information to the MNO.
- MNO mobile network operator
- the remote management platform In the embodiment of the present invention, the first terminal may first send the migration notification information to a mobile network operator (MNO), and the MNO sends the migration notification information to the MNO.
- MNO mobile network operator
- the remote management platform In the embodiment of the present invention, the first terminal may first send the migration notification information to a mobile network operator (MNO), and the MNO sends the migration notification information to the MNO.
- MNO mobile network operator
- the remote management platform sends the migration confirmation information to the second terminal, and determines whether the profile data is successfully migrated.
- the remote management platform may confirm to the second terminal whether the profile data is successfully migrated. If it is determined that the profile data migration is successful, proceed to step S304; otherwise, abnormally terminate, end the process. .
- the remote management platform After determining that the profile data is successfully migrated, the remote management platform selects an ISD-P key from the ISD-P key set to encrypt the profile data, and obtains the profile data after encryption. .
- the remote management platform saves the encrypted profile data and the ISD-P key set in the remote management platform.
- the first terminal may directly acquire the user subscription profile data corresponding to the eSIM card stored in the second terminal by using a data communication connection established with the second terminal, and then send the data to the remote management platform, including the The migration notification information of the profile data, so that the remote management platform saves the profile data after the encryption to the In the remote management platform; the communication data can be directly transmitted between the communication terminals, avoiding the remote management platform, thereby reducing the dependence on the remote management platform and the communication load.
- FIG. 5 is a schematic flowchart of another data processing method according to an embodiment of the present invention.
- the method in the embodiment of the present invention may include all or part of the implementation steps in any one of FIG. 2 to FIG. 4. It can also include the following steps.
- S401 Receive an acquisition request sent by the third terminal for requesting acquiring the profile data in the first terminal.
- S404 Perform encryption processing on the profile data according to the second temporary key to obtain second profile data after encryption.
- S405 Send the second profile data to the third terminal, so that the third terminal performs decryption processing on the second profile data according to the second temporary key, to obtain the profile data after decryption. .
- the first terminal may directly acquire the user subscription profile data corresponding to the eSIM card stored in the second terminal by using a data communication connection established with the second terminal, and then send the data to the remote management platform, including the The migration notification information of the profile data, so that the remote management platform saves the encrypted profile data to the remote management platform after confirming that the profile data is successfully migrated;
- the transmission of data avoids the remote management platform, thereby reducing the dependence on the remote management platform and the communication load.
- FIG. 6 is a schematic structural diagram of a data processing apparatus according to an embodiment of the present invention.
- the apparatus according to the embodiment of the present invention may be disposed in a terminal with a communication network function, such as a smart phone, a tablet computer, or a smart wearable device.
- the device 5 includes:
- the obtaining module 50 is configured to directly acquire the user subscription profile data corresponding to the eSIM card stored in the second terminal by using a data communication connection established with the second terminal;
- the sending module 51 is configured to send the migration notification information including the profile data to the remote management platform, so that the remote management platform saves the profile data after the encryption to the In the remote management platform.
- the first terminal may directly acquire the user subscription profile data corresponding to the eSIM card stored in the second terminal by using a data communication connection established with the second terminal, and then send the data to the remote management platform, including the The migration notification information of the profile data, so that the remote management platform saves the encrypted profile data to the remote management platform after confirming that the profile data is successfully migrated;
- the transmission of data avoids the remote management platform, thereby reducing the dependence on the remote management platform and the communication load.
- FIG. 7 is a schematic structural diagram of another data processing apparatus according to an embodiment of the present invention.
- the apparatus according to the embodiment of the present invention may include the obtaining module 50 and the sending module 51, and may further include:
- the sending module 51 is further configured to send the pre-generated ISD-P key set to the remote management platform; wherein the ISD-P key set includes at least one ISD-P key; the remote management After confirming that the profile data is successfully migrated, the platform saves the encrypted profile data to the remote management platform, including: after the remote management platform determines that the profile data migration is successful, from the The profile data is encrypted and saved in the remote management platform by selecting an ISD-P key from the ISD-P key set.
- the device further includes:
- the encryption module 52 is configured to perform an encryption process on the profile data by selecting an ISD-P key from the pre-generated ISD-P key set to obtain profile data after encryption; wherein the ISD-P key set is Include at least one ISD-P key;
- the sending module 51 is further configured to send the encrypted profile data and the ISD-P key set to the remote management platform; after confirming that the profile data migration succeeds, the remote management platform Saving the profile data after the encryption to the remote management platform includes: after the remote management platform determines that the profile data migration is successful, the encrypted profile data and the ISD-P are densely The set of keys is saved to the remote management platform.
- the obtaining module 50 includes:
- the negotiating unit 500 is configured to negotiate, with the second terminal, a first temporary key for encrypting and transmitting the profile data, so that the second terminal encrypts the profile data according to the first temporary key. Processing, obtaining first profile data, and transmitting the first profile data to the first terminal;
- the receiving unit 501 is configured to receive the first profile data sent by the second terminal;
- the decrypting unit 502 is configured to perform decryption processing on the received first profile data according to the first temporary key to obtain the profile data after decryption.
- the device further includes:
- the saving module 53 is configured to save the encrypted profile data obtained by the encryption process 52 to the ISD-P area of the first terminal.
- the device further includes:
- the receiving module 54 is configured to receive, by the third terminal, an acquisition request for requesting acquiring the profile data in the first terminal;
- the decryption module 55 is configured to perform decryption processing on the encrypted profile data according to the ISD-P key in response to the obtaining request, to obtain the profile data after decryption;
- the negotiation module 56 is configured to negotiate, with the third terminal, a second temporary key for encrypting and transmitting the profile data.
- the encryption module 52 is further configured to perform encryption processing on the profile data according to the second temporary key to obtain second profile data.
- the sending module 51 is further configured to send the second profile data to the third terminal, so that the third terminal decrypts the second profile data according to the second temporary key, to obtain The profile data after decryption.
- the first terminal may directly acquire the user subscription profile data corresponding to the eSIM card stored in the second terminal by using a data communication connection established with the second terminal, and then send the data to the remote management platform, including the The migration notification information of the profile data, so that the remote management platform saves the encrypted profile data to the remote management platform after confirming that the profile data is successfully migrated;
- the transmission of data avoids the remote management platform, thereby reducing the dependence on the remote management platform and the communication load.
- FIG. 8 is a schematic structural diagram of a terminal according to an embodiment of the present invention.
- the terminal may be a device with a communication network function, such as a smart phone, a tablet computer, or a smart wearable device, as shown in FIG.
- the terminal of the embodiment of the present invention may include a display screen, a button, a speaker, a pickup, and the like, and further includes: at least one bus 501, at least one processor 502 connected to the bus 501, and at least one memory 503 connected to the bus 501.
- the communication device 505 that realizes the communication function is a power supply device 504 that supplies power to each power consumption module of the communication terminal.
- the processor 502 can call the code stored in the memory 503 via the bus 501 to perform related functions.
- the processor 502 is configured to directly acquire the user subscription profile data corresponding to the eSIM card stored in the second terminal by using a data communication connection established with the second terminal, and send the data to the remote management platform, including the The migration notification information of the profile data, so that the remote management platform saves the encrypted profile data to the remote management platform after confirming that the profile data migration is successful.
- the processor 502 is further configured to send the pre-generated ISD-P key set to the remote management platform, where the ISD-P key set includes at least one ISD-P key; After the remote management platform confirms that the profile data is successfully migrated, the profile data that is encrypted is saved to the remote management platform, and the remote management platform determines that the profile data migration succeeds. And selecting an ISD-P key from the ISD-P key set to encrypt and save the profile data to the remote management platform.
- the processor 502 is further configured to: perform an encryption process on the profile data by selecting an ISD-P key from the pre-generated ISD-P key set, to obtain profile data after encryption; Said ISD-P key set comprises at least one ISD-P key; transmitting said encrypted profile data and said ISD-P key set to said remote management platform; said remote management platform confirming After the profile data is successfully migrated, saving the profile data after the encryption to the remote management platform includes: after the remote management platform determines that the profile data migration is successful, the profile data after the encryption is performed. And storing the ISD-P key set in the remote management platform.
- the processor 502 is further configured to negotiate, with the second terminal, a first temporary key for encrypting and transmitting the profile data, so that the second terminal is configured according to the first temporary key. Encrypting the profile data to obtain first profile data, and sending the first profile data to the first terminal; and receiving the first profile data sent by the second terminal; Decrypting the received first profile data according to the first temporary key to obtain the profile data after decryption.
- the processor 502 is further configured to save the encrypted profile data to an ISD-P area of the first terminal.
- the processor 502 is further configured to receive, by the third terminal, an acquisition request for requesting acquiring the profile data in the first terminal; and responding to the obtaining request, according to the ISD-P Decrypting the encrypted profile data by the key to obtain the profile data after decryption; negotiating, with the third terminal, a second temporary key for encrypting and transmitting the profile data; according to the second The temporary key encrypts the profile data to obtain second profile data, and sends the second profile data to the third terminal, so that the third terminal is configured according to the second temporary key pair.
- the second profile data is subjected to decryption processing to obtain the profile data after decryption.
- the first terminal may directly acquire the user subscription profile data corresponding to the eSIM card stored in the second terminal by using a data communication connection established with the second terminal, and then send the data to the remote management platform, including the The migration notification information of the profile data, so that the remote management platform saves the encrypted profile data to the remote management platform after confirming that the profile data is successfully migrated;
- the transmission of data avoids the remote management platform, thereby reducing the dependence on the remote management platform and the communication load.
- the embodiment of the present invention further provides a computer storage medium, wherein the computer storage medium can store a program, and the program includes some or all of the steps of the operation method of any of the audio playback applications described in the foregoing method embodiments.
- the disclosed apparatus may be implemented in other ways.
- the device embodiments described above are merely illustrative, such as the single
- the division of elements is only a logical function division. In actual implementation, there may be another division manner. For example, multiple units or components may be combined or integrated into another system, or some features may be ignored or not executed.
- the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, and may be electrical or otherwise.
- the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of the embodiment.
- each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.
- the above integrated unit can be implemented in the form of hardware or in the form of a software functional unit.
- the integrated unit if implemented in the form of a software functional unit and sold or used as a standalone product, may be stored in a computer readable storage medium.
- the technical solution of the present invention which is essential or contributes to the prior art, or all or part of the technical solution, may be embodied in the form of a software product stored in a storage medium.
- a number of instructions are included to cause a computer device (which may be a personal computer, server or network device, etc.) to perform all or part of the steps of the methods described in various embodiments of the present invention.
- the foregoing storage medium includes: a U disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic disk, or an optical disk, and the like. .
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
- Computer Security & Cryptography (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
本发明实施例提供了一种数据处理的方法、装置以及终端,其中,所述方法包括:第一终端通过与第二终端建立的数据通信连接,直接获取所述第二终端中存储的与eSIM卡对应的用户签约profile数据;向远程管理平台发送包括所述profile数据的迁移通知信息,以便所述远程管理平台在确认到所述profile数据迁移成功后,将加密之后的所述profile数据保存到所述远程管理平台中。采用本发明,可直接在通信终端之间进行用户签约profile数据的传输,降低了对远程管理平台的通信负荷和依赖性。
Description
本发明涉及终端技术领域,尤其涉及一种数据处理的方法、装置以及终端。
目前,由于一个SIM卡对应拥有一份用户签约profile数据,用户可以通过将SIM(Subscriber Identity Module,客户识别模块)卡安装拆卸到不同通信终端上来实现profile数据在不同通信终端之间的迁移。但是针对使用eSIM卡的通信终端而言,所述通信终端需要通过远程管理平台根据运营商的定义文件来生成profile数据,以加密形式下载到所述通信终端的eUICC(embedded Universal Integrated Circuit Card,嵌入式通用集成电路卡),然而eUICC中存储有至少一个eSIM卡,每一个eSIM卡类似于SIM卡对应有一份用户签约profile数据,由于eUICC的不可拆卸,因此不能实现profile数据在不同通信终端之间的迁移,无法满足用户在更换通信终端时而不更换profile数据的需求。
为了解决上述问题,现有技术(公开号:CN 103747104A)提出了一种在物联网设备间迁移用户信息的方法,包括:远程管理平台收到从第一设备迁移第一用户信息到第二设备的触发消息后,删除所述第一设备的嵌入式通用集成电路卡eUICC中的所述第一用户信息;删除成功后,所述远程管理平台重新加密所述第一用户信息,将重新加密后的所述第一用户信息下载到所述第二设备的eUICC中;所述远程管理平台将所述第一用户信息对应的eUICC更新为所述第二设备的eUICC。可知,上述所有的操作(如用户信息的下载、加密等)都需要通过远程管理平台,这样本来针对需要管理部署所有eSIM的远程管理平台而言,更加重了远程管理平台的计算负担和通信负荷,增强了对远程管理平台的依赖性。
发明内容
本发明实施例所要解决的技术问题在于,提供一种数据处理的方法、装置
以及终端,通信终端之间可避开远程管理平台,直接进行用户签约profile数据的传输,降低了对远程管理平台的通信负荷和依赖性。
一方面,本发明实施例公开提供了一种数据处理的方法,所述方法包括:
第一终端通过与第二终端建立的数据通信连接,直接获取所述第二终端中存储的与eSIM卡对应的用户签约profile数据;
向远程管理平台发送包括所述profile数据的迁移通知信息,以便所述远程管理平台在确认到所述profile数据迁移成功后,将加密之后的所述profile数据保存到所述远程管理平台中。
其中可选地,所述直接获取所述第二终端中存储的与eSIM卡对应的用户签约profile数据之后,还包括:
将预先生成的ISD-P密钥集合发送给所述远程管理平台;其中,所述ISD-P密钥集合包括至少一个ISD-P密钥;
所述远程管理平台在确认到所述profile数据迁移成功后,将加密之后的所述profile数据保存到所述远程管理平台中,包括:所述远程管理平台在确定到所述profile数据迁移成功后,从所述ISD-P密钥集合中选取一个ISD-P密钥对所述profile数据进行加密保存到所述远程管理平台中。
其中可选地,所述直接获取所述第二终端中存储的与eSIM卡对应的用户签约profile数据之后,还包括:
从预先生成的ISD-P密钥集合中选取一个ISD-P密钥对所述profile数据进行加密处理,得到加密之后的profile数据;其中,所述ISD-P密钥集合包括至少一个ISD-P密钥;
将所述加密之后的profile数据和所述ISD-P密钥集合发送给所述远程管理平台;
所述远程管理平台在确认到所述profile数据迁移成功后,将加密之后的所述profile数据保存到所述远程管理平台中,包括:所述远程管理平台在确定到所述profile数据迁移成功后,将所述加密之后的profile数据和所述ISD-P密钥集合保存到所述远程管理平台中。
其中可选地,所述直接获取所述第二终端中存储的与eSIM卡对应的用户签约profile数据,包括:
与所述第二终端协商用于加密传输所述profile数据的第一临时密钥,以便于所述第二终端根据所述第一临时密钥对所述profile数据进行加密处理,得到第一profile数据,并将所述第一profile数据发送给所述第一终端;
接收所述第二终端发送的所述第一profile数据;
根据所述第一临时密钥对接收到的所述第一profile数据进行解密处理,得到解密之后的所述profile数据。
其中可选地,所述方法还包括:
将所述加密之后的profile数据保存至所述第一终端的ISD-P区域。
其中可选地,所述方法还包括:
接收第三终端发送的用于请求获取所述第一终端中的所述profile数据的获取请求;
响应所述获取请求,根据所述ISD-P密钥对所述加密之后的profile数据进行解密处理,得到解密之后的所述profile数据;
与所述第三终端协商用于加密传输所述profile数据的第二临时密钥;
根据所述第二临时密钥对所述profile数据进行加密处理,得到第二profile数据;
将所述第二profile数据发送给所述第三终端,以便所述第三终端根据所述第二临时密钥对所述第二profile数据进行解密处理,得到解密之后的所述profile数据。
另一方面,本发明实施例公开提供了一种数据处理的装置,所述装置包括:
获取模块,用于通过与第二终端建立的数据通信连接,直接获取所述第二终端中存储的与eSIM卡对应的用户签约profile数据;
发送模块,用于向远程管理平台发送包括所述profile数据的迁移通知信息,以便所述远程管理平台在确认到所述profile数据迁移成功后,将加密之后的所述profile数据保存到所述远程管理平台中。
其中可选地,
所述发送模块,还用于将预先生成的ISD-P密钥集合发送给所述远程管理平台;其中,所述ISD-P密钥集合包括至少一个ISD-P密钥;所述远程管理平台在确认到所述profile数据迁移成功后,将加密之后的所述profile数据保存到
所述远程管理平台中,包括:所述远程管理平台在确定到所述profile数据迁移成功后,从所述ISD-P密钥集合中选取一个ISD-P密钥对所述profile数据进行加密保存到所述远程管理平台中。
其中可选地,所述装置还包括:
加密模块,用于从预先生成的ISD-P密钥集合中选取一个ISD-P密钥对所述profile数据进行加密处理,得到加密之后的profile数据;其中,所述ISD-P密钥集合包括至少一个ISD-P密钥;
所述发送模块,还用于将所述加密之后的profile数据和所述ISD-P密钥集合发送给所述远程管理平台;所述远程管理平台在确认到所述profile数据迁移成功后,将加密之后的所述profile数据保存到所述远程管理平台中,包括:所述远程管理平台在确定到所述profile数据迁移成功后,将所述加密之后的profile数据和所述ISD-P密钥集合保存到所述远程管理平台中。
其中可选地,所述获取模块包括:
协商单元,用于与所述第二终端协商用于加密传输所述profile数据的第一临时密钥,以便于所述第二终端根据所述第一临时密钥对所述profile数据进行加密处理,得到第一profile数据,并将所述第一profile数据发送给所述第一终端;
接收单元,用于接收所述第二终端发送的所述第一profile数据;
解密单元,用于根据所述第一临时密钥对接收到的所述第一profile数据进行解密处理,得到解密之后的所述profile数据。
其中可选地,所述装置还包括:
保存模块,用于将所述加密模块加密处理得到的所述加密之后的profile数据保存至所述第一终端的ISD-P区域。
其中可选地,所述装置还包括:
接收模块,用于接收第三终端发送的用于请求获取所述第一终端中的所述profile数据的获取请求;
解密模块,用于响应所述获取请求,根据所述ISD-P密钥对所述加密之后的profile数据进行解密处理,得到解密之后的所述profile数据;
协商模块,用于与所述第三终端协商用于加密传输所述profile数据的第二
临时密钥;
所述加密模块,还用于根据所述第二临时密钥对所述profile数据进行加密处理,得到第二profile数据;
所述发送模块,还用于将所述第二profile数据发送给所述第三终端,以便所述第三终端根据所述第二临时密钥对所述第二profile数据进行解密处理,得到解密之后的所述profile数据。
再一方面,本发明实施例还公开提供了一种终端,所述终端包括所述的数据处理装置。
本发明实施例中,第一终端可通过与第二终端建立的数据通信连接,直接获取所述第二终端中存储的与eSIM卡对应的用户签约profile数据,然后向远程管理平台发送包括所述profile数据的迁移通知信息,以便所述远程管理平台在确认到所述profile数据迁移成功后,将加密之后的所述profile数据保存到所述远程管理平台中;这样通信终端之间可直接进行profile数据的传输,避开了远程管理平台,从而降低了对远程管理平台的依赖性和通信负荷。
为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。
图1是本发明实施例的一种网络架构的结构示意图;
图2是本发明实施例的一种数据处理方法的流程示意图;
图3是本发明实施例的另一种数据处理方法的流程示意图;
图4是本发明实施例的另一种数据处理方法的流程示意图;
图5是本发明实施例的另一种数据处理方法的流程示意图;
图6是本发明实施例的一种数据处理装置的结构示意图;
图7是本发明实施例的另一种数据处理装置的结构示意图;
图8是本发明实施例的一种终端的结构示意图。
为了使本技术领域的人员更好地理解本发明方案,下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分的实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都应当属于本发明保护的范围。
本发明的说明书和权利要求书及上述附图中的术语“第一”、“第二”和“第三”等是用于区别不同对象,而非用于描述特定顺序。此外,术语“包括”以及它们任何变形,意图在于覆盖不排他的包含。例如包含了一系列步骤或单元的过程、方法、系统、产品或设备没有限定于已列出的步骤或单元,而是可选地还包括没有列出的步骤或单元,或可选地还包括对于这些过程、方法、产品或设备固有的其它步骤或单元。
本发明实施例公开了提供一种数据处理的方法、装置以及终端,有利于降低远程管理平台通信负荷。以下分别进行详细说明。
为了更好理解本发明实施例提供的一种数据处理的方法、装置及终端,下面先对本发明实施例适用的网络构架进行描述。请参阅图1,图1是本发明实施例公开提供的一种网络构架的结构示意图。如图1所示,该网络构架示意图可以包括第一终端、第二终端以及远程管理平台。其中,所述远程管理平台可以是指移动运营商MNO(Mobile Network Operator,MNO)的服务系统、服务器、服务主机、服务平台等;所述第一终端和所述第二终端是指有区别的通信终端,所述通信终端的数量可以是指一个或者一个以上,所述通信终端可以包括但不限于车载设备、移动电话、移动电脑、平板电脑、个人数字助理(Personal Digital Assistant,PDA)、媒体播放器、智能电视、智能手表、智能眼镜、智能手环等用户设备。其中,所述第一终端与所述第二终端之间可以直接通过有线/无线网络进行通信连接,或者所述第一终端、所述第二终端可以分别通过网络与所述远程管理平台进行通信连接。
基于图1所示的网络架构,请参见图2,是本发明实施例的一种数据处理方法的流程示意图,本发明实施例的所述方法可以应用在诸如智能手机、平板电脑、智能可穿戴设备等带通信网络功能的终端中,具体可由这些通信终端的处
理器来实现。本发明实施例的所述方法还包括如下步骤。
S101、第一终端通过与第二终端建立的数据通信连接,直接获取所述第二终端中存储的与eSIM卡对应的用户签约profile数据。
本发明实施例中,第一终端和第二终端中嵌入有eUICC(embedded Universal Integrated Circuit Card,嵌入式通用集成电路卡),所述eUICC中存储有一个或者多个eSIM(embedded Subscriber Identity Module,嵌入式客户识别模块)卡,每一个eSIM卡对应一份用户签约profile数据,其中一个eUICC对应一个唯一的EID(eUICC ID,eUICC号)。所述第一终端可以通过无线或者有线网络(如Wifi、蓝牙等)与第二终端建立数据通信连接,所述第一终端可以直接从所述第二终端中获取所述第二终端中存储的与eSIM卡对应的用户签约profile数据。
所述用户签约profile数据指与SIM/eSIM卡对应的一些数据,比如用户开卡信息、订购流量套餐信息等信息,本发明实施例不作限定。
其中可选地,所述直接获取所述第二终端中存储的与eSIM卡对应的用户签约profile数据,包括:
与所述第二终端协商用于加密传输所述profile数据的第一临时密钥,以便于所述第二终端根据所述第一临时密钥对所述profile数据进行加密处理,得到第一profile数据,并将所述第一profile数据发送给所述第一终端;
接收所述第二终端发送的所述第一profile数据;
根据所述第一临时密钥对接收到的所述第一profile数据进行解密处理,得到解密之后的所述profile数据。
由于eSIM规范要求必须对profile数据进行加密传输,所述第一终端可以和所述第二通信终端协商确定一个用于对所述profile数据进行加密传输的第一临时密钥,以便于所述第二终端根据所述第一临时密钥对所述profile数据进行加密处理,得到加密之后的第一profile数据,所述第二终端还可以将所述第一profile数据发送给所述第一终端;所述第一终端可以接收所述第二终端发送来的所述第一profile数据,所述第一终端还可以根据所述第一临时密钥对接收到的所述第一profile数据进行解密处理,得到解密之后的所述profile数据。
需要说明的是,如果在所述第二终端中,所述profile数据被经过该第二终端生成的ISD-P(Issuer Security Domain Profile,证书发行方安全域配置)密钥
集合中的某一ISD-P密钥进行加密处理,最终以加密处理之后的profile数据的形式保存在所述第二终端中,那么在所述第二终端根据所述第一临时密钥对所述profile数据进行加密处理之前,所述第二终端还可以根据所述某一ISD-P密钥对所述加密处理之后的profile数据进行解密处理,得到解密后的所述profile数据;接着,所述第二终端在根据所述第一临时密钥对所述profile数据进行加密,得到加密之后的第一profile数据。
所述第一终端和所述第二终端是指有区别的通信终端,所述通信终端可以包括智能手机(如Android手机、IOS手机等)、个人电脑、平板电脑、掌上电脑、移动互联网设备(MID,Mobile Internet Devices)或穿戴式智能设备等互联网设备,本发明实施例不作限定。
S102、向远程管理平台发送包括所述profile数据的迁移通知信息,以便所述远程管理平台在确认到所述profile数据迁移成功后,将加密之后的所述profile数据保存到所述远程管理平台中。
本发明实施例中,所述第一终端在S101中获取到所述第二终端中的所述profile数据之后,还可以向远程管理平台发送包括所述profile数据在内的迁移通知信息;其中,所述迁移通知信息用来告知所述远程管理平台,也即是SM-SR(Subscription Manager Secure Routing,签约管理数据路由)实体和SM-DP(Subscription Manager Data Preparation,签约管理数据准备)实体,此次所述第一终端与所述第二终端之间进行的所述profile数据的迁移。所述远程管理平台在接收到所述第一终端发送的所述迁移通知信息时,可以向所述第二终端发送一个或者多个用于确认上述的所述profile数据的迁移是否有效的确认信息;如果所述远程管理平台在确认到所述profile数据迁移成功,则所述远程管理平台可以将加密之后的所述profile数据保存到所述远程管理平台中;否则,所述远程管理平台确定所述profile数据迁移异常,终止对加密之后的所述profile数据的保存。
其中可选地,所述方法还包括:
自动生成包括至少一个ISD-P密钥在内的ISD-P密钥集合。
所述第一终端可以预先在本第一终端中自动生成至少包括一个ISD-P密钥的ISD-P密钥集合。
其中可选地,所述直接获取所述第二终端中存储的与eSIM卡对应的用户签约profile数据之后,还包括:
将预先生成的ISD-P密钥集合发送给所述远程管理平台;其中,所述ISD-P密钥集合包括至少一个ISD-P密钥;
所述远程管理平台在确认到所述profile数据迁移成功后,将加密之后的所述profile数据保存到所述远程管理平台中,包括:所述远程管理平台在确定到所述profile数据迁移成功后,从所述ISD-P密钥集合中选取一个ISD-P密钥对所述profile数据进行加密保存到所述远程管理平台中。
所述第一终端可以在所述向远程管理平台发送包括所述profile数据的迁移通知信息之前,将预先生成的所述ISD-P密钥集合发送给所述远程管理平台;或者,所述第一终端可以在所述向远程管理平台发送包括所述profile数据的迁移通知信息之后,将预先生成的所述ISD-P密钥集合发送给所述远程管理平台;或者,所述第一终端可以将预先生成的所述ISD-P密钥集合和所述profile数据打包压缩在所述迁移通知信息中,伴随着所述迁移通知信息一起发送给所述远程管理平台,也即是,所述迁移通知信息可以包括所述ISD-P密钥集合和所述profile数据;其中,所述ISD-P密钥集合中至少包括一个ISD-P密钥。在所述远程管理平台确认到所述profile数据迁移成功之后,所述远程管理平台可以从接收到的所述ISD-P密钥集合中任意挑选或者根据用户/系统预先自定义(如算法)设置的一个ISD-P密钥对所述profile数据进行加密处理,得到加密之后的profile数据;所述远程管理平台可以将所述加密之后的profile数据和所述ISD-P密钥集合保存到本远程管理平台中。
所述直接获取所述第二终端中存储的与eSIM卡对应的用户签约profile数据之后,还包括:
从预先生成的ISD-P密钥集合中选取一个ISD-P密钥对所述profile数据进行加密处理,得到加密之后的profile数据;其中,所述ISD-P密钥集合包括至少一个ISD-P密钥;
将所述加密之后的profile数据和所述ISD-P密钥集合发送给所述远程管理平台;
所述远程管理平台在确认到所述profile数据迁移成功后,将加密之后的所
述profile数据保存到所述远程管理平台中,包括:所述远程管理平台在确定到所述profile数据迁移成功后,将所述加密之后的profile数据和所述ISD-P密钥集合保存到所述远程管理平台中。
所述第一终端可以从预先生成的所述ISD-P密钥集合中任意选取或者根据用户/系统预先自定义设置的一个ISD-P密钥对所述profile数据进行加密处理,得到加密之后的profile数据;所述第一终端还可以将所述加密之后的profile数据保存到本第一终端中的ISD-P区域,也即是所述第一终端对所述profile数据进行加密保存。在所述第一终端向远程管理平台发送包括所述profile数据的迁移通知信息之前,将所述加密之后的profile数据发送给所述远程管理平台;或者,在所述第一终端向远程管理平台发送包括所述profile数据的迁移通知信息之后,将所述加密之后的profile数据发送给所述远程管理平台;或者,所述第一终端可以将所述加密之后的profile数据、预先生成的所述ISD-P密钥集合以及所述profile数据一起打包压缩到所述迁移通知信息中发送给所述远程管理平台中,也即是所述迁移通知信息可以包括所述ISD-P密钥集合、所述加密之后的profile数据和所述Profile数据。所述远程管理平台可以接收所述迁移通知信息,并在确认到所述profile数据迁移成功后,将所述加密之后的profile数据和所述ISD-P密钥集合保存到本远程管理平台中。
其中可选地,所述方法还包括:
接收第三终端发送的用于请求获取所述第一终端中的所述profile数据的获取请求;
响应所述获取请求,根据所述ISD-P密钥对所述加密之后的profile数据进行解密处理,得到解密之后的所述profile数据;
与所述第三终端协商用于加密传输所述profile数据的第二临时密钥;
根据所述第二临时密钥对所述profile数据进行加密处理,得到第二profile数据;
将所述第二profile数据发送给所述第三终端,以便所述第三终端根据所述第二临时密钥对所述第二profile数据进行解密处理,得到解密之后的所述profile数据。
所述第一终端还可以接收到来自第三终端发送的用于请求获取所述第一终
端中的所述profile数据的获取请求;所述第一终端可以响应所述获取请求,根据所述ISD-P密钥对本第一终端中存储的所述加密之后的profile数据进行解密处理,得到解密之后的所述profile数据;所述第一终端还可以和所述第三终端协商确定一个用于加密传输所述profile数据的第二临时密钥,其中所述第二临时密钥可以是指所述第一终端和所述第三终端两个终端知晓的密钥;所述第一终端根据所述第二临时密钥对所述profile数据进行加密处理,得到加密之后的第二profile数据;所述第一终端还可以将所述第二profile数据发送给所述第三终端,以便所述第三终端在接收到所述第二profile数据之后,根据所述第二临时密钥对所述第二profile数据进行解密处理,恢复得到所述profile数据。
本发明实施例中,第一终端可通过与第二终端建立的数据通信连接,直接获取所述第二终端中存储的与eSIM卡对应的用户签约profile数据,然后向远程管理平台发送包括所述profile数据的迁移通知信息,以便所述远程管理平台在确认到所述profile数据迁移成功后,将加密之后的所述profile数据保存到所述远程管理平台中;这样通信终端之间可直接进行profile数据的传输,避开了远程管理平台,从而降低了对远程管理平台的依赖性和通信负荷。
请参阅图3,是本发明实施例的另一种数据处理方法的流程示意图,本发明实施例的所述方法可以包括如下步骤。
S201、第一终端通过无线或者有线网络与第二终端建立数据通信连接关系,并与所述第二终端协商一个第一临时密钥。
本发明实施例中,第一终端可以通过无线通讯的方式(如Wifi、蓝牙等)或者有线数据连接的方式与第二终端建立直接通信连接的关系,所述第一终端还可以与所述第二终端协商一个用于加密传输所述第二终端中存储的与eSIM卡对应的用户签约profile数据的第一临时密钥;如果所述第二终端中,所述第二终端从本第二终端中的ISD-P密钥集合中任意选取或者根据用户/系统预先自定义设置的一个ISD-P密钥,并将其作为初始ISD-P密钥,对所述profile数据进行加密处理,最终以加密之后的profile数据保存在所述第二终端中,那么继续执行步骤S202;如果在所述第二终端中,所述第二终端不对所述profile数据进行加密保存,也即是所述profile数据直接保存在所述第二终端中,那么继续执行步骤S203。
S202、所述第二终端根据该第二终端中的初始ISD-P密钥对加密之后的profile数据进行解密处理,得到解密之后的所述profile数据。
S203、所述第二终端根据所述第一临时密钥对所述profile数据进行加密处理,得到加密之后的第一profile数据。
S204、所述第二终端将所述第一profile数据发送给所述第一终端。
S205、所述第一终端接收所述第一profile数据,并根据所述第一临时密钥对所述第一profile数据进行解密处理,得到解密后的所述profile数据。
S206、所述第一终端预先自动生成至少包括一个ISD-P密钥的ISD-P密钥集合。
需要说明的是,步骤S206可以在步骤201至步骤S205中任意一步骤之前或者之后执行,本发明实施例不作限定。
S207、所述第一终端从预先生成的所述ISD-P密钥集合中选取一个ISD-P密钥对所述profile数据进行加密处理,得到加密之后的profile数据。
本发明实施例中,所述第一终端还可以将所述加密之后的profile数据存储至本第一终端中的ISD-P区域中。
S208、所述第一终端向远程管理平台发送包括所述profile数据的迁移通知信息;其中,所述迁移通知信息包括所述ISD-P密钥集合、所述加密之后的profile数据以及所述profile数据。
S209、所述远程管理平台向所述第二终端发送迁移确认信息,并判断所述profile数据是否迁移成功。
本发明实施例中,所述远程管理平台可以向所述第二终端确认所述profile数据是否迁移成功的迁移确认信息,所述第二终端可以根据所述迁移确认信息判断决定上述profile数据的迁移是否成功,向所述远程管理平台发送迁移成功信息或者迁移失败信息;如果所述远程管理平台确定到所述profile数据迁移成功,则继续执行步骤S208;否则,异常终止,结束流程。
S210、所述远程管理平台在确定到所述profile数据迁移成功后,将所述ISD-P密钥集合、所述加密之后的profile数据保存至所述远程管理平台中。
本发明实施例中,第一终端可通过与第二终端建立的数据通信连接,直接获取所述第二终端中存储的与eSIM卡对应的用户签约profile数据,然后向远程
管理平台发送包括所述profile数据的迁移通知信息,以便所述远程管理平台在确认到所述profile数据迁移成功后,将加密之后的所述profile数据保存到所述远程管理平台中;这样通信终端之间可直接进行profile数据的传输,避开了远程管理平台,从而降低了对远程管理平台的依赖性和通信负荷。
请一并参阅图4,是本发明实施例的另一种数据处理方法的流程示意图,本发明实施例的所述方法可以包括上述步骤S201至步骤S206,还包括如下步骤。
S301、所述第一终端将预先生成的所述ISD-P密钥集合发送给所述远程管理平台;其中,所述ISD-P密钥集合包括至少一个ISD-P密钥。
需要说明的是,步骤S301可以在步骤S302至步骤S303任意一步骤之前或者之后执行,本发明实施例不作限定。
S302、所述第一终端向远程管理平台发送包括所述profile数据的迁移通知信息。
本发明实施例中,第一终端可以先将所述迁移通知信息发送给移动网络运营商MNO(Mobile Network Operator,MNO),所述MNO再将所述迁移通知信息下发到所述MNO管控的远程管理平台中。
S303、所述远程管理平台向所述第二终端发送迁移确认信息,并判断所述profile数据是否迁移成功。
本发明实施例中,所述远程管理平台可以向所述第二终端确认所述profile数据是否迁移成功,如果确定到所述profile数据迁移成功,则继续执行步骤S304;否则,异常终止,结束流程。
S304、所述远程管理平台在确定到所述profile数据迁移成功后,从所述ISD-P密钥集合中选取一个ISD-P密钥对所述profile数据进行加密处理,得到加密之后的profile数据。
S305、所述远程管理平台将所述加密之后的profile数据和所述ISD-P密钥集合保存在所述远程管理平台中。
本发明实施例中,第一终端可通过与第二终端建立的数据通信连接,直接获取所述第二终端中存储的与eSIM卡对应的用户签约profile数据,然后向远程管理平台发送包括所述profile数据的迁移通知信息,以便所述远程管理平台在确认到所述profile数据迁移成功后,将加密之后的所述profile数据保存到所述
远程管理平台中;这样通信终端之间可直接进行profile数据的传输,避开了远程管理平台,从而降低了对远程管理平台的依赖性和通信负荷。
请一并参阅图5,是本发明实施例的另一种数据处理方法的流程示意图,本发明实施例的所述方法可以包括图2-图4中任意一实施例中的所有或者部分实施步骤,还可以包括如下步骤。
S401、接收第三终端发送的用于请求获取所述第一终端中的所述profile数据的获取请求。
S402、响应所述获取请求,根据所述ISD-P密钥对所述加密之后的profile数据进行解密处理,得到解密之后的所述profile数据。
S403、与所述第三终端协商用于加密传输所述profile数据的第二临时密钥。
S404、根据所述第二临时密钥对所述profile数据进行加密处理,得到加密之后的第二profile数据。
S405、将所述第二profile数据发送给所述第三终端,以便所述第三终端根据所述第二临时密钥对所述第二profile数据进行解密处理,得到解密之后的所述profile数据。
本发明实施例中,第一终端可通过与第二终端建立的数据通信连接,直接获取所述第二终端中存储的与eSIM卡对应的用户签约profile数据,然后向远程管理平台发送包括所述profile数据的迁移通知信息,以便所述远程管理平台在确认到所述profile数据迁移成功后,将加密之后的所述profile数据保存到所述远程管理平台中;这样通信终端之间可直接进行profile数据的传输,避开了远程管理平台,从而降低了对远程管理平台的依赖性和通信负荷。
请参见图6,是本发明实施例的一种数据处理装置的结构示意图,本发明实施例的所述装置可以可设置在诸如智能手机、平板电脑、智能可穿戴设备等带通信网络功能的终端中,所述装置5包括:
获取模块50,用于通过与第二终端建立的数据通信连接,直接获取所述第二终端中存储的与eSIM卡对应的用户签约profile数据;
发送模块51,用于向远程管理平台发送包括所述profile数据的迁移通知信息,以便所述远程管理平台在确认到所述profile数据迁移成功后,将加密之后的所述profile数据保存到所述远程管理平台中。
本发明实施例中涉及的各个模块的具体实现可参考图1至图5对应实施例中相关功能模块或者实施步骤的描述,在此不赘述。
本发明实施例中,第一终端可通过与第二终端建立的数据通信连接,直接获取所述第二终端中存储的与eSIM卡对应的用户签约profile数据,然后向远程管理平台发送包括所述profile数据的迁移通知信息,以便所述远程管理平台在确认到所述profile数据迁移成功后,将加密之后的所述profile数据保存到所述远程管理平台中;这样通信终端之间可直接进行profile数据的传输,避开了远程管理平台,从而降低了对远程管理平台的依赖性和通信负荷。
请一并参阅图7,是本发明实施例的另一种数据处理装置的结构示意图,本发明实施例的所述装置可以上述的获取模块50、发送模块51,还可以包括:
所述发送模块51,还用于将预先生成的ISD-P密钥集合发送给所述远程管理平台;其中,所述ISD-P密钥集合包括至少一个ISD-P密钥;所述远程管理平台在确认到所述profile数据迁移成功后,将加密之后的所述profile数据保存到所述远程管理平台中,包括:所述远程管理平台在确定到所述profile数据迁移成功后,从所述ISD-P密钥集合中选取一个ISD-P密钥对所述profile数据进行加密保存到所述远程管理平台中。
其中可选地,所述装置还包括:
加密模块52,用于从预先生成的ISD-P密钥集合中选取一个ISD-P密钥对所述profile数据进行加密处理,得到加密之后的profile数据;其中,所述ISD-P密钥集合包括至少一个ISD-P密钥;
所述发送模块51,还用于将所述加密之后的profile数据和所述ISD-P密钥集合发送给所述远程管理平台;所述远程管理平台在确认到所述profile数据迁移成功后,将加密之后的所述profile数据保存到所述远程管理平台中,包括:所述远程管理平台在确定到所述profile数据迁移成功后,将所述加密之后的profile数据和所述ISD-P密钥集合保存到所述远程管理平台中。
其中可选地,所述获取模块50包括:
协商单元500,用于与所述第二终端协商用于加密传输所述profile数据的第一临时密钥,以便于所述第二终端根据所述第一临时密钥对所述profile数据进行加密处理,得到第一profile数据,并将所述第一profile数据发送给所述第一
终端;
接收单元501,用于接收所述第二终端发送的所述第一profile数据;
解密单元502,用于根据所述第一临时密钥对接收到的所述第一profile数据进行解密处理,得到解密之后的所述profile数据。
其中可选地,所述装置还包括:
保存模块53,用于将所述加密模块52加密处理得到的所述加密之后的profile数据保存至所述第一终端的ISD-P区域。
其中可选地,所述装置还包括:
接收模块54,用于接收第三终端发送的用于请求获取所述第一终端中的所述profile数据的获取请求;
解密模块55,用于响应所述获取请求,根据所述ISD-P密钥对所述加密之后的profile数据进行解密处理,得到解密之后的所述profile数据;
协商模块56,用于与所述第三终端协商用于加密传输所述profile数据的第二临时密钥;
所述加密模块52,还用于根据所述第二临时密钥对所述profile数据进行加密处理,得到第二profile数据;
所述发送模块51,还用于将所述第二profile数据发送给所述第三终端,以便所述第三终端根据所述第二临时密钥对所述第二profile数据进行解密处理,得到解密之后的所述profile数据。
本发明实施例中涉及的各个模块的具体实现可参考图1至图5对应实施例中相关功能模块或者实施步骤的描述,在此不赘述。
本发明实施例中,第一终端可通过与第二终端建立的数据通信连接,直接获取所述第二终端中存储的与eSIM卡对应的用户签约profile数据,然后向远程管理平台发送包括所述profile数据的迁移通知信息,以便所述远程管理平台在确认到所述profile数据迁移成功后,将加密之后的所述profile数据保存到所述远程管理平台中;这样通信终端之间可直接进行profile数据的传输,避开了远程管理平台,从而降低了对远程管理平台的依赖性和通信负荷。
再请参见图8,是本发明实施例的一种终端的结构示意图。所述终端可以为智能手机、平板电脑、智能可穿戴设备等带通信网络功能的设备,如图8所示,
本发明实施例的所述终端可以包括显示屏、按键、扬声器、拾音器等模块,并且还包括:至少一个总线501、与总线501相连的至少一个处理器502以及与总线501相连的至少一个存储器503,实现通信功能的通信装置505,为通信终端各耗电模块供电的电源装置504。
所述处理器502可通过总线501,调用存储器503中存储的代码以执行相关的功能。
所述处理器502,用于第一终端通过与第二终端建立的数据通信连接,直接获取所述第二终端中存储的与eSIM卡对应的用户签约profile数据;向远程管理平台发送包括所述profile数据的迁移通知信息,以便所述远程管理平台在确认到所述profile数据迁移成功后,将加密之后的所述profile数据保存到所述远程管理平台中。
进一步可选地,所述处理器502还用于将预先生成的ISD-P密钥集合发送给所述远程管理平台;其中,所述ISD-P密钥集合包括至少一个ISD-P密钥;所述远程管理平台在确认到所述profile数据迁移成功后,将加密之后的所述profile数据保存到所述远程管理平台中,包括:所述远程管理平台在确定到所述profile数据迁移成功后,从所述ISD-P密钥集合中选取一个ISD-P密钥对所述profile数据进行加密保存到所述远程管理平台中。
进一步可选地,所述处理器502还用于从预先生成的ISD-P密钥集合中选取一个ISD-P密钥对所述profile数据进行加密处理,得到加密之后的profile数据;其中,所述ISD-P密钥集合包括至少一个ISD-P密钥;将所述加密之后的profile数据和所述ISD-P密钥集合发送给所述远程管理平台;所述远程管理平台在确认到所述profile数据迁移成功后,将加密之后的所述profile数据保存到所述远程管理平台中,包括:所述远程管理平台在确定到所述profile数据迁移成功后,将所述加密之后的profile数据和所述ISD-P密钥集合保存到所述远程管理平台中。
进一步可选地,所述处理器502还用于与所述第二终端协商用于加密传输所述profile数据的第一临时密钥,以便于所述第二终端根据所述第一临时密钥对所述profile数据进行加密处理,得到第一profile数据,并将所述第一profile数据发送给所述第一终端;接收所述第二终端发送的所述第一profile数据;根
据所述第一临时密钥对接收到的所述第一profile数据进行解密处理,得到解密之后的所述profile数据。
进一步可选地,所述处理器502还用于将所述加密之后的profile数据保存至所述第一终端的ISD-P区域。
进一步可选地,所述处理器502还用于接收第三终端发送的用于请求获取所述第一终端中的所述profile数据的获取请求;响应所述获取请求,根据所述ISD-P密钥对所述加密之后的profile数据进行解密处理,得到解密之后的所述profile数据;与所述第三终端协商用于加密传输所述profile数据的第二临时密钥;根据所述第二临时密钥对所述profile数据进行加密处理,得到第二profile数据;将所述第二profile数据发送给所述第三终端,以便所述第三终端根据所述第二临时密钥对所述第二profile数据进行解密处理,得到解密之后的所述profile数据。
本发明实施例中,第一终端可通过与第二终端建立的数据通信连接,直接获取所述第二终端中存储的与eSIM卡对应的用户签约profile数据,然后向远程管理平台发送包括所述profile数据的迁移通知信息,以便所述远程管理平台在确认到所述profile数据迁移成功后,将加密之后的所述profile数据保存到所述远程管理平台中;这样通信终端之间可直接进行profile数据的传输,避开了远程管理平台,从而降低了对远程管理平台的依赖性和通信负荷。
本发明实施例还提供一种计算机存储介质,其中,该计算机存储介质可存储有程序,该程序执行时包括上述方法实施例中记载的任何音频播放应用的操作方法的部分或全部步骤。
需要说明的是,对于前述的各方法实施例,为了简单描述,故将其都表述为一系列的动作组合,但是本领域技术人员应该知悉,本发明并不受所描述的动作顺序的限制,因为依据本发明,某些步骤可以采用其他顺序或者同时进行。其次,本领域技术人员也应该知悉,说明书中所描述的实施例均属于优选实施例,所涉及的动作和模块并不一定是本发明所必须的。
在上述实施例中,对各个实施例的描述都各有侧重,某个实施例中没有详述的部分,可以参见其他实施例的相关描述。
在本申请所提供的几个实施例中,应该理解到,所揭露的装置,可通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如所述单
元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性或其它的形式。
所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。
另外,在本发明的各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。
所述集成的单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的全部或部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可为个人计算机、服务器或者网络设备等)执行本发明各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、移动硬盘、磁碟或者光盘等各种可以存储程序代码的介质。
以上所述,以上实施例仅用以说明本发明的技术方案,而非对其限制;尽管参照前述实施例对本发明进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本发明各实施例技术方案的范围。
Claims (13)
- 一种数据处理的方法,其特征在于,所述方法包括:第一终端通过与第二终端建立的数据通信连接,直接获取所述第二终端中存储的与eSIM卡对应的用户签约profile数据;向远程管理平台发送包括所述profile数据的迁移通知信息,以便所述远程管理平台在确认到所述profile数据迁移成功后,将加密之后的所述profile数据保存到所述远程管理平台中。
- 如权利要求1所述的方法,其特征在于,所述直接获取所述第二终端中存储的与eSIM卡对应的用户签约profile数据之后,还包括:将预先生成的ISD-P密钥集合发送给所述远程管理平台;其中,所述ISD-P密钥集合包括至少一个ISD-P密钥;所述远程管理平台在确认到所述profile数据迁移成功后,将加密之后的所述profile数据保存到所述远程管理平台中,包括:所述远程管理平台在确定到所述profile数据迁移成功后,从所述ISD-P密钥集合中选取一个ISD-P密钥对所述profile数据进行加密保存到所述远程管理平台中。
- 如权利要求1所述的方法,其特征在于,所述直接获取所述第二终端中存储的与eSIM卡对应的用户签约profile数据之后,还包括:从预先生成的ISD-P密钥集合中选取一个ISD-P密钥对所述profile数据进行加密处理,得到加密之后的profile数据;其中,所述ISD-P密钥集合包括至少一个ISD-P密钥;将所述加密之后的profile数据和所述ISD-P密钥集合发送给所述远程管理平台;所述远程管理平台在确认到所述profile数据迁移成功后,将加密之后的所述profile数据保存到所述远程管理平台中,包括:所述远程管理平台在确定到所述profile数据迁移成功后,将所述加密之后的profile数据和所述ISD-P密钥集合保存到所述远程管理平台中。
- 如权利要求1所述的方法,其特征在于,所述直接获取所述第二终端中存储的与eSIM卡对应的用户签约profile数据,包括:与所述第二终端协商用于加密传输所述profile数据的第一临时密钥,以便于所述第二终端根据所述第一临时密钥对所述profile数据进行加密处理,得到第一profile数据,并将所述第一profile数据发送给所述第一终端;接收所述第二终端发送的所述第一profile数据;根据所述第一临时密钥对接收到的所述第一profile数据进行解密处理,得到解密之后的所述profile数据。
- 如权利要求3所述的方法,其特征在于,还包括:将所述加密之后的profile数据保存至所述第一终端的ISD-P区域。
- 如权利要求3或5所述的方法,其特征在于,还包括:接收第三终端发送的用于请求获取所述第一终端中的所述profile数据的获取请求;响应所述获取请求,根据所述ISD-P密钥对所述加密之后的profile数据进行解密处理,得到解密之后的所述profile数据;与所述第三终端协商用于加密传输所述profile数据的第二临时密钥;根据所述第二临时密钥对所述profile数据进行加密处理,得到第二profile数据;将所述第二profile数据发送给所述第三终端,以便所述第三终端根据所述第二临时密钥对所述第二profile数据进行解密处理,得到解密之后的所述profile数据。
- 一种数据处理的装置,其特征在于,所述装置包括:获取模块,用于通过与第二终端建立的数据通信连接,直接获取所述第二终端中存储的与eSIM卡对应的用户签约profile数据;发送模块,用于向远程管理平台发送包括所述profile数据的迁移通知信息,以便所述远程管理平台在确认到所述profile数据迁移成功后,将加密之后的所 述profile数据保存到所述远程管理平台中。
- 如权利要求7所述的装置,其特征在于,所述发送模块,还用于将预先生成的ISD-P密钥集合发送给所述远程管理平台;其中,所述ISD-P密钥集合包括至少一个ISD-P密钥;所述远程管理平台在确认到所述profile数据迁移成功后,将加密之后的所述profile数据保存到所述远程管理平台中,包括:所述远程管理平台在确定到所述profile数据迁移成功后,从所述ISD-P密钥集合中选取一个ISD-P密钥对所述profile数据进行加密保存到所述远程管理平台中。
- 如权利要求7所述的装置,其特征在于,所述装置还包括:加密模块,用于从预先生成的ISD-P密钥集合中选取一个ISD-P密钥对所述profile数据进行加密处理,得到加密之后的profile数据;其中,所述ISD-P密钥集合包括至少一个ISD-P密钥;所述发送模块,还用于将所述加密之后的profile数据和所述ISD-P密钥集合发送给所述远程管理平台;所述远程管理平台在确认到所述profile数据迁移成功后,将加密之后的所述profile数据保存到所述远程管理平台中,包括:所述远程管理平台在确定到所述profile数据迁移成功后,将所述加密之后的profile数据和所述ISD-P密钥集合保存到所述远程管理平台中。
- 如权利要求7所述的装置,其特征在于,所述获取模块包括:协商单元,用于与所述第二终端协商用于加密传输所述profile数据的第一临时密钥,以便于所述第二终端根据所述第一临时密钥对所述profile数据进行加密处理,得到第一profile数据,并将所述第一profile数据发送给所述第一终端;接收单元,用于接收所述第二终端发送的所述第一profile数据;解密单元,用于根据所述第一临时密钥对接收到的所述第一profile数据进行解密处理,得到解密之后的所述profile数据。
- 如权利要求9所述的装置,其特征在于,所述装置还包括:保存模块,用于将所述加密模块加密处理得到的所述加密之后的profile数据保存至所述第一终端的ISD-P区域。
- 如权利要求9或11所述的装置,其特征在于,所述装置还包括:接收模块,用于接收第三终端发送的用于请求获取所述第一终端中的所述profile数据的获取请求;解密模块,用于响应所述获取请求,根据所述ISD-P密钥对所述加密之后的profile数据进行解密处理,得到解密之后的所述profile数据;协商模块,用于与所述第三终端协商用于加密传输所述profile数据的第二临时密钥;所述加密模块,还用于根据所述第二临时密钥对所述profile数据进行加密处理,得到第二profile数据;所述发送模块,还用于将所述第二profile数据发送给所述第三终端,以便所述第三终端根据所述第二临时密钥对所述第二profile数据进行解密处理,得到解密之后的所述profile数据。
- 一种终端,其特征在于,所述终端包括如权利要求7至12中任意一项所述的数据处理装置。
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610286754.7 | 2016-04-29 | ||
CN201610286754.7A CN105792179B (zh) | 2016-04-29 | 2016-04-29 | 一种数据处理的方法、装置以及终端 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2017185511A1 true WO2017185511A1 (zh) | 2017-11-02 |
Family
ID=56401463
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2016/087586 WO2017185511A1 (zh) | 2016-04-29 | 2016-06-29 | 一种数据处理的方法、装置以及终端 |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN105792179B (zh) |
WO (1) | WO2017185511A1 (zh) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108848493A (zh) * | 2018-06-05 | 2018-11-20 | 中国联合网络通信集团有限公司 | 更换电子sim卡的方法和设备 |
CN112968801A (zh) * | 2021-02-22 | 2021-06-15 | Oppo广东移动通信有限公司 | 一种通信托管方法、装置、存储介质及电子设备 |
Families Citing this family (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107846663B (zh) * | 2016-09-21 | 2021-01-12 | 中国电信股份有限公司 | 实现用户签约数据集远程管理的方法、装置和系统 |
MX2019006497A (es) * | 2016-12-12 | 2019-08-14 | Ericsson Telefon Ab L M | Transferencia de un perfil de suscripcion de red entre dispositivos. |
FR3062768A1 (fr) * | 2017-02-09 | 2018-08-10 | Orange | Technique d'obtention d'un profil d'acces a un reseau |
CN108430057A (zh) * | 2017-02-15 | 2018-08-21 | 深圳市联智能物联网有限公司 | 虚拟sim卡的实现装置 |
KR102458790B1 (ko) * | 2017-09-07 | 2022-10-25 | 삼성전자 주식회사 | 무선 통신 시스템에서 디바이스들의 프로파일 이동을 지원하는 방법 및 장치 |
CN107547573B (zh) * | 2017-10-23 | 2019-12-10 | 中国联合网络通信集团有限公司 | 应用于eSIM的认证方法、RSP终端及管理平台 |
US11272336B2 (en) * | 2019-09-12 | 2022-03-08 | Amdocs Development Limited | System, method, and computer program for transferring subscriber identity module (SIM) information for SIM card or eSIM activation |
CN110582080B (zh) * | 2019-09-17 | 2021-12-07 | 深圳市沃特沃德股份有限公司 | 车载系统流量转移的方法、装置、计算机设备和存储介质 |
CN110933659A (zh) * | 2019-11-27 | 2020-03-27 | Oppo广东移动通信有限公司 | 用户识别号的迁移方法、装置、终端及存储介质 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103329585A (zh) * | 2010-12-06 | 2013-09-25 | 格马尔托股份有限公司 | 用于在终端间转移订阅信息的方法 |
CN103747104A (zh) * | 2014-01-24 | 2014-04-23 | 中国联合网络通信集团有限公司 | 一种在物联网设备间迁移用户信息的方法及系统 |
CN104185179A (zh) * | 2013-05-27 | 2014-12-03 | 中国移动通信集团公司 | 一种用于用户识别卡的控制装置、方法及用户识别卡 |
WO2016005795A1 (en) * | 2014-07-11 | 2016-01-14 | Marco Fratti | Method and apparatus for managing multiple profiles of subscriber identity modules |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2008004978A (ja) * | 2006-06-20 | 2008-01-10 | Nec Electronics Corp | 無線通信システム、無線通信装置、及び無線通信装置間での暗号鍵の交換方法 |
FR3002398B1 (fr) * | 2013-02-18 | 2015-04-03 | Oberthur Technologies | Procede de creation d'un profil dans un domaine de securite d'un element securise |
CN103442012B (zh) * | 2013-09-02 | 2016-06-22 | 中国联合网络通信集团有限公司 | 物联网设备间实现签约信息迁移的方法及装置 |
KR102331695B1 (ko) * | 2014-10-27 | 2021-11-26 | 삼성전자 주식회사 | 식별 모듈을 활용한 프로파일 변경 방법 및 이를 구현한 전자장치 |
-
2016
- 2016-04-29 CN CN201610286754.7A patent/CN105792179B/zh active Active
- 2016-06-29 WO PCT/CN2016/087586 patent/WO2017185511A1/zh active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103329585A (zh) * | 2010-12-06 | 2013-09-25 | 格马尔托股份有限公司 | 用于在终端间转移订阅信息的方法 |
CN104185179A (zh) * | 2013-05-27 | 2014-12-03 | 中国移动通信集团公司 | 一种用于用户识别卡的控制装置、方法及用户识别卡 |
CN103747104A (zh) * | 2014-01-24 | 2014-04-23 | 中国联合网络通信集团有限公司 | 一种在物联网设备间迁移用户信息的方法及系统 |
WO2016005795A1 (en) * | 2014-07-11 | 2016-01-14 | Marco Fratti | Method and apparatus for managing multiple profiles of subscriber identity modules |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108848493A (zh) * | 2018-06-05 | 2018-11-20 | 中国联合网络通信集团有限公司 | 更换电子sim卡的方法和设备 |
CN112968801A (zh) * | 2021-02-22 | 2021-06-15 | Oppo广东移动通信有限公司 | 一种通信托管方法、装置、存储介质及电子设备 |
CN112968801B (zh) * | 2021-02-22 | 2023-06-09 | Oppo广东移动通信有限公司 | 一种通信托管方法、装置、存储介质及电子设备 |
Also Published As
Publication number | Publication date |
---|---|
CN105792179A (zh) | 2016-07-20 |
CN105792179B (zh) | 2019-05-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2017185511A1 (zh) | 一种数据处理的方法、装置以及终端 | |
US10154018B2 (en) | Method and system for facilitating network joining | |
US10182255B2 (en) | Method, terminal, and system for communication pairing of a digital television terminal and a mobile terminal | |
KR101941049B1 (ko) | 암호화된 통신을 위한 방법 및 시스템 | |
EP2863612B1 (en) | Content sharing method, device and system | |
US10353689B2 (en) | Method for transferring a file via a mobile device and mobile device for performing same | |
CN106572427B (zh) | 一种近距离通信的建立方法和装置 | |
CN109040318B (zh) | Cdn网络的https连接方法及cdn节点服务器 | |
WO2018049892A1 (zh) | 数据传输方法、装置及终端 | |
JP2018534852A (ja) | デバイス間のセキュアアソシエーションのためのインターネット鍵交換(ike) | |
WO2016026317A1 (zh) | 一种wifi密码共享方法、终端和计算机存储介质 | |
WO2015176501A1 (zh) | 设备管理会话的触发方法、设备、系统及计算机存储介质 | |
CN106341815B (zh) | 一种无线连接方法、终端及ap | |
CN113301431A (zh) | 视频数据的加解密方法、装置、电子设备及系统 | |
EP2775745A1 (en) | Method and system for providing information using a consent procedure executed by means of near-field communication | |
CN107872315B (zh) | 数据处理方法和智能终端 | |
EP2930962A1 (en) | Encryption/decryption method, system and device | |
CN111130805B (zh) | 安全传输方法、电子设备及计算机可读存储介质 | |
CN109600631B (zh) | 视频文件的加密及公布方法与装置 | |
WO2017113791A1 (zh) | 蓝牙自动连接方法和主设备、从设备和系统 | |
KR102428002B1 (ko) | 프로파일을 설치하는 전자 장치 및 전자 장치의 동작 방법 | |
JP2018029241A (ja) | Apiシステム及びデータ暗号化方法 | |
KR101528681B1 (ko) | 보안 푸시 메시징 제공 방법 | |
CN111224772A (zh) | 数据处理方法、装置及计算机可读存储介质 | |
EP3041185A1 (en) | A method for authenticating a user equipment in order to established a secured communication session with a server |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 16900021 Country of ref document: EP Kind code of ref document: A1 |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 16900021 Country of ref document: EP Kind code of ref document: A1 |