WO2018010480A1 - Network locking method for esim card, terminal, and network locking authentication server - Google Patents

Network locking method for esim card, terminal, and network locking authentication server Download PDF

Info

Publication number
WO2018010480A1
WO2018010480A1 PCT/CN2017/083885 CN2017083885W WO2018010480A1 WO 2018010480 A1 WO2018010480 A1 WO 2018010480A1 CN 2017083885 W CN2017083885 W CN 2017083885W WO 2018010480 A1 WO2018010480 A1 WO 2018010480A1
Authority
WO
WIPO (PCT)
Prior art keywords
lock network
terminal
lock
network authentication
authentication server
Prior art date
Application number
PCT/CN2017/083885
Other languages
French (fr)
Chinese (zh)
Inventor
寿永艳
杨海城
江海燕
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to CN201610556546.4A priority Critical patent/CN107623907A/en
Priority to CN201610556546.4 priority
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2018010480A1 publication Critical patent/WO2018010480A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data

Abstract

Provided are a network locking method for an embedded subscriber identification module (eSIM) card, a terminal, and a network locking authentication server. The method comprises: when a terminal is to acquire a service from an operator, reading network locking information of an eSIM card in the terminal; transmitting the network locking information to a network locking authentication server of the operator to undergo network locking authentication; and performing, by the network locking authentication server, and according to a network locking strategy of the operator and the network locking information, the network locking authentication on the eSIM card, and transmitting a network locking authentication result to the terminal.

Description

eSIM卡锁网方法、终端及锁网认证服务器eSIM card lock network method, terminal and lock network authentication server 技术领域Technical field

本公开涉及通信领域,例如涉及一种eSIM(Embedded Subscriber Identification Module,嵌入式用户识别模块)卡锁网方法、终端及锁网认证服务器。The present disclosure relates to the field of communications, for example, to an eSIM (Embedded Subscriber Identification Module) card locking network method, a terminal, and a lock network authentication server.

背景技术Background technique

2016年2月18日,全球移动通信协会(GSM Association,GSMA)发布了可重复编程用户识别模块(Subscriber Identification Module,SIM)卡的远程配置规范,面向物联网市场。GSMA尚未替可重复编程SIM卡命名,外界则将可重复编程SIM卡称为嵌入式用户识别模块(Embedded Subscriber Identification Module,eSIM)。GSMA表示,适用于智能手机的eSIM规范将于2016年6月发布。On February 18, 2016, the Global System for Mobile Communications (GSM Association, GSMA) released a remote configuration specification for a reprogrammable Subscriber Identification Module (SIM) card for the Internet of Things market. The GSMA has not yet named the reprogrammable SIM card, and the externally reprogrammable SIM card is called the Embedded Subscriber Identification Module (eSIM). According to GSMA, the eSIM specification for smartphones will be released in June 2016.

eSIM仍然属于SIM卡的范畴,但eSIM将SIM卡直接嵌入到设备芯片上,而不是作为独立的可移除零部件加入设备中。使用eSIM的设备可以取消掉SIM卡插槽,节省出来的空间让设备变得纤薄,同时避免了卡槽容易进入灰尘以及剧烈震动导致接触不良等问题,而且不用担心经常换卡插拔会损坏SIM卡及卡槽。eSIM still falls within the scope of SIM cards, but eSIM embeds the SIM card directly on the device chip rather than as a separate removable component. The device using eSIM can cancel the SIM card slot, save space and make the device slim, and avoid the problem that the card slot is easy to enter dust and severe vibration, resulting in poor contact, and there is no need to worry about frequent card replacement and damage. SIM card and card slot.

eSIM的一个优点是可以使用户灵活选择运营商并使用运营商的服务,一个手机用户可以自主选择运营商进行业务。但是如果用户在一运营商底价购买了合约机,但是在合约内转而使用其他运营商的eSIM,相当于用户违背了和签约运营商的合同,而这必然会给运营商造成较大的经济损失。One advantage of eSIM is that it allows users to flexibly choose operators and use operators' services. A mobile phone user can choose operators to conduct services. However, if the user purchases a contract machine at the carrier's reserve price, but switches to another operator's eSIM within the contract, it is equivalent to the user's breach of contract with the contracted operator, which will inevitably result in a larger economy for the operator. loss.

发明内容Summary of the invention

本公开提供的一种eSIM卡锁网方法、终端及锁网认证服务器,可以避免运营商的合约用户在合约期内转用其他运营商服务而对合约用户的运营商造成损失。The eSIM card lock network method, the terminal and the lock network authentication server provided by the disclosure can prevent the contract user of the operator from transferring to other operator services during the contract period and causing losses to the operator of the contract user.

一种eSIM卡锁网方法,包括: An eSIM card lock network method includes:

读取终端内eSIM卡的锁网信息;Reading the lock network information of the eSIM card in the terminal;

将所述锁网信息发给运营商的锁网认证服务器进行锁网认证;以及Sending the lock network information to the lock network authentication server of the operator for lock network authentication;

接收到所述锁网认证服务器发送的认证成功通知时,允许所述终端获取所述运营商提供的服务。When receiving the authentication success notification sent by the lock network authentication server, the terminal is allowed to obtain the service provided by the operator.

一种eSIM卡锁网方法,包括:An eSIM card lock network method includes:

运营商侧的锁网认证服务器接收终端发送的锁网认证请求,其中,所述锁网认证请求包含所述终端内eSIM卡的锁网信息;以及The lock network authentication server on the operator side receives the lock network authentication request sent by the terminal, where the lock network authentication request includes the lock network information of the eSIM card in the terminal;

所述锁网认证服务器根据所述运营商的锁网策略和所述锁网信息对所述eSIM卡进行锁网认证,将锁网认证结果发送给所述终端。The lock network authentication server performs lock network authentication on the eSIM card according to the lock network policy of the operator and the lock network information, and sends the lock network authentication result to the terminal.

一种终端,包括:A terminal comprising:

查询模块,设置为读取所述终端内eSIM卡的锁网信息,将所述锁网信息发给运营商的锁网认证服务器进行锁网认证;以及The query module is configured to read the lock network information of the eSIM card in the terminal, and send the lock network information to the lock network authentication server of the operator to perform lock network authentication;

管理模块,设置为接收到所述锁网认证服务器发送的认证成功通知时,允许所述终端获取所述运营商提供的服务。The management module is configured to allow the terminal to obtain the service provided by the operator when receiving the authentication success notification sent by the lock network authentication server.

一种锁网认证服务器,包括:A lock network authentication server includes:

接收模块,设置为接收终端发送的锁网认证请求,其中,所述锁网认证请求包含所述终端内eSIM卡的锁网信息;以及a receiving module, configured to receive a lock network authentication request sent by the terminal, where the lock network authentication request includes lock network information of the eSIM card in the terminal;

锁网认证模块,设置为根据所述终端访问的运营商的锁网策略和所述锁网信息对所述eSIM卡进行锁网认证,将锁网认证结果发送给所述终端。The lock network authentication module is configured to perform network lock authentication on the eSIM card according to the lock network policy of the operator accessed by the terminal and the lock network information, and send the lock network authentication result to the terminal.

一种计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令设置为执行前述的eSIM卡锁网方法。一种终端,包括:A computer readable storage medium storing computer executable instructions arranged to perform the aforementioned eSIM card lock network method. A terminal comprising:

至少一个处理器;以及At least one processor;

与所述至少一个处理器通信连接的存储器;其中,a memory communicatively coupled to the at least one processor; wherein

所述存储器存储有可被所述至少一个处理器执行的指令,所述指令被所述至少一个处理器执行,以使所述至少一个处理器执行上述终端执行的方法。The memory stores instructions executable by the at least one processor, the instructions being executed by the at least one processor to cause the at least one processor to perform the method of terminal execution described above.

一种锁网认证服务器,包括:A lock network authentication server includes:

至少一个处理器;以及 At least one processor;

与所述至少一个处理器通信连接的存储器;其中,a memory communicatively coupled to the at least one processor; wherein

所述存储器存储有可被所述至少一个处理器执行的指令,所述指令被所述至少一个处理器执行,以使所述至少一个处理器执行上述锁网认证服务器执行的方法。The memory stores instructions executable by the at least one processor, the instructions being executed by the at least one processor to cause the at least one processor to perform the method performed by the lock network authentication server.

本公开提供的eSIM卡锁网方法、终端、锁网认证服务器及存储介质,读取终端内eSIM卡的锁网信息,发给运营商的锁网认证服务器进行锁网认证,锁网认证服务器根据运营商的锁网策略和锁网信息对eSIM卡进行锁网认证,将锁网认证结果发送给终端。在锁网认证服务器发送的认证成功通知时,表明该用户终端的eSIM卡是运营商授权的卡,允许终端获取该运营商提供的服务。本公开中终端的eSIM卡获取一个运营商的服务时,经过运营商的锁网认证服务器的锁网认证后可以获取运营商的服务,可以避免运营商的合约用户在合约期内违背合同转用其他运营商服务而对合约用户的运营商造成损失。The eSIM card lock network method, the terminal, the lock network authentication server and the storage medium provided by the disclosure read the lock network information of the eSIM card in the terminal, and send the lock network authentication server to the operator for the lock network authentication, and the lock network authentication server is based on The lock network policy and the lock network information of the operator perform network lock authentication on the eSIM card, and the lock network authentication result is sent to the terminal. When the authentication success notification sent by the lock network authentication server indicates that the eSIM card of the user terminal is an authorized card of the operator, the terminal is allowed to obtain the service provided by the operator. When the eSIM card of the terminal acquires an operator's service in the disclosure, the operator's service can be obtained after the lock network authentication of the operator's lock network authentication server, and the contract user of the operator can be prevented from violating the contract during the contract period. Other carrier services cause losses to the operators of contract users.

附图说明DRAWINGS

图1为实施例一中的终端侧的eSIM卡锁网方法流程示意图;1 is a schematic flowchart of a method for locking an eSIM card on a terminal side in Embodiment 1;

图2为实施例一中的锁网认证服务器侧的eSIM卡锁网方法流程示意图;2 is a schematic flowchart of a method for locking an eSIM card on a lock network authentication server in the first embodiment;

图3为实施例二中的终端结构示意图;3 is a schematic structural diagram of a terminal in Embodiment 2;

图4为实施例二中的锁网认证服务器的结构示意图;4 is a schematic structural diagram of a lock network authentication server in Embodiment 2;

图5为实施例三中的eSIM卡锁网方法流程示意图;5 is a schematic flowchart of a method for locking an eSIM card in the third embodiment;

图6为一实施例的终端的硬件结构示意图;以及6 is a schematic structural diagram of hardware of a terminal according to an embodiment;

图7为一实施例的锁网认证服务器的硬件结构示意图。FIG. 7 is a schematic diagram showing the hardware structure of a lock network authentication server according to an embodiment.

具体实施方式detailed description

下面将结合实施例中的附图,对实施例中的技术方案进行清楚、完整地描述。所描述的实施例只是一部分实施例,而不是全部的实施例。在不冲突的情况下,以下实施例以及实施例中的技术特征可以相互任意组合。The technical solutions in the embodiments will be clearly and completely described below in conjunction with the drawings in the embodiments. The described embodiments are only a part of the embodiments, not all of the embodiments. The technical features in the following embodiments and the embodiments may be arbitrarily combined with each other without conflict.

实施例一Embodiment 1

本实施例提供的终端锁网方法涉及到用户侧终端和运营商网络侧的服务器。用户侧终端的eSIM卡在访问运营商获取服务时,通过了运营商的锁网认证, 表明该用户终端的eSIM卡是授权运营商的卡,可以获取授权运营商的服务。可以避免运营商的合约用户在合约期内违背合同转用其他运营商服务而对运营商造成损失。本实施例分别以终端侧和运营商侧的锁网服务器侧的eSIM卡锁网方法为示例进行说明。The terminal lock network method provided in this embodiment relates to a user side terminal and a server on the operator network side. The eSIM card of the user-side terminal passes the lock network authentication of the operator when the access operator obtains the service. It indicates that the eSIM card of the user terminal is a card of an authorized operator, and can obtain the service of the authorized operator. It can prevent the operator's contract users from causing losses to the operator during the contract period due to breach of contract to other carrier services. In this embodiment, the eSIM card lock network method on the lock network server side of the terminal side and the operator side is taken as an example for description.

图1为终端侧的eSIM卡锁网方法流程。FIG. 1 is a flow chart of an eSIM card lock network method on the terminal side.

在步骤110中,读取终端内eSIM卡的锁网信息。In step 110, the lock network information of the eSIM card in the terminal is read.

步骤110可以在终端完成开机后执行,也可以使终端的eSIM卡访问一个运营商获取服务之前的任意时刻执行。Step 110 may be performed after the terminal completes booting, or may be performed at any time before the eSIM card of the terminal accesses an operator to obtain the service.

在步骤120中,将读取的锁网信息发给运营商的锁网认证服务器进行锁网认证。In step 120, the read lock network information is sent to the operator's lock network authentication server for lock network authentication.

在步骤130中,接收到锁网认证服务器发送的认证成功通知时,表明该终端内的eSIM卡是该运营商授权的卡,允许终端获取运营商提供的服务。In step 130, when receiving the authentication success notification sent by the lock network authentication server, it indicates that the eSIM card in the terminal is a card authorized by the operator, and allows the terminal to obtain the service provided by the operator.

本实施例中,当接收到锁网认证服务器发送的认证失败通知时,还可以提供二次认证的机会,二次认证的过程中,可以显示相应的界面提示用户输入解锁码,获取用户输入的解锁码发送给锁网认证服务器进行二次锁网认证。通过二次锁网认证可以增加锁网认证的途径,提升用户体验的满意度。In this embodiment, when receiving the authentication failure notification sent by the lock network authentication server, the secondary authentication opportunity may also be provided. During the secondary authentication process, the corresponding interface may be displayed to prompt the user to input the unlock code to obtain the user input. The unlock code is sent to the lock network authentication server for secondary lock network authentication. Through the secondary lock network authentication, the way of lock network authentication can be increased, and the satisfaction of the user experience is improved.

在本实施例中,还可以设置连续二次锁网认证的阈值N。当连续N次获取用户输入的解锁码发给锁网认证服务器都认证失败时,将终端关机或锁定,避免一些用户恶意反复提交认证,造成资源浪费。本实施例中N的取值可以根据应用场景和需求灵活设定,例如设定为1、3、4或5等。In this embodiment, the threshold N of the continuous secondary lock network authentication may also be set. When the unlock code input by the user is sent to the lock network authentication server for N times, the terminal is shut down or locked, so that some users maliciously submit the authentication repeatedly, which causes waste of resources. In this embodiment, the value of N can be flexibly set according to the application scenario and requirements, for example, set to 1, 3, 4, or 5, and the like.

在本实施例中,除了对终端eSIM卡进行锁网认证外,在提升安全性时,还可以对终端的身份进行合法认证。此时可以将终端的身份唯一识别码,例如国际移动设备标识(International Mobile Equipment Identity,IMEI)发给锁网认证服务器对终端身份进行合法认证。终端的身份唯一识别码可以随着锁网信息一并发给锁网认证服务器,也可以单独发给锁网认证服务器。锁网认证服务器可以在对eSIM卡进行锁网认证之前对终端的身份进行认证,也可以在对eSIM卡进行锁网认证通过之后对终端的身份进行认证。In this embodiment, in addition to performing network lock authentication on the terminal eSIM card, when the security is improved, the identity of the terminal may be legally authenticated. At this time, the identity unique identifier of the terminal, for example, the International Mobile Equipment Identity (IMEI), may be sent to the lock network authentication server to legally authenticate the terminal identity. The identity unique identifier of the terminal may be sent to the lock network authentication server along with the lock network information, or may be separately sent to the lock network authentication server. The lock network authentication server may authenticate the identity of the terminal before performing the lock network authentication on the eSIM card, or authenticate the identity of the terminal after the eSIM card is authenticated by the lock network.

本实施例中获取的eSIM卡的锁网信息可以根据锁网服务器所采用的锁网算法(参见第三代合作伙伴计划(3rd Generation Partnership Project,3GPP) TS22.022中描述的锁网(SimLock)算法)而确定。例如,本实施例中的锁网信息可以包括以下信息中的任意一种:The lock network information of the eSIM card obtained in this embodiment may be based on a lock network algorithm used by the lock network server (see 3rd Generation Partnership Project (3GPP)). Determined by the lock network (SimLock algorithm) described in TS 22.022. For example, the lock network information in this embodiment may include any one of the following information:

国际移动用户识别码(International Mobile Subscriber Identification Number,IMSI),International Mobile Subscriber Identification Number (IMSI),

移动国家码(Mobile Country Code,MCC)+移动网络号码(Mobile Network Code,MNC),Mobile Country Code (MCC) + Mobile Network Code (MNC),

MCC、MNC和IMSI的最后两位,The last two of MCC, MNC and IMSI,

MCC、MNC和分组标识(Group Identification,GID)1(第一分组标识),和,MCC, MNC, and Group Identification (GID) 1 (first group identifier), and,

MCC、MNC、GID1(第一分组标识)和GID2(第二分组标识)。MCC, MNC, GID1 (first packet identification) and GID2 (second packet identification).

图2是运营商侧锁网认证服务器侧的eSIM卡锁网方法。2 is an eSIM card lock network method on the side of the operator side lock network authentication server.

在步骤210中,运营商侧的锁网认证服务器接收终端发送的锁网认证请求。In step 210, the lock network authentication server on the operator side receives the lock network authentication request sent by the terminal.

步骤210中的锁网认证请求可以包含终端内eSIM卡的锁网信息。The lock network authentication request in step 210 may include lock network information of the eSIM card in the terminal.

在步骤220中,锁网认证服务器根据运营商的锁网策略和锁网信息对eSIM卡进行锁网认证,将锁网认证结果发送给终端。In step 220, the lock network authentication server performs network lock authentication on the eSIM card according to the operator's lock network policy and the lock network information, and sends the lock network authentication result to the terminal.

步骤220中的锁网策略包括锁网算法(SimLock算法),不同的运营商可以采用不同的锁网算法。例如,可以采用本实施例提供的以下五种算法中的任意一种:The lock network strategy in step 220 includes a lock network algorithm (SimLock algorithm), and different operators can adopt different lock network algorithms. For example, any of the following five algorithms provided in this embodiment may be adopted:

网络个性化(Network personalization)算法,此时锁网信息包括MCC和MNC;Network personalization (Network personalization) algorithm, at this time the lock network information includes MCC and MNC;

网络子集个性化(Network subset personalization)算法,此时锁网信息包括MCC、MNC和IMSI中的最后两位;Network subset personalization algorithm, where the lock network information includes the last two bits in the MCC, MNC, and IMSI;

服务个性化(Service Personalization,SP)算法,此时锁网信息包括MCC、MNC和GID1;Service Personalization (SP) algorithm, at this time, the lock network information includes MCC, MNC and GID1;

企业个性化(Corporate personalization)算法,此时锁网信息包括MCC、MNC、GID1和GID2;以及Corporate personalization algorithm, in which case the lock network information includes MCC, MNC, GID1 and GID2;

SIM个性化(SIM personalization)算法,此时锁网信息包括IMSI。SIM personalization algorithm, at this time the lock network information includes IMSI.

本实施例中的上述示例的五种类型算法参见TS22.0223GPP中的锁网算法。 本实施例中,锁网认证服务器将认证失败的认证结果发给终端后,终端还可以至少一次获取用户输入的解锁码进行二次认证。因此,本实施例中的锁网认证服务器还可以接收终端在所述锁网认证结果为失败时发送的解锁码,根据解锁码对所述eSIM卡进行二次锁网认证,将二次锁网认证结果发送给终端。For the five types of algorithms of the above example in this embodiment, refer to the lock network algorithm in TS22.0223GPP. In this embodiment, after the lock network authentication server sends the authentication result of the authentication failure to the terminal, the terminal may also obtain the unlock code input by the user at least once for secondary authentication. Therefore, the lock network authentication server in this embodiment may further receive an unlock code sent by the terminal when the lock network authentication result is a failure, and perform secondary lock network authentication on the eSIM card according to the unlock code, and the secondary lock network The authentication result is sent to the terminal.

如上所述,本实施例中除了对eSIM卡进行锁网认证外,在提升安全性时,还可以对终端的身份进行认证。因此本实施例中的锁网认证服务器还可以接收终端发送过来的身份唯一识别码。本实施例中的锁网认证服务器在对eSIM卡进行锁网认证之前,或对eSIM卡进行锁网认证成功之后,对终端的身份进行合法认证,认证方式包括但不限于以下两种方式中的任意一种。As described above, in addition to performing network lock authentication on the eSIM card in this embodiment, when the security is improved, the identity of the terminal can also be authenticated. Therefore, the lock network authentication server in this embodiment may also receive the identity unique identifier sent by the terminal. The lock network authentication server in this embodiment performs the network authentication on the eSIM card, or performs the network authentication on the eSIM card. The authentication mode includes, but is not limited to, the following two methods. Any one.

在方式一中,在运营商的数据库中查找是否存储有终端的身份唯一识别码,如存储有终端的身份唯一识别码,表明该终端身份合法;如未存储终端的身份唯一识别码,表明该终端身份不合法,不允许该终端获取运营商的服务。In the first method, it is found in the database of the operator whether the identity unique identifier of the terminal is stored, for example, the unique identifier of the terminal is stored, indicating that the identity of the terminal is legal; if the identity unique identifier of the terminal is not stored, indicating The terminal identity is invalid. The terminal is not allowed to obtain the service of the carrier.

在方式二中,在运营商的数据库中查找是否绑定存储有终端的身份唯一识别码和该终端eSIM卡的锁网信息,如有存储,表明该终端身份合法;若未绑定存储终端的身份唯一识别码和该终端eSIM卡的锁网信息,表明该终端身份不合法,不允许该终端获取运营商的服务。eSIM卡和终端可以存在一一对应的绑定关系的,因此这种验证可以提升安全性。In the second method, the operator searches the database for the binding of the identity unique identifier of the terminal and the lock network information of the terminal eSIM card. If there is storage, the identity of the terminal is legal; if the storage terminal is not bound, The identity unique identifier and the lock network information of the terminal eSIM card indicate that the identity of the terminal is invalid, and the terminal is not allowed to obtain the service of the operator. The eSIM card and the terminal can have a one-to-one binding relationship, so this verification can improve security.

实施例二Embodiment 2

本实施例提供了一种包括终端和锁网认证服务器的通信系统,在获取运营商的提供的服务时,可以提供eSIM卡锁网信息进行锁网认证,认证通过后才能表明该终端的eSIM卡是运营商授权的卡,允许终端获取服务。下面本实施例分别对终端和锁网认证服务器的结果进行示例说明。The embodiment provides a communication system including a terminal and a lock network authentication server. When the service provided by the operator is obtained, the eSIM card lock network information can be provided for the lock network authentication, and the eSIM card of the terminal can be indicated after the authentication is passed. It is a card authorized by the operator to allow the terminal to obtain the service. The following examples respectively illustrate the results of the terminal and the lock network authentication server.

参见图3所示,本实施例中的终端包括:查询模块31和管理模块32。As shown in FIG. 3, the terminal in this embodiment includes: a query module 31 and a management module 32.

查询模块31设置为读取终端内eSIM卡的锁网信息,将锁网信息发给运营商的锁网认证服务器进行锁网认证。查询模块31可以在终端完成开机后执行,也可以使终端的eSIM卡访问一个运营商获取服务之前的任意时刻执行,读取的锁网信息可以根据锁网服务器所采用的锁网算法(SimLock算法)而确定。例如,锁网信息可以包括以下信息中的任意一种:The query module 31 is configured to read the lock network information of the eSIM card in the terminal, and send the lock network information to the lock network authentication server of the operator for lock network authentication. The query module 31 can be executed after the terminal completes the booting, or can be executed at any time before the eSIM card of the terminal accesses an operator to obtain the service. The read lock network information can be based on the lock network algorithm used by the lock network server (SimLock algorithm). ) and determined. For example, the lock network information can include any of the following information:

IMSI, IMSI,

MCC和MNC,MCC and MNC,

MCC、MNC和IMSI的最后两位,The last two of MCC, MNC and IMSI,

MCC、MNC和GID1(第一分组标识),以及MCC, MNC and GID1 (first group identification), and

MCC、MNC、GID1(第一分组标识)和GID2(第二分组标识)。MCC, MNC, GID1 (first packet identification) and GID2 (second packet identification).

管理模块32设置为接收到锁网认证服务器发送的认证成功通知时,允许所述终端获取运营商提供的服务。The management module 32 is configured to allow the terminal to obtain the service provided by the operator when receiving the authentication success notification sent by the lock network authentication server.

本实施例中的查询模块31还可以设置为认证结果为为接收到所述锁网认证服务器发送的认证失败通知时,获取用户输入的解锁码,并将解锁码发送给锁网认证服务器进行二次锁网认证。通过二次锁网认证可以增加锁网认证的途径,提升用户体验的满意度。查询模块31可以在终端上显示SIM解锁界面供用户输入解锁码。本实施例中的解锁码用户可以预先从运营商获取。The query module 31 in this embodiment may be configured to obtain an unlocking code input by the user, and send the unlocking code to the lock network authentication server, when the authentication result is that the authentication failure notification sent by the lock network authentication server is received. Secondary lock network authentication. Through the secondary lock network authentication, the way of lock network authentication can be increased, and the satisfaction of the user experience is improved. The query module 31 can display a SIM unlock interface on the terminal for the user to input the unlock code. The unlock code user in this embodiment can be obtained from the operator in advance.

在本实施例中,管理模块32还可以设置连续进行二次锁网认证的阈值N,并当监测到连续N次获取用户输入的解锁码发给锁网认证服务器都认证失败时,将终端关机或锁定,避免一些用户恶意反复提交认证,造成资源浪费。其中,N为正整数。In this embodiment, the management module 32 may also set a threshold N for continuously performing secondary lock network authentication, and when the authentication code of the user input is continuously sent N times to the lock network authentication server, the terminal is shut down. Or lock, to avoid some users maliciously submit authentication repeatedly, resulting in waste of resources. Where N is a positive integer.

在本实施例中,除了对终端eSIM卡进行锁网认证外,在提升安全性时,还可以对终端的身份进行合法认证。此时查询模块31可以将终端的身份唯一识别码,例如IMEI,发给锁网认证服务器对终端身份进行合法认证。终端的身份唯一识别码可以随着锁网信息一并发给锁网认证服务器,也可以单独发给锁网认证服务器。锁网认证服务器可以在对eSIM卡进行锁网认证之前对终端的身份进行认证,也可以在对eSIM卡进行锁网认证通过之后对终端的身份进行认证。In this embodiment, in addition to performing network lock authentication on the terminal eSIM card, when the security is improved, the identity of the terminal may be legally authenticated. At this time, the query module 31 can send the identity unique identifier of the terminal, for example, the IMEI, to the lock network authentication server to legally authenticate the identity of the terminal. The identity unique identifier of the terminal may be sent to the lock network authentication server along with the lock network information, or may be separately sent to the lock network authentication server. The lock network authentication server may authenticate the identity of the terminal before performing the lock network authentication on the eSIM card, or authenticate the identity of the terminal after the eSIM card is authenticated by the lock network.

本实施例中的查询模块31、管理模块32可以设置于终端处理器内,查询模块31的功能和管理模块32的功能可由终端的处理器实现。The query module 31 and the management module 32 in this embodiment may be disposed in the terminal processor, and the functions of the query module 31 and the functions of the management module 32 may be implemented by a processor of the terminal.

参见图4所示,本实施例提供的一种锁网认证服务器包括:接收模块41和锁网认证模块42。As shown in FIG. 4, a lock network authentication server provided by this embodiment includes: a receiving module 41 and a lock network authentication module 42.

接收模块41设置为接收终端发送的锁网认证请求,其中,该锁网认证请求包含终端内eSIM卡的锁网信息。The receiving module 41 is configured to receive a lock network authentication request sent by the terminal, where the lock network authentication request includes the lock network information of the eSIM card in the terminal.

锁网认证模块42设置为根据终端访问的运营商的锁网策略和锁网信息对所述eSIM卡进行锁网认证,将锁网认证结果发送给终端。 The lock network authentication module 42 is configured to perform network lock authentication on the eSIM card according to the lock network policy and the lock network information of the operator accessed by the terminal, and send the lock network authentication result to the terminal.

锁网策略可以包括锁网算法(SimLcok算法),不同的运营商可以采用不同的锁网算法。例如,锁网认证模块42可以采用本实施例提供的以下五种算法中的任意一种:The lock network strategy may include a lock network algorithm (SimLcok algorithm), and different operators may adopt different lock network algorithms. For example, the lock network authentication module 42 can adopt any one of the following five algorithms provided in this embodiment:

网络个性化(Network personalization)算法,此时锁网信息包括MCC和MNC;Network personalization (Network personalization) algorithm, at this time the lock network information includes MCC and MNC;

网络子集个性化(Network subset personalization)算法,此时锁网信息包括MCC、MNC和IMSI中最后两位;Network subset personalization algorithm, where the lock network information includes the last two bits of MCC, MNC and IMSI;

服务个性化(Service Personalization)算法,此时锁网信息包括MCC、MNC和GID1;Service Personalization algorithm, at this time, the lock network information includes MCC, MNC, and GID1;

企业个性化(Corporate personalization)算法,此时锁网信息包括MCC、MNC、GID1和GID2;以及Corporate personalization algorithm, in which case the lock network information includes MCC, MNC, GID1 and GID2;

SIM个性化(SIM personalization)算法,此时锁网信息包括IMSI。SIM personalization algorithm, at this time the lock network information includes IMSI.

接收模块41还设置为接收终端在所述锁网认证结果为失败时发送的解锁码。The receiving module 41 is further configured to receive an unlocking code sent by the terminal when the lock network authentication result is a failure.

锁网认证模块42还设置为根据解锁码对eSIM卡进行二次锁网认证,将二次锁网认证结果发送给终端。The lock network authentication module 42 is further configured to perform secondary lock network authentication on the eSIM card according to the unlock code, and send the secondary lock network authentication result to the terminal.

如上所述,本实施例中除了对eSIM卡进行锁网认证外,提升安全性时,锁网认证模块42还可以对终端的身份进行认证。因此本实施例中的接收模块41还可以接收终端发送过来的身份唯一识别码。本实施例中的锁网认证模块42在对eSIM卡进行锁网认证之前,或对eSIM卡进行锁网认证成功之后,还可以设置为对终端的身份进行合法认证,认证方式包括但不限于以下两种方式中的任意一种。As described above, in addition to performing network lock authentication on the eSIM card in this embodiment, when the security is improved, the lock network authentication module 42 can also authenticate the identity of the terminal. Therefore, the receiving module 41 in this embodiment can also receive the identity unique identifier sent by the terminal. The lock network authentication module 42 in this embodiment may be configured to perform legal authentication on the identity of the terminal before the network authentication of the eSIM card is performed, or the authentication mode includes, but is not limited to, the following: Either of the two methods.

在方式一中,锁网认证模块42在运营商的数据库中查找是否存储有终端的身份唯一识别码,如存储有终端的身份唯一识别码,表明该终端身份合法;如未存储有终端的身份唯一识别码,表明该终端身份不合法,不允许该终端获取运营商的服务。In the first mode, the lock network authentication module 42 searches the operator's database for whether the terminal's identity unique identifier is stored, such as the terminal's identity unique identifier, indicating that the terminal's identity is legal; if the terminal's identity is not stored A unique identifier indicates that the identity of the terminal is invalid and the terminal is not allowed to obtain the service of the operator.

在方式二中,锁网认证模块42在运营商的数据库中查找是否绑定存储有终端的身份唯一识别码和该终端eSIM卡的锁网信息,如有存储,表明该终端身份合法;若未绑定存储终端的身份唯一识别码和该终端eSIM卡的锁网信息,表明 该终端身份不合法,不允许该终端获取运营商的服务。eSIM卡和终端可以存在一一对应的绑定关系的,因此这种验证可以提升安全性。In the second mode, the lock network authentication module 42 searches in the database of the operator whether to bind the identity unique identifier of the terminal and the lock network information of the terminal eSIM card. If there is storage, the identity of the terminal is legal; Binding the identity unique identifier of the storage terminal and the lock network information of the terminal eSIM card, indicating The identity of the terminal is invalid. The terminal is not allowed to obtain the service of the carrier. The eSIM card and the terminal can have a one-to-one binding relationship, so this verification can improve security.

本实施例中的接收模块41、锁网认证模块42可以设置于服务器的处理器内,接收模块41的功能和锁网认证模块42的功能可由服务器的处理器实现。The receiving module 41 and the lock network authentication module 42 in this embodiment may be disposed in a processor of the server, and the function of the receiving module 41 and the function of the lock network authentication module 42 may be implemented by a processor of the server.

上述实施例的模块或步骤可以用通用的计算装置来实现,例如上述模块的功能可以通过终端或网管内的处理器实现。模块或步骤可以集中在单个的计算装置上,或者分布在多个计算装置所组成的网络上,可选地,模块或步骤可以用计算装置可执行的程序代码来实现,可以将模块或步骤存储在计算机存储介质(只读存储器(Read Only Memory,ROM)、随机存取存储器(Ramdom Access Memory,RAM)、磁碟、光盘)中由计算装置来执行,并且在一些情况下,可以以不同于此处的顺序执行所示出或描述的步骤,或者将模块或步骤分别制作成多个集成电路模块,或者将多个模块或步骤制作成单个集成电路模块来实现。The modules or steps of the foregoing embodiments may be implemented by a general-purpose computing device. For example, the functions of the foregoing modules may be implemented by a processor in a terminal or a network management system. The modules or steps may be centralized on a single computing device or distributed across a network of computing devices. Alternatively, the modules or steps may be implemented in a program code executable by the computing device, and the modules or steps may be stored Executed by a computing device in a computer storage medium (Read Only Memory (ROM), Random Access Memory (RAM), disk, optical disk), and in some cases, may be different The steps shown or described herein are performed sequentially, or the modules or steps are separately fabricated into a plurality of integrated circuit modules, or a plurality of modules or steps are fabricated into a single integrated circuit module.

实施例三Embodiment 3

本实施例结合一个锁网流程对本实施例进行示例说明。This embodiment illustrates the present embodiment by combining a lock network process.

在步骤510中,终端开机。In step 510, the terminal is powered on.

在步骤520中,终端读取eSIM卡的锁网信息发给运营商侧的锁网认证服务器,本实施例中的锁网信息包括IMSI、GID1、GID2、IMEI中的至少一个。In step 520, the terminal reads the lock network information of the eSIM card and sends it to the lock network authentication server on the operator side. The lock network information in this embodiment includes at least one of IMSI, GID1, GID2, and IMEI.

在步骤530中,锁网认证服务器根据IMEI和IMSI对终端身份进行认证。In step 530, the lock network authentication server authenticates the terminal identity based on the IMEI and the IMSI.

在步骤540中,锁网认证服务器对该eSIM卡的锁网信息进行核对,运行SimLcok算法来判断该eSIM卡是否属于运营商授权的卡,如该eSIM卡是运营商授权的卡,转至步骤550;如该eSIM卡不是运营商授权的卡,转至步骤560。In step 540, the lock network authentication server checks the lock network information of the eSIM card, and runs the SimmLok algorithm to determine whether the eSIM card belongs to the license card authorized by the operator. If the eSIM card is an authorized card of the operator, go to the step. 550; if the eSIM card is not an operator authorized card, go to step 560.

在步骤550中,向终端反馈认证成功通知,终端服务可用。In step 550, the authentication success notification is fed back to the terminal, and the terminal service is available.

在步骤560中,向终端反馈认证失败通知,终端弹出SIM解锁界面,并等待用户输入解锁码。In step 560, the authentication failure notification is fed back to the terminal, the terminal pops up the SIM unlocking interface, and waits for the user to input the unlocking code.

在步骤570中,终端获取用户输入的解锁码,加密后发给锁网认证服务器进行二次锁网认证。In step 570, the terminal acquires the unlock code input by the user, encrypts it, and sends it to the lock network authentication server for secondary lock network authentication.

在步骤580中,锁网认证服务器解密得到解锁码,判断解锁码是否正确,如解锁码正确,转至步骤550,如解锁码不正确,转至步骤590。 In step 580, the lock network authentication server decrypts the unlock code to determine whether the unlock code is correct. If the unlock code is correct, go to step 550. If the unlock code is incorrect, go to step 590.

在步骤590中,更新二次锁网认证连续失败的次数n。In step 590, the number n of consecutive failures of the secondary lock network authentication is updated.

在步骤5100中,判断二次锁网认证连续失败的次数n是否大于预设阈值N;如n大于N,转至步骤5110;如n不大于N,转至步骤560。In step 5100, it is determined whether the number n of consecutive failures of the secondary lock network authentication is greater than a preset threshold N; if n is greater than N, go to step 5110; if n is not greater than N, go to step 560.

在步骤5110中,将终端关机。In step 5110, the terminal is powered off.

本实施例中用户侧终端的eSIM卡在访问运营商获取服务时,通过了运营商的锁网认证,表明该用户终端的eSIM卡是运营商的授权卡,可以获取运营商的服务,可以避免运营商合约用户在合约期内违背合同转用其他运营商服务而对合约用户的运营商造成损失。In this embodiment, the eSIM card of the user-side terminal passes the lock network authentication of the operator when the access operator obtains the service, indicating that the eSIM card of the user terminal is an authorization card of the operator, and the service of the operator can be obtained, which can be avoided. The carrier contract user caused losses to the contract user's operator during the contract period due to the contract to other carrier services.

本实施例还提供了一种计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令设置为执行上述任一方法。The embodiment further provides a computer readable storage medium storing computer executable instructions arranged to perform any of the methods described above.

本实施例还提供了一种终端的硬件结构示意图。参见图6,该终端包括:This embodiment also provides a hardware structure diagram of a terminal. Referring to Figure 6, the terminal includes:

至少一个处理器(processor)60,图6中以一个处理器60为例;和存储器(memory)61,还可以包括通信接口(Communications Interface)62和总线63。其中,处理器60、通信接口62、存储器61可以通过总线63完成相互间的通信。通信接口62可以设置为信息传输。处理器60可以调用存储器61中的逻辑指令,以执行以下方法:At least one processor 60, which is exemplified by a processor 60 in FIG. 6; and a memory 61, may further include a communication interface 62 and a bus 63. The processor 60, the communication interface 62, and the memory 61 can complete communication with each other through the bus 63. Communication interface 62 can be configured for information transfer. The processor 60 can call the logic instructions in the memory 61 to perform the following methods:

读取终端内eSIM卡的锁网信息;Reading the lock network information of the eSIM card in the terminal;

将所述锁网信息发给运营商的锁网认证服务器进行锁网认证;以及Sending the lock network information to the lock network authentication server of the operator for lock network authentication;

接收到所述锁网认证服务器发送的认证成功通知时,允许所述终端获取所述运营商提供的服务。When receiving the authentication success notification sent by the lock network authentication server, the terminal is allowed to obtain the service provided by the operator.

此外,上述的存储器61中的逻辑指令可以通过软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。Furthermore, the logic instructions in the memory 61 described above may be implemented in the form of a software functional unit and sold or used as a stand-alone product, and may be stored in a computer readable storage medium.

存储器61作为一种计算机可读存储介质,可设置为存储软件程序、计算机可执行程序,如上述实施例中方法对应的程序指令或模块。处理器60通过运行存储在存储器61中的软件程序、指令或模块,从而执行功能应用以及数据处理。The memory 61 is a computer readable storage medium, and can be configured to store a software program, a computer executable program, such as a program instruction or a module corresponding to the method in the above embodiment. The processor 60 performs functional applications and data processing by running software programs, instructions or modules stored in the memory 61.

存储器61可包括存储程序区和存储数据区,其中,存储程序区可存储操作系统、至少一个功能所需的应用程序;存储数据区可存储根据终端的使用所创建的数据等。此外,存储器61可以包括高速随机存取存储器,还可以包括非易 失性存储器。The memory 61 may include a storage program area and an storage data area, wherein the storage program area may store an operating system, an application required for at least one function; the storage data area may store data created according to usage of the terminal, and the like. In addition, the memory 61 may include a high speed random access memory, and may also include non-easy Loss of memory.

本实施例提供了一种锁网认证服务器的硬件结构示意图。参见图7,该锁网认证服务器包括:This embodiment provides a hardware structure diagram of a lock network authentication server. Referring to FIG. 7, the lock network authentication server includes:

至少一个处理器(processor)70,图7中以一个处理器70为例;和存储器(memory)71,还可以包括通信接口(Communications Interface)72和总线73。其中,处理器70、通信接口72、存储器71可以通过总线73完成相互间的通信。通信接口72可以设置为信息传输。处理器70可以调用存储器71中的逻辑指令,以执行以下方法:At least one processor 70, which is exemplified by a processor 70 in FIG. 7; and a memory 71, may further include a communication interface 72 and a bus 73. The processor 70, the communication interface 72, and the memory 71 can complete communication with each other through the bus 73. Communication interface 72 can be configured for information transfer. The processor 70 can call the logic instructions in the memory 71 to perform the following methods:

运营商侧的锁网认证服务器接收终端发送的锁网认证请求,其中,所述锁网认证请求包含所述终端内eSIM卡的锁网信息;以及The lock network authentication server on the operator side receives the lock network authentication request sent by the terminal, where the lock network authentication request includes the lock network information of the eSIM card in the terminal;

所述锁网认证服务器根据所述运营商的锁网策略和所述锁网信息对所述eSIM卡进行锁网认证,将锁网认证结果发送给所述终端。The lock network authentication server performs lock network authentication on the eSIM card according to the lock network policy of the operator and the lock network information, and sends the lock network authentication result to the terminal.

此外,上述的存储器71中的逻辑指令可以通过软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。In addition, the logic instructions in the memory 71 described above may be implemented in the form of a software functional unit and sold or used as a stand-alone product, and may be stored in a computer readable storage medium.

存储器71作为一种计算机可读存储介质,可设置为存储软件程序、计算机可执行程序,如上述实施例中方法对应的程序指令或模块。处理器70通过运行存储在存储器71中的软件程序、指令或模块,从而执行功能应用以及数据处理。The memory 71 is a computer readable storage medium, and can be configured to store a software program, a computer executable program, such as a program instruction or a module corresponding to the method in the above embodiment. The processor 70 executes functional applications and data processing by running software programs, instructions or modules stored in the memory 71.

存储器71可包括存储程序区和存储数据区,其中,存储程序区可存储操作系统、至少一个功能所需的应用程序;存储数据区可存储根据终端的使用所创建的数据等。此外,存储器71可以包括高速随机存取存储器,还可以包括非易失性存储器。The memory 71 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application required for at least one function; the storage data area may store data created according to usage of the terminal, and the like. Further, the memory 71 may include a high speed random access memory, and may also include a nonvolatile memory.

工业实用性Industrial applicability

本公开提供的嵌入式用户识别模块eSIM卡锁网方法、终端及锁网认证服务器,在锁网认证服务器发送的认证成功通知时,允许终端获取该运营商提供的服务,可以避免运营商的合约用户在合约期内违背合同转用其他运营商服务而对合约用户的运营商造成损失。 The embedded subscriber identity module eSIM card lock network method, the terminal and the lock network authentication server provided by the disclosure allow the terminal to obtain the service provided by the operator when the authentication success notification sent by the lock network authentication server, and the operator's contract can be avoided. The user caused losses to the operator of the contract user during the contract period due to the conversion of the contract to other carrier services.

Claims (13)

  1. 一种嵌入式用户识别模块eSIM卡锁网方法,包括:An embedded subscriber identity module eSIM card lock network method includes:
    读取终端内eSIM卡的锁网信息;Reading the lock network information of the eSIM card in the terminal;
    将所述锁网信息发给运营商的锁网认证服务器进行锁网认证;以及Sending the lock network information to the lock network authentication server of the operator for lock network authentication;
    接收到所述锁网认证服务器发送的认证成功通知时,允许所述终端获取所述运营商提供的服务。When receiving the authentication success notification sent by the lock network authentication server, the terminal is allowed to obtain the service provided by the operator.
  2. 如权利要求1所述的方法,还包括:接收到所述锁网认证服务器发送的认证失败通知时,获取用户输入的解锁码,并将所述解锁码发送给所述锁网认证服务器进行二次锁网认证。The method of claim 1, further comprising: when receiving the authentication failure notification sent by the lock network authentication server, acquiring an unlock code input by the user, and transmitting the unlock code to the lock network authentication server. Secondary lock network authentication.
  3. 如权利要求2所述的方法,还包括连续N次获取用户输入的解锁码发给所述锁网认证服务器都认证失败时,将所述终端关机或锁定,其中,N为正整数。The method of claim 2, further comprising: acquiring the unlock code input by the user N times consecutively, and sending the terminal to the lock network authentication server to disable or lock the terminal, wherein N is a positive integer.
  4. 如权利要求1-3任一项所述的方法,还包括将所述终端的身份唯一识别码发给所述锁网认证服务器,以使所述锁网认证服务器对所述终端身份进行合法认证。The method according to any one of claims 1 to 3, further comprising transmitting an identity unique identification code of the terminal to the lock network authentication server, so that the lock network authentication server legally authenticates the terminal identity .
  5. 如权利要求1-3任一项所述的方法,其中,所述锁网信息包括以下任意一种:国际移动用户识别码,移动国家码和移动网络号码,移动国家码、移动网络号码和国际移动用户识别码的最后两位,移动国家码、移动网络号码和第一分组标识,以及,移动国家码、移动网络号码、第一分组标识和第二分组标识。The method of any of claims 1-3, wherein the lock network information comprises any one of the following: an international mobile subscriber identity, a mobile country code and a mobile network number, a mobile country code, a mobile network number, and an international The last two digits of the mobile subscriber identity, the mobile country code, the mobile network number and the first packet identity, and the mobile country code, the mobile network number, the first packet identity, and the second packet identity.
  6. 一种嵌入式用户识别模块eSIM卡锁网方法,包括:An embedded subscriber identity module eSIM card lock network method includes:
    运营商侧的锁网认证服务器接收终端发送的锁网认证请求,其中,所述锁网认证请求包含所述终端内eSIM卡的锁网信息;以及The lock network authentication server on the operator side receives the lock network authentication request sent by the terminal, where the lock network authentication request includes the lock network information of the eSIM card in the terminal;
    所述锁网认证服务器根据所述运营商的锁网策略和所述锁网信息对所述eSIM卡进行锁网认证,将锁网认证结果发送给所述终端。 The lock network authentication server performs lock network authentication on the eSIM card according to the lock network policy of the operator and the lock network information, and sends the lock network authentication result to the terminal.
  7. 如权利要求6所述的方法,还包括所述锁网认证服务器接收所述终端在所述锁网认证结果为失败时发送的解锁码,根据所述解锁码对所述eSIM卡进行二次锁网认证,将二次锁网认证结果发送给所述终端。The method of claim 6, further comprising the lock network authentication server receiving an unlock code sent by the terminal when the lock network authentication result is a failure, and performing a secondary lock on the eSIM card according to the unlock code The network authentication sends the secondary lock network authentication result to the terminal.
  8. 如权利要求6或7所述的方法,还包括所述锁网认证服务器接收所述终端发送的身份唯一识别码;The method according to claim 6 or 7, further comprising the lock network authentication server receiving an identity unique identifier sent by the terminal;
    所述锁网认证服务器在对所述eSIM卡进行锁网认证之前,或对eSIM卡进行锁网认证成功之后,在所述运营商的数据库中查找是否存储有所述身份唯一识别码,或是否存绑定存储有所述身份唯一识别码和所述锁网信息,如所述运营商的数据库存储有所述身份唯一识别码,或者所述身份唯一识别码和所述锁网信息,判定所述终端身份合法。Before the lock network authentication server performs network lock authentication on the eSIM card, or after performing network lock authentication on the eSIM card, the server searches the database of the operator whether the identity unique identifier is stored, or whether The storage binding stores the identity unique identifier and the lock network information, such as the identifier of the operator storing the identity unique identifier, or the identity unique identifier and the lock network information, and determining the location The terminal identity is legal.
  9. 一种终端,包括:A terminal comprising:
    查询模块,设置为读取所述终端内eSIM卡的锁网信息,将所述锁网信息发给运营商的锁网认证服务器进行锁网认证;以及The query module is configured to read the lock network information of the eSIM card in the terminal, and send the lock network information to the lock network authentication server of the operator to perform lock network authentication;
    管理模块,设置为接收到所述锁网认证服务器发送的认证成功通知时,允许所述终端获取所述运营商提供的服务。The management module is configured to allow the terminal to obtain the service provided by the operator when receiving the authentication success notification sent by the lock network authentication server.
  10. 如权利要求9所述的终端,其中,所述查询模块还设置为接收到所述锁网认证服务器发送的认证失败通知时,获取用户输入的解锁码,并将所述解锁码发送给所述锁网认证服务器进行二次锁网认证。The terminal according to claim 9, wherein the query module is further configured to: when receiving the authentication failure notification sent by the lock network authentication server, acquire an unlock code input by the user, and send the unlock code to the The lock network authentication server performs secondary lock network authentication.
  11. 一种锁网认证服务器,包括:A lock network authentication server includes:
    接收模块,设置为接收终端发送的锁网认证请求,其中,所述锁网认证请求包含所述终端内eSIM卡的锁网信息;以及a receiving module, configured to receive a lock network authentication request sent by the terminal, where the lock network authentication request includes lock network information of the eSIM card in the terminal;
    锁网认证模块,设置为根据所述终端访问的运营商的锁网策略和所述锁网信息对所述eSIM卡进行锁网认证,将锁网认证结果发送给所述终端。 The lock network authentication module is configured to perform network lock authentication on the eSIM card according to the lock network policy of the operator accessed by the terminal and the lock network information, and send the lock network authentication result to the terminal.
  12. 如权利要求11所述的锁网认证服务器,其中,所述接收模块还设置为接收所述终端在所述锁网认证结果为失败时发送的解锁码;The lock network authentication server according to claim 11, wherein the receiving module is further configured to receive an unlock code sent by the terminal when the lock network authentication result is a failure;
    所述锁网认证模块还设置为根据所述解锁码对所述eSIM卡进行二次锁网认证,将二次锁网认证结果发送给所述终端。The lock network authentication module is further configured to perform secondary lock network authentication on the eSIM card according to the unlock code, and send the secondary lock network authentication result to the terminal.
  13. 一种计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令设置为执行权利要求1-8中任一项的方法。 A computer readable storage medium storing computer executable instructions arranged to perform the method of any of claims 1-8.
PCT/CN2017/083885 2016-07-14 2017-05-11 Network locking method for esim card, terminal, and network locking authentication server WO2018010480A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201610556546.4A CN107623907A (en) 2016-07-14 2016-07-14 ESIM clamping locks network method, terminal and lock network certificate server
CN201610556546.4 2016-07-14

Publications (1)

Publication Number Publication Date
WO2018010480A1 true WO2018010480A1 (en) 2018-01-18

Family

ID=60951921

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/083885 WO2018010480A1 (en) 2016-07-14 2017-05-11 Network locking method for esim card, terminal, and network locking authentication server

Country Status (2)

Country Link
CN (1) CN107623907A (en)
WO (1) WO2018010480A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103916844A (en) * 2012-12-31 2014-07-09 华为技术有限公司 Subscriber identity module card opening method and virtual subscriber identity module card server
CN105188049A (en) * 2015-09-30 2015-12-23 宇龙计算机通信科技(深圳)有限公司 Virtual SIM (Subscriber Identity module) card service authorization method, terminal, server and system
CN105306466A (en) * 2015-10-29 2016-02-03 东莞酷派软件技术有限公司 Execution method of service, execution system of service, and mobile terminal
CN105636043A (en) * 2016-02-26 2016-06-01 宇龙计算机通信科技(深圳)有限公司 ESIM (Embedded SIM) card authentication method, eSIM card authentication device and terminal
CN105848153A (en) * 2016-06-07 2016-08-10 宇龙计算机通信科技(深圳)有限公司 Embedded type SIM card registration method, embedded type SIM card authentication method and corresponding systems

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101800986A (en) * 2010-02-26 2010-08-11 华为终端有限公司 Method and device for realizing network locking and unlocking of terminal

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103916844A (en) * 2012-12-31 2014-07-09 华为技术有限公司 Subscriber identity module card opening method and virtual subscriber identity module card server
CN105188049A (en) * 2015-09-30 2015-12-23 宇龙计算机通信科技(深圳)有限公司 Virtual SIM (Subscriber Identity module) card service authorization method, terminal, server and system
CN105306466A (en) * 2015-10-29 2016-02-03 东莞酷派软件技术有限公司 Execution method of service, execution system of service, and mobile terminal
CN105636043A (en) * 2016-02-26 2016-06-01 宇龙计算机通信科技(深圳)有限公司 ESIM (Embedded SIM) card authentication method, eSIM card authentication device and terminal
CN105848153A (en) * 2016-06-07 2016-08-10 宇龙计算机通信科技(深圳)有限公司 Embedded type SIM card registration method, embedded type SIM card authentication method and corresponding systems

Also Published As

Publication number Publication date
CN107623907A (en) 2018-01-23

Similar Documents

Publication Publication Date Title
JP6533203B2 (en) Mobile device supporting multiple access control clients and corresponding method
US10623954B2 (en) AP connection method, terminal, and server
US9661666B2 (en) Apparatus and methods of identity management in a multi-network system
JP6262278B2 (en) Method and apparatus for storage and computation of access control client
US20180091978A1 (en) Universal Integrated Circuit Card Having A Virtual Subscriber Identity Module Functionality
KR101959492B1 (en) Methods and apparatus for user authentication and human intent verification in mobile devices
US10285050B2 (en) Method and apparatus for managing a profile of a terminal in a wireless communication system
US9788209B2 (en) Apparatus and methods for controlling distribution of electronic access clients
US9867043B2 (en) Secure device service enrollment
KR102018971B1 (en) Method for enabling network access device to access wireless network access point, network access device, application server and non-volatile computer readable storage medium
US10397782B2 (en) Wireless access authentication
US9674696B2 (en) Method and terminal device for keeping subscriber identity module card in standby state
WO2015081882A1 (en) Method and apparatus for downloading operator document
CN104205891B (en) Virtual SIM card cloud platform
TWI592051B (en) Network assisted fraud detection apparatus and methods
US8868915B2 (en) Secure authentication for client application access to protected resources
US8452012B2 (en) Using a trusted-platform-based shared-secret derivation and WWAN infrastructure-based enrollment to establish a secure local channel
JP2016076940A (en) Management method for contents on preservation element connected to device
US8983543B2 (en) Methods and apparatus for managing data within a secure element
EP2633716B1 (en) Data processing for securing local resources in a mobile device
US8892071B2 (en) System for managing unregistered terminals with shared authentication information and method thereof
US8219811B2 (en) Secure software execution such as for use with a cell phone or mobile device
EP2651097B1 (en) Method of authenticating a user at a service on a service server, application and system
CN105340306B (en) Wireless subscribe to is provided using software-based subscriber identity module
US9843575B2 (en) Wireless network authentication method and wireless network authentication apparatus

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17826819

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase in:

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17826819

Country of ref document: EP

Kind code of ref document: A1