WO2018129723A1 - Procédé de gestion relatif à un ensemble de données d'abonnement, terminal et serveur - Google Patents

Procédé de gestion relatif à un ensemble de données d'abonnement, terminal et serveur Download PDF

Info

Publication number
WO2018129723A1
WO2018129723A1 PCT/CN2017/071184 CN2017071184W WO2018129723A1 WO 2018129723 A1 WO2018129723 A1 WO 2018129723A1 CN 2017071184 W CN2017071184 W CN 2017071184W WO 2018129723 A1 WO2018129723 A1 WO 2018129723A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
management
data set
party application
euicc
Prior art date
Application number
PCT/CN2017/071184
Other languages
English (en)
Chinese (zh)
Inventor
高林毅
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to PCT/CN2017/071184 priority Critical patent/WO2018129723A1/fr
Priority to CN201780032616.9A priority patent/CN109196891B/zh
Publication of WO2018129723A1 publication Critical patent/WO2018129723A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data

Definitions

  • the present invention relates to the field of communications, and in particular, to a method, a terminal, and a server for managing a contracted data set.
  • the terminal user purchases a SIM (Subscriber Identification Module) card or a UICC (Universal Integrated Circuit Card) from the operator, and inserts the SIM card or UICC into the terminal (device) to write according to the card.
  • SIM Subscriber Identification Module
  • UICC Universal Integrated Circuit Card
  • the data set is connected to the operator's network.
  • the eUICC refers to a UICC that supports secure remote management of a subscription data profile and/or a UICC that supports a local management profile.
  • the eUICC Since the eUICC is generally integrated in the terminal by the terminal manufacturer, it is generally not purchased and manufactured by the operator. Therefore, after the terminal is shipped from the factory, the eUICC may not include data that can be connected to the carrier network.
  • the terminal needs to use the remote management technology to connect to the SM-DP+ (Subscription Management Data Preparation+), receive the profile delivered by the SM-DP+, and download the profile to the eUICC. Then the eUICC can use the profile to connect. Enter the carrier's network. When the profile is active, the eUICC functions the same as the traditional UICC and can be used to access the network of the corresponding mobile network operator.
  • the terminal also includes an LPA (Local Profile Assistant) for managing the profile in the eUICC, such as downloading other new profiles, activating the downloaded profile, activating the profile, and deleting the profile.
  • LPA Local Profile Assistant
  • the terminal can manage the profile in the eUICC through the LPA.
  • the user cannot use the third-party application (Application), such as the application client of the operator to manage the profile in the eUICC.
  • Application such as the application client of the operator to manage the profile in the eUICC.
  • An embodiment of the present invention provides a method for managing a subscription data set, a terminal, and a server.
  • the third-party application on the terminal performs access management on the profile in the eUICC by using the system architecture and the access control mechanism of the current eUICC.
  • a method for managing a subscription data set is disclosed, the method being performed by a terminal, where the terminal comprises an integrated circuit card eUICC, an LPA (Local Profile Assistant), and a third party application, the method include:
  • the terminal obtains a subscription data set from the subscription management server, where the subscription data set includes authentication information of the third-party application;
  • the contract data set performs management operations
  • the terminal performs the management operation on the subscription data set.
  • the current eUICC system architecture of the current terminal is used to manage the subscription data set in the eUICC through the third-party application, and the subscription data set in the eUICC is added, without adding additional application modules. Manage the entrance.
  • the method before the receiving, by the terminal, the first request sent by the third-party application server, the method further includes:
  • the third-party application of the terminal sends a first management operation request to the third-party application server, where the first management operation request includes a management operation performed by the third-party application to perform the subscription data set in the eUICC.
  • the method before the receiving, by the terminal, the first request sent by the third-party application server, the method further includes:
  • the third party application server generates a management operation performed on the contract data set in the eUICC.
  • the terminal acquires the identifier according to the identifier ICCID of the subscription data set Before the authentication information of the third-party application included in the contract data set in the eUICC, the method further includes:
  • the terminal determines that the identifier EID of the eUICC returned by the third-party application server is the same as the identifier EID of the eUICC of the terminal, the terminal acquires the subscription data set in the eUICC according to the identifier ICCID of the subscription data set. Contains authentication information for third-party applications.
  • the terminal is configured according to the third party application in the subscription data set And the authentication information, and the certificate information of the third-party application, determining whether the third-party application has the right to trigger a management operation on the subscription data set, including:
  • the LPA of the terminal determines, according to the authentication information of the third-party application in the subscription data set, and the certificate information of the third-party application, whether the third-party application has the right to trigger a management operation on the subscription data set;
  • the eUICC of the terminal determines, according to the authentication information of the third-party application in the subscription data set, and the certificate information of the third-party application, whether the third-party application has the right to trigger a management operation on the subscription data set.
  • the terminal performs the management operation on the subscription data set ,include:
  • the LPA of the terminal sends a management instruction acquisition request to the subscription management server according to the first request;
  • the LPA of the terminal receives the management instruction returned by the subscription management server according to the management instruction acquisition request;
  • the LPA of the terminal performs a management operation in the first management operation request on the subscription data set in the eUICC according to the management instruction.
  • the method further includes:
  • the first request includes an indication indicating a management operation
  • the terminal performs the management operation on the subscription data set, including:
  • the LPA of the terminal performs a management operation indicated in the first request on the subscription data set in the eUICC according to the first request.
  • a method for managing a contracted data set is disclosed, the method being performed by a contract management server, wherein the method comprises:
  • the subscription management server receives a second management operation request sent by the third-party application server, where the second management operation request includes a management operation performed on the subscription data in the terminal, an identifier ICCID of the subscription data set in the terminal, An identifier EID of the terminal eUICC and authentication information of a third-party application in the terminal;
  • the subscription management server sends a management request response to the third-party application server, where the management request response includes an identifier ICCID of the subscription data set in the terminal and an identifier EID of the terminal eUICC;
  • the third-party application server sends the identifier ICCID of the subscription data set in the terminal to the terminal.
  • the subscription management server acquires a management instruction acquisition request sent by the terminal, where the management instruction acquisition request carries the identifier EID of the terminal eUICC and the certificate information of the third-party application stored in the terminal;
  • the subscription management server determines, according to the management instruction acquisition request and the second management operation request, whether the third-party application in the terminal has the right to trigger a management operation on the subscription data set in the terminal eUICC;
  • the subscription management server verifies that the third-party application in the terminal has the right to trigger a management operation on the subscription data set in the terminal eUICC
  • the subscription management server returns a management instruction to the terminal, so that the terminal can
  • the management data indicates the subscription data set in the terminal eUICC Perform management operations.
  • the current eUICC system architecture of the current terminal is used to manage the subscription data set in the eUICC through the third-party application, and the subscription data set in the eUICC is added, without adding additional application modules.
  • the authorization of the MNO APP is placed on the network side for verification, which further simplifies the complexity of the method flow and simplifies the authentication operation on the terminal side.
  • the subscription management server is configured to verify, according to the management instruction acquisition request and the second management operation request, whether the third-party application in the terminal is Have permission to trigger management operations on the subscription data set in the terminal eUICC, including:
  • the subscription management server acquires an identifier EID of the terminal eUICC in the request according to the management instruction, and searches for a second management operation request associated with the identifier EID of the terminal eUICC;
  • the contract management server determines whether the certificate information of the third-party application carried in the management instruction acquisition request is the same as the authentication information of the third-party application in the second management operation request;
  • the contracted data set performs management operations.
  • the management request response sent by the subscription management server further includes a registration event identifier event ID
  • the registration event identifier event ID is used to identify a management operation event that the subscription management server requests to register according to the second management operation request;
  • the registration management server obtains the registration event identifier event ID in the management instruction acquisition request sent by the terminal;
  • the subscription management server according to the management instruction acquisition request and the second management operation request, verifying whether the third-party application in the terminal has the right to trigger a management operation on the subscription data set in the eUICC, including:
  • the subscription management server acquires a registration event identifier event ID in the request according to the management instruction, and searches for a second management operation request associated with the registration event identifier event ID;
  • the contract management server determines whether the certificate information of the third-party application carried in the management instruction acquisition request is the same as the authentication information of the third-party application in the second management operation request;
  • the third-party application in the terminal has authority to the terminal eUICC.
  • the contracted data set performs management operations.
  • a terminal comprising a transceiver, an integrated circuit card eUICC for storing a subscription data set, a memory, and one or more programs for executing the one stored in the memory
  • eUICC integrated circuit card
  • a memory for storing a subscription data set
  • one or more programs for executing the one stored in the memory
  • the one or more processors are used to:
  • the contract data set performs management operations
  • the current eUICC system architecture of the current terminal is used to manage the subscription data set in the eUICC through the third-party application, and the subscription data set in the eUICC is added, without adding additional application modules. Manage the entrance.
  • the processor is further configured to:
  • the third-party application server in conjunction with the third aspect, in a second possible implementation of the third aspect, the third-party application server generates a management operation performed on the subscription data set in the eUICC.
  • the processor is further configured to:
  • the identifier EID of the eUICC returned by the third-party application server is the same as the identifier EID of the eUICC of the terminal, acquiring the third-party application included in the subscription data set in the eUICC according to the identifier ICCID of the subscription data set. Certification Information.
  • the processor is further configured to:
  • determining that the eUICC of the terminal determines, according to the authentication information of the third-party application in the subscription data set, and the certificate information of the third-party application, whether the third-party application has the right to trigger a management operation on the subscription data set. .
  • the processor is further configured to:
  • the first request includes a management command indicating a management operation
  • the processor is further configured to:
  • a fourth aspect is a subscription management server, characterized in that the terminal comprises a transceiver, a memory, and one or more processors for executing one or more programs stored in the memory,
  • the one or more processors are used to:
  • the second management operation request includes a management operation performed on the subscription data in the terminal, and an identifier of the subscription data set in the terminal.
  • the management request response includes an identifier ICCID of the subscription data set in the terminal and an identifier of the terminal eUICC EID, for the third-party application server to send an identifier ICCID of the subscription data set in the terminal and an identifier EID of the terminal eUICC to the terminal;
  • the transceiver And receiving, by the transceiver, a management instruction acquisition request sent by the terminal, where the management instruction acquisition request carries an identifier EID of the terminal eUICC and certificate information of a third-party application stored in the terminal;
  • the subscription management server verifies that the third-party application in the terminal has the right to trigger a management operation on the subscription data set in the terminal eUICC, then controlling the transceiver to return a management instruction to the terminal, so that the terminal can The management instruction performs a management operation on the contract data set in the terminal eUICC.
  • the current eUICC system architecture of the current terminal is used to manage the subscription data set in the eUICC through the third-party application without adding additional application modules.
  • the authorization of the MNO APP is placed on the network side for verification, which further simplifies the complexity of the method flow and simplifies the authentication operation on the terminal side.
  • the one or more processors are further configured to:
  • the contracted data set performs management operations.
  • the management request response further includes a registration event identifier event ID, the registration event The identifier event ID is used to identify a management operation event that is registered by the subscription management server according to the second management operation request;
  • the management instruction acquisition request further carries the registration event identifier event ID
  • the one or more processors are also used to:
  • the contracted data set performs management operations.
  • FIG. 1A is an application scenario diagram of managing a profile in a terminal eUICC by using a third-party application
  • FIG. 1B is an architectural diagram of a remote management system of eUICC
  • FIG. 2 is a schematic flowchart of a method for managing a contracted data set according to an embodiment of the present invention
  • FIG. 3 is a signaling interaction diagram of a method for managing a subscription data set according to an embodiment of the present disclosure
  • FIG. 4 is a signaling interaction diagram of another method for managing a contracted data set according to an embodiment of the present disclosure
  • FIG. 5 is a signaling interaction diagram of another method for managing a contracted data set according to an embodiment of the present invention.
  • FIG. 6 is a signaling interaction diagram of another method for managing a contracted data set according to an embodiment of the present invention.
  • FIG. 7 is a schematic flowchart of still another method for managing a contracted data set according to an embodiment of the present invention.
  • FIG. 8 is a signaling interaction diagram of still another method for managing a contracted data set according to an embodiment of the present disclosure.
  • FIG. 9 is a signaling interaction diagram of still another method for managing a contracted data set according to an embodiment of the present invention.
  • FIG. 10 is a structural block diagram of a terminal according to an embodiment of the present invention.
  • FIG. 11 is a structural block diagram of a subscription management server according to an embodiment of the present invention.
  • the existing SIM card or UICC card is generally ordered by the MNO (mobile network operator) to the card merchant, so the network access application and data required for accessing the carrier network are already in place before the card leaves the factory. Downloaded to the card, such as: USIM (Universal Subscriber Identity Module), IMSI (International Mobile Subscriber Identity), KI (Key Identity, Personal Identity Authentication Key), and so on. In this way, the user can access the operator's network by inserting a SIM card or a UICC card and inserting the device.
  • MNO mobile network operator
  • eUICC Unlike UICC cards, eUICC generally embeds a UICC card in a terminal. For eUICC, it is not necessarily purchased by the operator from the card vendor, or it may be integrated by the terminal manufacturer and integrated into the terminal. Therefore, the eUICC may not include data that can be connected to the carrier network after being shipped from the factory. The data needs to be downloaded remotely, such as a subscription data set (profile, that is, a set of data and applications configured to provide services to the eUICC). Then, you can access the carrier network based on these data. After the profile is downloaded to the eUICC, the user can activate, deactivate, delete, and download a new profile for the profile. Currently, the profile in the eUICC can only be managed through the LPA in the terminal. The management portal is single, and the user expects to be able to manage the profile in the eUICC through more entries.
  • profile that is, a set of data and applications configured to provide services to the eUICC
  • FIG. 1A is an application scenario diagram of managing a profile in a terminal eUICC by using a third-party application, as shown in FIG. 1A:
  • the user activates the carrier application (MNO APP) on the desktop of the terminal, and the user inputs the username and password to log in to the carrier application server.
  • the operator application displays the download operation and management operation of the subscription data set that the user can trigger through the operator application according to the subscription information of the user.
  • the operator application displays the type of management operation that the user can trigger. Since multiple profiles may have been downloaded in the terminal, the carrier application displays the type of management operations that can be triggered for one or more profile users. For example, if the user selects "activate profile X", it means that the user wants to activate "profile X" in the terminal. When "profile X" is activated successfully, the operator application displays a UI interface that is successfully activated.
  • the carrier application is only used as an example.
  • the third-party application is not limited to the operator application.
  • the profile in the eUICC is managed by a third-party application, such as an application of the operator, according to the current eUICC system without adding additional applications.
  • a third-party application such as an application of the operator
  • the management authority information for the third-party application to manage the profile in the eUICC is preset in the profile of the SM-DP+. After the terminal downloads the profile containing the third-party application management rights information from the SM-DP+, the terminal learns the management rights of the third-party application to manage the profile in the eUICC.
  • the management authority of the third-party application A to manage the profile in the eUICC is activation and deactivation, and the application A may not perform the deletion operation on the profile in the eUICC.
  • the third-party application B only allows a part of the application programming interface (API) of the LPA in the terminal to be called, and may not call other APIs of the LPA.
  • API application programming interface
  • the eUICC or LPA of the terminal can verify whether the third-party application has the right to manage the profile in the eUICC. If the verification is passed, the third-party application is allowed to activate, deactivate, delete, download a new profile, and the like in the eUICC profile.
  • the server of the third-party application sends the management operation and the certificate information of the third-party application to the SM-DP+.
  • the server system such as SM-DP+ or SM-DS (Subscription Manager-Discovery Server) verifies whether the third-party application has the right to manage the profile in the eUICC. If the verification is passed, the third-party application is allowed to activate, deactivate, delete, download a new profile, and the like in the eUICC profile.
  • an embodiment of the present invention provides an architecture diagram of a remote management system of an eUICC.
  • the system includes an SM-DP+ (Subscription Manager Data Preparation+) server, an SM-DS (Subscription Manager-Discovery Server), an operator (Operator), and a card vendor ( EUM), Certificate Issue Center (CI), Terminal (Terminal), User (End User).
  • SM-DP+ Subscribescription Manager Data Preparation+
  • SM-DS Subscribescription Manager-Discovery Server
  • EUM card vendor
  • Certificate Issue Center CI
  • Terminal Terminal
  • User End User
  • ES6 is the interface between the eUICC and the operator
  • ES2+ is the interface between the operator and the SM-DP+
  • the ES8+ is the interface between the eUICC and the SM-DP+
  • It is the interface between the LDS (Local Discovery Service) and the SM-DS of the terminal
  • the ES12 is the interface between the SM-DS and the SM-DP+
  • the ES10a is the interface between the LDS and the eUICC
  • ES10c is the LUI ( Local user interface (local user interface) and eUICC
  • ESci is the interface between EUM and CI, or the interface between CI and SM-DP+
  • ESeum is the interface between EUM and eUICC
  • ESop is the user (End User) and Interface for carrier interaction
  • ESeu is the interface between End User and LUI
  • ES9+ is the interface between SM-DP+ and LPD (local profile download), and
  • the functions of SM-DP+ include the generation of subscription data sets, the protection of contracted data sets (eg encryption), the subscription data set storage, and the binding of data sets (eg, the profile and event IDs are tied). Set), contract data set transmission or download, remote contract data set management, SM-DS event registration, etc.
  • the SM-DS is mainly responsible for accepting the event registration sent by the SM-DP+ and sending the event to the terminal. Events include contracted dataset download events or contracted dataset management events. End The terminal downloads the subscription data set from the SM-DP+ according to the subscription data set download event; or the terminal acquires the subscription data set management command from the SM-DP+ according to the contract data set management event.
  • the LDS of the terminal queries the SM-DS for the event, and the LPD is responsible for downloading the subscription data set, that is, the LPD downloads the profile from the SM-DP+ to the LPD through the HTTPS (Hypertext Transfer Protocol Secure) secure link, and then passes The local APDU command sends the downloaded subscription data set to the eUICC.
  • the contracted data set here refers to a collection of file structures, data, applications, etc., and may include one or more network access applications and corresponding network access credentials.
  • the subscription data set is a general term, including a subscription data set installed on the eUICC of the terminal and a profile package stored in the SM-DP+.
  • the LUI of the terminal provides interaction logic and interface with the user, and the user can complete the management of the profile through the LUI, such as downloading a new profile, activating a profile, activating a profile, and deleting a profile.
  • the LPA can communicate with the eUICC, and other third-party application APPs need to call the LPA open application program interface (API) to implement communication with the eUICC.
  • API application program interface
  • An embodiment of the present invention provides a method for managing a subscription data set. As shown in FIG. 2, the method includes the following steps:
  • the terminal subscription management server obtains a subscription data set, where the subscription data set includes authentication information of a third-party application.
  • the terminal automatically downloads or downloads the subscription data set from the subscription management server to the eUICC of the terminal according to the download instruction input by the user.
  • the authentication information of the third-party application may be carried in the metadata of the subscription data set, and specifically, may be added to the data field of the StoreMetadata command.
  • the metadata of the subscription data set can be stored in the Security Domain Space (Issuer Security Domain-Profile, ISD-P) created by the eUICC for the subscription data set.
  • the authentication information of the third-party application may include a hash value of the third-party application certificate.
  • the subscription management server may be an SM-DP+ (Subscription Manager Data Preparation+) server. It can also be an SM-DP+ server and an SM-DS (Subscription Manager-Discovery Server). This is not specifically limited.
  • SM-DP+ Subscribescription Manager Data Preparation+
  • SM-DS Subscribescription Manager-Discovery Server
  • the authentication information of the third-party application may further include a hash algorithm of the third-party application certificate, a package name, an API of the LPA that allows the third-party application to access, and the like.
  • the authentication information of the third party application does not include an API of the LPA that allows access by the third party application, it represents all open APIs that allow the third party application to access the LPA.
  • the authentication information of the third-party application may further include a management operation type that allows the third-party application to perform the contracted data set in the eUICC.
  • the authentication information of the third-party application may be preset by the mobile network operator (MNO) in the SM-DP+ through the MNO portal server, or may be provided to the SM-DP+ by the MNO when ordering the profile to the SM-DP+.
  • MNO mobile network operator
  • the third-party application of the terminal sends a first management operation request to a third-party application server.
  • the first management operation request includes a management operation performed by the third-party application to perform a subscription data set in the eUICC.
  • the terminal After the terminal starts the third-party application, log in to the third-party application server.
  • the user inputs a management operation of managing the contract data set in the eUICC through the user interface of the third party application.
  • the third-party application sends a request message carrying a management operation to the contracted data set in the eUICC to the third-party application server.
  • the third-party application server belongs to a server in an operator in the architecture shown in FIG. 1B. Or the third-party application server communicates through the operator and the contract management server.
  • step 102 may not be performed.
  • the third-party application server may also trigger the generation of management operations performed on the contracted data set in the eUICC according to other events. No third-party application is required to send and send the first management operation request to the third-party application server.
  • the terminal receives a first request sent by a third-party application server, where the first request carries an identifier ICCID of the subscription data set.
  • the first request is used to trigger a management operation on a subscription data set in the eUICC.
  • the third-party application server receives the first management operation request sent by the third-party application of the terminal, or after the third-party application server automatically generates a management operation performed on the subscription data set in the eUICC, the third-party application server
  • the management operation in the first management operation request may be sent to the subscription management server, and the subscription management server returns the identifier ICCID of the subscription data set, and then generates a first request to be sent to the terminal, or may be directly generated by the third-party application server. Requesting, sending a first request carrying the identification ICCID of the subscription data set to the terminal. This is not specifically limited.
  • the identifier EID of the eUICC may also be carried in the first request.
  • the first request may further carry a management operation that is performed by the third-party application to perform the subscription data set in the eUICC.
  • the first request itself is a management command of a third party application to perform a management operation on the contract data set in the eUICC.
  • the first request is an enable profile command.
  • the terminal acquires the authentication information of the third-party application included in the contract data set in the eUICC according to the identifier ICCID of the subscription data set.
  • the terminal acquires information about the subscription data set corresponding to the identifier ICCID in the eUICC according to the identifier ICCID of the subscription data set returned by the third-party application server. Since the eUICC of the terminal may include multiple subscription data sets, according to the identifier ICCID returned by the subscription management server, the subscription data set that the third-party application needs to trigger the management operation may be acquired.
  • the terminal After obtaining the subscription data set in the eUICC, the terminal further obtains the authentication information of the third-party application stored in the subscription data set. Specifically, obtaining the number in the metadata of the contract data set The authentication information of the three parties.
  • the authentication information of the third party application may include a hash value of the third party application certificate.
  • the authentication information of the third-party application may further include a hash algorithm of the third-party application certificate, a package name, an API of the LPA that allows the third-party application to access, and the like.
  • step 104 is performed.
  • the terminal acquires certificate information of the third-party application stored in the terminal.
  • the certificate information of the third-party application is stored in the terminal.
  • the certificate information may include a certificate of a third-party application, a package name of the third-party application, and the like.
  • the terminal acquires the certificate of the third-party application from the operating system, and calculates the hash algorithm in the authentication information of the third-party application.
  • the hash value is used by the terminal to calculate the hash value by using the default hash algorithm, or the terminal obtains the hash value of the third-party certificate from the operating system according to the hash algorithm in the authentication information of the third-party application or the default hash algorithm.
  • the authentication information of the third-party application stored in the eUICC in step 104 further includes the package name of the third-party application
  • the terminal acquires the package name of the third-party application from the operating system.
  • the terminal determines, according to the authentication information of the third-party application in the subscription data set, and the certificate information of the third-party application, whether the third-party application has the right to trigger a management operation on the subscription data set.
  • the terminal determines whether the third-party application has permission to trigger a management operation on the subscription data set according to the authentication information of the third-party application in the subscription data set obtained in step 104 and the certificate information of the third-party application obtained in step 105.
  • the execution body of step 106 may be the LPA of the terminal or the eUICC of the terminal.
  • the terminal performs the management operation on the subscription data set.
  • step 106 If the result of the determination in step 106 is consistent, the third-party application has the right to trigger a management operation on the subscription data set. If the result of the determination in step 106 is inconsistent, the third-party application does not have permission to perform a management operation on the subscription data set, and the process terminates, and the third-party application is not allowed to perform a management operation on the subscription data set in the eUICC.
  • the LPA of the terminal sends a management instruction acquisition request to the subscription management server according to the first request.
  • the LPA of the terminal performs a management operation in the first management operation request on the subscription data set in the eUICC according to the management instruction.
  • the LPA of the terminal performs a management operation indicated in the first request on the subscription data set in the eUICC according to the first request.
  • the first request sent by the terminal to the third-party application server includes an indication indicating a management operation.
  • the authentication information of the third-party application is preset in the subscription data set.
  • the terminal downloads the subscription data set from the subscription management server to the eUICC, the terminal obtains the authentication information of the third-party application.
  • the subscription data set stored by the terminal is searched according to the subscription data set identifier returned by the third-party application server.
  • the terminal verifies whether the third-party application has the right to trigger a management operation on the subscription data set in the eUICC according to the authentication information of the third-party application stored in the contract data.
  • the current eUICC system architecture of the current terminal is used to manage the subscription data set in the eUICC through the third-party application, and the subscription data set in the eUICC is added, without adding additional application modules. Manage the entrance.
  • the execution body of step 106 may be an LPA in the terminal, or may be an eUICC in the terminal.
  • MNO APP operator-installed operator application
  • the network element body involved in the second embodiment includes a terminal, a mobile network operator's portal server (MNO portal), and a subscription management server.
  • the terminal includes an eUICC, an LPA, and an operator application (MNO APP) installed in the terminal.
  • the contract management server includes an SM-DP+ server and an SM-DS server. It is determined by the LPA in the terminal whether the operator application (MNO APP) in the terminal has authority to perform a management operation on the contracted data set in the terminal.
  • the specific signaling interaction process is as follows:
  • the Mobile Network Operator has developed a Carrier Application (MNO APP) for installation on the terminal.
  • MNO APP Carrier Application
  • the terminal stores the certificate information of the operator application, such as a certificate, a package name, and the like.
  • the mobile network operator stores the authentication information of the application in the subscription when the subscription data set is customized in the SM-DP+ through the MNO portal server. In the metadata of the dataset.
  • the authentication information of the operator application includes a hash value of the certificate applied by the operator.
  • the authentication information of the operator application may further include a hash algorithm of the certificate of the operator application, a package name, an API of an LPA that allows access by the operator application, and the like.
  • the authentication information of the application developed by the operator is also downloaded to the terminal along with the subscription data set.
  • the authentication information of the operator application may be stored in the metadata of the subscription data set. Download the description After signing the data set to the eUICC of the terminal, the metadata of the contracted data set may be stored in the secure domain space (ISD-P) created by the eUICC for the subscription data set.
  • ISD-P secure domain space
  • the subscription data set download record of the terminal is stored in the mobile network operator's MNO portal server.
  • the subscription data set download record may include an identifier ICCID of the downloaded subscription data set, an identifier EID of the eUICC of the downloaded subscription data set, and the like.
  • the user opens the carrier application (MNO APP) client on the terminal and logs in to the MNO portal.
  • MNO APP carrier application
  • the management operation of managing the contract data set in the eUICC is input through the client user interface of the operator application (MNO APP).
  • the client of the operator application (MNO APP) sends a first management operation request (PRM/ReM) carrying a request to perform a management operation on the contract data set in the eUICC to the MNO portal.
  • the management operation may be to activate the subscription data set, deactivate the subscription data set, delete the subscription data set, query the eUICC information, download another new subscription data set, and the like.
  • PRM/ReM first management operation request
  • the operator application (MNO APP) client obtains the subscription information of the user when registering the operator from the MNO portal, according to the subscription information.
  • the client user interface of the application inputs management operations for managing the contracted data set in the eUICC.
  • the MNO portal After receiving the first management operation request sent by the application client of the operator, the MNO portal searches for the identifier ICCID of the corresponding subscription data set according to the user subscription information (in the second to fifth embodiments, the target profile identifier ICCID). And the identifier EID of the eUICC in which the contract data set is installed (in the second to fifth embodiments, the "target eUICC identifier EID").
  • the MNO portal sends a second management operation request to the subscription management server.
  • the second management operation request includes a management operation performed by the third-party application to perform a subscription data set in the eUICC, and carries a target profile identifier ICCID and a target eUICC identifier EID.
  • the MNO portal sends a second management operation request to the SM-DP+.
  • the MNO portal also sends the address of the SM-DS to the SM-DP+.
  • the SM-DP+ registers a management operation event for the management operation in the SM-DS, and generates a registration event identifier eventID.
  • Step 6 is an optional step. If the MNO portal also sends the address of the SM-DS to the SM-DP+, the SM-DP+ registers an administrative operation event for the management application performed by the eUICC for the operator application in the SM-DS, and generates a registration event. Identifies the eventID.
  • the SM-DP+ server After receiving the second management operation request sent by the MNO portal, the SM-DP+ server stores the parameter information in the second management operation request.
  • the SM-DP+ returns a request response message to the MNO portal, where the request response message carries a target profile identifier ICCID and a target eUICC identifier EID. If the SM-DP+ is registered in the SM-DS in step 6, a management operation event is registered for the management operation of the eUICC, and a registration event identifier eventID is generated, the SM-DP+return request response message may further carry the registration. The event identifies the eventID.
  • the MNO portal After the MNO portal receives the request response message returned by the SM-DP+, the MNO portal generates and transmits The first request with the target profile identifier ICCID is sent to the carrier application (MNO APP) in the terminal. Specifically, the MNO portal may send the target profile identifier ICCID to the carrier application (MNO APP) in the terminal by using a polling trigger message. Optionally, the target eUICC identifier EID may also be carried in the polling trigger message. If the SM-DP+ registers the management operation performed by the operator application request on the subscription data set in the eUICC to the SM-DS, the polling trigger message may also carry the SM-DP+ in the SM-DS for the management. The registration event identifier eventID that is registered for operation.
  • the operator application (MNO APP) forwards the first request to the LPA of the terminal.
  • Step 10 is an optional step. If in step 9, the LPA receives the target eUICC identifier EID from the trigger request message sent by the operator application (MNO APP), the LPA obtains the EID identifier of the terminal eUICC from the eUICC.
  • MNO APP the operator application
  • Step 11 is an optional step.
  • the identifier EID of the eUICC carried in the trigger request message is determined to be the same as the EID identifier of the terminal eUICC. If they are the same, go to step 12.
  • the LPA requests the eUICC to obtain the authentication information of the third-party application included in the subscription data set corresponding to the target profile identifier ICCID. Specifically, the LPA sends a GetProfileInfo message to the eUICC, where the GetProfileInfo message carries the target profile identifier ICCID.
  • the eUICC identifies the ICCID according to the target profile, searches for a subscription data set corresponding to the target profile identifier ICCID, and sends the authentication information of the third-party application in the subscription data set to the LPA. Specifically, the eUICC obtains the metadata of the subscription data set corresponding to the target profile identifier ICCID according to the target profile identifier ICCID. Returning the authentication information of the carrier application (MNO APP) stored in the metadata to the LPA. Or return the metadata to the LPA.
  • MNO APP carrier application
  • the LPA After receiving the subscription data set information returned by the eUICC, the LPA obtains the certificate information generated by the operator application during the terminal installation, such as a certificate and a package name, from the operating system (OS) of the terminal.
  • OS operating system
  • the LPA obtains the certificate of the operator application from the operating system of the terminal. Calculating a hash value of the certificate of the operator application by using a hash algorithm in the contract data set. If the certificate information generated by the operator application during terminal installation includes a certificate hash value, the certificate hash value in the certificate information is obtained (the operating system of the default terminal has been operated according to a hash algorithm in the authentication information). The certificate applied by the merchant has been hashed to produce a hash value). If the LPA receives the package name in the metadata of the subscription data set returned by the eUICC, the LPA obtains the package name of the carrier application from the operating system of the terminal.
  • the LPA determines whether the authentication information of the operator application in the contract data set returned by the eUICC is consistent with the certificate information of the operator application obtained by the LPA from the operating system of the terminal.
  • the LPA sends a message to the eUICC to obtain the address of the subscription management server stored in the subscription data set corresponding to the target profile identifier ICCID, that is, the polling address. Specifically, the LPA sends a Get polling address message to the eUICC, where the Get polling address message carries the target profile identifier ICCID.
  • the eUICC returns the address of the SM-DP+ server to the LPA according to the request of the LPA.
  • the eUICC can also return the address of the SM-DS server to the LPA.
  • step 17 the address returned by the eUICC is the address of the SM-DS server, the LPA and the SM-DS perform mutual authentication, and steps 18a and 18b are performed.
  • the LPA sends a management command acquisition (retrieve RPM/ReM) request to the SM-DS, where the management command acquisition (retrieve RPM/ReM) request carries the target eUICC identifier EID.
  • the management instruction acquisition request may be an authentication client (AuthenticateClient) request.
  • the management instruction acquisition (retrieve RPM/ReM) request may also carry the SM-DP+ in the SM- The registration event identifier eventID that DS registers for this management operation.
  • the SM-DS returns an event record corresponding to the registration event after searching for a corresponding registration event according to the target eUICC identifier EID or the registration event identifier eventID.
  • the registration event record carries the address of eventID and SM-DP+.
  • the registration event information corresponding to the registration event identifier may be directly obtained according to the registration event identifier eventID.
  • the LPA sends a management command acquisition (retrieve RPM/ReM) request to the SM-DP+.
  • the management instruction acquisition (retrieve RPM/ReM) request carries the target eUICC identifier EID.
  • the registration event identifier (event ID) further carries the registration event identifier eventID.
  • the management instruction acquisition request may be an authentication client (AuthenticateClient) request.
  • the SM-DP+ returns a management instruction to the LPA for the LPA to perform a management operation on the contract data set in the eUICC according to the management instruction.
  • the user can directly manage the subscribed data set of the downloaded mobile network operator by using the MNO APP, thereby improving the consistency of the user experience.
  • the MNO APP accesses the LPA API and the MNO APP management profile to perform access control management to ensure the security of the MNO APP for profile management.
  • the network element body involved in the third embodiment includes a terminal, a mobile network operator's portal server (MNO portal), and a subscription management server.
  • the terminal includes an eUICC, an LPA, and an operator application (MNO APP) installed in the terminal.
  • the contract management server includes an SM-DP+ server and an SM-DS server. It is determined by the eUICC in the terminal whether the operator application (MNO APP) in the terminal has authority to perform a management operation on the contract data set in the terminal.
  • Steps 1-11 in the third embodiment are similar to steps 1-11 in the second embodiment, in order to describe Concise, no longer repeat here.
  • the LPA obtains certificate information, such as a certificate and a package name, generated by the operator application when the terminal is installed, from an operating system (OS) of the terminal.
  • OS operating system
  • the LPA sends the certificate information of the operator application and the target profile identifier ICCID to the eUICC.
  • the LPA sends a request for authenticating the MNO App (authenticateApp) to the eUICC, where the request carries the certificate of the target profile identifier ICCID and the MNO App.
  • the request further carries a package name, and certificate information such as an LPA API that the MNO APP requests to access.
  • the eUICC identifies the ICCID according to the target profile, and searches for the authentication information of the operator application in the subscription data set corresponding to the target profile identifier ICCID. Specifically, the eUICC obtains metadata of the subscription data set corresponding to the target profile identifier ICCID according to the target profile identifier ICCID.
  • the eUICC calculates a hash value (Cert) of the certificate applied by the operator according to the hash algorithm. If the MNO APP certificate sent by the LPA to the eUICC is a hashed certificate hash value, the eUICC directly utilizes the hash value hash (Cert).
  • the eUICC determines whether the authentication information of the operator application in the subscription data set is consistent with the certificate information of the operator application obtained by the LPA from the operating system of the terminal.
  • the certificate hash value of the operator application in the contract data set is consistent with the certificate hash value of the operator application in the operating system.
  • the package name exists in the authentication information and the certificate information, it is further determined whether the package name of the operator application in the subscription data set returned by the eUICC and the package name of the operator application in the operating system are consistent.
  • the eUICC After the step 15 is verified, the eUICC returns a response message to the LPA, where the response message carries the address of the subscription management server stored in the subscription data set corresponding to the target profile identifier ICCID, that is, the polling address. .
  • the eUICC if the subscription data set corresponding to the target profile identifier ICCID is stored in the SM-DP+ server, the eUICC returns the address of the SM-DP+ server.
  • the eUICC may also return the eUICC to return the address of the SM-DS server to the LPA.
  • step 16 the address returned by the eUICC is the address of the SM-DS server, the LPA and the SM-DS perform mutual authentication, and steps 17a and 17b are performed.
  • the LPA sends a management instruction acquisition (retrieve RPM/ReM) request to the SM-DS, where the management instruction acquisition (retrieve RPM/ReM) request carries the target eUICC identifier EID. Specifically, it may be an authentication client (AuthenticateClient) request.
  • the management instruction acquisition (retrieve RPM/ReM) request may also carry the SM-DP+ in the SM- The registration event identifier eventID that DS registers for this management operation.
  • the SM-DS returns a registration event record corresponding to the registration event after searching for a corresponding registration event according to the target eUICC identifier EID or the registration event identifier event ID (event) Record).
  • the registration event record carries the address of eventID and SM-DP+.
  • the registration event information corresponding to the registration event identifier may be directly obtained according to the registration event identifier eventID.
  • the LPA sends a management command acquisition (retrieve RPM/ReM) request to the SM-DP+.
  • the management instruction acquisition (retrieve RPM/ReM) request carries the target eUICC identifier EID.
  • the registration event identifier (event ID) further carries the registration event identifier eventID.
  • the SM-DP+ returns a management command to the LPA for the LPA to perform a management operation on the contract data set in the eUICC according to the management instruction.
  • the user can directly manage the subscribed data set of the downloaded mobile network operator by using the MNO APP, thereby improving the consistency of the user experience.
  • the MNO APP accesses the LPA API and the MNO APP management profile to perform access control management to ensure the security of the MNO APP for profile management.
  • the eUICC verifies the permissions of the APP, and the system security is higher.
  • the user can directly manage the subscribed data set of the downloaded mobile network operator by using the MNO APP, thereby improving the consistency of the user experience.
  • the MNO APP accesses the LPA API and the MNO APP management profile to perform access control management to ensure the security of the MNO APP for profile management.
  • the eUICC access control management of the MNO APP access LPA API and the MNO APP management profile further improves security.
  • the terminal performs the management operation on the subscription data set, and includes a plurality of specific implementation methods.
  • the terminal may directly send the management instruction to the MNO portal to Terminal LPA. This application does not specifically limit the implementation of step 107.
  • the flow of the method for directly issuing the management command to the terminal LPA by the MNO portal is specifically described in the fourth embodiment and the fifth embodiment.
  • the network element body involved in Embodiment 4 includes a terminal, a mobile network operator's portal server (MNO portal), and a subscription management server.
  • the terminal includes an eUICC, an LPA, and an operator application (MNO APP) installed in the terminal.
  • the contract management server includes an SM-DP+ server. It is determined by the LPA in the terminal whether the operator application (MNO APP) in the terminal has authority to perform a management operation on the contracted data set in the terminal.
  • the specific signaling interaction process is as follows:
  • the subscription data set preset in the SM-DP+ stores the certificate hash of the operator application, and also stores the management operation that allows the operator to perform the application.
  • the MNO portal verifies whether the management operation request sent by the operator application belongs to a management operation that allows the operator application to perform. If the management operation request sent by the operator application belongs to a management operation that allows the operator to perform the application, the management operation is directly returned to the terminal for the LPA to perform the management operation.
  • the LPA does not need to send a message request to obtain a management command after the verification is passed.
  • the LPA of the terminal it is determined by the LPA of the terminal whether the operator application (MNO APP) in the terminal has authority to perform a management operation on the contract data set in the terminal.
  • MNO APP operator application
  • the specific signaling interaction process is as follows:
  • the Mobile Network Operator has developed a Carrier Application (MNO APP) for installation on the terminal.
  • MNO APP Carrier Application
  • the terminal stores the certificate information of the operator application, such as a certificate, a package name, and the like.
  • the mobile network operator stores the authentication information of the application in the subscription when the subscription data set is customized in the SM-DP+ through the MNO portal server. In the metadata of the dataset.
  • the authentication information of the operator application includes a hash value of the certificate of the operator application and a management operation that allows the operator application to perform.
  • the authentication information of the operator application may further include a hash algorithm, a package name, and the like of the certificate of the operator application.
  • the authentication information of the application developed by the operator is also downloaded to the terminal along with the subscription data set.
  • the authentication information of the operator application may be stored in the metadata of the subscription data set.
  • the metadata of the subscription data set may be stored in a secure domain space (ISD-P) created by the eUICC for the subscription data set.
  • the subscription data set download record of the terminal is stored in the mobile network operator's MNO portal server.
  • the subscription data set download record may include an identifier ICCID of the downloaded subscription data set, an identifier EID of the eUICC of the downloaded subscription data set, and the like.
  • the user opens the carrier application (MNO APP) client on the terminal and logs in to the MNO portal.
  • MNO APP carrier application
  • the management operation of managing the contract data set in the eUICC is input through the client user interface of the operator application (MNO APP).
  • the client of the operator application (MNO APP) sends a first management operation request (PRM/ReM) carrying a request to perform a management operation on the contract data set in the eUICC to the MNO portal.
  • the management operation may be to activate the subscription data set, deactivate the subscription data set, delete the subscription data set, query the eUICC information, download another new subscription data set, and the like.
  • PRM/ReM first management operation request
  • the operator application (MNO APP) client obtains the subscription information of the user when registering the operator from the MNO portal, according to the subscription information.
  • the client user interface of the application inputs management operations for managing the contracted data set in the eUICC.
  • the MNO portal After the MNO portal receives the first management operation request sent by the client of the operator application, it determines whether the management operation carried in the request message is a management operation that is allowed to be performed by the operator application.
  • the MNO portal searches for the identifier ICCID (referred to as “target profile identifier ICCID”) of the corresponding subscription data set according to the user subscription information, and returns the first request to the terminal.
  • identifier ICCID referred to as “target profile identifier ICCID”
  • the first request carries the target profile identifier ICCID, and the management operation of the allowed MNO APP request or the management operation generated by the allowed MNO portal.
  • the first request further carries a target eUICC identifier EID.
  • the MNO portal signs the above information sent to the MNO App.
  • the first request further carries the signature of the MNO portal and the certificate of the portal to the operator application in the terminal.
  • the MNO App invokes the LPA API and sends the first request received in step 5 to the LPA.
  • Step 7 is an optional step. If in step 6, the LPA receives the target eUICC identifier EID in the first request forwarded by the MNO APP, the LPA obtains the EID identifier of the terminal eUICC from the eUICC.
  • Step 8 is an optional step. If the LPA receives the identifier EID of the eUICC forwarded by the MNO APP in step 10, and the LPA obtains the EID identifier of the terminal eUICC from the eUICC, it is determined whether the target eUICC identifier EID and the EID identifier of the terminal eUICC are the same. If they are the same, go to step 9.
  • Step 9 is an optional step. If, in step 6, the LPA receives the first request forwarded by the MNO APP, including the MNO portal to sign the above information sent to the MNO App, the LPA verifies that the signature is correct. If the signature is correct, go to step 10.
  • the UI interface of the LPA is further prompted to prompt the user whether to allow the LPA to perform a management operation on the eUICC. If the user confirms that the LPA is allowed to perform a management operation on the eUICC, step 10 is performed.
  • the LPA sends the target profile identifier ICCID to the eUICC of the terminal to obtain the authentication information of the third-party application included in the subscription data set corresponding to the ICCID. Specifically, the LPA sends a GetProfileInfo message to the eUICC, where the GetProfileInfo message carries the target profile identifier ICCID.
  • the eUICC identifies the ICCID according to the target profile, searches for a subscription data set corresponding to the target profile identifier ICCID, and sends the authentication information of the third-party application in the subscription data set to the LPA.
  • the target profile identifier of the eUICC identifies the ICCID, and acquires metadata of the subscription data set corresponding to the target profile identifier ICCID.
  • MNO APP carrier application
  • the LPA After receiving the subscription data set information returned by the eUICC, the LPA obtains the certificate information generated by the operator application during the terminal installation, such as a certificate and a package name, from the operating system (OS) of the terminal.
  • OS operating system
  • the LPA obtains the certificate of the operator application from the operating system of the terminal. Calculating a hash value of the certificate of the operator application by using a hash algorithm in the contract data set. If the certificate information generated by the operator application during terminal installation includes a certificate hash value, the certificate hash value in the certificate information is obtained. (The operating system of the default terminal has hashed the certificate applied by the operator according to the hash algorithm in the authentication information, and generates a hash value.) If the LPA receives the metadata of the signed data set returned by the eUICC, the package includes the package. Name, the LPA obtains the package name of the carrier application from the operating system of the terminal.
  • the LPA determines whether the authentication information of the operator application in the subscription data set returned by the eUICC is consistent with the certificate information of the operator application obtained by the LPA from the operating system of the terminal.
  • the certificate hash value of the operator application in the contract data set returned by the eUICC and the certificate hash value of the operator application in the operating system are consistent.
  • the operator is also obtained
  • the package name determines whether the package name of the operator application in the contract data set returned by the eUICC is consistent with the package name of the operator application in the operating system.
  • the LPA sends the first request to the eUICC.
  • the first request carries the management operation in step 6 and the target profile identifier ICCID.
  • the eUICC returns the execution result of the management operation.
  • the returned result includes related information of the eUICC, such as available storage space and the like.
  • the LPA returns the execution result of the management operation to the MNO APP.
  • the MNO App returns the execution result of the management operation to the MNO portal.
  • the operator can directly manage the profile by using the MNO APP, and does not need to go through SM-DP+ and SM-DS, thereby shortening the entire process and improving the user experience.
  • the network element body involved in Embodiment 5 includes a terminal, a mobile network operator's portal server (MNO portal), and a subscription management server.
  • the terminal includes an eUICC, an LPA, and an operator application (MNO APP) installed in the terminal.
  • the contract management server includes an SM-DP+ server. It is determined by the LPA in the terminal whether the operator application (MNO APP) in the terminal has authority to perform a management operation on the contracted data set in the terminal.
  • the eUICC of the terminal determines whether the operator application (MNO APP) in the terminal has the authority to perform a management operation on the contract data set in the terminal.
  • the specific signaling interaction process is as follows:
  • the method flow of the steps 1-8 in the embodiment is similar to the method flow of the steps 1-8 in the fourth embodiment. For the sake of brevity, the details are not described herein.
  • Step 9 is an optional step.
  • the UI interface of the LPA prompts the user whether to allow the LPA to perform management operations on the eUICC. If the user confirms that the LPA is allowed to perform a management operation on the eUICC, step 10 is performed.
  • the LPA sends a first request to the eUICC.
  • the first request carries the management operation in step 6, the certificate information of the operator application, and the target profile identifier ICCID.
  • the eUICC obtains the subscription data set metadata corresponding to the ICCID according to the target profile identifier ICCID.
  • the target profile identifier of the eUICC identifies the ICCID, and acquires metadata of the subscription data set corresponding to the target profile identifier ICCID.
  • the eUICC calculates a hash value of the certificate of the operator application by using a hash algorithm in the contract data set. If the certificate information of the operator application forwarded by the LPA includes the certificate hash value, the certificate hash value in the certificate information is directly obtained.
  • the eUICC verifies whether the signature is correct. If the signature is correct, the ICCID is obtained according to the target profile. The contract data set corresponding to the ICCID.
  • the eUICC determines whether the authentication information of the operator application in the contracted data set is consistent with the certificate information of the operator application sent by the LPA.
  • the certificate hash value of the operator application in the contracted data set is consistent with the certificate hash value of the operator application.
  • the carrier name of the operator is also obtained, it is determined whether the package name of the operator application in the contracted data set is consistent with the package name of the operator application.
  • the eUICC performs the management operation in step 10.
  • the eUICC performs the management operation in step 10.
  • the eUICC returns the execution result of the management operation.
  • the returned result includes related information of the eUICC, such as available storage space and the like.
  • the LPA returns the execution result of the management operation to the MNO APP.
  • the MNO App returns the execution result of the management operation to the MNO portal.
  • the operator can directly manage the profile by using the MNO APP, and does not need to go through SM-DP+ and SM-DS, thereby shortening the entire process and improving the user experience.
  • the eUICC access control management of the MNO APP access LPA API and the MNO APP management profile further improves security.
  • the subject that authenticates the authority of the MNO APP management profile is the terminal.
  • the subject that authenticates the rights of the MNO APP management profile may also be a subscription management server.
  • the embodiment of the present invention provides a method for managing a contracted data set. As shown in FIG. 7, the subscription data set is pre-downloaded in the eUICC of the terminal, and the access authority of the LPA application interface is pre-configured in the terminal.
  • the method includes the following steps:
  • the third-party application of the terminal sends the first management operation request to the third-party application server.
  • the first management operation request includes a management operation that the third-party application requests to perform the subscription data in the eUICC.
  • the third-party application server sends a second management operation request to the subscription management server, where the second management operation request includes a management operation performed by the third-party application requesting the subscription data, an identifier ICCID of the subscription data set, and a terminal eUICC identifier EID. Authentication information for third-party applications.
  • step 201 may also be performed without performing step 202.
  • the third-party application server automatically generates a second management operation request and sends the request to the subscription management server, so that the third-party application in the terminal does not need to send the first management operation request.
  • the third-party application server receives a management request response returned by the subscription management server, where the management request response includes an identifier ICCID of the subscription data set and a terminal eUICC identifier EID.
  • the third-party application server sends the identifier ICCID of the subscription data set in the terminal to the terminal.
  • the third-party application server may further send the terminal eUICC identifier EID to the terminal.
  • the terminal acquires the certificate information of the third-party application pre-stored in the terminal, and determines, according to the certificate information of the third-party application, whether the third-party application has the right to invoke the LPA application interface of the terminal. If the third party application has the right to invoke the terminal LPA application interface, step 205 is performed.
  • the terminal sends a management instruction acquisition request to the subscription management server, where the management instruction acquisition request carries the terminal eUICC identifier EID and the certificate information of the third-party application pre-stored in the terminal.
  • the subscription management server verifies whether the third-party application in the terminal has the right to perform a management operation on the subscription data set in the terminal eUICC. If the verification is passed, step 207 is performed.
  • the terminal receives a management instruction returned by the subscription management server, and performs a management operation on the subscription data set in the terminal eUICC according to the management instruction.
  • the current eUICC system architecture of the current terminal is used to manage the subscription data set in the eUICC through the third-party application, and the subscription data set in the eUICC is added, without adding additional application modules.
  • the authorization of the MNO APP is placed on the network side for verification, which further simplifies the complexity of the method flow and simplifies the authentication operation on the terminal side.
  • MNO APP operator-installed operator application
  • the network element body involved in Embodiment 7 includes a terminal, a mobile network operator's portal server (MNO portal), and a subscription management server.
  • the terminal includes an eUICC, an LPA, and an operator application (MNO APP) installed in the terminal.
  • the eUICC in the terminal has previously downloaded the subscription data set.
  • the contract management server includes an SM-DP+ server and an SM-DS server. It is determined by the contract management server whether the operator application (MNO APP) in the terminal has authority to perform a management operation on the contract data set in the terminal.
  • the specific signaling interaction process is as follows:
  • the access permission of the third-party application to invoke the LPA application interface may also be configured in the eUICC of the terminal, and the LPA obtains the access permission of the third-party application to invoke the LPA application interface from the eUICC.
  • the Mobile Network Operator has developed a Carrier Application (MNO APP) for installation on the terminal.
  • MNO APP Carrier Application
  • the terminal stores the certificate information of the operator application, such as a certificate, a package name, and the like.
  • the user opens the carrier application (MNO APP) client on the terminal and logs in to the MNO portal.
  • MNO APP carrier application
  • the management operation of managing the contract data set in the eUICC is input through the client user interface of the operator application (MNO APP).
  • the carrier application (MNO APP) client sends a carry request pair
  • the subscription data set in the eUICC performs a request message for managing the operation request (ie, the first management operation request) to the MNO portal.
  • the management operation may be to activate the subscription data set, deactivate the subscription data set, delete the subscription data set, query the eUICC information, download another new subscription data set, and the like.
  • the user After the user logs in to the operator application (MNO APP) client on the terminal, the user obtains the subscription information when the user registers with the operator, and inputs the subscription data in the eUICC according to the subscription information in the client user interface of the application.
  • MNO APP operator application
  • the MNO portal After receiving the first management operation request, the MNO portal searches for the identifier ICCID of the subscription data set that the terminal has downloaded, the identifier EID of the eUICC that the terminal downloads the subscription data set, and the authentication information of the operator application.
  • a second management operation request is generated and sent to the SM-DP+ server.
  • the second management operation request carries the identifier ICCID of the subscription data set, the identifier EID of the terminal eUICC, the authentication information of the operator application, and the management operation performed by the operator application request on the subscription data set in the eUICC.
  • the authentication information of the operator application includes the certificate hash value.
  • the authentication information of the operator application may further include a package name, a hash algorithm, and the like of the operator application.
  • Step 4 is an optional step.
  • the SM-DP+ transmits the identifier EID of the terminal eUICC and the authentication information of the operator application to the SM-DS.
  • the SM-DP+ registers an administrative operation event for the management application performed by the eUICC for the operator application to generate a registration event identifier eventID in the SM-DS. . After the SM-DS generates the registration event identifier eventID, the registration event identifier eventID is sent to SM-DP+.
  • the SM-DP+ server After receiving the second management operation request sent by the MNO portal, the SM-DP+ server stores the message carried in the second management operation request.
  • the SM-DP+ returns a request response message to the MNO portal, where the request response message carries the identifier ICCID of the subscription data set and the identifier EID of the terminal eUICC.
  • the request response message returned by the SM-DP+ may further include a registration event identifier eventID. .
  • the MNO portal After receiving the request response message returned by the SM-DP+, the MNO portal sends a trigger request message to the MNO APP in the terminal.
  • the polling trigger message carries the identifier ICCID of the subscription data set.
  • the polling trigger message may further carry one or more of the following parameters: an identifier EID of the terminal eUICC, a registration event identifier eventID, and a hash algorithm.
  • the operator application After receiving the trigger request message sent by the MNO portal, the operator application (MNO APP) forwards the trigger request message to the LPA of the terminal.
  • the LPA obtains the certificate of the MNO APP from the operating system, and confirms whether the MNO APP has the access right to invoke the LPA application interface. For example, it is confirmed whether the root certificate of the certificate of the MNO APP is a certificate of the GSMA CI, and if so, the MNO APP is allowed to call the application interface of the LPA.
  • Step 9 is an optional step. If in step 7, the LPA receives the identifier EID of the terminal eUICC from the trigger request message sent by the operator application (MNO APP), the LPA obtains from the eUICC. The EID identifier of the terminal eUICC.
  • Step 10 is an optional step. It is determined whether the terminal eUICC identifier EID in the trigger request message and the EID identifier of the eUICC obtained by the LPA from the eUICC are the same. If they are the same, go to step 11.
  • the LPA sends a message carrying the identifier ICCID of the subscription data set to the eUICC, and requests to obtain the address of the subscription management server stored in the subscription data set corresponding to the identifier ICCID of the subscription data set.
  • the eUICC If the subscription data set corresponding to the identifier ICCID of the subscription data set is stored in the SM-DP+ server, the eUICC returns the address of the SM-DP+ server. If the subscription data set corresponding to the identifier ICCID of the subscription data set is stored in the SM-DS server, the eUICC returns the address of the SM-DS server.
  • step 12 If in step 12, the address returned by the eUICC is the address of the SM-DS server, perform steps 13 and 14. If the address returned by the eUICC is the address of the SM-DP+ server, go directly to step 16.
  • the LPA sends a request message for obtaining a registration event to the SM-DS to the SM-DS, and requests to find a registration event corresponding to the EUICC identifier EID of the terminal.
  • the request message of the registration event carries the certificate information of the terminal eUICC identifier EID and the MNO APP.
  • the request message for obtaining a registration event may further carry a registration event identifier eventID.
  • the request message for obtaining a registration event may further carry a package name of the MNO APP.
  • the certificate information of the MNO APP may be a certificate of the MNO APP, or may be a hash value obtained by the terminal hashing the certificate of the MNO APP according to the hash algorithm carried in the trigger request message in the seventh step.
  • the SM-DS After receiving the request message for obtaining a registration event, the SM-DS searches for a corresponding event record according to the terminal eUICC identifier EID or the registration event identifier eventID.
  • the SM-DS needs to hash the certificate before calculating, and calculate the hash value and then perform the hash value of the registration event record. Comparison.
  • the package name of the MNO APP may also be carried in the request message for obtaining a registration event. Then, it is determined whether the package name carried in the request message of the registration event is the same as the package name of the registration event record.
  • the SM-DS returns the eventID corresponding to the registration event record, and the SM-DP+ address to the LPA of the terminal.
  • the terminal sends a management instruction acquisition (retrieve RPM/ReM) request request acquisition management instruction to the corresponding SM-DP+ server according to the SM-DP+ address returned in step 14 or the SM-DP+ address sent by the eUICC in step 12.
  • a management instruction acquisition (retrieve RPM/ReM) request request acquisition management instruction to the corresponding SM-DP+ server according to the SM-DP+ address returned in step 14 or the SM-DP+ address sent by the eUICC in step 12.
  • the management instruction acquisition (retrieve RPM/ReM) request carries the certificate of the terminal eUICC identifier EID and the MNO APP.
  • the management event acquisition (retrieve RPM/ReM) request may further carry a registration event identifier eventID.
  • the management command acquisition (retrieve RPM/ReM) request may also carry the package name of the MNO APP.
  • the SM-DP+ After the SM-DP+ receives the request for obtaining a management RPM (ReM), the SM-DP+ searches for a corresponding management request according to the terminal eUICC identifier EID or the registration event identifier eventID.
  • the management request is the second management operation request received by SM-DP+ in step 3.
  • the SM-DP+ needs to hash the certificate before calculating, and the hash value is calculated and carried in the second management operation request. The hash values are compared.
  • the management instruction acquisition (retrieve RPM/ReM) request can also carry the package name of the MNO APP. Then, it is determined whether the package name carried in the management instruction acquisition (retrieve RPM/ReM) request is the same as the package name in the second management operation request.
  • the SM-DP+ returns a management instruction corresponding to the second management operation request to the LPA, so that the LPA performs a management operation on the contract data set in the eUICC according to the management instruction.
  • the authorization information of the MNO APP is not preset in the profile, and the application range is expanded.
  • the authorization of the MNO APP is placed on the network side for verification, which further simplifies the complexity of the method flow and simplifies the authentication operation on the terminal side.
  • the network element body involved in Embodiment 8 includes a terminal, a mobile network operator's portal server (MNO portal), and a subscription management server.
  • the terminal includes an eUICC, an LPA, and an operator application (MNO APP) installed in the terminal.
  • the eUICC in the terminal has previously downloaded the subscription data set.
  • the contract management server includes an SM-DP+ server and an SM-DS server. It is determined by the contract management server whether the operator application (MNO APP) in the terminal has authority to perform a management operation on the contract data set in the terminal.
  • the difference between the eighth embodiment and the seventh embodiment is that when the terminal verifies that the third-party application invokes the access permission of the LPA application interface, the execution entity is the eUICC of the terminal.
  • the specific signaling interaction process is as follows:
  • the steps 8-14 of the eighth embodiment are different from the seventh embodiment.
  • the details are not described herein.
  • the LPA obtains the certificate of the MNO APP from the operating system.
  • the LPA can also obtain the package name of the MNO APP from the operating system.
  • Step 9 is an optional step. If in step 7, the LPA receives the carrier application (MNO APP)
  • the triggered trigger request message includes the identifier EID of the terminal eUICC, and the LPA obtains the EID identifier of the terminal eUICC from the eUICC.
  • Step 10 is an optional step. It is determined whether the terminal eUICC identifier EID in the trigger request message and the EID identifier of the eUICC obtained by the LPA from the eUICC are the same. If they are the same, go to step 11.
  • the LPA sends a certificate of the MNO APP to the eUICC, requesting eUICC verification.
  • the eUICC confirms whether the MNO APP has access rights to invoke the LPA application interface. For example, it is confirmed whether the root certificate of the certificate of the MNO APP is a certificate of the GSMA CI, and if so, the MNO APP is allowed to call the application interface of the LPA. If the verification is passed, go to step 13.
  • the eUICC sends a message of the verification of step 12 to the LPA.
  • the LPA sends a message carrying the identifier ICCID of the subscription data set according to the message, and requests to obtain the address of the subscription management server stored in the subscription data set corresponding to the identifier ICCID of the subscription data set.
  • the eUICC verifies whether the third-party application has the access permission for calling the LPA application interface, and the security is higher.
  • the embodiment of the present invention provides a terminal, which is used to execute the steps performed by the terminal in the foregoing management method of the contracted data set.
  • the terminal provided by the embodiment of the present application may include a module corresponding to the corresponding step.
  • the embodiment of the present application may divide the function module into the terminal according to the foregoing method example.
  • each function module may be divided according to each function, or two or more functions may be integrated into one processing module.
  • the above integrated modules can be implemented in the form of hardware or in the form of software functional modules.
  • the division of modules in the embodiments of the present application is schematic, and is only a logical function division, and may be further divided in actual implementation.
  • FIG. 10 shows a possible structural diagram of the terminal involved in the above embodiment.
  • the terminal includes a processor 701, a memory 702, an integrated circuit card eUICC 703, and a system bus 704 and a transceiver 705.
  • the processor 701 is configured to perform the method steps shown in FIG. 2-6;
  • the eUICC 703 is configured to store the subscription data set downloaded to the terminal.
  • the terminal interacts with other devices through the transceiver 705, such as a subscription management server and a third-party application server.
  • the memory 702 may include a volatile memory, such as NVRAM (Nonvolatile Random Access Memory), PRAM (Phase Change RAM), MRAM. (Magnetic Random Access Memory) or the like; the memory 702 may further include a nonvolatile memory such as at least one disk storage device, EEPROM (Electrically Erasable Programmable Read-Only Memory) Read-only memory), flash memory devices such as NOR flash memory or NAND flash memory.
  • the non-volatile memory stores the operating system and applications executed by the processor.
  • the processor 701 loads the running program and data from the non-volatile memory into the memory and stores the data content in a large number of storage devices.
  • One or more processors 701 are the control centers of the terminals.
  • the processor 701 utilizes various interfaces and The lines connect the various parts of the entire terminal, and by executing or executing software programs and/or application modules stored in the memory 172, and calling data stored in the memory 702, performing various functions and processing data of the terminal, thereby performing the terminal Overall monitoring.
  • the processor 701 may include only a CPU, or may be a combination of a CPU, a GPU (Graphic Processing Unit), a DSP, and a control chip (for example, a baseband chip) in the communication unit.
  • the CPU may be a single operation core, and may also include a multi-operation core.
  • the system bus 704 may be an ISA (Industry Standard Architecture) bus, a PCI (Peripheral Component Interconnect) bus, or an EISA (Extended Industry Standard Architecture) bus.
  • the system bus 704 can be divided into an address bus, a data bus, a control bus, and the like. For the sake of clarity in the embodiments of the present application, various buses are illustrated as system bus 704 in FIG.
  • processors 701 are used to perform the following steps.
  • the transceiver is controlled to obtain a subscription data set from a subscription management server, where the subscription data set includes authentication information of a third-party application.
  • the contracted data set performs management operations.
  • the processor 701 is further configured to: control the transceiver to send a first management operation request to a third-party application server, where the first management operation request includes the third-party application request for signing in the eUICC Management operations performed by the data set.
  • the third party application server generates a management operation performed on the contracted data set in the eUICC.
  • processor 701 is further configured to:
  • the identifier EID of the eUICC returned by the third-party application server is the same as the identifier EID of the eUICC of the terminal, acquiring the third-party application included in the subscription data set in the eUICC according to the identifier ICCID of the subscription data set. Certification Information.
  • processor 701 is further configured to:
  • determining that the eUICC of the terminal determines, according to the authentication information of the third-party application in the subscription data set, and the certificate information of the third-party application, whether the third-party application has the right to trigger a management operation on the subscription data set. .
  • processor 701 is further configured to:
  • the first request includes a management command indicating a management operation.
  • the processor 701 is further configured to instruct the LPA of the terminal to perform a management operation indicated in the first request on the subscription data set in the eUICC according to the first request.
  • FIG. 11 is a schematic diagram showing a possible structure of the subscription management server involved in the above embodiment.
  • the subscription management server includes a processor 801, a memory 802, a system bus 803, and a transceiver 804.
  • the processor 801 is configured to perform the method steps shown in FIG. 7-9.
  • the subscription management server interacts with other devices through the communication interface 804, such as a terminal and a third-party application server.
  • processors 801 are used to perform the following steps.
  • the second management operation request includes a management operation performed on the subscription data in the terminal, and an identifier of the subscription data set in the terminal.
  • the management request response includes an identifier ICCID of the subscription data set in the terminal and an identifier of the terminal eUICC And an EID, configured to send, by the third-party application server, an identifier ICCID of the subscription data set in the terminal and an identifier EID of the terminal eUICC to the terminal.
  • the transceiver And receiving, by the transceiver, a management instruction acquisition request sent by the terminal, where the management instruction acquisition request carries an identifier EID of the terminal eUICC and certificate information of a third-party application stored in the terminal.
  • the terminal is configured to perform, by the terminal, a management operation on the subscription data set in the terminal eUICC according to the management instruction.
  • the one or more processors are further configured to:
  • the contracted data set performs management operations.
  • the management request response further includes a registration event identifier event ID, where the registration event identifier is used to identify a management operation event that the subscription management server requests to register according to the second management operation.
  • the registration instruction identifier is also carried in the management instruction acquisition request.
  • the one or more processors are also used to:
  • the contracted data set performs management operations.
  • the disclosed system, mobile device and method may be implemented in other manners.
  • the mobile device embodiments described above are merely illustrative.
  • the division of the modules or units is only one logical function division.
  • the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, mobile device or unit, and may be in electrical, mechanical or other form.
  • the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of the embodiment.
  • each functional unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.
  • the above integrated unit can be implemented in the form of hardware or in the form of a software functional unit.
  • the integrated unit if implemented in the form of a software functional unit and sold or used as a standalone product, may be stored in a computer readable storage medium.
  • a computer readable storage medium A number of instructions are included to cause a computer device (which may be a personal computer, server, or network device, etc.) or a processor to perform all or part of the steps of the methods described in various embodiments of the present application.
  • the foregoing storage medium includes: a U disk (Universal Serial Bus flash disk), a mobile hard disk, a ROM, a RAM, a magnetic disk, or an optical disk, and the like, which can store program codes.

Landscapes

  • Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Telephonic Communication Services (AREA)
  • Telephone Function (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Les modes de réalisation de la présente invention concernent un procédé de gestion relatif à un ensemble de données d'abonnement, un terminal et un serveur. Dans le procédé, lorsqu'un terminal télécharge un ensemble de données d'abonnement d'un serveur de gestion d'abonnements vers une eUICC, le terminal prend connaissance d'informations d'authentification d'une application tierce. Lorsque l'application tierce demande à exécuter une opération de gestion par rapport à l'ensemble de données d'abonnement de l'eUICC, une recherche est effectuée sur l'ensemble de données d'abonnement stocké par le terminal sur la base d'un identifiant d'ensemble de données d'abonnement renvoyé par un serveur d'application tierce. Le terminal vérifie, sur la base d'informations d'authentification de l'application tierce stockées dans l'ensemble de données d'abonnement, si l'application tierce est autorisée à déclencher l'opération de gestion par rapport à l'ensemble de données d'abonnement de l'eUICC. Au moyen d'une architecture de système eUICC existante dans le terminal actuel, sans ajout de module d'application supplémentaire, la gestion de l'ensemble de données d'abonnement de l'eUICC est mise en oeuvre par l'intermédiaire de l'application tierce, et un portail de gestion pour l'ensemble de données d'abonnement de l'eUICC est ajouté.
PCT/CN2017/071184 2017-01-13 2017-01-13 Procédé de gestion relatif à un ensemble de données d'abonnement, terminal et serveur WO2018129723A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/CN2017/071184 WO2018129723A1 (fr) 2017-01-13 2017-01-13 Procédé de gestion relatif à un ensemble de données d'abonnement, terminal et serveur
CN201780032616.9A CN109196891B (zh) 2017-01-13 2017-01-13 一种签约数据集的管理方法、终端及服务器

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2017/071184 WO2018129723A1 (fr) 2017-01-13 2017-01-13 Procédé de gestion relatif à un ensemble de données d'abonnement, terminal et serveur

Publications (1)

Publication Number Publication Date
WO2018129723A1 true WO2018129723A1 (fr) 2018-07-19

Family

ID=62839215

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/071184 WO2018129723A1 (fr) 2017-01-13 2017-01-13 Procédé de gestion relatif à un ensemble de données d'abonnement, terminal et serveur

Country Status (2)

Country Link
CN (1) CN109196891B (fr)
WO (1) WO2018129723A1 (fr)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111342998A (zh) * 2020-02-07 2020-06-26 中国联合网络通信集团有限公司 终端应用管理方法及系统、超级应用管理端、存储介质
CN112235784A (zh) * 2020-12-18 2021-01-15 深圳杰睿联科技有限公司 基于vSIM的码号管理方法、装置及设备
WO2022220616A1 (fr) * 2021-04-14 2022-10-20 Samsung Electronics Co., Ltd. Procédé et appareil de gestion d'événements dans un système de communication sans fil

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112954694B (zh) * 2019-11-26 2023-05-05 上海华为技术有限公司 一种签约信息的处理方法、装置及设备
CN112672346B (zh) * 2020-12-18 2024-01-23 中国联合网络通信集团有限公司 下载认证应用的方法、装置和系统
CN116528217B (zh) * 2023-07-04 2023-10-10 中国电信股份有限公司 对eUICC进行远程管理的方法及相关设备

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104426887A (zh) * 2013-09-04 2015-03-18 华为技术有限公司 业务权限确定方法和装置
US9204300B2 (en) * 2012-05-24 2015-12-01 Kt Corporation Method for providing SIM profile in eUICC environment and devices therefor
CN105357771A (zh) * 2015-10-16 2016-02-24 中国联合网络通信集团有限公司 连接建立方法和用户终端
CN105723760A (zh) * 2013-11-19 2016-06-29 瑞典爱立信有限公司 简档改变管理

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102833066B (zh) * 2011-06-15 2017-02-08 中兴通讯股份有限公司 一种三方认证方法、装置及支持双向认证的智能卡
WO2015027485A1 (fr) * 2013-08-30 2015-03-05 华为终端有限公司 Procédé de changement d'abonnement à distance, et appareil associé
CN103731268A (zh) * 2013-09-23 2014-04-16 中兴通讯股份有限公司 终端、网络侧设备、终端应用控制方法及系统
CN107580790B (zh) * 2015-05-07 2021-04-23 三星电子株式会社 用于提供简档的方法和装置

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9204300B2 (en) * 2012-05-24 2015-12-01 Kt Corporation Method for providing SIM profile in eUICC environment and devices therefor
CN104426887A (zh) * 2013-09-04 2015-03-18 华为技术有限公司 业务权限确定方法和装置
CN105723760A (zh) * 2013-11-19 2016-06-29 瑞典爱立信有限公司 简档改变管理
CN105357771A (zh) * 2015-10-16 2016-02-24 中国联合网络通信集团有限公司 连接建立方法和用户终端

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111342998A (zh) * 2020-02-07 2020-06-26 中国联合网络通信集团有限公司 终端应用管理方法及系统、超级应用管理端、存储介质
CN112235784A (zh) * 2020-12-18 2021-01-15 深圳杰睿联科技有限公司 基于vSIM的码号管理方法、装置及设备
CN112235784B (zh) * 2020-12-18 2021-03-05 深圳杰睿联科技有限公司 基于vSIM的码号管理方法、装置及设备
WO2022220616A1 (fr) * 2021-04-14 2022-10-20 Samsung Electronics Co., Ltd. Procédé et appareil de gestion d'événements dans un système de communication sans fil

Also Published As

Publication number Publication date
CN109196891B (zh) 2020-09-08
CN109196891A (zh) 2019-01-11

Similar Documents

Publication Publication Date Title
WO2018129724A1 (fr) Procédé, dispositif et serveur de téléchargement de profil d'abonnement
US11617073B2 (en) Method enabling migration of a subscription
WO2018129723A1 (fr) Procédé de gestion relatif à un ensemble de données d'abonnement, terminal et serveur
US10091127B2 (en) Enrolling a mobile device with an enterprise mobile device management environment
US11963260B2 (en) Methods and entities for ending a subscription
US10349272B2 (en) Virtual SIM card cloud platform
JP6917474B2 (ja) ネットワーク接続のためのクレデンシャル情報の処理方法、装置、及びアプリケーションapp
EP3333744A1 (fr) Flux de codes d'autorisation pour applications dans un navigateur
WO2018094581A1 (fr) Procédé d'installation d'un profil d'abonnement, terminal et serveur
WO2015024261A1 (fr) Procédé, gestionnaire, serveur et système de gestion de numéros de comptes internet
JP2014524174A (ja) マルチネットワークシステムにおける識別情報管理の装置および方法
CN111434087A (zh) 用于提供通信服务的方法和电子设备
WO2019134493A1 (fr) Procédé d'écriture de données de module d'identité d'abonné, dispositif, plateforme et support de stockage
WO2019214697A1 (fr) Procédé et terminal de téléchargement et de gestion de données
US10834555B2 (en) System and method for facilitating carrier-specific configuration of a user device based on pre-stored information for multiple carriers
WO2018196153A1 (fr) Procédé, dispositif et terminal basés sur une autorisation ouverte
WO2024016124A1 (fr) Procédés et appareils de configuration de dispositif, et dispositif de communication
EP3846403A1 (fr) Procédé, registre et système permettant d'établir une connexion sécurisée entre une puce et un réseau et réseau correspondant
WO2016112506A1 (fr) Procédé et dispositif de configuration de carte universelle à circuit intégré incorporée

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17891806

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17891806

Country of ref document: EP

Kind code of ref document: A1