WO2018129754A1 - Euicc configuration file management method and related device - Google Patents

Euicc configuration file management method and related device Download PDF

Info

Publication number
WO2018129754A1
WO2018129754A1 PCT/CN2017/071322 CN2017071322W WO2018129754A1 WO 2018129754 A1 WO2018129754 A1 WO 2018129754A1 CN 2017071322 W CN2017071322 W CN 2017071322W WO 2018129754 A1 WO2018129754 A1 WO 2018129754A1
Authority
WO
WIPO (PCT)
Prior art keywords
euicc
user intent
configuration information
signature value
key
Prior art date
Application number
PCT/CN2017/071322
Other languages
French (fr)
Chinese (zh)
Inventor
龙水平
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to CN201780061983.1A priority Critical patent/CN109792604B/en
Priority to PCT/CN2017/071322 priority patent/WO2018129754A1/en
Publication of WO2018129754A1 publication Critical patent/WO2018129754A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Definitions

  • the present invention relates to the field of eUICC telecommunications smart cards, and in particular, to an eUICC configuration file management method and related apparatus.
  • the eUICC is a removable or non-removable Universal Integrated Circuit Card (UICC) that performs remote profile management in a secure manner or performs local profile management (eg, terminal device user triggered profiles) Activate, deactivate or delete, etc.).
  • UICC Universal Integrated Circuit Card
  • the word eUICC is derived from an embedded UICC, which may be embedded in a terminal device in a single chip form, or as part of other single chips in the terminal device, but does not mean that it must be embedded in the terminal device and cannot be moved, or it may be
  • the removable card form is like a SIM card, a Micro SIM card or a Nano SIM card.
  • eUICC is sometimes called eSIM.
  • the eUICC profile is a combination of data and applications.
  • the Profile can also be regarded as a SIM (Subscriber Identification Module) software module. Like the traditional SIM card, it performs functions such as authentication calculation when the terminal device accesses the mobile network.
  • SIM Subscriber Identification Module
  • the eUICC remote configuration/management system (also known as the remote SIM configuration system) is shown in Figure 1, where the Contract Manager Data Preparation+ (SM-DP+) server is used to prepare the profile and will be ready.
  • the profile is securely sent to the eUICC module of the terminal device, and the profile is remotely managed.
  • the SM-DP+ can be deployed on the server of the operator, the eUICC manufacturer, the original equipment manufacturer (OEM) or other parties;
  • the Subscription Manager Discovery Service (SM-DS) server is used to provide the SM-DP+ address (or one or more) to the terminal device, and the terminal device can communicate with the SM through the SM-DP+ address.
  • -DP+ establishes a connection, or the terminal device further obtains the SM-DP+ address by replacing the SM-DS;
  • the terminal device (Device) includes a local profile assistant (LPA) module for establishing a connection with the SM-DP+.
  • LPA local profile assistant
  • Related management operations for Profile and eUICC such as download and installation, remote profile management and remote eUICC management, eUICC module for implementing SIM Card functions and profile and eUICC configuration and management functions;
  • Operator BSS is the operator's business support system, which is responsible for ordering profiles to SM-DP+ and requesting management of profiles on eUICC; End User is End device user/user; eUICC Manufacturer (EUM) is a manufacturer of eUICC.
  • SM-DP+, SM-DS are all called eUICC management servers (or remote SIM configuration servers).
  • the information needs to be downloaded to the eUICC module of the terminal device to enable the terminal device to have a communication function.
  • the download, activation, deactivation, or deletion of the profile requires the terminal device to interact with the user and obtain the user intention confirmation command. Achieved.
  • the enterprise needs to purchase a batch of profiles in batches, and then interact with each terminal device separately, downloading the profiles one by one to the terminal device, which wastes time, and the download efficiency of the profile is very high.
  • the enterprise asset administrator needs to manage the installed profiles on all terminal devices, when the asset administrator triggers the remote profile management process, The enterprise employee who wants to hold the terminal device can confirm the profile on the terminal device, which is not conducive to unified management of the profile on the terminal device.
  • the technical problem to be solved by the embodiments of the present invention is to provide an eUICC configuration file management method and related devices, which implement efficient downloading and installation of profiles, and efficient remote profile management.
  • an embodiment of the present invention provides an eUICC configuration file management method, including: establishing an eUICC management session with an eUICC remote management server;
  • the user intent confirmation step is not performed during the current eUICC management session, wherein the eUICC management session is used to execute the eUICC configuration file download and installation operation, eUICC At least one of a profile activation operation, an eUICC profile deactivation operation, or an eUICC profile deletion operation.
  • the user intention configuration information is a user intention indication; or the user intention configuration information is a first signature value; or the user intention configuration information is a first signature value and the first The owner name of the digital certificate corresponding to the signature value.
  • the user intention configuration information is a first signature value, where the first signature value includes a signature of the first to-be-signed data by using the first key, where the first key is The public key, the private key, or the symmetric key; after the user intent configuration information is obtained, the local first to-be-signed data is generated, where the local first to-be-signed data includes an operation type, an operator identifier, and an eUICC remote management server object identifier; The second key corresponding to the first key and the local first to-be-signed data verify the first signature value to implement verification of the user intent configuration information.
  • the second to-be-signed data and the second signature value are obtained from the eUICC remote management server by using the eUICC management session, where the second to-be The signature data includes user intention configuration information, and the second signature value is a signature of the second signature data and the authentication signature value by using the third key, and the authentication signature value is generated during the establishment of the eUICC management session;
  • the local first to-be-signed data is generated;
  • the second signature value is verified by the fourth key corresponding to the third key, the second to-be-signed data, and the authentication signature value, and then The first signature value is verified by the second key corresponding to the first key and the local first to-be-signed data, thereby verifying the user intention configuration information.
  • the user intention configuration information is a first signature value and an owner name of the digital certificate corresponding to the first signature value, where the first signature value includes using the first key pair
  • the signature of the first data to be signed the first key is a public key, a private key, or a symmetric key
  • the local first to-be-signed data is generated, where the local first to-be-signed data includes an operation type.
  • the owner name of the certificate is verified to verify the user intent configuration information.
  • the second to-be-signed data and the second signature value are obtained from the eUICC remote management server by using the eUICC management session, where the second to be The signature data includes user intention configuration information, and the second signature value is a signature of the second signature data and the authentication signature value by using the third key, wherein the authentication signature value is generated during the establishment of the eUICC management session;
  • the local first to-be-signed data is generated, where the local first to-be-signed data includes an operation type, an operator identifier, and an eUICC remote management server object identifier;
  • the fourth key, the second to-be-signed data, and the authentication signature value verify the second signature value, and then perform the first signature value by using the second key corresponding to the first key and the local first to-be-signed data. Verification, at the same time, verifying the owner name of the data certificate corresponding to the first signature value, thereby real
  • the user intention configuration information is a user intention indication
  • the third to-be-signed data and the third signature value are obtained from the eUICC remote management server by using the eUICC management session, where the third to be The signature data includes user intention configuration information
  • the third signature value is a signature of the third signature data and the authentication signature value by using the third key, wherein the authentication signature value is generated during the establishment of the eUICC management session;
  • the third signature value is verified by the fourth key, the third to-be-signed data, and the authentication signature value corresponding to the third key, and then the user intention indication is verified.
  • an embodiment of the present invention provides another eUICC configuration file management method, including:
  • the user intent confirmation step is not performed during the current eUICC management session, wherein the eUICC management session is used to execute the eUICC configuration file download and installation operation, eUICC At least one of a profile activation operation, an eUICC profile deactivation operation, or an eUICC profile deletion operation.
  • the user intention configuration information is a user intention indication; or the user intention configuration information is a first signature value; or the user intention configuration information is a first signature value and the first The owner name of the digital certificate corresponding to the signature value.
  • the user intention configuration information is a first signature value, where the first signature value includes a signature of the first to-be-signed data by using the first key, where the first key is a public key, a private key, or a symmetric key; generating a local first to-be-signed data before sending the user intent instruction to the eUICC module, where the local first to-be-signed data includes an operation type, an operator identifier, and an eUICC remote management server object identifier;
  • the user intent verification command carries the local first to-be-signed data, and the local first to-be-signed data is used by the eUICC module to verify the first signature value by using the second key corresponding to the first key to verify the user intent configuration information.
  • the second to-be-signed data and the second signature value are obtained from the eUICC remote management server by using the eUICC management session, where the second to-be The signature data includes user intention configuration information, and the second signature value is a signature of the second signature data and the authentication signature value by using the third key, wherein the authentication signature value is generated during the establishment of the eUICC management session; user verification In the instruction And carrying the second to-be-signed data and the second signature value, wherein the second to-be-signed data and the authentication signature value are used by the eUICC module to verify the second key value corresponding to the third key. Thereby verifying the user intent configuration information.
  • the user intention configuration information is a user intention indication; obtaining the third to-be-signed data and the third signature value from the eUICC remote management server by using the eUICC management session, where the third The data to be signed includes user intention configuration information, and the third signature value is a signature of the third to-be-signed data and the authentication signature value by using the third key, wherein the authentication signature value is generated during the establishment process of the eUICC management session;
  • the verification instruction further carries the third to-be-signed data and the third signature value, wherein the third to-be-signed data and the authentication signature value are used by the eUICC module for the fourth key pair corresponding to the third key to the third signature.
  • the value is verified; the user intent is used by the eUICC to verify whether the validation is valid to enable verification of the user intent configuration information.
  • the embodiment of the present invention provides another eUICC configuration file management method, including:
  • the user intent confirmation step is not performed during the current eUICC management session, wherein the eUICC management session is used to execute the eUICC configuration file download and installation operation, eUICC At least one of a profile activation operation, an eUICC profile deactivation operation, or an eUICC profile deletion operation.
  • the user intention configuration information is a user intention indication; or the user intention configuration information is a first signature value; or the user intention configuration information is a first signature value and the first The owner name of the digital certificate corresponding to the signature value.
  • the user intention configuration information is a first signature value, where the first signature value includes a signature of the first to-be-signed data by using the first key, where the first key is The public key, the private key, or the symmetric key; the user intent verification command further carries the local first to-be-signed data, wherein the local first to-be-signed data is generated by the local eUICC configuration file auxiliary module, and the local first to-be-signed data includes the operation type.
  • the operator identifier and the eUICC remote management server object identifier verifying the user signature configuration information by verifying the first signature value by using the second key corresponding to the first key and the local first to-be-signed data.
  • the user verification instruction further carries the second to-be-signed data and the second signature value, where the second to-be-signed data includes the User intention configuration information, the second signature value includes a signature of the second signature data and an authentication signature value by using a third key; and a fourth key corresponding to the third key, the second And verifying, by the signature data and the authentication signature value, the second signature value, and verifying the first signature value by using the second key corresponding to the first key and the local first to-be-signed data to implement The user intends to configure the information for verification.
  • the user intent configuration information includes a first signature value, where the first signature value includes a signature of the first to-be-signed data by using the first key,
  • the first key includes a public key, a private key, or a symmetric key;
  • the user intent verification instruction further carries a configuration tube that generates a local first to-be-signed data.
  • the first data to be signed is generated after receiving the user intent verification command sent by the local eUICC configuration file auxiliary module, where the local first to-be-signed data is generated by the local eUICC configuration file auxiliary module,
  • the local first to-be-signed data includes an operation type, an operator identifier, and an eUICC remote management server object identifier; and the first signature is obtained by using a second key corresponding to the first key and the local first to-be-signed data The value is verified.
  • the user intention configuration information is a user intention indication
  • the user verification instruction further carries a third to-be-signed data and a third signature value, where the third to-be-signed data includes the User intention configuration information, the third signature value includes a signature of the third signature data and an authentication signature value by using a third key; and a fourth key corresponding to the third key, the third The to-be-signed data and the authentication signature value verify the third signature value and confirm that the verification passes; and then verify whether the user intention indication is effective to verify the user intent configuration information.
  • an eUICC configuration file management apparatus including:
  • a management session establishing module configured to establish an eUICC management session with the eUICC remote management server
  • a configuration information obtaining module configured to acquire user intent configuration information from the eUICC remote management server by using the eUICC management session
  • a verification module configured to verify the user intent configuration information
  • An execution module configured to perform a user intent confirmation step during the current eUICC management session, where the eUICC management session is used to perform eUICC configuration file downloading, if the verification of the user intent configuration information is passed And at least one of an installation operation, an eUICC profile activation operation, an eUICC profile deactivation operation, or an eUICC profile deletion operation.
  • an embodiment of the present invention provides a local eUICC configuration file auxiliary module, including:
  • a management session establishing unit configured to establish an eUICC management session with the eUICC remote management server
  • a configuration information acquiring unit configured to acquire user intent configuration information from the eUICC remote management server by using the eUICC management session
  • a verification instruction sending unit configured to send a user intention verification instruction to the eUICC module, where the user intention verification instruction is used by the eUICC module to verify the user intent configuration information, where the user intention verification instruction carries User intent configuration information;
  • a first execution unit configured to perform a user intent confirmation step during the current eUICC management session, where the eUICC management session is used to perform eUICC configuration, in the case that the verification of the user intent configuration information is passed At least one of a file download and install operation, an eUICC profile activation operation, an eUICC profile deactivation operation, or an eUICC profile delete operation.
  • an eUICC module including:
  • a verification instruction receiving unit configured to receive a user intent verification instruction sent by the local eUICC configuration file auxiliary module, where the user intent verification instruction carries user intent configuration information, where the user intent configuration information is the local eUICC configuration file auxiliary
  • the module is obtained from an eUICC management session with the eUICC remote management server;
  • a verification unit configured to verify the user intent configuration information
  • a second execution unit configured to perform a user intent confirmation step during the current eUICC management session, where the eUICC management session is used to perform eUICC configuration, in the case that the verification of the user intent configuration information is passed At least one of a file download and install operation, an eUICC profile activation operation, an eUICC profile deactivation operation, or an eUICC profile delete operation.
  • an embodiment of the present invention provides an eUICC configuration file management apparatus, including: a processor, a memory, and a transceiver, wherein the processor, the memory, and the transceiver are connected to each other by a bus, wherein the memory is used for storing Program code, the processor is used to call the program code, and performs the following operations:
  • the user intent confirmation step is not performed during the current eUICC management session, wherein the eUICC management session is used to execute the eUICC configuration file download and installation operation, eUICC At least one of a profile activation operation, an eUICC profile deactivation operation, or an eUICC profile deletion operation.
  • an embodiment of the present invention provides a terminal, including: a processor, a memory, and a transceiver, wherein the processor, the memory, and the transceiver are connected to each other by a bus, where the memory is used to store program code, where The processor is configured to invoke the program code and perform the following operations:
  • the user intent confirmation step is not performed during the current eUICC management session, wherein the eUICC management session is used to execute the eUICC configuration file download and installation operation, eUICC At least one of a profile activation operation, an eUICC profile deactivation operation, or an eUICC profile deletion operation.
  • an embodiment of the present invention provides an eUICC module, including: a processor, a memory, and a transceiver, wherein the processor, the memory, and the communication interface are connected to each other by a bus, wherein the memory is used to store program code.
  • the processor is configured to invoke the program code and perform the following operations:
  • the user intent confirmation step is not performed, wherein the eUICC management session is used to perform at least one of an eUICC profile download and install operation, an eUICC profile activation operation, an eUICC profile deactivation operation, or an eUICC profile deletion operation.
  • the user intent configuration information is obtained from the eUICC remote management server, and the user intent configuration information is verified. If the verification of the user intent configuration information is passed, the eUICC management session is not executed during the current eUICC management session.
  • the user intent confirms the steps, omitting the interaction process with the user, thereby enabling efficient downloading and installation of the eUICC configuration file, and efficient remote eUICC configuration file management.
  • Figure 1 is a system architecture diagram of eUICC
  • FIG. 2 is a schematic flowchart of a method for managing an eUICC configuration file according to an embodiment of the present invention
  • FIG. 3 is a schematic flowchart of another eUICC configuration file management method according to an embodiment of the present invention.
  • FIG. 4 is a schematic flowchart of a method for initializing an SM-DP+ according to an embodiment of the present invention
  • FIG. 5 is a schematic flowchart of generating localuserintentfreeSigned by eUICC according to an embodiment of the present invention
  • FIG. 6 is a schematic flowchart of still another eUICC configuration file management method according to an embodiment of the present disclosure
  • FIG. 7 is a schematic flowchart of still another eUICC configuration file management method according to an embodiment of the present disclosure.
  • FIG. 8 is a schematic flowchart of still another eUICC configuration file management method according to an embodiment of the present disclosure.
  • FIG. 9 is a schematic structural diagram of an eUICC configuration file management apparatus according to an embodiment of the present invention.
  • FIG. 10 is a schematic structural diagram of another eUICC configuration file management apparatus according to an embodiment of the present disclosure.
  • FIG. 11 is a schematic structural diagram of a local eUICC configuration file auxiliary module according to an embodiment of the present invention.
  • FIG. 12 is a schematic structural diagram of a terminal according to an embodiment of the present disclosure.
  • FIG. 13 is a schematic structural diagram of an eUICC module according to an embodiment of the present disclosure.
  • FIG. 14 is a schematic structural diagram of another eUICC module according to an embodiment of the present invention.
  • FIG. 2 is a schematic flowchart of a method for managing an eUICC configuration file according to an embodiment of the present invention.
  • the method of the embodiment of the present invention may be implemented in the system architecture shown in FIG. 1, including but not limited to The following steps:
  • Step S101 The terminal device establishes an eUICC management session with the eUICC remote management server.
  • the terminal device may include an LPA module and an eUICC module, where the LPA module and the eUICC module may be two modules that are separated from each other and have a physical or logical connection relationship, for example, the LPA module exists on the baseband chip.
  • the LPA module can also be saved directly It is on the eUICC module.
  • the LPA module can be a software module or a plurality of software modules that are distributed and associated.
  • the eUICC management session may be a Remote SIM Provisioning (RSP) session.
  • RSP Remote SIM Provisioning
  • the eUICC management session may be initiated by the LPA module, and the LPA assists the two-way authentication authentication between the eUICC module and the eUICC remote management server to establish an eUICC management session.
  • Step S102 The terminal device acquires user intent configuration information from the eUICC remote management server by using the eUICC management session.
  • the eUICC remote management server may be an SM-DP+, or may be another server capable of providing an eUICC configuration file and capable of remotely managing the eUICC configuration file.
  • the user intent configuration information may be a first signature value; or may be a user intention indication; or may be a first signature value and an owner name of the digital certificate corresponding to the first signature value.
  • Step S103 The terminal device verifies the user intent configuration information.
  • the user intent configuration information is used to indicate that the terminal saves, deactivates, or skips the step of interacting with the user during the current eUICC management session.
  • step S105 is performed.
  • the content or type of the user's intentional configuration information is different, and the specific process for the terminal device to verify the user's intended configuration information is different.
  • the terminal may not only verify the user's intention configuration information, but also configure the information with the user's intention. Relevant information is verified.
  • Step S104 In the case where the verification of the user's intention configuration information fails, the terminal device performs a user intention confirmation step.
  • the terminal device may display, on the interface, “whether or not to agree to download”, “please input a confirmation code”, and obtain a confirmation operation of the user, and obtain the confirmation of the user.
  • the subsequent steps are performed after the operation.
  • Step S105 The terminal device performs at least one of an eUICC configuration file download and install operation, an eUICC configuration file activation operation, an eUICC configuration file deactivation operation, or an eUICC configuration file deletion operation.
  • the eUICC configuration file can be a profile.
  • the implementation of the foregoing embodiment is specifically described in the following with reference to the system architecture of FIG. 1.
  • the second embodiment to the fifth embodiment of the present invention mainly introduce the LPA module and the eUICC module.
  • the modules of the above-mentioned embodiments are implemented in the case where the LPA modules are directly present in the eUICC module, it is considered that only the steps performed by the LPA module and the eUICC module are combined to form a solution. Do the discussion.
  • the following embodiment is described in detail by using the LPA module of the LPA on behalf of the terminal device, the eUICC module of the eUICC on behalf of the terminal device, the SM-DP+ on behalf of the eUICC remote management server, and the profile on behalf of the eUICC configuration file.
  • FIG. 3 is a schematic flowchart of a method for managing an eUICC configuration file according to a second embodiment of the present invention.
  • the eUICC management session is used to perform an eUICC configuration file download and installation operation,
  • the specific implementation process is as follows:
  • Step S201 The LPA acquires the SM-DP+ address.
  • the LPA can obtain an SM-DP+ address and an event identifier (Event ID) from the SM-DS.
  • Event ID can identify the profile to be downloaded event, or can identify Profile or eUICC remote management events, download or management events can be targeted to single or multiple terminals/eUICC.
  • the LPA can send the EventID to the SM-DP+ through the Matching ID parameter.
  • the LPA may also obtain a default SM-DP+ address from the eUICC.
  • the terminal device is custom-produced by the operator A, the operator A specifies an SM-DP+ address preset in the eUICC, or the OEM terminal.
  • the vendor presets an SM-DP+ address shared by multiple operators in the eUICC.
  • Step S202 The LPA establishes a Transport Layer Security (TLS) connection with the SM-DP+.
  • TLS Transport Layer Security
  • the LPA performs one-way certificate authentication on the SM-DP+, and establishes a TLS connection after the authentication is passed.
  • Step S203 The eUICC and the SM-DP+ perform two-way authentication based on the HyperText Transfer Protocol Secure (HTTPS).
  • HTTPS HyperText Transfer Protocol Secure
  • HTTPS runs on top of a TLS connection.
  • the LPA obtains the eUICC challenge value and the like from the eUICC, sends an HTTPS request (including the eUICC challenge value) to the SM-DP+, triggers the eUICC and the SM-DP+ to perform bidirectional authentication, and the bidirectional authentication data exchange passes the HTTPS request and response.
  • the eUICC generates its own authentication signature value (euiccSignature1) and sends eucicSignature1 to SM-DP+, SM-DP+ and eUICC both store eucicSignature1; meanwhile, SM-DP+ will authenticate the certificate (CERT. DPauth.ECDSA) is sent to eUICC, eUICC saves CERT.DPauth.ECDSA; after two-way authentication is passed, SM-DP+ generates session identification (TransactionID).
  • Step S204 The SM-DP+ obtains a Profile download pending order or a Batch Profile download pending order by searching.
  • the terminal device sends a MatchingID or an eUICC identifier (EID) to the SM-DP+.
  • EID eUICC identifier
  • SM-DP+ can find a Profile download pending order or a Batch Profile download pending order by using MatchingID or EID.
  • the Profile download pending order or the Batch Profile download pending order may be generated during the profile download initialization process of the SM-DP+
  • FIG. 4 is a schematic diagram of the profile download initialization process of the SM-DP+.
  • the individual or enterprise user Before downloading the profile to the eUICC of the terminal device, the individual or enterprise user needs to sign a contract with the operator to complete the account opening process, and then the operator business support system (Operator BSS) instructs the SM-DP+ as the user.
  • the Operator business support system (Operator BSS) instructs the SM-DP+ as the user.
  • a single or batch of profiles is prepared for the user's terminal device to download.
  • the Operator mobile network can provide various services for the terminal device users, including calling, receiving short messages, and data services.
  • the Operator BSS can obtain the international mobile device identity of the user terminal device (International Mobile Equipment Identity, IMEI), capability information, and eUICC Identification (EID).
  • IMEI International Mobile Equipment Identity
  • EID eUICC Identification
  • the operator BSS sends the EID to the SM-DP+.
  • the SM-DP+ generates a profile pending event according to the Operator BSS indication, and waits for the user terminal device to perform the profile download.
  • the Operator BSS optionally sends the batch eUICC identifier (ie, EIDs) to the SM-DP+, and the SM-DP+ generates a batch profile to be downloaded event or for each terminal device/eUICC. Generate a single profile to be downloaded event.
  • EIDs batch eUICC identifier
  • Step S1 The Operator BSS sends a download command (DownloadOrder) to the SM-DP+, where the DownloadOrder can carry the batch eUICC identifier (EIDs), the profile type (Profile Type), or the batch profile ID (Integrated Circuit Card ID, ICCIDs).
  • EIDs the batch eUICC identifier
  • Profile Type the profile type
  • ICCIDs the batch profile ID
  • the EIDs are optional, that is, the DownloadOrder may also not carry the EIDs.
  • Step S2 SM-DP+ saves the ICCIDs, EIDs and sends a reply command to the Operator BSS.
  • the reply instruction is a response message.
  • the Operator BSS may generate a batch matching identifier (MatchingIDs) after receiving the reply instruction, and the MatchingID may match the profile to be downloaded event generated by the SM-DP+.
  • MatchingIDs batch matching identifier
  • Operator BSS can also be configured in the background.
  • Step S3 Optionally, the Operator BSS obtains the terminal device from the user intent to authorize the userintentfreeSignature.
  • the userintentfreeSignature may indicate that the LPA omits, deactivates, or skips the step of user intent confirmation in the current RSP session. For example, let the user confirm the steps of accepting the operator Profile Policy Rules (PPR), let the user confirm the steps of downloading and installing the profile, let the user enter the verification code, and the steps can be merged.
  • PPR Operator Profile Policy Rules
  • userintentfreeSignature can also be defined with other names.
  • the userintentfreeSignature can be sent to the LPA through the SM-DP+ included in the user intent configuration information (userintentConfiguration).
  • Operator BSS can obtain userintentfreeSignature from Enterprise, OEM, or EUM.
  • the userintentConfiguration may be a userintentfreeSignature or a ⁇ Signer, userintentfreeSignature ⁇ , where the userintentfreeSignature is a signature of the first to-be-signed data by using the first key (ie, a first signature value), and the first to-be-signed data may be ⁇ euicc Operation Type, Operatorid, SM-DP+OID ⁇ , optionally, the first to-be-signed data may further include EIDs, that is, the first to-be-signed data is ⁇ euicc Operation Type, Operatorid, SM-DP+OID, EIDs ⁇ , where the eucic Operation Type is an eUICC management operation type, the Operatorid is an operator identifier, the SM-DP+OID is an SM-DP+Object Identifications (OID), and the Signer is a digital certificate corresponding to the first key.
  • the userintentfreeSignature is a signature of the first to-be-signed data by using the first key
  • the owner name for example, may be the Distinguished Name (DN) of the OEM digital certificate, the EUM digital certificate or the Enterprise digital certificate.
  • DN Distinguished Name
  • the Operator BSS obtains the userintentfreeSignature from the OEM, and the Signer is the DN name of the OEM digital certificate.
  • the eucic Operation Type is Profile Download.
  • the first key may be a public key (PK), a private key (Secret Key, SK), or a symmetric key.
  • PK public key
  • SK private key
  • SK secret Key
  • EIDs may be represented in various forms, for example, may be represented as any one of EID start
  • Step S4 The Operator BSS sends a confirmation command (ConfirmOrder) to the SM-DP+, wherein the ConfirmOrder carries ⁇ Signer, userintentfreeSignature ⁇ .
  • Signer is optional.
  • ConfirmOrder only carries userintentfreeSignature.
  • the ConfirmOrder may further carry ICCIDs, EIDs, Confirmation Codes, MatchingIDs, wherein the Confirmation Codes are a batch of Confirmation Codes for enhancing the security of the profile download.
  • Step S5 SM-DP+ generates a Batch Profile download pending order.
  • SM-DP+ can also generate a single Profile to be downloaded event for each terminal device/eUICC.
  • the Batch Profile download pending order may include Signer, userintentfreeSignature, eventID, MatchingIDs, EIDs, and a batch of profiles generated by SM-DP+.
  • the SM-DP+ profile download initialization process is completed, and the SM-DP+ prepares a batch of profiles for the enterprise user.
  • the name of the batch pending download event is not limited to the description of the Batch Profile download pending order in the embodiment of the present invention. It can also be described by other names, mainly used to distinguish existing single profile pending download events.
  • the SM-DP+ can find a Profile download pending order or a Batch Profile download pending order according to the MatchingID or EID sent by the terminal device.
  • Step S205 The SM-DP+ performs the validity check using the terminal device information (Device Info) and the eUICC information (euicc Info2).
  • the SM-DP+ checks, for example, whether the firmware information, version information, and the like of the terminal device and the eUICC match the profile in the download pending order.
  • the TransactionID is generated by SM-DP+ during the establishment of the RSP session, and the Confirmation Code Required Flag is set to 'True' or "False' (depending on whether the SM-DP+ receives the Confirmation Code during the profile download initialization process, bppEuiccOtpk is The abruptly terminated profile downloads the public key portion of the temporary public-private key pair generated by the eUICC in the RSP session.
  • Step S207 SM-DP+ performs a signature calculation on smdpSigned2 and eucicSignature1 by using a third key (SK.DPpb.ECDSA) to generate a second signature value (for example, smdpSignature2), where SK.DPpb.ECDSA is a configuration file of SM-DP+ Bind the private key of the ProfileBinding digital certificate (CERT.DPpb.ECDSA).
  • SK.DPpb.ECDSA is a configuration file of SM-DP+ Bind the private key of the ProfileBinding digital certificate (CERT.DPpb.ECDSA).
  • SM-DP+ may generate a digest of smdpSigned2
  • A ⁇ smdpSigned2, eucicSignature1 ⁇
  • the abstract is obtained by summing A
  • the result of encrypting the digest a by SK.DPpb.ECDSA is the second signature value smdpSignature2.
  • Step S208 SM-DP+ sends Profile Metadata, smdpSigned2, smdpSignature2, CERT.DPpb.ECDSA, userintentConfiguration, and EIDs to the LPA.
  • EIDs are optional.
  • localuserintentfreeSigned ⁇ euicc Operation Type, Operatorid, SM-DP+OID, EIDs ⁇ .
  • the LPA identifies the eUICC Operation Type as Profile download by Profile Metadata, assigns the Profileowner in the Profile Metadata to the Operatorid, and obtains the SM-DP+OID from the CERT.DPpb.ECDSA certificate.
  • Step S210 The LPA verifies that the EID of the local eUICC is within the EIDs.
  • Step S211 The LPA sends localuserintentfreeSigned, userintentConfiguration, TransactionID, and CERT.DPpb.ECDSA to the eUICC.
  • the LPA reads the Transaction ID from smdpSigned2.
  • the localuserintentfreeSigned may be generated by the eUICC.
  • the steps S209 to S211 are as shown in FIG. 5, and may be replaced by:
  • Step S209-1 The LPA confirms receipt of the userintentConfiguration, and generates the eucic Operation Type and the Operatorid.
  • Step S210-1 Optionally, the LPA verifies that the EID of the local eUICC is within the EIDs.
  • Step S211-1 The LPA sends the eucic Operation Type, Operatorid, userintentConfiguration, TransactionID, and CERT.DPpb.ECDSA to the eUICC.
  • the LPA may also send the EIDs to the eUICC.
  • Step S211-2 eUICC generates localuserintentfreeSigned.
  • Step S212 The eUICC verifies that CERT.DPpb.ECDSA is legal and belongs to the same SM-DP+ as CERT.DPauth.ECDSA, and verifies that the TransactionID matches the current RSP session.
  • the eUICC compares the two SM-DP+OIDs obtained by acquiring the SM-DP+OIDs from CERT.DPpb.ECDSA and CERT.DPauth.ECDSA respectively, if the two SM-DP+OIDs are the same. Then it is determined that CERT.DPpb.ECDSA belongs to the same SM-DP+ as CERT.DPauth.ECDSA.
  • Step S213 The eUICC verifies the userintentConfiguration.
  • the eUICC verifies the userintentfreeSignature by using a second key corresponding to the first key and localuserintentfreeSigned.
  • the second key and the first key may be mutually symmetric keys or asymmetric keys, for example, the first key and the second key are mutually asymmetric keys, and then When the key is PK, the second key is SK, when the first key is SK, the second key is PK; and if the second key and the first key are symmetric keys with each other, the first Key and second secret The keys are the same.
  • the eUICC generates the local first digest of the localuserintentfreeSigned, and decrypts the userintentfreeSignature with the second key to obtain a decrypted result.
  • the verification of the userintentfreeSignature is passed.
  • the eUICC when the LPA receives both the userintentfreeSignature and the Signer, the eUICC also needs to verify whether the DN name in the Signer and the CERT.EUM/Enterprise/OEM.ESCDA is the same, and the verification is passed.
  • the verification order of Signer and userintentfreeSignature is not limited.
  • Step S214 The eUICC sends a verification completion instruction to the LPA.
  • the verification completion instruction includes a verification pass instruction or a verification non-pass instruction, which is used to indicate whether to perform a user verification step, and if the verification completion instruction is a verification pass instruction, the user intention confirmation step is not performed; if the verification complete instruction is a verification failure instruction Then, the user intent confirmation step is performed, or the LPA is instructed to terminate the current RSP session.
  • the verification completion instruction may be, for example, an OK or Error response message.
  • Step S215 The LPA determines whether to perform the user intention confirmation step according to the verification completion instruction.
  • a flag bit may be set for whether to perform a user intent confirmation step, for example, when the verification pass instruction is received, the mark position is set to '1', indicating that the step should be skipped when running to the user intention confirmation step.
  • the flag is set to '0', indicating that this step should be performed when running to the user intent confirmation step.
  • step S217 is performed.
  • Step S216 The verification completion instruction is a verification failure instruction, and the LPA performs a user intention confirmation step.
  • Step S217 The LPA continues to perform the profile download and installation process.
  • the user intends to configure the information userintentConfiguration as userintentfreeSignature or ⁇ Signer, userintentfreeSignature ⁇ , and the operator obtains the userintentfreeSignature from Enterprise, OEM or EUM and carries the userintentfreeSignature in the ConfirmOrder and sends it to the SM-DP+, when the user terminal device wants
  • SM-DP+ sends the userintentfreeSignature (and Signer) to the LPA of the terminal.
  • LPA and eUICC cooperate to complete the verification of userintentfreeSignature (and Signer), and skip the user intent confirmation step when the verification is passed, which is helpful to achieve Efficient downloading of profiles is especially beneficial for scenarios of batch enterprise user terminal devices.
  • FIG. 6 is a schematic flowchart of a method for downloading an eUICC configuration file according to a third embodiment of the present invention.
  • the eUICC management session user is configured to perform an eUICC configuration file download and installation operation, and the specific implementation process is as follows:
  • Step S301 The LPA acquires the SM-DP+ address.
  • Step S302 The LPA establishes a TLS connection with the SM-DP+.
  • Step S303 The SM-DP+ and the eUICC perform mutual authentication based on the HTTPS.
  • Step S304 The SM-DP+ search obtains a Profile download pending order or a Batch Profile download pending order.
  • Step S305 The SM-DP+ performs the validity check by using Device Info and eucic Info2.
  • steps S301-S305 are the same as steps S201-S205 of the second embodiment. The consistency of the introduction is not repeated here.
  • the userintentConfiguration may be ⁇ Signer, userintentfreeSignature ⁇ , userintentfreeSignature, or User Intent Free Required Flag.
  • the Operator BSS does not perform the step of acquiring the user device to authorize the userintentfreeSignature, and directly downloads the scenario according to the profile (for example, the enterprise user batch download, or the elderly user/helper user) Download) Instructs SM-DP+ to generate user intent configuration information (eg, indicating that the user intent flag is set to 'True' or 'False').
  • smdpSigned2 is the second data to be signed
  • smdpSigned2 is the third data to be signed.
  • Step S307 SM-DP+ performs signature calculation on smdpSigned2
  • smdpSignature2 is the second signature value
  • smdpSignature2 is the third signature value
  • Step S308 SM-DP+ sends Profile Metadata, smdpSigned2, smdpSignature2, CERT.DPpb.ECDSA to the LPA.
  • Step S309 The LPA confirms receipt of the userintentConfiguration.
  • the LPA parses smdpSigned2 to confirm receipt of the user intent configuration information userintentConfiguration.
  • the LPA may generate localuserintentfreeSigned, and the generated manner and content thereof are consistent with those described in step S209 in the second embodiment, and no longer Narration.
  • Step S310 Optionally, the LPA verifies that the EID of the local eUICC is within the EIDs.
  • Step S311 The LPA sends smdpSigned2, smdpSignature2, and CERT.DPpb.ECDSA to the eUICC.
  • the LPA also sends the generated localuserintentfreeSigned to the eUICC.
  • userintentfreeSigned may be generated by the eUICC.
  • the LPA also needs to send the Operation Type, Operatorid, and EIDs (optional) to the eUICC.
  • Step S312 The eUICC verifies that CERT.DPpb.ECDSA is legal and belongs to the same SM-DP+ as CERT.DPauth.ECDSA, and verifies that the TransactionID matches the current RSP session.
  • Step S313 The eUICC verifies the smdpSignature2.
  • the eUICC verifies the smdpSignature2 by using the fourth key (PK.DPpb.ECDSA), smdpSigned2, and eucicsignature1 corresponding to the SK.DPpb.ECDSA, wherein the eucicSignature1 is the authentication generated and saved by the eUICC during the establishment of the RSP session. Signature value.
  • the eUICC generates a third digest of smdpSigned2
  • the third digest is the same as the fourth digest, the verification of smdpSignature2 is passed.
  • smdpSignature2 is the signature value obtained by encrypting the summary a with SK.DPpb.ECDSA; when smdpSigned2 and smdpSignature2 are transmitted to In eUICC, the abstract is obtained by summarizing smdpSigned2
  • Step S314 The eUICC verifies the userintentConfiguration.
  • the steps of verifying the userintentfreeSignature and the signer may refer to step S213 of the second embodiment, and details are not described herein.
  • the eUICC determines whether the User Intent Free Required Flag is valid for verification. For example, the value of the User Intent Free Required Flag is 'True' (or '1'), and the userintentConfiguration is determined to be valid. The verification is passed; the value of User Intent Free Required Flag is 'False' (or '0'), it is invalid, and the verification of userintentConfiguration is not passed.
  • the eUICC does not verify it, but returns the verification result to the LPA after the smdpSignature2 is verified in step S313, and the User Intent Free Required Flag is verified by the LPA.
  • Step S315 The eUICC sends a verification completion instruction to the LPA.
  • Step S316 The LPA determines whether to perform the user intention confirmation step according to the verification completion instruction.
  • Step S317 The verification completion instruction is a verification failure instruction, and the LPA performs a user intention confirmation step.
  • Step S318 The LPA continues to perform the profile download and installation process.
  • the user intends to configure the information userintentConfiguration to be ⁇ Signer, userintentfreeSignature ⁇ , userintentfreeSignature, or User Intent Free Required Flag
  • the Operator BSS obtains the userintentfreeSignature from Enterprise, OEM, or EUM and carries the userintentfreeSignature (and Signer) in the ConfirmOrder.
  • SM-DP+ userintentConfiguration is User Intent Free Required Flag
  • Operator BSS does not perform the procedure of obtaining userintentfreeSignature.
  • the terminal device wants to perform profile download operation, SM-DP+ puts userintentConfiguration into smdpSigned2 for signature protection and sends it to the terminal device.
  • LPA, LPA and eUICC cooperate to complete the verification of smdpSignature2 and userintentConfiguration.
  • the user intent confirmation step is skipped, which helps to achieve efficient download of the profile, especially for batch enterprises. The scenario of the user terminal device.
  • FIG. 7 is a schematic flowchart diagram of a method for remotely managing an eUICC configuration file according to a fourth embodiment of the present invention.
  • the eUICC management operation performed by the terminal device is an RPM operation, and the specific implementation process is as follows:
  • Step S401 The LPA acquires the SM-DP+ address.
  • Step S402 The LPA establishes a TLS connection with the SM-DP+.
  • Step S403 The SM-DP+ and the eUICC perform mutual authentication based on the HTTPS.
  • Step S404 The SM-DP+ search obtains a profile remote management pending event (pending RPM order) or a batch profile remote management pending event (pending batch RPM order).
  • the pending RPM order or the pending Batch RPM order may be generated after the SM-DP+ receives the Remote Profile Management Order (RPMOrder) of the Operator BSS.
  • RPMOrder Remote Profile Management Order
  • Step S11 The Operator BSS obtains the user-intention-free authorization userintentfreeSignature.
  • the manner in which the operator BSS obtains the userintentfreeSignature is the same as that described in the step S3 of the profile download initialization process of the SM-DP+ described in conjunction with FIG. 3.
  • the eucic Operation Type is various profiles. Remote management operations (for example, deactivate Disable, activate Enable, delete Delete, update Update, query Query).
  • Step S12 The Operator sends an RPMorder to the SM-DP+, where the RPMorder carries the userintentfreeSignature, RPM Command.
  • ICDRDs may also be carried in the RPMOrder.
  • Signer may also be carried in the RPMOrder.
  • EIDs may also be carried in the RPMOrder.
  • Step S13 The SM-DP+ performs a legality check.
  • SM-DP+ checks EIDs or ICCIDs to see if they belong to their management scope.
  • Step S14 SM-DP+ generates one or more pending RPM orders or generates a pending Batch RPM order.
  • the SM-DP+ also performs event registration at the SM-DS.
  • each RPM Oder event has an eventID identifier.
  • SM-DP+ finds a pending RPM order or a pending Batch RPM order through eventID or EID.
  • Step S406 SM-DP+ performs a signature calculation on smdpSigned3
  • RPM Remote Profile Management
  • the RPM certificate can be distinguished or multiplexed from the authentication certificate.
  • SM-DP+ can generate a summary of smdpSigned3
  • C ⁇ smdpSigned3, eucicsignature1 ⁇
  • the C is digested to obtain c
  • the result of encrypting the digest c by SK.DPrpm.ECDSA is the second signature value smdpSignature3.
  • Step S407 SM-DP+ sends smdpSigned3, smdpSignature3, CERT.DPrpm.ECDSA, userintentConfiguration, EIDs and Operatorid to the LPA.
  • EIDs are optional; Operatorid can be included in RPM Command.
  • localuserintentfreeSigned ⁇ euicc Operation Type, Operatorid, SM-DP+OID, EIDs ⁇ .
  • the LPA identifies the eucic Operation Type through the RPM Command, reads the Operatorid from the smdpSigned3 or the RPM Command, and obtains the SM-DP+OID from the CERT.DPrpm.ECDSA certificate.
  • the eucic Operation Type includes, for example, a Disable, an Enable, a Delete, an Update, or a Query.
  • Step S409 The LPA verifies that the EID of the local eUICC is within the EIDs.
  • Step S410 The LPA sends localuserintentfreeSigned, userintentConfiguration, TransactionID, and CERT.DPrpm.ECDSA to the eUICC.
  • the TransactionID is read from smdpSigned3.
  • localuserintentfreeSigned may be generated by eUICC, which sends eucic Operation Type, Operatorid, userintentConfiguration, TransactionID, and CERT.DPrpm.ECDSA to eUICC.
  • the LPA also sends EIDs to the eUICC.
  • Step S411 The eUICC verifies that CERT.DPrpm.ECDSA is legal and belongs to the same SM-DP+ as CERT.DPauth.ECDSA, and verifies that the TransactionID matches the current RSP session.
  • the eUICC compares the two SM-DP+OIDs obtained by acquiring the SM-DP+OIDs from CERT.DPrpm.ECDSA and CERT.DPauth.ECDSA respectively, if the two SM-DP+OIDs are the same. Then it is determined that CERT.DPrpm.ECDSA belongs to the same SM-DP+ as CERT.DPauth.ECDSA.
  • Step S412 The eUICC verifies the userintentConfiguration.
  • the method for verifying the userintentConfiguration by the eUICC is the same as that in the foregoing second embodiment, and details are not described herein again.
  • Step S413 The eUICC sends a verification completion instruction to the LPA.
  • Step S414 The LPA determines whether to perform the user intention confirmation step according to the verification completion instruction.
  • Step S415 The verification completion instruction is a verification failure instruction, and the LPA performs a user intention confirmation step.
  • Step S416 The LPA continues to execute the profile remote management process.
  • userintentConfiguration is ⁇ Signer, userintentfreeSignature ⁇ , userintentfreeSignature, and Operator BSS is obtained from Enterprise, OEM, or EUM.
  • UserintentfreeSignature (and Signer) and userintentConfiguration are carried in RPMOrder and sent to SM-DP+.
  • SM-DP+ sends userintentConfiguration to the LPA of the terminal, and LPA and eUICC cooperate to complete the verification of userintentConfiguration.
  • the user intent confirmation step is not performed when the verification is passed, which facilitates efficient remote management of the profile.
  • FIG. 8 is a schematic flowchart diagram of a method for remotely managing an eUICC configuration file according to a fifth embodiment of the present invention.
  • the eUICC management operation performed by the terminal device is an RPM operation, and the specific implementation process is as follows:
  • Step S501 The LPA acquires the SM-DP+ address.
  • Step S502 The LPA establishes a TLS connection with the SM-DP+.
  • Step S503 SM-DP+ and eUICC perform mutual authentication based on HTTPS.
  • Step S504 The SM-DP+ search finds a pending RPM order or a pending Batch RPM order.
  • step S504 The implementation logic and mode of the step S504 are the same as those of the step S404 in the fourth embodiment, and details are not described herein.
  • EIDs are optional; Operatorid can also be included in RPM Command.
  • smdpSigned3 is the second data to be signed
  • smdpSigned3 is the third data to be signed.
  • Step S506 SM-DP+ performs signature calculation on smdpSigned3
  • step S406 of the fourth embodiment described above The generation manner of smdpSignature3 is mentioned in step S406 of the fourth embodiment described above, and will not be described again.
  • the smdpSignature3 is the second signature value
  • the userintentConfiguration is the User Itent Free Ruired Flag
  • Step S507 SM-DP+ sends smdpSigned3, smdpSignature3, CERT.DPrpm.ECDSA to the LPA.
  • Step S508 The LPA confirms receipt of the userintentConfiguration.
  • the LPA parses the data in smdpSigned3 to confirm receipt of the userintentConfiguration.
  • the LPA can generate localuserintentfreeSigned, and the manner and content of the LPA are consistent with those described in step S408 in the fourth embodiment, and details are not described herein.
  • Step S509 The LPA verifies that the EID of the local eUICC is within the EIDs.
  • Step S510 The LPA sends smdpSigned3, smdpSignature3, and CERT.DPrpm.ECDSA to the eUICC.
  • the LPA will send localuserintentfreeSigned Send it to eUICC.
  • localuserintentfreeSigned may be generated by the eUICC, and the LPA also needs to send the eucic Operation Type, the Operatorid, and the optional EIDs to the eUICC.
  • Step S511 The eUICC verifies that CERT.DPrpm.ECDSA is legal and belongs to the same SM-DP+ as CERT.DPauth.ECDSA, and verifies that the TransactionID matches the current RSP session.
  • Step S512 The eUICC verifies the smdpSignature3.
  • the eUICC verifies the smdpSignature3 using the fourth key (PK.DPrpm.ECDSA), smdpSigned3, and eucicSignature1 corresponding to SK.DPrpm.ECDSA.
  • the eUICC generates a fifth digest for smdpSigned3 and the locally saved eucicSignature1, and then decrypts smdpSignature3 with PK.DPrpm.ECDSA.
  • the fifth digest and the decrypted result are the same, the verification of smdpSignature3 is passed.
  • Step S513 The eUICC verifies the userintentConfiguration
  • the step of verifying the userintentConfiguration may refer to step S213 of the second embodiment, and details are not described herein.
  • the verification of the userintentConfiguration may refer to step S314 of the third embodiment, and details are not described herein.
  • Step S514 The eUICC sends a verification completion instruction to the LPA.
  • Step S515 The LPA determines whether to perform the user intention confirmation step according to the verification completion instruction.
  • Step S516 The verification completion instruction is a verification failure instruction, and the LPA performs a user intention confirmation step.
  • Step S517 The LPA continues to execute the profile remote management process.
  • userintentConfiguration is ⁇ Signer, userintentfreeSignature ⁇ , userintentfreeSignature, or User Intent Free Required Flag
  • Operator BSS obtains userintentfreeSignature (and Signer) from Enterprise, OEM, or EUM, and userintentfreeSignature (and Signer) in RPMorder.
  • Sended to SM-DP+ when the terminal wants to perform profile remote management operation, SM-DP+ puts userintentConfiguration into smdpSigned3 for signature protection and sends it to the LPA of the terminal.
  • LPA and eUICC cooperate to complete verification of smdpSigned3 and userintentConfiguration.
  • the user intent confirmation step is not performed, which facilitates efficient remote management of the profile.
  • FIG. 9 is a schematic structural diagram of an eUICC configuration file management apparatus according to an embodiment of the present invention.
  • the eUICC configuration file management apparatus may include a management session establishment module 610, a configuration information acquisition module 620, a verification module 630, and an implementation.
  • Module 640 wherein the detailed description of each module is as follows:
  • a management session establishing module 610 configured to establish an eUICC management session with the eUICC remote management server;
  • the configuration information obtaining module 620 is configured to remotely manage the service from the eUICC through the eUICC management session. Obtaining user intent configuration information;
  • the verification module 630 is configured to verify the user intent configuration information.
  • the execution module 640 is configured to: during the current eUICC management session, perform a user intent confirmation step, where the eUICC management session is used to execute the eUICC configuration file, if the verification of the user intent configuration information is passed. At least one of a download and install operation, an eUICC profile activation operation, an eUICC profile deactivation operation, or an eUICC profile deletion operation.
  • each module may also correspond to the corresponding description of the method embodiment shown in FIG. 1 , FIG. 3 , FIG. 6 , FIG. 7 or FIG. 8 .
  • FIG. 10 is an eUICC configuration file management apparatus 70 according to an embodiment of the present invention.
  • the eUICC configuration file management apparatus 70 includes a processor 701, a memory 702, and a transceiver 703.
  • the processor 701 and the memory 702 are provided.
  • the transceiver 403 are connected to each other through a bus.
  • the memory 702 includes, but is not limited to, a random access memory (English: Random Access Memory, RAM for short), a read-only memory (English: Read-Only Memory, abbreviated as: ROM), and an erasable programmable read-only memory (English: Erasable Programmable Read Only Memory (EPROM) or Portable Read-Only Memory (CD-ROM) is used to store related commands and data.
  • the transceiver 703 is configured to receive and transmit data.
  • the processor 701 may be one or more central processing units (English: Central Processing Unit, CPU for short). In the case that the processor 701 is a CPU, the CPU may be a single core CPU or a multi-core CPU.
  • CPU Central Processing Unit
  • the processor 701 in the eUICC profile management device 70 is configured to read the program code stored in the memory 702, and perform the following operations:
  • the user intent confirmation step is not performed during the current eUICC management session, wherein the eUICC management session is used to execute the eUICC configuration file download and installation operation, eUICC At least one of a profile activation operation, an eUICC profile deactivation operation, or an eUICC profile deletion operation.
  • each operation may also correspond to the corresponding description of the method embodiment shown in FIG. 1 , FIG. 1 , FIG. 3 , FIG. 6 , FIG. 7 or FIG. 8 .
  • FIG. 11 is a schematic structural diagram of a local eUICC configuration file auxiliary module according to an embodiment of the present invention.
  • the local eUICC configuration file auxiliary module includes a management session establishing unit 810, a configuration information acquiring unit 820, and a verification instruction sending unit. 830 and a first execution unit 840, wherein the detailed description of each unit is as follows:
  • a management session establishing unit 810 configured to establish an eUICC management session with the eUICC remote management server
  • the configuration information obtaining unit 820 is configured to acquire user intent configuration information from the eUICC remote management server by using the eUICC management session;
  • a verification instruction sending unit 830 configured to send a user intention verification instruction to the eUICC module, where the user intention The verification instruction is used by the eUICC module to verify the user intent configuration information, where the user intent verification instruction carries the user intent configuration information;
  • the first execution unit 840 is configured to: during the current eUICC management session, perform a user intent confirmation step, where the eUICC management session is used to execute the eUICC, if the verification of the user intent configuration information is passed. At least one of a configuration file download and install operation, an eUICC configuration file activation operation, an eUICC configuration file deactivation operation, or an eUICC configuration file deletion operation.
  • each unit may also correspond to the corresponding description of the LPA in the method embodiment shown in FIG. 1 , FIG. 3 , FIG. 6 , FIG. 7 or FIG. 8 .
  • FIG. 12 is a terminal 90 according to an embodiment of the present invention.
  • the terminal 90 includes a processor 901, a memory 902, and a transceiver 903.
  • the processor 901, the memory 902, and the transceiver 903 are connected to each other through a bus. .
  • the memory 902 includes, but is not limited to, a random access memory (English: Random Access Memory, RAM for short), a read-only memory (English: Read-Only Memory, ROM for short), and an erasable programmable read-only memory (English: Erasable Programmable Read Only Memory (EPROM) or Portable Read-Only Memory (CD-ROM) is used to store related commands and data.
  • the transceiver 903 is configured to receive and transmit data.
  • the processor 901 may be one or more central processing units (English: Central Processing Unit, CPU for short). In the case that the processor 901 is a CPU, the CPU may be a single core CPU or a multi-core CPU.
  • CPU Central Processing Unit
  • the processor 901 in the terminal 90 is configured to read the program code stored in the memory 902, and perform the following operations:
  • the user intent confirmation step is not performed during the current eUICC management session, wherein the eUICC management session is used to execute the eUICC configuration file download and installation operation, eUICC At least one of a profile activation operation, an eUICC profile deactivation operation, or an eUICC profile deletion operation.
  • each operation may also correspond to the corresponding description of the method embodiment shown in FIG. 1 , FIG. 1 , FIG. 3 , FIG. 6 , FIG. 7 or FIG. 8 .
  • FIG. 13 is a schematic structural diagram of an eUICC module according to an embodiment of the present invention.
  • the eUICC module includes a verification instruction receiving unit 1010, a verification unit 1020, and a second execution unit 1030, wherein a detailed description of each unit is provided. as follows:
  • the verification instruction receiving unit 1010 is configured to receive a user intent verification instruction sent by the local eUICC configuration file auxiliary module, where the user intent verification instruction carries user intent configuration information, where the user intent configuration information is the local eUICC configuration file.
  • the auxiliary module is obtained from an eUICC management session with the eUICC remote management server;
  • a verification unit 1020 configured to verify the user intent configuration information
  • the second execution unit 1030 is configured to: during the current eUICC management session, perform a user intent confirmation step, where the eUICC management session is used to execute the eUICC, if the verification of the user intent configuration information is passed. At least one of a configuration file download and install operation, an eUICC configuration file activation operation, an eUICC configuration file deactivation operation, or an eUICC configuration file deletion operation.
  • each unit may also correspond to the corresponding description of the eUICC in the method embodiment shown in FIG. 1 , FIG. 3 , FIG. 6 , FIG. 7 or FIG. 8 .
  • FIG. 14 is an eUICC module 110 according to an embodiment of the present invention.
  • the eUICC module 110 includes a processor 1101, a memory 1102, and a communication interface 1103.
  • the processor 1101, the memory 1102, and the communication interface 1103 pass through a bus. Connected to each other.
  • the memory 1102 includes, but is not limited to, a random access memory (English: Random Access Memory, RAM for short), a read-only memory (English: Read-Only Memory, ROM for short), and an erasable programmable read-only memory (English: Erasable Programmable Read Only Memory (EPROM) or Portable Read-Only Memory (CD-ROM) is used to store related commands and data.
  • the communication interface 1103 is for receiving and transmitting data.
  • the processor 1101 may be one or more central processing units (English: Central Processing Unit, CPU for short). In the case where the processor 1101 is a CPU, the CPU may be a single core CPU or a multi-core CPU.
  • CPU Central Processing Unit
  • the processor 1101 in the eUICC module 110 is configured to read the program code stored in the memory 1102, and perform the following operations:
  • the user intent confirmation step is not performed during the current eUICC management session, wherein the eUICC management session is used to execute the eUICC configuration file download and installation operation, eUICC At least one of a profile activation operation, an eUICC profile deactivation operation, or an eUICC profile deletion operation.
  • each operation may also correspond to the corresponding description of the method embodiment shown in FIG. 1 , FIG. 1 , FIG. 3 , FIG. 6 , FIG. 7 or FIG. 8 .
  • the program can be stored in a computer readable storage medium, when the program is executed
  • the flow of the method embodiments as described above may be included.
  • the foregoing storage medium includes various media that can store program codes, such as a ROM or a random access memory RAM, a magnetic disk, or an optical disk.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Transfer Between Computers (AREA)
  • Telephonic Communication Services (AREA)

Abstract

Provided in the embodiments of the present invention are an embedded universal integrated circuit card (eUICC) configuration file management method, comprising: establishing an eUICC management session with an eUICC remote management server; acquiring user intention configuration information from the eUICC remote management server by means of the eUICC management session; verifying the user intention configuration information; performing no user intention confirmation step during the current eUICC management session if the verification on the user intention configuration information is successful, wherein the eUICC management session is used for performing at least one operation of: an eUICC configuration file download and installation operation, an eUICC configuration file activation operation, an eUICC configuration file deactivation operation or an eUICC configuration file deletion operation. By using the present invention, a profile may be efficiently downloaded and installed, and efficient remote profile management may be implemented.

Description

一种eUICC配置文件管理方法及相关装置EUICC configuration file management method and related device 技术领域Technical field
本发明涉及eUICC电信智能卡领域,尤其涉及一种eUICC配置文件管理方法及相关装置。The present invention relates to the field of eUICC telecommunications smart cards, and in particular, to an eUICC configuration file management method and related apparatus.
背景技术Background technique
eUICC是一个可移动的或不可移动的通用集成电路卡(Universal Integrated Circuit Card,UICC),能够以安全的方式执行远程配置文件管理,或者执行本地配置文件管理(比如,终端设备用户触发的配置文件激活、去激活或删除等)。eUICC一词源自嵌入式(embedded)UICC,可以是单个芯片形态嵌入在终端设备中,或者作为终端设备中其它单个芯片的一部分,但不意味着必须嵌入在终端设备中不可移动,也可以是可移动的卡片形态,就像SIM卡、Micro SIM卡或Nano SIM卡一样。eUICC有时也称eSIM。eUICC配置文件(Profile)是数据和应用的组合,为了提供服务的目的被配置到eUICC上,所谓服务包括通话、收发短信或数据业务等。Profile也可以看成SIM(Subscriber Identification Module)软件模块,它与传统SIM卡一样,在终端设备接入移动网络时执行鉴权计算等功能。The eUICC is a removable or non-removable Universal Integrated Circuit Card (UICC) that performs remote profile management in a secure manner or performs local profile management (eg, terminal device user triggered profiles) Activate, deactivate or delete, etc.). The word eUICC is derived from an embedded UICC, which may be embedded in a terminal device in a single chip form, or as part of other single chips in the terminal device, but does not mean that it must be embedded in the terminal device and cannot be moved, or it may be The removable card form is like a SIM card, a Micro SIM card or a Nano SIM card. eUICC is sometimes called eSIM. The eUICC profile is a combination of data and applications. It is configured on the eUICC for the purpose of providing services. The so-called services include calling, sending and receiving text messages, or data services. The Profile can also be regarded as a SIM (Subscriber Identification Module) software module. Like the traditional SIM card, it performs functions such as authentication calculation when the terminal device accesses the mobile network.
eUICC远程配置/管理系统(也称为远程SIM配置系统)如图1所示,其中,签约管理者-数据准备+(Subscription Manager Data Preparation+,SM-DP+)服务器,用于准备Profile,将准备好的Profile安全地发送给终端设备的eUICC模块,以及对Profile进行远程管理,SM-DP+可以部署在运营商、eUICC制造商、原始设备制造商(Original Equipment Manufacture,OEM)或其它方的服务器上;签约管理者-发现(Subscription Manager Discovery Service,SM-DS)服务器用于提供(一个或多个)SM-DP+地址或代替SM-DS地址给终端设备,终端设备通过此SM-DP+地址可以与SM-DP+建立连接,或者,终端设备通过此代替SM-DS进一步获得SM-DP+地址;终端设备(Device)包含本地Profile辅助(Local Profile Assitant,LPA)模块,用于与SM-DP+建立连接以进行对Profile和eUICC的相关管理操作,如下载和安装、远程Profile管理和远程eUICC管理,eUICC模块,用于实现SIM卡的各项功能以及Profile和eUICC配置与管理功能;Operator BSS为运营商的业务支撑系统,它负责向SM-DP+订购Profile,以及请求对eUICC上的Profile进行管理;最终用户(End User)为终端设备使用者/用户;eUICC制造商(eUICC Manufacturer,EUM)为生产eUICC的厂商。SM-DP+,SM-DS都被称为eUICC管理服务器(或远程SIM配置服务器)。The eUICC remote configuration/management system (also known as the remote SIM configuration system) is shown in Figure 1, where the Contract Manager Data Preparation+ (SM-DP+) server is used to prepare the profile and will be ready. The profile is securely sent to the eUICC module of the terminal device, and the profile is remotely managed. The SM-DP+ can be deployed on the server of the operator, the eUICC manufacturer, the original equipment manufacturer (OEM) or other parties; The Subscription Manager Discovery Service (SM-DS) server is used to provide the SM-DP+ address (or one or more) to the terminal device, and the terminal device can communicate with the SM through the SM-DP+ address. -DP+ establishes a connection, or the terminal device further obtains the SM-DP+ address by replacing the SM-DS; the terminal device (Device) includes a local profile assistant (LPA) module for establishing a connection with the SM-DP+. Related management operations for Profile and eUICC, such as download and installation, remote profile management and remote eUICC management, eUICC module for implementing SIM Card functions and profile and eUICC configuration and management functions; Operator BSS is the operator's business support system, which is responsible for ordering profiles to SM-DP+ and requesting management of profiles on eUICC; End User is End device user/user; eUICC Manufacturer (EUM) is a manufacturer of eUICC. SM-DP+, SM-DS are all called eUICC management servers (or remote SIM configuration servers).
现有技术中,需要下载Profile到终端设备的eUICC模块中才能使终端设备具备通信功能,对Profile的下载、激活、去激活或删除操作均需要终端设备与用户进行交互并获取用户意图确认指令才能得以实现。对于企业用户来说,在将终端设备分发给员工之前,需要企业批量采购一批Profile,然后分别与每个终端设备进行交互,将Profile逐一下载到终端设备上,浪费时间,Profile的下载效率很低;另外,如果企业资产管理员需要对所有终端设备上的已安装Profile进行管理,当资产管理员触发远程Profile管理流程时,需 要持有终端设备的企业员工在终端设备上进行确认才能完成对Profile的管理,不利于对终端设备上的Profile进行统一管理。In the prior art, the information needs to be downloaded to the eUICC module of the terminal device to enable the terminal device to have a communication function. The download, activation, deactivation, or deletion of the profile requires the terminal device to interact with the user and obtain the user intention confirmation command. Achieved. For enterprise users, before distributing the terminal device to employees, the enterprise needs to purchase a batch of profiles in batches, and then interact with each terminal device separately, downloading the profiles one by one to the terminal device, which wastes time, and the download efficiency of the profile is very high. Low; in addition, if the enterprise asset administrator needs to manage the installed profiles on all terminal devices, when the asset administrator triggers the remote profile management process, The enterprise employee who wants to hold the terminal device can confirm the profile on the terminal device, which is not conducive to unified management of the profile on the terminal device.
发明内容Summary of the invention
本发明实施例所要解决的技术问题在于,提供一种eUICC配置文件管理方法及相关装置,实现对Profile的高效下载和安装,以及高效远程Profile管理。The technical problem to be solved by the embodiments of the present invention is to provide an eUICC configuration file management method and related devices, which implement efficient downloading and installation of profiles, and efficient remote profile management.
第一方面,本发明实施例提供了一种eUICC配置文件管理方法,包括:建立与eUICC远程管理服务器的eUICC管理会话;In a first aspect, an embodiment of the present invention provides an eUICC configuration file management method, including: establishing an eUICC management session with an eUICC remote management server;
通过所述eUICC管理会话从所述eUICC远程管理服务器获取用户意图配置信息;Obtaining user intent configuration information from the eUICC remote management server through the eUICC management session;
对所述用户意图配置信息进行验证;Verifying the user intent configuration information;
在对所述用户意图配置信息的验证通过的情况下,在本次eUICC管理会话过程中,不执行用户意图确认步骤,其中,所述eUICC管理会话用于执行eUICC配置文件下载和安装操作、eUICC配置文件激活操作、eUICC配置文件去激活操作或eUICC配置文件删除操作中的至少一种操作。In the case that the verification of the user intent configuration information is passed, the user intent confirmation step is not performed during the current eUICC management session, wherein the eUICC management session is used to execute the eUICC configuration file download and installation operation, eUICC At least one of a profile activation operation, an eUICC profile deactivation operation, or an eUICC profile deletion operation.
在第一方面的第一种可能的实现方式中,用户意图配置信息为用户意图标示;或用户意图配置信息为第一签名值;或用户意图配置信息为第一签名值及与所述第一签名值对应的数字证书的拥有者名称。In a first possible implementation manner of the first aspect, the user intention configuration information is a user intention indication; or the user intention configuration information is a first signature value; or the user intention configuration information is a first signature value and the first The owner name of the digital certificate corresponding to the signature value.
在第一方面的第二种可能的实现方式中,用户意图配置信息为第一签名值,其中,第一签名值包括采用第一密钥对第一待签名数据的签名,第一密钥为公钥、私钥或对称密钥;获取到用户意图配置信息后,生成本地第一待签名数据,其中,本地第一待签名数据包括操作类型、运营商标识及eUICC远程管理服务器对象标识;通过与第一密钥对应的第二密钥及本地第一待签名数据对第一签名值进行验证实现对用户意图配置信息的验证。In a second possible implementation manner of the first aspect, the user intention configuration information is a first signature value, where the first signature value includes a signature of the first to-be-signed data by using the first key, where the first key is The public key, the private key, or the symmetric key; after the user intent configuration information is obtained, the local first to-be-signed data is generated, where the local first to-be-signed data includes an operation type, an operator identifier, and an eUICC remote management server object identifier; The second key corresponding to the first key and the local first to-be-signed data verify the first signature value to implement verification of the user intent configuration information.
结合第一方面的第二种可能的实现方式,在第三种可能的实现方式中,通过eUICC管理会话从eUICC远程管理服务器获取到第二待签名数据及第二签名值,其中,第二待签名数据包括用户意图配置信息,第二签名值为采用第三密钥对第二待签名数据和鉴权签名值的签名,鉴权签名值在eUICC管理会话的建立过程中产生;获取到第二待签名数据和第二签名值后,生成本地第一待签名数据;通过与第三密钥对应的第四密钥、第二待签名数据和鉴权签名值对第二签名值进行验证,再通过与第一密钥对应的第二密钥及本地第一待签名数据对第一签名值进行验证,从而实现对用户意图配置信息的验证。With the second possible implementation of the first aspect, in a third possible implementation, the second to-be-signed data and the second signature value are obtained from the eUICC remote management server by using the eUICC management session, where the second to-be The signature data includes user intention configuration information, and the second signature value is a signature of the second signature data and the authentication signature value by using the third key, and the authentication signature value is generated during the establishment of the eUICC management session; After the data to be signed and the second signature value, the local first to-be-signed data is generated; the second signature value is verified by the fourth key corresponding to the third key, the second to-be-signed data, and the authentication signature value, and then The first signature value is verified by the second key corresponding to the first key and the local first to-be-signed data, thereby verifying the user intention configuration information.
在第一方面的第四种可能的实现方式中,用户意图配置信息为第一签名值及第一签名值对应的数字证书的拥有者名称,其中,第一签名值包括采用第一密钥对第一待签名数据的签名,第一密钥为公钥、私钥或对称密钥;获取到用户意图配置信息后,生成本地第一待签名数据,其中,本地第一待签名数据包括操作类型、运营商标识及eUICC远程管理服务器对象标识;通过与所述第一密钥对应的第二密钥及本地第一待签名数据对第一签名值进行验证,同时对第一签名值对应的数据证书的拥有者名称进行验证,从而实现对用户意图配置信息的验证。In a fourth possible implementation manner of the first aspect, the user intention configuration information is a first signature value and an owner name of the digital certificate corresponding to the first signature value, where the first signature value includes using the first key pair The signature of the first data to be signed, the first key is a public key, a private key, or a symmetric key; after the user intent configuration information is obtained, the local first to-be-signed data is generated, where the local first to-be-signed data includes an operation type. The operator identifier and the eUICC remote management server object identifier; the first signature value is verified by the second key corresponding to the first key and the local first to-be-signed data, and the data corresponding to the first signature value is simultaneously The owner name of the certificate is verified to verify the user intent configuration information.
结合第一方面的第四种可能的实现方式,在第五种可能的实现方式中,通过eUICC管理会话从eUICC远程管理服务器获取到第二待签名数据及第二签名值,其中,第二待 签名数据包括用户意图配置信息,第二签名值为采用第三密钥对第二待签名数据和鉴权签名值的签名,其中,鉴权签名值在eUICC管理会话的建立过程中产生;获取到第二待签名数据和第二签名值后,生成本地第一待签名数据,其中,本地第一待签名数据包括操作类型、运营商标识及eUICC远程管理服务器对象标识;通过与第三密钥对应的第四密钥、第二待签名数据和鉴权签名值对第二签名值进行验证,再通过与第一密钥对应的第二密钥及本地第一待签名数据对第一签名值进行验证,同时对第一签名值对应的数据证书的拥有者名称进行验证,从而实现对用户意图配置信息的验证。In conjunction with the fourth possible implementation of the first aspect, in a fifth possible implementation, the second to-be-signed data and the second signature value are obtained from the eUICC remote management server by using the eUICC management session, where the second to be The signature data includes user intention configuration information, and the second signature value is a signature of the second signature data and the authentication signature value by using the third key, wherein the authentication signature value is generated during the establishment of the eUICC management session; After the second to-be-signed data and the second signature value, the local first to-be-signed data is generated, where the local first to-be-signed data includes an operation type, an operator identifier, and an eUICC remote management server object identifier; The fourth key, the second to-be-signed data, and the authentication signature value verify the second signature value, and then perform the first signature value by using the second key corresponding to the first key and the local first to-be-signed data. Verification, at the same time, verifying the owner name of the data certificate corresponding to the first signature value, thereby realizing verification of the user intent configuration information.
在第一方面的第六种可能的实现方式中,用户意图配置信息为用户意图标示,通过eUICC管理会话从eUICC远程管理服务器获取到第三待签名数据及第三签名值,其中,第三待签名数据包括用户意图配置信息,第三签名值为采用第三密钥对第三待签名数据和鉴权签名值的签名,其中,鉴权签名值在eUICC管理会话的建立过程中产生;获取到第三待签名数据和第三签名值后,通过与第三密钥对应的第四密钥、第三待签名数据和鉴权签名值对第三签名值进行验证,再验证所述用户意图标示是否有效从而实现对用户意图配置信息的验证。In a sixth possible implementation manner of the first aspect, the user intention configuration information is a user intention indication, and the third to-be-signed data and the third signature value are obtained from the eUICC remote management server by using the eUICC management session, where the third to be The signature data includes user intention configuration information, and the third signature value is a signature of the third signature data and the authentication signature value by using the third key, wherein the authentication signature value is generated during the establishment of the eUICC management session; After the third to-be-signed data and the third signature value, the third signature value is verified by the fourth key, the third to-be-signed data, and the authentication signature value corresponding to the third key, and then the user intention indication is verified. Validation to achieve verification of user intent configuration information.
第二方面,本发明实施例提供了另一种eUICC配置文件管理方法,包括:In a second aspect, an embodiment of the present invention provides another eUICC configuration file management method, including:
建立与eUICC远程管理服务器的eUICC管理会话;Establish an eUICC management session with the eUICC remote management server;
通过所述eUICC管理会话从所述eUICC远程管理服务器获取用户意图配置信息;Obtaining user intent configuration information from the eUICC remote management server through the eUICC management session;
向eUICC模块发送用户意图验证指令,所述用户意图验证指令被所述eUICC模块用于对所述用户意图配置信息进行验证,其中,所述用户意图验证指令中携带所述用户意图配置信息;Sending a user intent verification instruction to the eUICC module, where the user intent verification instruction is used by the eUICC module to verify the user intent configuration information, wherein the user intent verification instruction carries the user intent configuration information;
在对所述用户意图配置信息的验证通过的情况下,在本次eUICC管理会话过程中,不执行用户意图确认步骤,其中,所述eUICC管理会话用于执行eUICC配置文件下载和安装操作、eUICC配置文件激活操作、eUICC配置文件去激活操作或eUICC配置文件删除操作中的至少一种操作。In the case that the verification of the user intent configuration information is passed, the user intent confirmation step is not performed during the current eUICC management session, wherein the eUICC management session is used to execute the eUICC configuration file download and installation operation, eUICC At least one of a profile activation operation, an eUICC profile deactivation operation, or an eUICC profile deletion operation.
在第二方面的第一种可能的实现方式中,用户意图配置信息为用户意图标示;或用户意图配置信息为第一签名值;或用户意图配置信息为第一签名值及与所述第一签名值对应的数字证书的拥有者名称。In a first possible implementation manner of the second aspect, the user intention configuration information is a user intention indication; or the user intention configuration information is a first signature value; or the user intention configuration information is a first signature value and the first The owner name of the digital certificate corresponding to the signature value.
在第二方面的第二种可能的实现方式中,用户意图配置信息为第一签名值,其中,第一签名值包括采用第一密钥对第一待签名数据的签名,第一密钥为公钥、私钥或对称密钥;在向eUICC模块发送用户意图指令之前生成本地第一待签名数据,其中,本地第一待签名数据包括操作类型、运营商标识及eUICC远程管理服务器对象标识;用户意图验证指令中携带本地第一待签名数据,本地第一待签名数据被eUICC模块用于与第一密钥对应的第二密钥对第一签名值进行验证实现对用户意图配置信息的验证。In a second possible implementation manner of the second aspect, the user intention configuration information is a first signature value, where the first signature value includes a signature of the first to-be-signed data by using the first key, where the first key is a public key, a private key, or a symmetric key; generating a local first to-be-signed data before sending the user intent instruction to the eUICC module, where the local first to-be-signed data includes an operation type, an operator identifier, and an eUICC remote management server object identifier; The user intent verification command carries the local first to-be-signed data, and the local first to-be-signed data is used by the eUICC module to verify the first signature value by using the second key corresponding to the first key to verify the user intent configuration information. .
结合第二方面的第二种可能的实现方式,在第三种可能实现的方式中,通过eUICC管理会话从eUICC远程管理服务器获取到第二待签名数据及第二签名值,其中,第二待签名数据包括用户意图配置信息,第二签名值为采用第三密钥对第二待签名数据和鉴权签名值的签名,其中,鉴权签名值在eUICC管理会话的建立过程中产生;用户验证指令中 还携带第二待签名数据及第二签名值,其中,第二待签名数据和鉴权签名值被所述eUICC模块用于与第三密钥对应的第四密钥对第二签名值进行验证从而实现对用户意图配置信息的验证。With the second possible implementation of the second aspect, in a third possible implementation manner, the second to-be-signed data and the second signature value are obtained from the eUICC remote management server by using the eUICC management session, where the second to-be The signature data includes user intention configuration information, and the second signature value is a signature of the second signature data and the authentication signature value by using the third key, wherein the authentication signature value is generated during the establishment of the eUICC management session; user verification In the instruction And carrying the second to-be-signed data and the second signature value, wherein the second to-be-signed data and the authentication signature value are used by the eUICC module to verify the second key value corresponding to the third key. Thereby verifying the user intent configuration information.
在第二方面的第四种可能实现的方式中,用户意图配置信息为用户意图标示;通过通过eUICC管理会话从eUICC远程管理服务器获取到第三待签名数据及第三签名值,其中,第三待签名数据包括用户意图配置信息,第三签名值为采用第三密钥对第三待签名数据和鉴权签名值的签名,其中,鉴权签名值在eUICC管理会话的建立过程中产生;用户验证指令中还携带第三待签名数据及第三签名值,其中,第三待签名数据和鉴权签名值被所述eUICC模块用于与第三密钥对应的第四密钥对第三签名值进行验证;用户意图标示被所述eUICC用于验证是否有效从而实现对用户意图配置信息的验证。In a fourth possible implementation manner of the second aspect, the user intention configuration information is a user intention indication; obtaining the third to-be-signed data and the third signature value from the eUICC remote management server by using the eUICC management session, where the third The data to be signed includes user intention configuration information, and the third signature value is a signature of the third to-be-signed data and the authentication signature value by using the third key, wherein the authentication signature value is generated during the establishment process of the eUICC management session; The verification instruction further carries the third to-be-signed data and the third signature value, wherein the third to-be-signed data and the authentication signature value are used by the eUICC module for the fourth key pair corresponding to the third key to the third signature. The value is verified; the user intent is used by the eUICC to verify whether the validation is valid to enable verification of the user intent configuration information.
第三方面,本发明实施例提供了又一种eUICC配置文件管理方法,包括:In a third aspect, the embodiment of the present invention provides another eUICC configuration file management method, including:
接收本地eUICC配置文件辅助模块发送的用户意图验证指令,其中,所述用户意图验证指令中携带用户意图配置信息,所述用户意图配置信息为所述本地eUICC配置文件辅助模块从与eUICC远程管理服务器的eUICC管理会话获取;Receiving a user intent verification instruction sent by the local eUICC configuration file auxiliary module, where the user intent verification instruction carries user intent configuration information, where the local intent configuration information is the local eUICC configuration file auxiliary module from the eUICC remote management server The eUICC management session is obtained;
对所述用户意图配置信息进行验证;Verifying the user intent configuration information;
在对所述用户意图配置信息的验证通过的情况下,在本次eUICC管理会话过程中,不执行用户意图确认步骤,其中,所述eUICC管理会话用于执行eUICC配置文件下载和安装操作、eUICC配置文件激活操作、eUICC配置文件去激活操作或eUICC配置文件删除操作中的至少一种操作。In the case that the verification of the user intent configuration information is passed, the user intent confirmation step is not performed during the current eUICC management session, wherein the eUICC management session is used to execute the eUICC configuration file download and installation operation, eUICC At least one of a profile activation operation, an eUICC profile deactivation operation, or an eUICC profile deletion operation.
在第三方面的第一种可能的实现方式中,用户意图配置信息为用户意图标示;或用户意图配置信息为第一签名值;或用户意图配置信息为第一签名值及与所述第一签名值对应的数字证书的拥有者名称。In a first possible implementation manner of the third aspect, the user intention configuration information is a user intention indication; or the user intention configuration information is a first signature value; or the user intention configuration information is a first signature value and the first The owner name of the digital certificate corresponding to the signature value.
在第三方面的第二种可能的实现方式中,用户意图配置信息为第一签名值,其中,第一签名值包括采用第一密钥对第一待签名数据的签名,第一密钥为公钥、私钥或对称密钥;用户意图验证指令中还携带本地第一待签名数据,其中,本地第一待签名数据由本地eUICC配置文件辅助模块生成,本地第一待签名数据包括操作类型、运营商标识及eUICC远程管理服务器对象标识;通过与第一密钥对应的第二密钥及本地第一待签名数据对第一签名值进行验证实现对用户意图配置信息进行验证。In a second possible implementation manner of the third aspect, the user intention configuration information is a first signature value, where the first signature value includes a signature of the first to-be-signed data by using the first key, where the first key is The public key, the private key, or the symmetric key; the user intent verification command further carries the local first to-be-signed data, wherein the local first to-be-signed data is generated by the local eUICC configuration file auxiliary module, and the local first to-be-signed data includes the operation type. And the operator identifier and the eUICC remote management server object identifier; verifying the user signature configuration information by verifying the first signature value by using the second key corresponding to the first key and the local first to-be-signed data.
结合第三方面的第二种可能的实现方式,在第三种可能实现的方式中,用户验证指令中还携带第二待签名数据及第二签名值,其中,第二待签名数据包括所述用户意图配置信息,第二签名值包括采用第三密钥对所述第二待签名数据和鉴权签名值的签名;通过与所述第三密钥对应的第四密钥、所述第二待签名数据和所述鉴权签名值对所述第二签名值进行验证,再通过与第一密钥对应的第二密钥及本地第一待签名数据对第一签名值进行验证从而实现对用户意图配置信息进行验证。With the second possible implementation of the third aspect, in a third possible implementation manner, the user verification instruction further carries the second to-be-signed data and the second signature value, where the second to-be-signed data includes the User intention configuration information, the second signature value includes a signature of the second signature data and an authentication signature value by using a third key; and a fourth key corresponding to the third key, the second And verifying, by the signature data and the authentication signature value, the second signature value, and verifying the first signature value by using the second key corresponding to the first key and the local first to-be-signed data to implement The user intends to configure the information for verification.
在第三方面的第四种可能的实现方式中,所述用户意图配置信息包括第一签名值,其中,所述第一签名值包括采用第一密钥对第一待签名数据的签名,所述第一密钥包括公钥、私钥或对称密钥;所述用户意图验证指令中还携带生成本地第一待签名数据的配置管 理数据,在接收到接收本地eUICC配置文件辅助模块发送的用户意图验证指令后生成第一待签名数据,其中,所述本地第一待签名数据由所述本地eUICC配置文件辅助模块生成,所述本地第一待签名数据包括操作类型、运营商标识及eUICC远程管理服务器对象标识;通过与所述第一密钥对应的第二密钥及所述本地第一待签名数据对所述第一签名值进行验证。In a fourth possible implementation manner of the third aspect, the user intent configuration information includes a first signature value, where the first signature value includes a signature of the first to-be-signed data by using the first key, The first key includes a public key, a private key, or a symmetric key; the user intent verification instruction further carries a configuration tube that generates a local first to-be-signed data. The first data to be signed is generated after receiving the user intent verification command sent by the local eUICC configuration file auxiliary module, where the local first to-be-signed data is generated by the local eUICC configuration file auxiliary module, The local first to-be-signed data includes an operation type, an operator identifier, and an eUICC remote management server object identifier; and the first signature is obtained by using a second key corresponding to the first key and the local first to-be-signed data The value is verified.
在第三方面的第五种可能实现的方式中,用户意图配置信息为用户意图标示;用户验证指令中还携带第三待签名数据及第三签名值,其中,第三待签名数据包括所述用户意图配置信息,第三签名值包括采用第三密钥对所述第三待签名数据和鉴权签名值的签名;通过与所述第三密钥对应的第四密钥、所述第三待签名数据和所述鉴权签名值对所述第三签名值进行验证并确认验证通过;再验证所述用户意图标示是否有效实现对用户意图配置信息的验证。In a fifth possible implementation manner of the third aspect, the user intention configuration information is a user intention indication; the user verification instruction further carries a third to-be-signed data and a third signature value, where the third to-be-signed data includes the User intention configuration information, the third signature value includes a signature of the third signature data and an authentication signature value by using a third key; and a fourth key corresponding to the third key, the third The to-be-signed data and the authentication signature value verify the third signature value and confirm that the verification passes; and then verify whether the user intention indication is effective to verify the user intent configuration information.
第四方面,本发明实施例提供了一种eUICC配置文件管理装置,包括:In a fourth aspect, an embodiment of the present invention provides an eUICC configuration file management apparatus, including:
管理会话建立模块,用于建立与eUICC远程管理服务器的eUICC管理会话;a management session establishing module, configured to establish an eUICC management session with the eUICC remote management server;
配置信息获取模块,用于通过所述eUICC管理会话从所述eUICC远程管理服务器获取用户意图配置信息;a configuration information obtaining module, configured to acquire user intent configuration information from the eUICC remote management server by using the eUICC management session;
验证模块,用于对所述用户意图配置信息进行验证;a verification module, configured to verify the user intent configuration information;
执行模块,用于在对所述用户意图配置信息的验证通过的情况下,在本次eUICC管理会话过程中,不执行用户意图确认步骤,其中,所述eUICC管理会话用于执行eUICC配置文件下载和安装操作、eUICC配置文件激活操作、eUICC配置文件去激活操作或eUICC配置文件删除操作中的至少一种操作。An execution module, configured to perform a user intent confirmation step during the current eUICC management session, where the eUICC management session is used to perform eUICC configuration file downloading, if the verification of the user intent configuration information is passed And at least one of an installation operation, an eUICC profile activation operation, an eUICC profile deactivation operation, or an eUICC profile deletion operation.
第五方面,本发明实施例提供了一种本地eUICC配置文件辅助模块,包括:In a fifth aspect, an embodiment of the present invention provides a local eUICC configuration file auxiliary module, including:
管理会话建立单元,用于建立与eUICC远程管理服务器的eUICC管理会话;a management session establishing unit, configured to establish an eUICC management session with the eUICC remote management server;
配置信息获取单元,用于通过所述eUICC管理会话从所述eUICC远程管理服务器获取用户意图配置信息;a configuration information acquiring unit, configured to acquire user intent configuration information from the eUICC remote management server by using the eUICC management session;
验证指令发送单元,用于向eUICC模块发送用户意图验证指令,所述用户意图验证指令被所述eUICC模块用于对所述用户意图配置信息进行验证,其中,所述用户意图验证指令中携带所述用户意图配置信息;a verification instruction sending unit, configured to send a user intention verification instruction to the eUICC module, where the user intention verification instruction is used by the eUICC module to verify the user intent configuration information, where the user intention verification instruction carries User intent configuration information;
第一执行单元,用于在对所述用户意图配置信息的验证通过的情况下,在本次eUICC管理会话过程中,不执行用户意图确认步骤,其中,所述eUICC管理会话用于执行eUICC配置文件下载和安装操作、eUICC配置文件激活操作、eUICC配置文件去激活操作或eUICC配置文件删除操作中的至少一种操作。a first execution unit, configured to perform a user intent confirmation step during the current eUICC management session, where the eUICC management session is used to perform eUICC configuration, in the case that the verification of the user intent configuration information is passed At least one of a file download and install operation, an eUICC profile activation operation, an eUICC profile deactivation operation, or an eUICC profile delete operation.
第六方面,本发明实施例提供了一种eUICC模块,包括:In a sixth aspect, an embodiment of the present invention provides an eUICC module, including:
验证指令接收单元,用于接收本地eUICC配置文件辅助模块发送的用户意图验证指令,其中,所述用户意图验证指令中携带用户意图配置信息,所述用户意图配置信息为所述本地eUICC配置文件辅助模块从与eUICC远程管理服务器的eUICC管理会话获取; a verification instruction receiving unit, configured to receive a user intent verification instruction sent by the local eUICC configuration file auxiliary module, where the user intent verification instruction carries user intent configuration information, where the user intent configuration information is the local eUICC configuration file auxiliary The module is obtained from an eUICC management session with the eUICC remote management server;
验证单元,用于对所述用户意图配置信息进行验证;a verification unit, configured to verify the user intent configuration information;
第二执行单元,用于在对所述用户意图配置信息的验证通过的情况下,在本次eUICC管理会话过程中,不执行用户意图确认步骤,其中,所述eUICC管理会话用于执行eUICC配置文件下载和安装操作、eUICC配置文件激活操作、eUICC配置文件去激活操作或eUICC配置文件删除操作中的至少一种操作。a second execution unit, configured to perform a user intent confirmation step during the current eUICC management session, where the eUICC management session is used to perform eUICC configuration, in the case that the verification of the user intent configuration information is passed At least one of a file download and install operation, an eUICC profile activation operation, an eUICC profile deactivation operation, or an eUICC profile delete operation.
第七方面,本发明实施例提供了一种eUICC配置文件管理装置,包括:处理器、存储器和收发器,所述处理器、存储器和收发器通过总线相互连接,其中,所述存储器用于存储程序代码,所述处理器用于调用所述程序代码,执行以下操作:In a seventh aspect, an embodiment of the present invention provides an eUICC configuration file management apparatus, including: a processor, a memory, and a transceiver, wherein the processor, the memory, and the transceiver are connected to each other by a bus, wherein the memory is used for storing Program code, the processor is used to call the program code, and performs the following operations:
建立与eUICC远程管理服务器的eUICC管理会话;Establish an eUICC management session with the eUICC remote management server;
通过所述eUICC管理会话从所述eUICC远程管理服务器获取用户意图配置信息;Obtaining user intent configuration information from the eUICC remote management server through the eUICC management session;
对所述用户意图配置信息进行验证;Verifying the user intent configuration information;
在对所述用户意图配置信息的验证通过的情况下,在本次eUICC管理会话过程中,不执行用户意图确认步骤,其中,所述eUICC管理会话用于执行eUICC配置文件下载和安装操作、eUICC配置文件激活操作、eUICC配置文件去激活操作或eUICC配置文件删除操作中的至少一种操作。In the case that the verification of the user intent configuration information is passed, the user intent confirmation step is not performed during the current eUICC management session, wherein the eUICC management session is used to execute the eUICC configuration file download and installation operation, eUICC At least one of a profile activation operation, an eUICC profile deactivation operation, or an eUICC profile deletion operation.
第八方面,本发明实施例提供了一种终端,包括:处理器、存储器和收发器,所述处理器、存储器和收发器通过总线相互连接,其中,所述存储器用于存储程序代码,所述处理器用于调用所述程序代码,执行以下操作:In an eighth aspect, an embodiment of the present invention provides a terminal, including: a processor, a memory, and a transceiver, wherein the processor, the memory, and the transceiver are connected to each other by a bus, where the memory is used to store program code, where The processor is configured to invoke the program code and perform the following operations:
建立与eUICC远程管理服务器的eUICC管理会话;Establish an eUICC management session with the eUICC remote management server;
通过所述eUICC管理会话从所述eUICC远程管理服务器获取用户意图配置信息;Obtaining user intent configuration information from the eUICC remote management server through the eUICC management session;
向eUICC模块发送用户意图验证指令,所述用户意图验证指令被所述eUICC模块用于对所述用户意图配置信息进行验证,其中,所述用户意图验证指令中携带所述用户意图配置信息;Sending a user intent verification instruction to the eUICC module, where the user intent verification instruction is used by the eUICC module to verify the user intent configuration information, wherein the user intent verification instruction carries the user intent configuration information;
在对所述用户意图配置信息的验证通过的情况下,在本次eUICC管理会话过程中,不执行用户意图确认步骤,其中,所述eUICC管理会话用于执行eUICC配置文件下载和安装操作、eUICC配置文件激活操作、eUICC配置文件去激活操作或eUICC配置文件删除操作中的至少一种操作。In the case that the verification of the user intent configuration information is passed, the user intent confirmation step is not performed during the current eUICC management session, wherein the eUICC management session is used to execute the eUICC configuration file download and installation operation, eUICC At least one of a profile activation operation, an eUICC profile deactivation operation, or an eUICC profile deletion operation.
第九方面,本发明实施例提供了一种eUICC模块,包括:处理器、存储器和收发器,所述处理器、存储器和通信接口通过总线相互连接,其中,所述存储器用于存储程序代码,所述处理器用于调用所述程序代码,执行以下操作:According to a ninth aspect, an embodiment of the present invention provides an eUICC module, including: a processor, a memory, and a transceiver, wherein the processor, the memory, and the communication interface are connected to each other by a bus, wherein the memory is used to store program code. The processor is configured to invoke the program code and perform the following operations:
接收本地eUICC配置文件辅助模块发送的用户意图验证指令,其中,所述用户意图验证指令中携带用户意图配置信息,所述用户意图配置信息为所述本地eUICC配置文件辅助模块从与eUICC远程管理服务器的eUICC管理会话获取;Receiving a user intent verification instruction sent by the local eUICC configuration file auxiliary module, where the user intent verification instruction carries user intent configuration information, where the local intent configuration information is the local eUICC configuration file auxiliary module from the eUICC remote management server The eUICC management session is obtained;
对所述用户意图配置信息进行验证;Verifying the user intent configuration information;
在对所述用户意图配置信息的验证通过的情况下,在本次eUICC管理会话过程中, 不执行用户意图确认步骤,其中,所述eUICC管理会话用于执行eUICC配置文件下载和安装操作、eUICC配置文件激活操作、eUICC配置文件去激活操作或eUICC配置文件删除操作中的至少一种操作。In the case that the verification of the user intent configuration information is passed, during the current eUICC management session, The user intent confirmation step is not performed, wherein the eUICC management session is used to perform at least one of an eUICC profile download and install operation, an eUICC profile activation operation, an eUICC profile deactivation operation, or an eUICC profile deletion operation.
通过实施本发明实施例,从eUICC远程管理服务器获取用户意图配置信息并对用户意图配置信息进行验证,在对用户意图配置信息的验证通过的情况下,在本次eUICC管理会话过程中,不执行用户意图确认步骤,省去与用户的交互过程,从而可以实现对eUICC配置文件的高效下载和安装,以及高效远程eUICC配置文件管理。By implementing the embodiment of the present invention, the user intent configuration information is obtained from the eUICC remote management server, and the user intent configuration information is verified. If the verification of the user intent configuration information is passed, the eUICC management session is not executed during the current eUICC management session. The user intent confirms the steps, omitting the interaction process with the user, thereby enabling efficient downloading and installation of the eUICC configuration file, and efficient remote eUICC configuration file management.
附图说明DRAWINGS
为了更清楚地说明本发明实施例或背景技术中的技术方案,下面将对本发明实施例或背景技术中所需要使用的附图进行说明。In order to more clearly illustrate the technical solutions in the embodiments of the present invention or the background art, the drawings to be used in the embodiments of the present invention or the background art will be described below.
图1是eUICC的系统架构图;Figure 1 is a system architecture diagram of eUICC;
图2本发明实施例提供的一种eUICC配置文件管理方法的流程示意图;2 is a schematic flowchart of a method for managing an eUICC configuration file according to an embodiment of the present invention;
图3是本发明实施例提供的另一种eUICC配置文件管理方法的流程示意图;3 is a schematic flowchart of another eUICC configuration file management method according to an embodiment of the present invention;
图4是本发明实施例提供的一种SM-DP+的初始化方法的流程示意图;4 is a schematic flowchart of a method for initializing an SM-DP+ according to an embodiment of the present invention;
图5是本发明实施例提供的由eUICC生成localuserintentfreeSigned的流程示意图;FIG. 5 is a schematic flowchart of generating localuserintentfreeSigned by eUICC according to an embodiment of the present invention;
图6是本发明实施例提供的又一种eUICC配置文件管理方法的流程示意图;FIG. 6 is a schematic flowchart of still another eUICC configuration file management method according to an embodiment of the present disclosure;
图7是本发明实施例提供的又一种eUICC配置文件管理方法的流程示意图;FIG. 7 is a schematic flowchart of still another eUICC configuration file management method according to an embodiment of the present disclosure;
图8是本发明实施例提供的又一种eUICC配置文件管理方法的流程示意图;FIG. 8 is a schematic flowchart of still another eUICC configuration file management method according to an embodiment of the present disclosure;
图9是本发明实施例提供的一种eUICC配置文件管理装置的结构示意图;FIG. 9 is a schematic structural diagram of an eUICC configuration file management apparatus according to an embodiment of the present invention;
图10是本发明实施例提供的另一种eUICC配置文件管理装置的结构示意图;FIG. 10 is a schematic structural diagram of another eUICC configuration file management apparatus according to an embodiment of the present disclosure;
图11是本发明实施例提供的一种本地eUICC配置文件辅助模块的结构示意图;11 is a schematic structural diagram of a local eUICC configuration file auxiliary module according to an embodiment of the present invention;
图12是本发明实施例提供的一种终端的结构示意图;FIG. 12 is a schematic structural diagram of a terminal according to an embodiment of the present disclosure;
图13是本发明实施例提供的一种eUICC模块的结构示意图;FIG. 13 is a schematic structural diagram of an eUICC module according to an embodiment of the present disclosure;
图14是本发明实施例提供的另一种eUICC模块的结构示意图。FIG. 14 is a schematic structural diagram of another eUICC module according to an embodiment of the present invention.
具体实施方式detailed description
下面结合本发明实施例中的附图对本发明实施例进行描述。The embodiments of the present invention are described below in conjunction with the accompanying drawings in the embodiments of the present invention.
请参见图2,图2是本发明实施例提供的一种eUICC配置文件管理方法的流程示意图,本发明实施例的方法可以实现在如图1所示的系统架构上,该方法包括但不限于如下步骤:Referring to FIG. 2, FIG. 2 is a schematic flowchart of a method for managing an eUICC configuration file according to an embodiment of the present invention. The method of the embodiment of the present invention may be implemented in the system architecture shown in FIG. 1, including but not limited to The following steps:
步骤S101:终端设备建立与eUICC远程管理服务器的eUICC管理会话。Step S101: The terminal device establishes an eUICC management session with the eUICC remote management server.
具体地,如图1所述,终端设备可以包括LPA模块、eUICC模块,其中,LPA模块和eUICC模块可以是两个相互分离且存在物理或逻辑连接关系的模块,例如LPA模块存在于基带芯片上、应用处理器上或终端设备的其他硬件模块上;LPA模块也可以直接存 在于eUICC模块上。具体地,LPA模块可以为一个软件模块,或者为分布存在且相联系的多个软件模块。Specifically, as shown in FIG. 1 , the terminal device may include an LPA module and an eUICC module, where the LPA module and the eUICC module may be two modules that are separated from each other and have a physical or logical connection relationship, for example, the LPA module exists on the baseband chip. On the application processor or other hardware modules of the terminal device; the LPA module can also be saved directly It is on the eUICC module. Specifically, the LPA module can be a software module or a plurality of software modules that are distributed and associated.
具体地,eUICC管理会话可以为远程SIM配置(Remote SIM Provisioning,RSP)会话。Specifically, the eUICC management session may be a Remote SIM Provisioning (RSP) session.
具体地,eUICC管理会话可以由LPA模块发起,LPA协助eUICC模块和eUICC远程管理服务器之间进行双向鉴权认证以建立eUICC管理会话。Specifically, the eUICC management session may be initiated by the LPA module, and the LPA assists the two-way authentication authentication between the eUICC module and the eUICC remote management server to establish an eUICC management session.
步骤S102:所述终端设备通过所述eUICC管理会话从所述eUICC远程管理服务器获取用户意图配置信息。Step S102: The terminal device acquires user intent configuration information from the eUICC remote management server by using the eUICC management session.
具体地,eUICC远程管理服务器可以为SM-DP+,也可以为其他能够提供eUICC配置文件且能对eUICC配置文件进行远程管理的服务器。Specifically, the eUICC remote management server may be an SM-DP+, or may be another server capable of providing an eUICC configuration file and capable of remotely managing the eUICC configuration file.
具体地,用户意图配置信息可以为第一签名值;也可以为用户意图标示;还可以为第一签名值及与第一签名值对应的数字证书的拥有者名称。Specifically, the user intent configuration information may be a first signature value; or may be a user intention indication; or may be a first signature value and an owner name of the digital certificate corresponding to the first signature value.
步骤S103:所述终端设备对所述用户意图配置信息进行验证。Step S103: The terminal device verifies the user intent configuration information.
其中,用户意图配置信息用于指示终端在本次eUICC管理会话过程中省去、去活或跳过与用户进行交互的步骤。The user intent configuration information is used to indicate that the terminal saves, deactivates, or skips the step of interacting with the user during the current eUICC management session.
具体地,在对用户意图配置信息的验证通过的情况下,执行步骤S105。Specifically, in the case where the verification of the user's intention configuration information is passed, step S105 is performed.
具体地,用户意图配置信息的内容或类型不同,终端设备对用户意图配置信息进行验证的具体流程不同,具体流程中,终端可以不仅对用户意图配置信息进行验证,还可以对与用户意图配置信息有关的信息进行验证。Specifically, the content or type of the user's intentional configuration information is different, and the specific process for the terminal device to verify the user's intended configuration information is different. In the specific process, the terminal may not only verify the user's intention configuration information, but also configure the information with the user's intention. Relevant information is verified.
步骤S104:在对用户意图配置信息的验证未通过的情况下,所述终端设备执行用户意图确认步骤。Step S104: In the case where the verification of the user's intention configuration information fails, the terminal device performs a user intention confirmation step.
具体地,当对用户意图配置信息的验证未通过的情况下,终端设备可以在界面上显示“是否同意下载”,“请输入确认码”等信息并获取用户的确认操作,获取到用户的确认操作后才执行后续的步骤。Specifically, when the verification of the user intent configuration information fails, the terminal device may display, on the interface, “whether or not to agree to download”, “please input a confirmation code”, and obtain a confirmation operation of the user, and obtain the confirmation of the user. The subsequent steps are performed after the operation.
步骤S105:所述终端设备执行eUICC配置文件下载安装操作、eUICC配置文件激活操作、eUICC配置文件去激活操作或eUICC配置文件删除操作中的至少一种操作。Step S105: The terminal device performs at least one of an eUICC configuration file download and install operation, an eUICC configuration file activation operation, an eUICC configuration file deactivation operation, or an eUICC configuration file deletion operation.
具体地,eUICC配置文件可以为Profile。Specifically, the eUICC configuration file can be a profile.
以下结合图1的系统架构通过第二实施例至第五实施例具体介绍上述实施例的实现过程,需要说明的是,本发明第二实施例至第五实施例主要介绍LPA模块和eUICC模块为相互分离的模块且互相配合实现上述实施例的技术方案的情形,对于LPA模块直接存在于eUICC模块的情形,考虑到只需将LPA模块和eUICC模块执行的步骤合并即可形成方案,在此不做讨论。以下采用LPA代表终端设备的LPA模块、eUICC代表终端设备的eUICC模块、SM-DP+代表eUICC远程管理服务器、Profile代表eUICC配置文件对上述实施例进行详细介绍。The implementation of the foregoing embodiment is specifically described in the following with reference to the system architecture of FIG. 1. The second embodiment to the fifth embodiment of the present invention mainly introduce the LPA module and the eUICC module. In the case where the modules of the above-mentioned embodiments are implemented in the case where the LPA modules are directly present in the eUICC module, it is considered that only the steps performed by the LPA module and the eUICC module are combined to form a solution. Do the discussion. The following embodiment is described in detail by using the LPA module of the LPA on behalf of the terminal device, the eUICC module of the eUICC on behalf of the terminal device, the SM-DP+ on behalf of the eUICC remote management server, and the profile on behalf of the eUICC configuration file.
请参见图3,图3是本发明第二实施例提供的一种eUICC配置文件管理方法的流程示意图。在本发明实施例中,eUICC管理会话用于执行eUICC配置文件下载和安装操作, 具体实现流程如下:Referring to FIG. 3, FIG. 3 is a schematic flowchart of a method for managing an eUICC configuration file according to a second embodiment of the present invention. In the embodiment of the present invention, the eUICC management session is used to perform an eUICC configuration file download and installation operation, The specific implementation process is as follows:
步骤S201:LPA获取SM-DP+地址。Step S201: The LPA acquires the SM-DP+ address.
具体地,在用户操作、开机、定时触发或者eUICC触发等条件下,LPA可以从SM-DS获取SM-DP+地址和事件标识(Event Identification,EventID),EventID可以标识Profile待下载事件,也可以标识Profile或eUICC远程管理事件,下载或管理事件可以针对单个或多个终端/eUICC。LPA可以将EventID通过匹配标识(MatchingID)参数发送给SM-DP+。Specifically, under the conditions of user operation, power-on, timing trigger, or eUICC triggering, the LPA can obtain an SM-DP+ address and an event identifier (Event ID) from the SM-DS. The EventID can identify the profile to be downloaded event, or can identify Profile or eUICC remote management events, download or management events can be targeted to single or multiple terminals/eUICC. The LPA can send the EventID to the SM-DP+ through the Matching ID parameter.
可选地,LPA也可以从eUICC获取默认的(default)SM-DP+地址,例如终端设备是运营商A定制生产的,运营商A指定在eUICC中预置一个SM-DP+地址,或者,OEM终端厂商在eUICC中预置多个运营商共享的一个SM-DP+地址。Optionally, the LPA may also obtain a default SM-DP+ address from the eUICC. For example, the terminal device is custom-produced by the operator A, the operator A specifies an SM-DP+ address preset in the eUICC, or the OEM terminal. The vendor presets an SM-DP+ address shared by multiple operators in the eUICC.
步骤S202:LPA与SM-DP+建立传输层安全协议(Transport Layer Security,TLS)连接。Step S202: The LPA establishes a Transport Layer Security (TLS) connection with the SM-DP+.
具体地,例如,LPA对SM-DP+做单向证书认证,认证通过后建立TLS连接。Specifically, for example, the LPA performs one-way certificate authentication on the SM-DP+, and establishes a TLS connection after the authentication is passed.
步骤S203:eUICC与SM-DP+基于安全超文本传输协议(HyperText Transfer Protocol Secure,HTTPS)进行双向鉴权。Step S203: The eUICC and the SM-DP+ perform two-way authentication based on the HyperText Transfer Protocol Secure (HTTPS).
具体地,HTTPS运行在TLS连接之上。Specifically, HTTPS runs on top of a TLS connection.
具体地,LPA从eUICC获取eUICC挑战值等信息,向SM-DP+发送HTTPS请求(含eUICC挑战值),触发eUICC与SM-DP+进行双向鉴权,双向鉴权的数据交换就通过HTTPS请求与响应消息以及LPA与eUICC的接口实现。在所述双向鉴权过程中,eUICC产生自身的鉴权签名值(euiccSignature1)并将euiccSignature1发送给SM-DP+,SM-DP+和eUICC均保存euiccSignature1;同时,SM-DP+将鉴权证书(CERT.DPauth.ECDSA)发送给eUICC,eUICC保存CERT.DPauth.ECDSA;双向鉴权通过后,SM-DP+生成会话标识(TranctionIdentification,TransactionID)。Specifically, the LPA obtains the eUICC challenge value and the like from the eUICC, sends an HTTPS request (including the eUICC challenge value) to the SM-DP+, triggers the eUICC and the SM-DP+ to perform bidirectional authentication, and the bidirectional authentication data exchange passes the HTTPS request and response. Message and interface implementation of LPA and eUICC. In the two-way authentication process, the eUICC generates its own authentication signature value (euiccSignature1) and sends eucicSignature1 to SM-DP+, SM-DP+ and eUICC both store eucicSignature1; meanwhile, SM-DP+ will authenticate the certificate (CERT. DPauth.ECDSA) is sent to eUICC, eUICC saves CERT.DPauth.ECDSA; after two-way authentication is passed, SM-DP+ generates session identification (TransactionID).
至此,经过双向鉴权后终端设备与SM-DP+之间的RSP会话建立成功。At this point, after the two-way authentication, the RSP session between the terminal device and the SM-DP+ is successfully established.
步骤S204:SM-DP+通过查找得到Profile待下载事件(Profile download pending order)或批量Profile待下载事件(Batch Profile download pending order)。Step S204: The SM-DP+ obtains a Profile download pending order or a Batch Profile download pending order by searching.
具体地,在双向鉴权过程中,终端设备发送MatchingID或eUICC标识(EID)给SM-DP+。Specifically, in the two-way authentication process, the terminal device sends a MatchingID or an eUICC identifier (EID) to the SM-DP+.
具体地,SM-DP+可以通过MatchingID或EID查找得到Profile download pending order或Batch Profile download pending order。Specifically, SM-DP+ can find a Profile download pending order or a Batch Profile download pending order by using MatchingID or EID.
具体地,Profile download pending order或Batch Profile download pending order可以在SM-DP+的Profile下载初始化过程中生成,图4是SM-DP+的Profile下载初始化流程示意图。Specifically, the Profile download pending order or the Batch Profile download pending order may be generated during the profile download initialization process of the SM-DP+, and FIG. 4 is a schematic diagram of the profile download initialization process of the SM-DP+.
在向终端设备的eUICC下载Profile前,个人或企业用户需要与运营商(Operator)进行签约完成开户等流程,然后由运营商业务支撑系统(Operator Business Sustain System,Operator BSS)指示SM-DP+为用户准备单个或一批Profile供用户的终端设备下载,eUICC下载和安装Profile成功且Profile处于激活状态后,Operator移动网络能为终端设备用户提供各项服务,包括通话、接收短信和数据业务等。在用户与Operator签约过程中,可选的,Operator BSS能获取到用户终端设备的国际移动设备身份标识(International Mobile  Equipment Identity,IMEI)、能力信息及eUICC标识(eUICC Identification,EID)。在准备Profile的过程中,可选的,Operator BSS将EID发送给SM-DP+,SM-DP+根据Operator BSS指示生成Profile待下载事件,等待用户终端设备进行Profile下载。其中,若与运营商签约的是企业用户,则Operator BSS可选地将批量eUICC标识(即EIDs)发送给SM-DP+,SM-DP+生成一个批量Profile待下载事件或者为每一个终端设备/eUICC生成一个单个Profile待下载事件,以下结合图4以企业用户为例介绍SM-DP+的Profile下载初始化流程:Before downloading the profile to the eUICC of the terminal device, the individual or enterprise user needs to sign a contract with the operator to complete the account opening process, and then the operator business support system (Operator BSS) instructs the SM-DP+ as the user. A single or batch of profiles is prepared for the user's terminal device to download. After the eUICC downloads and installs the profile successfully and the profile is activated, the Operator mobile network can provide various services for the terminal device users, including calling, receiving short messages, and data services. In the process of signing the user and the Operator, optionally, the Operator BSS can obtain the international mobile device identity of the user terminal device (International Mobile Equipment Identity, IMEI), capability information, and eUICC Identification (EID). In the process of preparing the profile, the operator BSS sends the EID to the SM-DP+. The SM-DP+ generates a profile pending event according to the Operator BSS indication, and waits for the user terminal device to perform the profile download. If the enterprise user is contracted with the operator, the Operator BSS optionally sends the batch eUICC identifier (ie, EIDs) to the SM-DP+, and the SM-DP+ generates a batch profile to be downloaded event or for each terminal device/eUICC. Generate a single profile to be downloaded event. The following takes the enterprise user as an example to introduce the SM-DP+ profile download initialization process:
步骤S1:Operator BSS向SM-DP+发送下载命令(DownloadOrder),其中,DownloadOrder中可携带批量eUICC标识(EIDs)、Profile类型(Profile Type)或批量Profile的标识(Integrated Circuit Card ID,ICCIDs)。Step S1: The Operator BSS sends a download command (DownloadOrder) to the SM-DP+, where the DownloadOrder can carry the batch eUICC identifier (EIDs), the profile type (Profile Type), or the batch profile ID (Integrated Circuit Card ID, ICCIDs).
其中,EIDs为可选的,即DownloadOrder也中也可不携带EIDs。Among them, the EIDs are optional, that is, the DownloadOrder may also not carry the EIDs.
步骤S2:SM-DP+保存ICCIDs,EIDs并向Operator BSS发送回复指令。Step S2: SM-DP+ saves the ICCIDs, EIDs and sends a reply command to the Operator BSS.
具体地,回复指令即响应消息。Specifically, the reply instruction is a response message.
可选地,Operator BSS在接收到所述回复指令后可以产生批量匹配标识(MatchingIDs),MatchingID可以与SM-DP+产生的Profile待下载事件相匹配。Optionally, the Operator BSS may generate a batch matching identifier (MatchingIDs) after receiving the reply instruction, and the MatchingID may match the profile to be downloaded event generated by the SM-DP+.
可选地,Operator BSS还可以进行后台配置。Optionally, Operator BSS can also be configured in the background.
步骤S3:可选的,Operator BSS获取终端设备免用户意图授权userintentfreeSignature。Step S3: Optionally, the Operator BSS obtains the terminal device from the user intent to authorize the userintentfreeSignature.
其中,userintentfreeSignature可以指示LPA在本次RSP会话中省去、去活或跳过用户意图确认的步骤。例如,让用户确认接受运营商Profile策略规则(Profile Policy Rules,PPR)的步骤,让用户确认下载和安装该Profile的步骤,让用户输入证实码的步骤,并且这些步骤之间可以合并。The userintentfreeSignature may indicate that the LPA omits, deactivates, or skips the step of user intent confirmation in the current RSP session. For example, let the user confirm the steps of accepting the operator Profile Policy Rules (PPR), let the user confirm the steps of downloading and installing the profile, let the user enter the verification code, and the steps can be merged.
可选地,userintentfreeSignature也可以用其他名称进行定义。Alternatively, userintentfreeSignature can also be defined with other names.
具体地,userintentfreeSignature可以通过SM-DP+包含在用户意图配置信息(userintentConfiguration)中发送给LPA。Specifically, the userintentfreeSignature can be sent to the LPA through the SM-DP+ included in the user intent configuration information (userintentConfiguration).
具体地,Operator BSS可以从Enterprise、OEM或EUM处获得userintentfreeSignature。Specifically, Operator BSS can obtain userintentfreeSignature from Enterprise, OEM, or EUM.
具体地,userintentConfiguration可以为userintentfreeSignature,也可以为{Signer,userintentfreeSignature},其中,userintentfreeSignature为采用第一密钥对第一待签名数据的签名(即为第一签名值),第一待签名数据可以为{euicc Operation Type,Operatorid,SM-DP+OID},可选地,所述第一待签名数据还可以包括EIDs,即第一待签名数据为{euicc Operation Type,Operatorid,SM-DP+OID,EIDs},其中,euicc Operation Type为eUICC管理操作类型,Operatorid为运营商标识,SM-DP+OID为SM-DP+对象标识(Object Identifications,OID);Signer为与第一密钥对应的数字证书的拥有者名称,Signer例如可以为OEM数字证书、EUM数字证书或Enterprise数字证书的区别名称(Distinguished Name,DN),例如,Operator BSS从OEM获取userintentfreeSignature,则Signer为OEM数字证书的DN名称。Specifically, the userintentConfiguration may be a userintentfreeSignature or a {Signer, userintentfreeSignature}, where the userintentfreeSignature is a signature of the first to-be-signed data by using the first key (ie, a first signature value), and the first to-be-signed data may be {euicc Operation Type, Operatorid, SM-DP+OID}, optionally, the first to-be-signed data may further include EIDs, that is, the first to-be-signed data is {euicc Operation Type, Operatorid, SM-DP+OID, EIDs}, where the eucic Operation Type is an eUICC management operation type, the Operatorid is an operator identifier, the SM-DP+OID is an SM-DP+Object Identifications (OID), and the Signer is a digital certificate corresponding to the first key. The owner name, for example, may be the Distinguished Name (DN) of the OEM digital certificate, the EUM digital certificate or the Enterprise digital certificate. For example, the Operator BSS obtains the userintentfreeSignature from the OEM, and the Signer is the DN name of the OEM digital certificate.
具体地,在本发明实施例中,euicc Operation Type为Profile Download。Specifically, in the embodiment of the present invention, the eucic Operation Type is Profile Download.
可选地,所述第一密钥可以为公钥(Public Key,PK)、私钥(Secret Key,SK)或对称密钥。 Optionally, the first key may be a public key (PK), a private key (Secret Key, SK), or a symmetric key.
具体地,所述EIDs的表现形式可以有多种,例如可以表示为EIDstart|EIDend、EIDstart|Count或者EID列表中的任意一种及其组合。Specifically, the EIDs may be represented in various forms, for example, may be represented as any one of EID start | EID end , EID start | Count, or EID list, and combinations thereof.
步骤S4:Operator BSS向SM-DP+发送确认命令(ConfirmOrder),其中,ConfirmOrder中携带{Signer,userintentfreeSignature}。Step S4: The Operator BSS sends a confirmation command (ConfirmOrder) to the SM-DP+, wherein the ConfirmOrder carries {Signer, userintentfreeSignature}.
其中,Signer是可选的,当userintentConfiguration为userintentfreeSignature时,ConfirmOrder中只携带userintentfreeSignature。Among them, Signer is optional. When userintentConfiguration is userintentfreeSignature, ConfirmOrder only carries userintentfreeSignature.
可选地,ConfirmOrder中还可携带ICCIDs,EIDs,Confirmation Codes,MatchingIDs,其中,Confirmation Codes为一批用于增强Profile下载的安全性的确认码(Confirmation Code)。Optionally, the ConfirmOrder may further carry ICCIDs, EIDs, Confirmation Codes, MatchingIDs, wherein the Confirmation Codes are a batch of Confirmation Codes for enhancing the security of the profile download.
步骤S5:SM-DP+生成批量Profile待下载事件(Batch Profile download pending order)。Step S5: SM-DP+ generates a Batch Profile download pending order.
可选的,SM-DP+也可以为每一个终端设备/eUICC生成一个单个Profile待下载事件。Optionally, SM-DP+ can also generate a single Profile to be downloaded event for each terminal device/eUICC.
具体地,Batch Profile download pending order中可以包括Signer,userintentfreeSignature,eventID,MatchingIDs,EIDs以及SM-DP+生成的一批Profile。Specifically, the Batch Profile download pending order may include Signer, userintentfreeSignature, eventID, MatchingIDs, EIDs, and a batch of profiles generated by SM-DP+.
至此,SM-DP+的Profile下载初始化过程完成,SM-DP+为企业用户准备好一批Profile,可选地,批量待下载事件的名称不限于本发明实施例中Batch Profile download pending order这一种描述,还可以用其他名称进行描述,主要用来区分现有的单个Profile待下载事件。At this point, the SM-DP+ profile download initialization process is completed, and the SM-DP+ prepares a batch of profiles for the enterprise user. Optionally, the name of the batch pending download event is not limited to the description of the Batch Profile download pending order in the embodiment of the present invention. It can also be described by other names, mainly used to distinguish existing single profile pending download events.
具体地,SM-DP+可以根据终端设备发送的MatchingID或EID查找得到Profile download pending order或Batch Profile download pending order。Specifically, the SM-DP+ can find a Profile download pending order or a Batch Profile download pending order according to the MatchingID or EID sent by the terminal device.
步骤S205:SM-DP+利用终端设备信息(Device Info)和eUICC信息(euicc Info2)进行合法性检查。Step S205: The SM-DP+ performs the validity check using the terminal device information (Device Info) and the eUICC information (euicc Info2).
具体地,SM-DP+例如检查终端设备和eUICC的固件信息、版本信息等是否与download pending order中的Profile相匹配。Specifically, the SM-DP+ checks, for example, whether the firmware information, version information, and the like of the terminal device and the eUICC match the profile in the download pending order.
步骤S206:SM-DP+生成Profile元数据(Metadata),检查是否为重试下载(download retry),生成第二待签名数据(例如为smdpSigned2),smdpSigned2={TransactionID,确认码标示(Confirmation Code Required Flag),临时密钥对公钥(bppEuiccOtpk)}。Step S206: SM-DP+ generates Profile metadata (Metadata), checks whether it is a download retry, generates second to-be-signed data (for example, smdpSigned2), smdpSigned2={TransactionID, and confirmation code Required Flag ), temporary key pair public key (bppEuiccOtpk)}.
具体地,TransactionID在建立RSP会话过程中由SM-DP+生成,Confirmation Code Required Flag设置为‘True’或“False’(取决于SM-DP+在Profile下载初始化过程中是否收到Confirmation Code,bppEuiccOtpk是上次异常终止的Profile下载RSP会话中由eUICC产生的临时公私钥对的公钥部分。Specifically, the TransactionID is generated by SM-DP+ during the establishment of the RSP session, and the Confirmation Code Required Flag is set to 'True' or "False' (depending on whether the SM-DP+ receives the Confirmation Code during the profile download initialization process, bppEuiccOtpk is The abruptly terminated profile downloads the public key portion of the temporary public-private key pair generated by the eUICC in the RSP session.
步骤S207:SM-DP+利用第三密钥(SK.DPpb.ECDSA)对smdpSigned2和euiccSignature1进行签名计算生成第二签名值(例如为smdpSignature2),其中,SK.DPpb.ECDSA是SM-DP+的配置文件绑定(ProfileBinding)数字证书(CERT.DPpb.ECDSA)的私钥。Step S207: SM-DP+ performs a signature calculation on smdpSigned2 and eucicSignature1 by using a third key (SK.DPpb.ECDSA) to generate a second signature value (for example, smdpSignature2), where SK.DPpb.ECDSA is a configuration file of SM-DP+ Bind the private key of the ProfileBinding digital certificate (CERT.DPpb.ECDSA).
具体地,SM-DP+可以生成smdpSigned2|euiccSignature1的摘要(“|”符号用来串联前后两个数据),然后利用SK.DPpb.ECDSA对所述摘要进行加密生成smdpSignature2。例如A={smdpSigned2,euiccSignature1},对A取摘要得到摘要a,利用SK.DPpb.ECDSA对摘要a进行加密得到的结果即第二签名值smdpSignature2。 Specifically, SM-DP+ may generate a digest of smdpSigned2|euiccSignature1 (the "|" symbol is used to concatenate the two data before and after), and then encrypt the digest with SK.DPpb.ECDSA to generate smdpSignature2. For example, A={smdpSigned2, eucicSignature1}, the abstract is obtained by summing A, and the result of encrypting the digest a by SK.DPpb.ECDSA is the second signature value smdpSignature2.
步骤S208:SM-DP+将Profile Metadata、smdpSigned2、smdpSignature2、CERT.DPpb.ECDSA、userintentConfiguration及EIDs发送给LPA。Step S208: SM-DP+ sends Profile Metadata, smdpSigned2, smdpSignature2, CERT.DPpb.ECDSA, userintentConfiguration, and EIDs to the LPA.
其中,EIDs是可选的。Among them, EIDs are optional.
步骤S209:LPA确认收到userintentConfiguration,生成本地第一待签名数据(localuserintentfreeSigned),localuserintentfreeSigned={euicc Operation Type,Operatorid,SM-DP+OID}。Step S209: The LPA confirms receipt of the userintentConfiguration, and generates local first to-be-signed data (localuserintentfreeSigned), localuserintentfreeSigned={euicc Operation Type, Operatorid, SM-DP+OID}.
在另一种实施方式中,localuserintentfreeSigned={euicc Operation Type、Operatorid、SM-DP+OID,EIDs}。In another embodiment, localuserintentfreeSigned={euicc Operation Type, Operatorid, SM-DP+OID, EIDs}.
具体地,LPA通过Profile Metadata识别出eUICC Operation Type为Profile download,将Profile Metadata中的Profile拥有者(Profileowner)赋值给Operatorid,从CERT.DPpb.ECDSA证书中获取SM-DP+OID。Specifically, the LPA identifies the eUICC Operation Type as Profile download by Profile Metadata, assigns the Profileowner in the Profile Metadata to the Operatorid, and obtains the SM-DP+OID from the CERT.DPpb.ECDSA certificate.
步骤S210:LPA验证本地eUICC的EID在EIDs内。Step S210: The LPA verifies that the EID of the local eUICC is within the EIDs.
步骤S211:LPA将localuserintentfreeSigned、userintentConfiguration、TransactionID及CERT.DPpb.ECDSA发送给eUICC。Step S211: The LPA sends localuserintentfreeSigned, userintentConfiguration, TransactionID, and CERT.DPpb.ECDSA to the eUICC.
具体地,LPA从smdpSigned2中读取TransactionID。Specifically, the LPA reads the Transaction ID from smdpSigned2.
在另一种实现方式中,localuserintentfreeSigned可以由eUICC生成,此时步骤S209~S211如图5所示,可以替换为:In another implementation manner, the localuserintentfreeSigned may be generated by the eUICC. In this case, the steps S209 to S211 are as shown in FIG. 5, and may be replaced by:
步骤S209-1:LPA确认收到userintentConfiguration,生成euicc Operation Type、Operatorid。Step S209-1: The LPA confirms receipt of the userintentConfiguration, and generates the eucic Operation Type and the Operatorid.
其中,LPA生成euicc Operation Type、Operatorid的方式与步骤S209相同,不再赘述。The manner in which the LPA generates the eucic Operation Type and the Operatorid is the same as that in the step S209, and will not be described again.
步骤S210-1:可选的,LPA验证本地eUICC的EID在EIDs内。Step S210-1: Optionally, the LPA verifies that the EID of the local eUICC is within the EIDs.
步骤S211-1:LPA将euicc Operation Type、Operatorid、userintentConfiguration、TransactionID及CERT.DPpb.ECDSA发送给eUICC。Step S211-1: The LPA sends the eucic Operation Type, Operatorid, userintentConfiguration, TransactionID, and CERT.DPpb.ECDSA to the eUICC.
可选地,若第一待签名数据为{euicc Operation Type、Operatorid、SM-DP+OID,EIDs},LPA还可以将EIDs发送给eUICC。Optionally, if the first to-be-signed data is {euicc Operation Type, Operatorid, SM-DP+OID, EIDs}, the LPA may also send the EIDs to the eUICC.
步骤S211-2:eUICC生成localuserintentfreeSigned。Step S211-2: eUICC generates localuserintentfreeSigned.
步骤S212:eUICC验证CERT.DPpb.ECDSA合法且与CERT.DPauth.ECDSA属于同一SM-DP+,验证TransactionID匹配当前的RSP会话。Step S212: The eUICC verifies that CERT.DPpb.ECDSA is legal and belongs to the same SM-DP+ as CERT.DPauth.ECDSA, and verifies that the TransactionID matches the current RSP session.
具体地,eUICC通过分别从CERT.DPpb.ECDSA和CERT.DPauth.ECDSA中获取SM-DP+OID,对分别获取出来的两个SM-DP+OID进行比较,若两个SM-DP+OID相同则确定CERT.DPpb.ECDSA与CERT.DPauth.ECDSA属于同一SM-DP+。Specifically, the eUICC compares the two SM-DP+OIDs obtained by acquiring the SM-DP+OIDs from CERT.DPpb.ECDSA and CERT.DPauth.ECDSA respectively, if the two SM-DP+OIDs are the same. Then it is determined that CERT.DPpb.ECDSA belongs to the same SM-DP+ as CERT.DPauth.ECDSA.
步骤S213:eUICC对userintentConfiguration进行验证。Step S213: The eUICC verifies the userintentConfiguration.
具体地,eUICC采用与第一密钥对应的第二密钥及localuserintentfreeSigned对userintentfreeSignature进行验证。Specifically, the eUICC verifies the userintentfreeSignature by using a second key corresponding to the first key and localuserintentfreeSigned.
可选地,所述第二密钥与所述第一密钥可以互为对称密钥或非对称密钥,例如第一密钥与第二密钥互为非对称密钥,则在第一密钥为PK时,第二密钥为SK,第一密钥为SK时,第二密钥为PK;又如第二密钥与所述第一密钥互为对称密钥,则第一密钥与第二密 钥相同。Optionally, the second key and the first key may be mutually symmetric keys or asymmetric keys, for example, the first key and the second key are mutually asymmetric keys, and then When the key is PK, the second key is SK, when the first key is SK, the second key is PK; and if the second key and the first key are symmetric keys with each other, the first Key and second secret The keys are the same.
具体地,eUICC生成所述localuserintentfreeSigned的本地第一摘要,再用第二密钥对userintentfreeSignature进行解密得到解密结果,在本地第一摘要与解密结果相同时,对userintentfreeSignature的验证通过。Specifically, the eUICC generates the local first digest of the localuserintentfreeSigned, and decrypts the userintentfreeSignature with the second key to obtain a decrypted result. When the local first digest and the decrypted result are the same, the verification of the userintentfreeSignature is passed.
可选地,当所述LPA同时收到userintentfreeSignature和Signer时,eUICC还需检验Signer与CERT.EUM/Enterprise/OEM.ESCDA中的DN名称是否相同,相同则验证通过。其中,Signer和userintentfreeSignature的验证顺序不做限定。Optionally, when the LPA receives both the userintentfreeSignature and the Signer, the eUICC also needs to verify whether the DN name in the Signer and the CERT.EUM/Enterprise/OEM.ESCDA is the same, and the verification is passed. The verification order of Signer and userintentfreeSignature is not limited.
步骤S214:eUICC向LPA发送验证完成指令。Step S214: The eUICC sends a verification completion instruction to the LPA.
其中,验证完成指令包括验证通过指令或验证不通过指令,用于指示是否执行用户验证步骤,若验证完成指令为验证通过指令,则不执行用户意图确认步骤;若验证完整指令为验证不通过指令,则执行用户意图确认步骤,或者,指示LPA终止当前RSP会话。The verification completion instruction includes a verification pass instruction or a verification non-pass instruction, which is used to indicate whether to perform a user verification step, and if the verification completion instruction is a verification pass instruction, the user intention confirmation step is not performed; if the verification complete instruction is a verification failure instruction Then, the user intent confirmation step is performed, or the LPA is instructed to terminate the current RSP session.
具体地,验证完成指令可以例如为OK或Error响应消息。Specifically, the verification completion instruction may be, for example, an OK or Error response message.
步骤S215:LPA根据验证完成指令确定是否执行用户意图确认步骤。Step S215: The LPA determines whether to perform the user intention confirmation step according to the verification completion instruction.
在一种可能的实现方式中,可以对是否执行用户意图确认步骤设置一个标记位,例如接收到验证通过指令则将标记位置‘1’,表示运行到用户意图确认步骤时应跳过此步骤,接收到验证不通过指令则将标记位置‘0’,表示运行到用户意图确认步骤时应执行该步骤。In a possible implementation manner, a flag bit may be set for whether to perform a user intent confirmation step, for example, when the verification pass instruction is received, the mark position is set to '1', indicating that the step should be skipped when running to the user intention confirmation step. When the verification fails the instruction, the flag is set to '0', indicating that this step should be performed when running to the user intent confirmation step.
具体地,在验证完成指令为验证通过指令时,执行步骤S217。Specifically, when the verification completion instruction is the verification pass instruction, step S217 is performed.
步骤S216:验证完成指令为验证不通过指令,LPA执行用户意图确认步骤。Step S216: The verification completion instruction is a verification failure instruction, and the LPA performs a user intention confirmation step.
步骤S217:LPA继续执行Profile下载和安装流程。Step S217: The LPA continues to perform the profile download and installation process.
在图3所述的方法中,用户意图配置信息userintentConfiguration为userintentfreeSignature或{Signer,userintentfreeSignature},Operator从Enterprise、OEM或EUM获取userintentfreeSignature并将userintentfreeSignature携带在ConfirmOrder中发送给SM-DP+,当用户终端设备要进行Profile下载操作时,SM-DP+将userintentfreeSignature(和Signer)发送给终端的LPA,LPA和eUICC配合完成对userintentfreeSignature(和Signer)的验证,在验证通过时跳过用户意图确认步骤,有助于实现对Profile的高效下载,特别有益于批量的企业用户终端设备的场景。In the method described in FIG. 3, the user intends to configure the information userintentConfiguration as userintentfreeSignature or {Signer, userintentfreeSignature}, and the operator obtains the userintentfreeSignature from Enterprise, OEM or EUM and carries the userintentfreeSignature in the ConfirmOrder and sends it to the SM-DP+, when the user terminal device wants When performing the profile download operation, SM-DP+ sends the userintentfreeSignature (and Signer) to the LPA of the terminal. LPA and eUICC cooperate to complete the verification of userintentfreeSignature (and Signer), and skip the user intent confirmation step when the verification is passed, which is helpful to achieve Efficient downloading of profiles is especially beneficial for scenarios of batch enterprise user terminal devices.
请参见图6,图6是本发明第三实施例提供的一种eUICC配置文件下载方法的流程示意图。在本发明实施例中,eUICC管理会话用户用于执行eUICC配置文件下载和安装操作,具体实现流程如下:Referring to FIG. 6, FIG. 6 is a schematic flowchart of a method for downloading an eUICC configuration file according to a third embodiment of the present invention. In the embodiment of the present invention, the eUICC management session user is configured to perform an eUICC configuration file download and installation operation, and the specific implementation process is as follows:
步骤S301:LPA获取SM-DP+地址。Step S301: The LPA acquires the SM-DP+ address.
步骤S302:LPA与SM-DP+建立TLS连接。Step S302: The LPA establishes a TLS connection with the SM-DP+.
步骤S303:SM-DP+与eUICC基于HTTPS进行双向鉴权。Step S303: The SM-DP+ and the eUICC perform mutual authentication based on the HTTPS.
步骤S304:SM-DP+查找得到Profile download pending order或Batch Profile download pending order。Step S304: The SM-DP+ search obtains a Profile download pending order or a Batch Profile download pending order.
步骤S305:SM-DP+利用Device Info和euicc Info2进行合法性检查。Step S305: The SM-DP+ performs the validity check by using Device Info and eucic Info2.
其中,步骤S301~S305的实现逻辑与实现方式与上述第二实施例步骤S201~S205中 介绍的一致,不再赘述。The implementation logic and implementation manner of steps S301-S305 are the same as steps S201-S205 of the second embodiment. The consistency of the introduction is not repeated here.
步骤S306:SM-DP+生成Profile Metadata,检查是否为download retry,生成smdpSigned2,smdpSigned2={TransactionID,Confirmation Code Required Flag,bppEuiccOtpk,userintentConfiguration,EIDs}。Step S306: SM-DP+ generates Profile Metadata, checks whether it is download retry, generates smdpSigned2, smdpSigned2={TransactionID, Confirmation Code Required Flag, bppEuiccOtpk, userintentConfiguration, EIDs}.
其中,EIDs是可选的。具体地,本发明实施例中userintentConfiguration可以为{Signer,userintentfreeSignature}、userintentfreeSignature或用户意图标示(User Intent Free Required Flag)。Among them, EIDs are optional. Specifically, in the embodiment of the present invention, the userintentConfiguration may be {Signer, userintentfreeSignature}, userintentfreeSignature, or User Intent Free Required Flag.
需要说明的是,若userintentConfiguration为User Intent Free Required Flag,则Operator BSS不执行获取终端设备免用户意图授权userintentfreeSignature步骤,直接根据Profile下载场景(例如,企业用户批量下载,或者,老年用户/求助者用户下载)指示SM-DP+生成用户意图配置信息(例如,指示将用户意图标示设置为‘True’或‘False’)。It should be noted that if the userintentConfiguration is the User Intent Free Required Flag, the Operator BSS does not perform the step of acquiring the user device to authorize the userintentfreeSignature, and directly downloads the scenario according to the profile (for example, the enterprise user batch download, or the elderly user/helper user) Download) Instructs SM-DP+ to generate user intent configuration information (eg, indicating that the user intent flag is set to 'True' or 'False').
需要说明的是,在本发明实施例中,若userintentConfiguration为{Signer,userintentfreeSignature}或userintentfreeSignature,smdpSigned2为第二待签名数据,若userintentConfiguration为User Intent Free Required Flag,则smdpSigned2为第三待签名数据。It should be noted that, in the embodiment of the present invention, if the userintentConfiguration is {Signer, userintentfreeSignature} or userintentfreeSignature, smdpSigned2 is the second data to be signed, and if the userintentConfiguration is the User Intent Free Required Flag, the smdpSigned2 is the third data to be signed.
步骤S307:SM-DP+利用SK.DPpb.ECDSA对smdpSigned2|euiccSignature1进行签名计算生成smdpSignature2,其中,SK.DPpb.ECDSA是SM-DP+的ProfileBinding证书的私钥。Step S307: SM-DP+ performs signature calculation on smdpSigned2|euiccSignature1 by using SK.DPpb.ECDSA to generate smdpSignature2, where SK.DPpb.ECDSA is the private key of the ProfileBinding certificate of SM-DP+.
需要说明的是,在本发明实施例中,若userintentConfiguration为{Signer,userintentfreeSignature}或userintentfreeSignature,smdpSignature2为第二签名值,若userintentConfiguration为User Intent Free Ruired Flag,则smdpSignature2为第三签名值。It should be noted that, in the embodiment of the present invention, if the userintentConfiguration is {Signer, userintentfreeSignature} or userintentfreeSignature, smdpSignature2 is the second signature value, and if the userintentConfiguration is the User Intent Free Ruired Flag, the smdpSignature2 is the third signature value.
步骤S308:SM-DP+将Profile Metadata、smdpSigned2、smdpSignature2、CERT.DPpb.ECDSA发送给LPA。Step S308: SM-DP+ sends Profile Metadata, smdpSigned2, smdpSignature2, CERT.DPpb.ECDSA to the LPA.
步骤S309:LPA确认收到userintentConfiguration。Step S309: The LPA confirms receipt of the userintentConfiguration.
具体地,LPA解析smdpSigned2确认收到用户意图配置信息userintentConfiguration。Specifically, the LPA parses smdpSigned2 to confirm receipt of the user intent configuration information userintentConfiguration.
在一种可能的实现方式中,若用户意图配置信息为{Signer,userintentfreeSignature}或userintentfreeSignature时,LPA可以生成localuserintentfreeSigned,其生成方式及内容与上述第二实施例中步骤S209中描述的一致,不再赘述。In a possible implementation manner, if the user intends to configure the information to be {Signer, userintentfreeSignature} or userintentfreeSignature, the LPA may generate localuserintentfreeSigned, and the generated manner and content thereof are consistent with those described in step S209 in the second embodiment, and no longer Narration.
步骤S310:可选的,LPA验证本地eUICC的EID在EIDs内。Step S310: Optionally, the LPA verifies that the EID of the local eUICC is within the EIDs.
步骤S311:LPA将smdpSigned2、smdpSignature2及CERT.DPpb.ECDSA发送给eUICC。Step S311: The LPA sends smdpSigned2, smdpSignature2, and CERT.DPpb.ECDSA to the eUICC.
可选地,若LPA生成localuserintentfreeSigned,则LPA还将生成的localuserintentfreeSigned发送给eUICC。Optionally, if the LPA generates localuserintentfreeSigned, the LPA also sends the generated localuserintentfreeSigned to the eUICC.
在另一种实现方式中,userintentfreeSigned可以由eUICC生成,此种情况下LPA还需要将Operation Type、Operatorid及EIDs(可选的)发送给eUICC。In another implementation, userintentfreeSigned may be generated by the eUICC. In this case, the LPA also needs to send the Operation Type, Operatorid, and EIDs (optional) to the eUICC.
步骤S312:eUICC验证CERT.DPpb.ECDSA合法且与CERT.DPauth.ECDSA属于同一SM-DP+,验证TransactionID匹配当前的RSP会话。Step S312: The eUICC verifies that CERT.DPpb.ECDSA is legal and belongs to the same SM-DP+ as CERT.DPauth.ECDSA, and verifies that the TransactionID matches the current RSP session.
其中,eUICC验证CERT.DPpb.ECDSA的方式与上述第二实施例步骤S212介绍的一致,不再赘述。 The manner in which the eUICC verifies the CERT.DPpb.ECDSA is the same as that described in step S212 of the second embodiment, and details are not described herein.
步骤S313:eUICC对smdpSignature2进行验证。Step S313: The eUICC verifies the smdpSignature2.
具体地,eUICC采用与SK.DPpb.ECDSA对应的第四密钥(PK.DPpb.ECDSA)、smdpSigned2和euiccSignature1对smdpSignature2进行验证,其中,euiccSignature1为eUICC在建立RSP会话过程中产生并保存的鉴权签名值。Specifically, the eUICC verifies the smdpSignature2 by using the fourth key (PK.DPpb.ECDSA), smdpSigned2, and eucicsignature1 corresponding to the SK.DPpb.ECDSA, wherein the eucicSignature1 is the authentication generated and saved by the eUICC during the establishment of the RSP session. Signature value.
具体地,eUICC生成smdpSigned2|euiccSignature1的第三摘要,再用PK.DPpb.ECDSA对smdpSignature2解密生成第四摘要,在第三摘要与第四摘要相同时,对smdpSignature2的验证通过。举例来说,在SM-DP+中,A={smdpSigned2,euiccSignature1},对A取摘要得到摘要a,smdpSignature2为对摘要a利用SK.DPpb.ECDSA进行加密得到的签名值;当smdpSigned2和smdpSignature2传输至eUICC时,对smdpSigned2|euiccSignature1取摘要得到摘要a1,利用PK.DPpb.ECDSA对smdpSignature2解密生成新的摘要b,在摘要a1和摘要b相同时,对smdpSignature2的验证通过。Specifically, the eUICC generates a third digest of smdpSigned2|euiccSignature1, and then decrypts smdpSignature2 with PK.DPpb.ECDSA to generate a fourth digest. When the third digest is the same as the fourth digest, the verification of smdpSignature2 is passed. For example, in SM-DP+, A={smdpSigned2, eucicSignature1}, the summary is obtained for A, and smdpSignature2 is the signature value obtained by encrypting the summary a with SK.DPpb.ECDSA; when smdpSigned2 and smdpSignature2 are transmitted to In eUICC, the abstract is obtained by summarizing smdpSigned2|euiccSignature1 to obtain a digest a1, and smdpSignature2 is decrypted by PK.DPpb.ECDSA to generate a new digest b. When the digest a1 and the digest b are the same, the verification of smdpSignature2 is passed.
步骤S314:eUICC对userintentConfiguration进行验证。Step S314: The eUICC verifies the userintentConfiguration.
具体地,当userintentConfiguration为{Signer,userintentfreeSignature}或userintentfreeSignature时,对userintentfreeSignature和Signer进行验证的步骤在可参照上述第二实施例的步骤S213,不再赘述。Specifically, when the userintentConfiguration is {Signer, userintentfreeSignature} or userintentfreeSignature, the steps of verifying the userintentfreeSignature and the signer may refer to step S213 of the second embodiment, and details are not described herein.
具体地,当userintentConfiguration为User Intent Free Required Flag时,eUICC判断User Intent Free Required Flag是否有效来进行验证,例如User Intent Free Required Flag的值为‘True’(或者‘1’)则确定有效,对userintentConfiguration的验证通过;User Intent Free Required Flag的值为‘False’(或者‘0’)则确定无效,对userintentConfiguration的验证未通过。或者,当userintentConfiguration为User Intent Free Required Flag时,eUICC并不对其进行验证,而是在步骤S313对smdpSignature2进行验证后将验证结果返回给LPA,由LPA进行User Intent Free Required Flag验证。Specifically, when the userintentConfiguration is the User Intent Free Required Flag, the eUICC determines whether the User Intent Free Required Flag is valid for verification. For example, the value of the User Intent Free Required Flag is 'True' (or '1'), and the userintentConfiguration is determined to be valid. The verification is passed; the value of User Intent Free Required Flag is 'False' (or '0'), it is invalid, and the verification of userintentConfiguration is not passed. Alternatively, when the userintentConfiguration is the User Intent Free Required Flag, the eUICC does not verify it, but returns the verification result to the LPA after the smdpSignature2 is verified in step S313, and the User Intent Free Required Flag is verified by the LPA.
步骤S315:eUICC向LPA发送验证完成指令。Step S315: The eUICC sends a verification completion instruction to the LPA.
步骤S316:LPA根据验证完成指令确定是否执行用户意图确认步骤。Step S316: The LPA determines whether to perform the user intention confirmation step according to the verification completion instruction.
步骤S317:验证完成指令为验证不通过指令,LPA执行用户意图确认步骤。Step S317: The verification completion instruction is a verification failure instruction, and the LPA performs a user intention confirmation step.
步骤S318:LPA继续执行Profile下载和安装流程。Step S318: The LPA continues to perform the profile download and installation process.
步骤S315~S318的实现逻辑与方式与上述第二实施例中步骤S214~S217一致,不再赘述。The implementation logics and manners of the steps S315 to S318 are the same as those of the foregoing steps S214 to S217 in the second embodiment, and are not described again.
在图6所述的方法中,用户意图配置信息userintentConfiguration为{Signer,userintentfreeSignature}、userintentfreeSignature或User Intent Free Required Flag,Operator BSS从Enterprise、OEM或EUM处获取userintentfreeSignature并将userintentfreeSignature(和Signer)携带在ConfirmOrder中发送给SM-DP+(userintentConfiguration为User Intent Free Required Flag时Operator BSS不执行获取userintentfreeSignature步骤),当终端设备要进行Profile下载操作时,SM-DP+将userintentConfiguration放进smdpSigned2进行签名保护并发送给终端设备的LPA,LPA和eUICC配合完成对smdpSignature2及userintentConfiguration的验证,在对smdpSignature2签名验证通过且对userintentConfiguration验证通过时跳过用户意图确认步骤,有助于实现对Profile的高效下载,特别有益于批量的企业用户终端设备的场景。 In the method described in FIG. 6, the user intends to configure the information userintentConfiguration to be {Signer, userintentfreeSignature}, userintentfreeSignature, or User Intent Free Required Flag, and the Operator BSS obtains the userintentfreeSignature from Enterprise, OEM, or EUM and carries the userintentfreeSignature (and Signer) in the ConfirmOrder. When sent to SM-DP+ (userintentConfiguration is User Intent Free Required Flag, Operator BSS does not perform the procedure of obtaining userintentfreeSignature). When the terminal device wants to perform profile download operation, SM-DP+ puts userintentConfiguration into smdpSigned2 for signature protection and sends it to the terminal device. LPA, LPA and eUICC cooperate to complete the verification of smdpSignature2 and userintentConfiguration. When the smdpSignature2 signature verification is passed and the userintentConfiguration is verified, the user intent confirmation step is skipped, which helps to achieve efficient download of the profile, especially for batch enterprises. The scenario of the user terminal device.
请参见图7,图7是本发明第四实施例提供的一种eUICC配置文件远程管理方法的流程示意图。在本发明实施例中,终端设备执行的eUICC管理操作为RPM操作,具体实现流程如下:Referring to FIG. 7, FIG. 7 is a schematic flowchart diagram of a method for remotely managing an eUICC configuration file according to a fourth embodiment of the present invention. In the embodiment of the present invention, the eUICC management operation performed by the terminal device is an RPM operation, and the specific implementation process is as follows:
步骤S401:LPA获取SM-DP+地址。Step S401: The LPA acquires the SM-DP+ address.
步骤S402:LPA与SM-DP+建立TLS连接。Step S402: The LPA establishes a TLS connection with the SM-DP+.
步骤S403:SM-DP+与eUICC基于HTTPS进行双向鉴权。Step S403: The SM-DP+ and the eUICC perform mutual authentication based on the HTTPS.
至此,终端设备与SM-DP+之间的RSP会话建立成功,其建立的逻辑与流程与上述第二实施例步骤S201~S203描述的一致,不再赘述。At this point, the RSP session between the terminal device and the SM-DP+ is successfully established, and the logic and process of the establishment are the same as those described in steps S201 to S203 of the second embodiment, and details are not described herein.
步骤S404:SM-DP+查找得到Profile远程管理待处理事件(pending RPM order)或批量Profile远程管理待处理事件(pending Batch RPM order)。Step S404: The SM-DP+ search obtains a profile remote management pending event (pending RPM order) or a batch profile remote management pending event (pending batch RPM order).
具体地,pending RPM order或pending Batch RPM order可以在SM-DP+接收到Operator BSS的远程Profile管理命令(Remote Profile Management Order,RPMOrder)后产生,以下介绍具体流程。Specifically, the pending RPM order or the pending Batch RPM order may be generated after the SM-DP+ receives the Remote Profile Management Order (RPMOrder) of the Operator BSS. The specific process is described below.
步骤S11:Operator BSS获取免用户意图授权userintentfreeSignature。Step S11: The Operator BSS obtains the user-intention-free authorization userintentfreeSignature.
其中,Operator BSS获取userintentfreeSignature的方式及与结合图3介绍的SM-DP+的的Profile下载初始化过程步骤S3中介绍的一致相同,需要说明的是,在本发明实施例中euicc Operation Type为各种Profile远程管理操作(例如,去激活Disable,激活Enable,删除Delete,更新Update,查询Query)。The manner in which the operator BSS obtains the userintentfreeSignature is the same as that described in the step S3 of the profile download initialization process of the SM-DP+ described in conjunction with FIG. 3. It should be noted that in the embodiment of the present invention, the eucic Operation Type is various profiles. Remote management operations (for example, deactivate Disable, activate Enable, delete Delete, update Update, query Query).
步骤S12:Operator向SM-DP+发送RPMOrder,其中,RPMOrder中携带userintentfreeSignature,RPM Command。Step S12: The Operator sends an RPMorder to the SM-DP+, where the RPMorder carries the userintentfreeSignature, RPM Command.
可选地,RPMOrder中还可携带ICCIDs,Signer,EIDs。Optionally, ICDRDs, Signer, and EIDs may also be carried in the RPMOrder.
步骤S13:SM-DP+进行合法性检查。Step S13: The SM-DP+ performs a legality check.
具体地,SM-DP+对EIDs或ICCIDs进行检查,确认是否属于其管理范围。Specifically, SM-DP+ checks EIDs or ICCIDs to see if they belong to their management scope.
步骤S14:SM-DP+生成一个或多个pending RPM order或生成pending Batch RPM order。Step S14: SM-DP+ generates one or more pending RPM orders or generates a pending Batch RPM order.
可选地,SM-DP+还在SM-DS处进行事件注册。Optionally, the SM-DP+ also performs event registration at the SM-DS.
具体地,每一个RPM Oder事件都有一个eventID标识。Specifically, each RPM Oder event has an eventID identifier.
具体地,SM-DP+通过eventID或EID查找到pending RPM order或pending Batch RPM order。Specifically, SM-DP+ finds a pending RPM order or a pending Batch RPM order through eventID or EID.
步骤S405:SM-DP+生成第二待签名数据(例如为smdpSigned3),smdpSigned3={TransactionID,RPM Command}。Step S405: SM-DP+ generates second to-be-signed data (for example, smdpSigned3), smdpSigned3={TransactionID, RPM Command}.
步骤S406:SM-DP+利用第三密钥(SK.DPrpm.ECDSA)对smdpSigned3|euiccSignature1进行签名计算生成第二签名值(smdpSignature3),其中,SK.DPrpm.ECDSA是SM-DP+的远程Profile管理(Remote Profile Management,RPM)证书(CERT.DPrpm.ECDSA)的私钥。Step S406: SM-DP+ performs a signature calculation on smdpSigned3|euiccSignature1 by using a third key (SK.DPrpm.ECDSA) to generate a second signature value (smdpSignature3), wherein SK.DPrpm.ECDSA is a remote profile management of SM-DP+ ( The private key of the Remote Profile Management (RPM) certificate (CERT.DPrpm.ECDSA).
具体地,RPM证书可以与鉴权证书区分或者复用。Specifically, the RPM certificate can be distinguished or multiplexed from the authentication certificate.
具体地,SM-DP+可以生成smdpSigned3|euiccSignature1的摘要,然后利用 SK.DPrpm.ECDSA对所述摘要进行加密生成smdpSignature3。例如C={smdpSigned3,euiccSignature1},对C取摘要得到c,利用SK.DPrpm.ECDSA对摘要c进行加密得到的的结果即第二签名值smdpSignature3。Specifically, SM-DP+ can generate a summary of smdpSigned3|euiccSignature1 and then utilize SK.DPrpm.ECDSA encrypts the digest to generate smdpSignature3. For example, C={smdpSigned3, eucicsignature1}, the C is digested to obtain c, and the result of encrypting the digest c by SK.DPrpm.ECDSA is the second signature value smdpSignature3.
步骤S407:SM-DP+将smdpSigned3、smdpSignature3、CERT.DPrpm.ECDSA、userintentConfiguration、EIDs及Operatorid发送给LPA。Step S407: SM-DP+ sends smdpSigned3, smdpSignature3, CERT.DPrpm.ECDSA, userintentConfiguration, EIDs and Operatorid to the LPA.
其中,EIDs是可选的;Operatorid可以包含在RPM Command中。Among them, EIDs are optional; Operatorid can be included in RPM Command.
步骤S408:LPA确认收到userintentConfiguration,生成localuserintentfreeSigned,localuserintentfreeSigned={euicc Operation Type、Operatorid、SM-DP+OID}。Step S408: The LPA confirms receipt of the userintentConfiguration, and generates localuserintentfreeSigned, localuserintentfreeSigned={euicc Operation Type, Operatorid, SM-DP+OID}.
在另一种实施方式中,localuserintentfreeSigned={euicc Operation Type、Operatorid、SM-DP+OID,EIDs}。In another embodiment, localuserintentfreeSigned={euicc Operation Type, Operatorid, SM-DP+OID, EIDs}.
具体地,LPA通过RPM Command识别euicc Operation Type,从smdpSigned3中或者RPM Command中读取Operatorid,从CERT.DPrpm.ECDSA证书中获取SM-DP+OID。Specifically, the LPA identifies the eucic Operation Type through the RPM Command, reads the Operatorid from the smdpSigned3 or the RPM Command, and obtains the SM-DP+OID from the CERT.DPrpm.ECDSA certificate.
具体地,euicc Operation Type包括例如去激活(Disable)、激活(Enable)、删除(Delete)、更新(Update)或查询(Query)。Specifically, the eucic Operation Type includes, for example, a Disable, an Enable, a Delete, an Update, or a Query.
步骤S409:LPA验证本地eUICC的EID在EIDs内。Step S409: The LPA verifies that the EID of the local eUICC is within the EIDs.
步骤S410:LPA将localuserintentfreeSigned、userintentConfiguration、TransactionID及CERT.DPrpm.ECDSA发送给eUICC。Step S410: The LPA sends localuserintentfreeSigned, userintentConfiguration, TransactionID, and CERT.DPrpm.ECDSA to the eUICC.
具体地,TransactionID从smdpSigned3中读取。Specifically, the TransactionID is read from smdpSigned3.
在另一种实现方式中,localuserintentfreeSigned可以由eUICC生成,LPA将euicc Operation Type、Operatorid、userintentConfiguration、TransactionID及CERT.DPrpm.ECDSA发送给eUICC。可选地,LPA还将EIDs发送给eUICC。In another implementation, localuserintentfreeSigned may be generated by eUICC, which sends eucic Operation Type, Operatorid, userintentConfiguration, TransactionID, and CERT.DPrpm.ECDSA to eUICC. Optionally, the LPA also sends EIDs to the eUICC.
步骤S411:eUICC验证CERT.DPrpm.ECDSA合法且与CERT.DPauth.ECDSA属于同一SM-DP+,验证TransactionID匹配当前的RSP会话。Step S411: The eUICC verifies that CERT.DPrpm.ECDSA is legal and belongs to the same SM-DP+ as CERT.DPauth.ECDSA, and verifies that the TransactionID matches the current RSP session.
具体地,eUICC通过分别从CERT.DPrpm.ECDSA和CERT.DPauth.ECDSA中获取SM-DP+OID,对分别获取出来的两个SM-DP+OID进行比较,若两个SM-DP+OID相同则确定CERT.DPrpm.ECDSA与CERT.DPauth.ECDSA属于同一SM-DP+。Specifically, the eUICC compares the two SM-DP+OIDs obtained by acquiring the SM-DP+OIDs from CERT.DPrpm.ECDSA and CERT.DPauth.ECDSA respectively, if the two SM-DP+OIDs are the same. Then it is determined that CERT.DPrpm.ECDSA belongs to the same SM-DP+ as CERT.DPauth.ECDSA.
步骤S412:eUICC对userintentConfiguration进行验证。Step S412: The eUICC verifies the userintentConfiguration.
具体地,eUICC验证userintentConfiguration的方法与上述第二实施例中一致,在此不再赘述。Specifically, the method for verifying the userintentConfiguration by the eUICC is the same as that in the foregoing second embodiment, and details are not described herein again.
步骤S413:eUICC向LPA发送验证完成指令。Step S413: The eUICC sends a verification completion instruction to the LPA.
步骤S414:LPA根据验证完成指令确定是否执行用户意图确认步骤。Step S414: The LPA determines whether to perform the user intention confirmation step according to the verification completion instruction.
步骤S415:验证完成指令为验证不通过指令,LPA执行用户意图确认步骤。Step S415: The verification completion instruction is a verification failure instruction, and the LPA performs a user intention confirmation step.
步骤S416:LPA继续执行Profile远程管理流程。Step S416: The LPA continues to execute the profile remote management process.
步骤S413~S416的实现逻辑和具体的方式可参考上述第二实施例中步骤S214~S217,不再赘述。For the implementation logic and the specific manner of the steps S413 to S416, refer to steps S214 to S217 in the foregoing second embodiment, and details are not described herein.
在图7所述的方法中,userintentConfiguration为{Signer,userintentfreeSignature}、userintentfreeSignature,Operator BSS从Enterprise、OEM或EUM处获取 userintentfreeSignature(和Signer)并将userintentConfiguration携带在RPMOrder中发送给SM-DP+,当终端设备要进行Profile远程管理操作时,SM-DP+将userintentConfiguration发送给终端的LPA,LPA和eUICC配合完成对userintentConfiguration的验证,在验证通过时不执行用户意图确认步骤,有助于实现对Profile的高效远程管理。In the method described in FIG. 7, userintentConfiguration is {Signer, userintentfreeSignature}, userintentfreeSignature, and Operator BSS is obtained from Enterprise, OEM, or EUM. UserintentfreeSignature (and Signer) and userintentConfiguration are carried in RPMOrder and sent to SM-DP+. When the terminal device wants to perform profile remote management operation, SM-DP+ sends userintentConfiguration to the LPA of the terminal, and LPA and eUICC cooperate to complete the verification of userintentConfiguration. The user intent confirmation step is not performed when the verification is passed, which facilitates efficient remote management of the profile.
请参见图8,图8是本发明第五实施例提供的一种eUICC配置文件远程管理方法的流程示意图。在本发明实施例中,终端设备执行的eUICC管理操作为RPM操作,具体实现流程如下:Referring to FIG. 8, FIG. 8 is a schematic flowchart diagram of a method for remotely managing an eUICC configuration file according to a fifth embodiment of the present invention. In the embodiment of the present invention, the eUICC management operation performed by the terminal device is an RPM operation, and the specific implementation process is as follows:
步骤S501:LPA获取SM-DP+地址。Step S501: The LPA acquires the SM-DP+ address.
步骤S502:LPA与SM-DP+建立TLS连接。Step S502: The LPA establishes a TLS connection with the SM-DP+.
步骤S503:SM-DP+与eUICC基于HTTPS进行双向鉴权。Step S503: SM-DP+ and eUICC perform mutual authentication based on HTTPS.
至此,经过双向鉴权后终端设备与SM-DP+之间的会话建立成功,其建立的逻辑与流程与上述第二实施例步骤S201~S203描述的一致,不再赘述。At this point, after the two-way authentication, the session between the terminal device and the SM-DP+ is successfully established, and the logic and the process of the establishment are the same as those described in steps S201 to S203 of the second embodiment, and details are not described herein.
步骤S504:SM-DP+查找得到pending RPM order或pending Batch RPM order。Step S504: The SM-DP+ search finds a pending RPM order or a pending Batch RPM order.
其中,步骤S504的实现逻辑与方式与上述第四实施例中步骤S404一致,不再赘述。The implementation logic and mode of the step S504 are the same as those of the step S404 in the fourth embodiment, and details are not described herein.
步骤S505:SM-DP+生成smdpSigned3,smdpSigned3={TransactionID,RPM Command,userintentConfiguration,EIDs,Operatorid}。Step S505: SM-DP+ generates smdpSigned3, smdpSigned3={TransactionID, RPM Command, userintentConfiguration, EIDs, Operatorid}.
其中,EIDs是可选的;Operatorid也可以包含在RPM Command中。Among them, EIDs are optional; Operatorid can also be included in RPM Command.
需要说明的是,在本发明实施例中,若userintentConfiguration为{Signer,userintentfreeeSignature}或userintentfreeSignature,则smdpSigned3为第二待签名数据,若userintentfreeSignature为User Intent Free Ruired Flag,则smdpSigned3为第三待签名数据。It should be noted that, in the embodiment of the present invention, if the userintentConfiguration is {Signer, userintentfreeeSignature} or userintentfreeSignature, smdpSigned3 is the second data to be signed, and if the userintentfreeSignature is the User Intent Free Ruired Flag, smdpSigned3 is the third data to be signed.
步骤S506:SM-DP+利用SK.DPrpm.ECDSA对smdpSigned3|euiccSignature1进行签名计算生成smdpSignature3。Step S506: SM-DP+ performs signature calculation on smdpSigned3|euiccSignature1 by using SK.DPrpm.ECDSA to generate smdpSignature3.
smdpSignature3的生成方式在上述第四实施例步骤S406中提及,不再赘述。The generation manner of smdpSignature3 is mentioned in step S406 of the fourth embodiment described above, and will not be described again.
需要说明的是,在本发明实施例中,若userintentConfiguration为{Signer,userintentfreeSignature}或userintentfreeSignature,smdpSignature3为第二签名值,若userintentConfiguration为User Itent Free Ruired Flag,则smdpSignature3为第三签名值。It should be noted that, in the embodiment of the present invention, if the userintentConfiguration is {Signer, userintentfreeSignature} or userintentfreeSignature, the smdpSignature3 is the second signature value, and if the userintentConfiguration is the User Itent Free Ruired Flag, the smdpSignature3 is the third signature value.
步骤S507:SM-DP+将smdpSigned3、smdpSignature3、CERT.DPrpm.ECDSA发送给LPA。Step S507: SM-DP+ sends smdpSigned3, smdpSignature3, CERT.DPrpm.ECDSA to the LPA.
步骤S508:LPA确认收到userintentConfiguration。Step S508: The LPA confirms receipt of the userintentConfiguration.
具体地,LPA解析smdpSigned3中的数据确认收到userintentConfiguration。Specifically, the LPA parses the data in smdpSigned3 to confirm receipt of the userintentConfiguration.
在一种可能的实现方式中,若userintentConfiguration为{Signer,userintentfreeSignature}或userintentfreeSignature时,LPA可以生成localuserintentfreeSigned,其生成的方式及内容与上述第四实施例中步骤S408中描述的一致,不再赘述。In a possible implementation, if the userintentConfiguration is {Signer, userintentfreeSignature} or userintentfreeSignature, the LPA can generate localuserintentfreeSigned, and the manner and content of the LPA are consistent with those described in step S408 in the fourth embodiment, and details are not described herein.
步骤S509:LPA验证本地eUICC的EID在EIDs内。Step S509: The LPA verifies that the EID of the local eUICC is within the EIDs.
步骤S510:LPA将smdpSigned3、smdpSignature3及CERT.DPrpm.ECDSA发送给eUICC。Step S510: The LPA sends smdpSigned3, smdpSignature3, and CERT.DPrpm.ECDSA to the eUICC.
可选地,若LPA生成localuserintentfreeSigned,则LPA将localuserintentfreeSigned发 送给eUICC。Optionally, if the LPA generates localuserintentfreeSigned, the LPA will send localuserintentfreeSigned Send it to eUICC.
在另一种实现方式中,localuserintentfreeSigned可以由eUICC生成,此时LPA还需要将euicc Operation Type、Operatorid及可选的EIDs发送给eUICC。In another implementation manner, localuserintentfreeSigned may be generated by the eUICC, and the LPA also needs to send the eucic Operation Type, the Operatorid, and the optional EIDs to the eUICC.
步骤S511:eUICC验证CERT.DPrpm.ECDSA合法且与CERT.DPauth.ECDSA属于同一SM-DP+,验证TransactionID匹配当前的RSP会话。Step S511: The eUICC verifies that CERT.DPrpm.ECDSA is legal and belongs to the same SM-DP+ as CERT.DPauth.ECDSA, and verifies that the TransactionID matches the current RSP session.
步骤S512:eUICC对smdpSignature3进行验证。Step S512: The eUICC verifies the smdpSignature3.
具体地,eUICC采用与SK.DPrpm.ECDSA对应的第四密钥(PK.DPrpm.ECDSA)、smdpSigned3和euiccSignature1对smdpSignature3进行验证。Specifically, the eUICC verifies the smdpSignature3 using the fourth key (PK.DPrpm.ECDSA), smdpSigned3, and eucicSignature1 corresponding to SK.DPrpm.ECDSA.
具体地,eUICC对smdpSigned3和本地保存的euiccSignature1生成第五摘要,再用PK.DPrpm.ECDSA对smdpSignature3解密,在第五摘要与解密结果相同时,对smdpSignature3的验证通过。Specifically, the eUICC generates a fifth digest for smdpSigned3 and the locally saved eucicSignature1, and then decrypts smdpSignature3 with PK.DPrpm.ECDSA. When the fifth digest and the decrypted result are the same, the verification of smdpSignature3 is passed.
步骤S513:eUICC对userintentConfiguration进行验证Step S513: The eUICC verifies the userintentConfiguration
具体地,当userintentConfiguration为{Signer,userintentfreeSignature}或userintentfreeSignature时,对userintentConfiguration进行验证的步骤可参照上述第二实施例步骤S213,不再赘述。Specifically, when the userintentConfiguration is {Signer, userintentfreeSignature} or userintentfreeSignature, the step of verifying the userintentConfiguration may refer to step S213 of the second embodiment, and details are not described herein.
具体地,当userintentConfiguration为User Intent Free Required Flag时,对userintentConfiguration的验证可参照上述第三实施例步骤S314,不再赘述。Specifically, when the userintentConfiguration is the User Intent Free Required Flag, the verification of the userintentConfiguration may refer to step S314 of the third embodiment, and details are not described herein.
步骤S514:eUICC向LPA发送验证完成指令。Step S514: The eUICC sends a verification completion instruction to the LPA.
步骤S515:LPA根据验证完成指令确定是否执行用户意图确认步骤。Step S515: The LPA determines whether to perform the user intention confirmation step according to the verification completion instruction.
步骤S516:验证完成指令为验证不通过指令,LPA执行用户意图确认步骤。Step S516: The verification completion instruction is a verification failure instruction, and the LPA performs a user intention confirmation step.
步骤S517:LPA继续执行Profile远程管理流程。Step S517: The LPA continues to execute the profile remote management process.
步骤S514~S517的实现逻辑与和具体的方式可参考上述第二实施例中步骤S214~S217,不再赘述。For the implementation of the logic and the specific manners of the steps S514 to S517, reference may be made to the steps S214 to S217 in the foregoing second embodiment, and details are not described herein.
在图8所述的方法中,userintentConfiguration为{Signer,userintentfreeSignature}、userintentfreeSignature或User Intent Free Required Flag,Operator BSS从Enterprise、OEM或EUM处获取userintentfreeSignature(和Signer),将userintentfreeSignature(和Signer)携带在RPMOrder中发送给SM-DP+,当终端要进行Profile远程管理操作时,SM-DP+将userintentConfiguration放进smdpSigned3进行签名保护发送给终端的LPA,LPA和eUICC配合完成对smdpSigned3和userintentConfiguration的验证,在验证通过时不执行用户意图确认步骤,有助于实现对Profile的高效远程管理。In the method described in FIG. 8, userintentConfiguration is {Signer, userintentfreeSignature}, userintentfreeSignature, or User Intent Free Required Flag, and Operator BSS obtains userintentfreeSignature (and Signer) from Enterprise, OEM, or EUM, and userintentfreeSignature (and Signer) in RPMorder. Sended to SM-DP+, when the terminal wants to perform profile remote management operation, SM-DP+ puts userintentConfiguration into smdpSigned3 for signature protection and sends it to the LPA of the terminal. LPA and eUICC cooperate to complete verification of smdpSigned3 and userintentConfiguration. The user intent confirmation step is not performed, which facilitates efficient remote management of the profile.
上述详细阐述了本发明实施例的方法,下面提供了本发明实施例的装置。The above describes the method of the embodiment of the present invention in detail, and the apparatus of the embodiment of the present invention is provided below.
请参见图9,图9是本发明实施例提供的一种eUICC配置文件管理装置的结构示意图,该eUICC配置文件管理装置可以包括管理会话建立模块610、配置信息获取模块620、验证模块630及执行模块640,其中,各个模块的详细描述如下:Referring to FIG. 9, FIG. 9 is a schematic structural diagram of an eUICC configuration file management apparatus according to an embodiment of the present invention. The eUICC configuration file management apparatus may include a management session establishment module 610, a configuration information acquisition module 620, a verification module 630, and an implementation. Module 640, wherein the detailed description of each module is as follows:
管理会话建立模块610,用于建立与eUICC远程管理服务器的eUICC管理会话;a management session establishing module 610, configured to establish an eUICC management session with the eUICC remote management server;
配置信息获取模块620,用于通过所述eUICC管理会话从所述eUICC远程管理服务 器获取用户意图配置信息;The configuration information obtaining module 620 is configured to remotely manage the service from the eUICC through the eUICC management session. Obtaining user intent configuration information;
验证模块630,用于对所述用户意图配置信息进行验证;The verification module 630 is configured to verify the user intent configuration information.
执行模块640,用于在对所述用户意图配置信息的验证通过的情况下,在本次eUICC管理会话过程中,不执行用户意图确认步骤,其中,所述eUICC管理会话用于执行eUICC配置文件下载和安装操作、eUICC配置文件激活操作、eUICC配置文件去激活操作或eUICC配置文件删除操作中的至少一种操作。The execution module 640 is configured to: during the current eUICC management session, perform a user intent confirmation step, where the eUICC management session is used to execute the eUICC configuration file, if the verification of the user intent configuration information is passed. At least one of a download and install operation, an eUICC profile activation operation, an eUICC profile deactivation operation, or an eUICC profile deletion operation.
需要说明的是,各个模块的实现还可以对应参照图1、图3、图6、图7或图8所示的方法实施例的相应描述。It should be noted that the implementation of each module may also correspond to the corresponding description of the method embodiment shown in FIG. 1 , FIG. 3 , FIG. 6 , FIG. 7 or FIG. 8 .
请参见图10,图10是本发明实施例提供的一种eUICC配置文件管理装置70,该eUICC配置文件管理装置70包括处理器701、存储器702和收发器703,所述处理器701、存储器702和收发器403通过总线相互连接。Referring to FIG. 10, FIG. 10 is an eUICC configuration file management apparatus 70 according to an embodiment of the present invention. The eUICC configuration file management apparatus 70 includes a processor 701, a memory 702, and a transceiver 703. The processor 701 and the memory 702 are provided. And the transceiver 403 are connected to each other through a bus.
存储器702包括但不限于是随机存储记忆体(英文:Random Access Memory,简称:RAM)、只读存储器(英文:Read-Only Memory,简称:ROM)、可擦除可编程只读存储器(英文:Erasable Programmable Read Only Memory,简称:EPROM)、或便携式只读存储器(英文:Compact Disc Read-Only Memory,简称:CD-ROM),该存储器702用于存储相关指令及数据。收发器703用于接收和发送数据。The memory 702 includes, but is not limited to, a random access memory (English: Random Access Memory, RAM for short), a read-only memory (English: Read-Only Memory, abbreviated as: ROM), and an erasable programmable read-only memory (English: Erasable Programmable Read Only Memory (EPROM) or Portable Read-Only Memory (CD-ROM) is used to store related commands and data. The transceiver 703 is configured to receive and transmit data.
处理器701可以是一个或多个中央处理器(英文:Central Processing Unit,简称:CPU),在处理器701是一个CPU的情况下,该CPU可以是单核CPU,也可以是多核CPU。The processor 701 may be one or more central processing units (English: Central Processing Unit, CPU for short). In the case that the processor 701 is a CPU, the CPU may be a single core CPU or a multi-core CPU.
该eUICC配置文件管理装置70中的处理器701用于读取所述存储器702中存储的程序代码,执行以下操作:The processor 701 in the eUICC profile management device 70 is configured to read the program code stored in the memory 702, and perform the following operations:
建立与eUICC远程管理服务器的eUICC管理会话;Establish an eUICC management session with the eUICC remote management server;
通过所述eUICC管理会话从所述eUICC远程管理服务器获取用户意图配置信息;Obtaining user intent configuration information from the eUICC remote management server through the eUICC management session;
对所述用户意图配置信息进行验证;Verifying the user intent configuration information;
在对所述用户意图配置信息的验证通过的情况下,在本次eUICC管理会话过程中,不执行用户意图确认步骤,其中,所述eUICC管理会话用于执行eUICC配置文件下载和安装操作、eUICC配置文件激活操作、eUICC配置文件去激活操作或eUICC配置文件删除操作中的至少一种操作。In the case that the verification of the user intent configuration information is passed, the user intent confirmation step is not performed during the current eUICC management session, wherein the eUICC management session is used to execute the eUICC configuration file download and installation operation, eUICC At least one of a profile activation operation, an eUICC profile deactivation operation, or an eUICC profile deletion operation.
需要说明的是,各个操作的实现还可以对应参照图1、图1、图3、图6、图7或图8所示的方法实施例的相应描述。It should be noted that the implementation of each operation may also correspond to the corresponding description of the method embodiment shown in FIG. 1 , FIG. 1 , FIG. 3 , FIG. 6 , FIG. 7 or FIG. 8 .
请参见图11,图11是本发明实施例提供的一种本地eUICC配置文件辅助模块的结构示意图,该本地eUICC配置文件辅助模块包括管理会话建立单元810、配置信息获取单元820、验证指令发送单元830及第一执行单元840,其中,各个单元的详细描述如下:Referring to FIG. 11, FIG. 11 is a schematic structural diagram of a local eUICC configuration file auxiliary module according to an embodiment of the present invention. The local eUICC configuration file auxiliary module includes a management session establishing unit 810, a configuration information acquiring unit 820, and a verification instruction sending unit. 830 and a first execution unit 840, wherein the detailed description of each unit is as follows:
管理会话建立单元810,用于建立与eUICC远程管理服务器的eUICC管理会话;a management session establishing unit 810, configured to establish an eUICC management session with the eUICC remote management server;
配置信息获取单元820,用于通过所述eUICC管理会话从所述eUICC远程管理服务器获取用户意图配置信息;The configuration information obtaining unit 820 is configured to acquire user intent configuration information from the eUICC remote management server by using the eUICC management session;
验证指令发送单元830,用于向eUICC模块发送用户意图验证指令,所述用户意图 验证指令被所述eUICC模块用于对所述用户意图配置信息进行验证,其中,所述用户意图验证指令中携带所述用户意图配置信息;a verification instruction sending unit 830, configured to send a user intention verification instruction to the eUICC module, where the user intention The verification instruction is used by the eUICC module to verify the user intent configuration information, where the user intent verification instruction carries the user intent configuration information;
第一执行单元840,用于在对所述用户意图配置信息的验证通过的情况下,在本次eUICC管理会话过程中,不执行用户意图确认步骤,其中,所述eUICC管理会话用于执行eUICC配置文件下载和安装操作、eUICC配置文件激活操作、eUICC配置文件去激活操作或eUICC配置文件删除操作中的至少一种操作。The first execution unit 840 is configured to: during the current eUICC management session, perform a user intent confirmation step, where the eUICC management session is used to execute the eUICC, if the verification of the user intent configuration information is passed. At least one of a configuration file download and install operation, an eUICC configuration file activation operation, an eUICC configuration file deactivation operation, or an eUICC configuration file deletion operation.
需要说明的是,各个单元的实现还可以对应参照图1、图3、图6、图7或图8所示的方法实施例中对LPA的相应描述。It should be noted that the implementation of each unit may also correspond to the corresponding description of the LPA in the method embodiment shown in FIG. 1 , FIG. 3 , FIG. 6 , FIG. 7 or FIG. 8 .
请参见图12,图12是本发明实施例提供的一种终端90,该终端90包括处理器901、存储器902和收发器903,所述处理器901、存储器902和收发器903通过总线相互连接。Referring to FIG. 12, FIG. 12 is a terminal 90 according to an embodiment of the present invention. The terminal 90 includes a processor 901, a memory 902, and a transceiver 903. The processor 901, the memory 902, and the transceiver 903 are connected to each other through a bus. .
存储器902包括但不限于是随机存储记忆体(英文:Random Access Memory,简称:RAM)、只读存储器(英文:Read-Only Memory,简称:ROM)、可擦除可编程只读存储器(英文:Erasable Programmable Read Only Memory,简称:EPROM)、或便携式只读存储器(英文:Compact Disc Read-Only Memory,简称:CD-ROM),该存储器902用于存储相关指令及数据。收发器903用于接收和发送数据。The memory 902 includes, but is not limited to, a random access memory (English: Random Access Memory, RAM for short), a read-only memory (English: Read-Only Memory, ROM for short), and an erasable programmable read-only memory (English: Erasable Programmable Read Only Memory (EPROM) or Portable Read-Only Memory (CD-ROM) is used to store related commands and data. The transceiver 903 is configured to receive and transmit data.
处理器901可以是一个或多个中央处理器(英文:Central Processing Unit,简称:CPU),在处理器901是一个CPU的情况下,该CPU可以是单核CPU,也可以是多核CPU。The processor 901 may be one or more central processing units (English: Central Processing Unit, CPU for short). In the case that the processor 901 is a CPU, the CPU may be a single core CPU or a multi-core CPU.
该终端90中的处理器901用于读取所述存储器902中存储的程序代码,执行以下操作:The processor 901 in the terminal 90 is configured to read the program code stored in the memory 902, and perform the following operations:
建立与eUICC远程管理服务器的eUICC管理会话;Establish an eUICC management session with the eUICC remote management server;
通过所述eUICC管理会话从所述eUICC远程管理服务器获取用户意图配置信息;Obtaining user intent configuration information from the eUICC remote management server through the eUICC management session;
向eUICC模块发送用户意图验证指令,所述用户意图验证指令被所述eUICC模块用于对所述用户意图配置信息进行验证,其中,所述用户意图验证指令中携带所述用户意图配置信息;Sending a user intent verification instruction to the eUICC module, where the user intent verification instruction is used by the eUICC module to verify the user intent configuration information, wherein the user intent verification instruction carries the user intent configuration information;
在对所述用户意图配置信息的验证通过的情况下,在本次eUICC管理会话过程中,不执行用户意图确认步骤,其中,所述eUICC管理会话用于执行eUICC配置文件下载和安装操作、eUICC配置文件激活操作、eUICC配置文件去激活操作或eUICC配置文件删除操作中的至少一种操作。In the case that the verification of the user intent configuration information is passed, the user intent confirmation step is not performed during the current eUICC management session, wherein the eUICC management session is used to execute the eUICC configuration file download and installation operation, eUICC At least one of a profile activation operation, an eUICC profile deactivation operation, or an eUICC profile deletion operation.
需要说明的是,各个操作的实现还可以对应参照图1、图1、图3、图6、图7或图8所示的方法实施例的相应描述。It should be noted that the implementation of each operation may also correspond to the corresponding description of the method embodiment shown in FIG. 1 , FIG. 1 , FIG. 3 , FIG. 6 , FIG. 7 or FIG. 8 .
请参见图13,图13是本发明实施例提供的一种eUICC模块的结构示意图,该eUICC模块包括验证指令接收单元1010、验证单元1020、及第二执行单元1030,其中,各个单元的详细描述如下:Referring to FIG. 13, FIG. 13 is a schematic structural diagram of an eUICC module according to an embodiment of the present invention. The eUICC module includes a verification instruction receiving unit 1010, a verification unit 1020, and a second execution unit 1030, wherein a detailed description of each unit is provided. as follows:
验证指令接收单元1010,用于接收本地eUICC配置文件辅助模块发送的用户意图验证指令,其中,所述用户意图验证指令中携带用户意图配置信息,所述用户意图配置信息为所述本地eUICC配置文件辅助模块从与eUICC远程管理服务器的eUICC管理会话获取; The verification instruction receiving unit 1010 is configured to receive a user intent verification instruction sent by the local eUICC configuration file auxiliary module, where the user intent verification instruction carries user intent configuration information, where the user intent configuration information is the local eUICC configuration file. The auxiliary module is obtained from an eUICC management session with the eUICC remote management server;
验证单元1020,用于对所述用户意图配置信息进行验证;a verification unit 1020, configured to verify the user intent configuration information;
第二执行单元1030,用于在对所述用户意图配置信息的验证通过的情况下,在本次eUICC管理会话过程中,不执行用户意图确认步骤,其中,所述eUICC管理会话用于执行eUICC配置文件下载和安装操作、eUICC配置文件激活操作、eUICC配置文件去激活操作或eUICC配置文件删除操作中的至少一种操作。The second execution unit 1030 is configured to: during the current eUICC management session, perform a user intent confirmation step, where the eUICC management session is used to execute the eUICC, if the verification of the user intent configuration information is passed. At least one of a configuration file download and install operation, an eUICC configuration file activation operation, an eUICC configuration file deactivation operation, or an eUICC configuration file deletion operation.
需要说明的是,各个单元的实现还可以对应参照图1、图3、图6、图7或图8所示的方法实施例中对eUICC的相应描述。It should be noted that the implementation of each unit may also correspond to the corresponding description of the eUICC in the method embodiment shown in FIG. 1 , FIG. 3 , FIG. 6 , FIG. 7 or FIG. 8 .
请参见图14,图14是本发明实施例提供的一种eUICC模块110,该eUICC模块110包括处理器1101、存储器1102和通信接口1103,所述处理器1101、存储器1102和通信接口1103通过总线相互连接。Referring to FIG. 14, FIG. 14 is an eUICC module 110 according to an embodiment of the present invention. The eUICC module 110 includes a processor 1101, a memory 1102, and a communication interface 1103. The processor 1101, the memory 1102, and the communication interface 1103 pass through a bus. Connected to each other.
存储器1102包括但不限于是随机存储记忆体(英文:Random Access Memory,简称:RAM)、只读存储器(英文:Read-Only Memory,简称:ROM)、可擦除可编程只读存储器(英文:Erasable Programmable Read Only Memory,简称:EPROM)、或便携式只读存储器(英文:Compact Disc Read-Only Memory,简称:CD-ROM),该存储器1102用于存储相关指令及数据。通信接口1103用于接收和发送数据。The memory 1102 includes, but is not limited to, a random access memory (English: Random Access Memory, RAM for short), a read-only memory (English: Read-Only Memory, ROM for short), and an erasable programmable read-only memory (English: Erasable Programmable Read Only Memory (EPROM) or Portable Read-Only Memory (CD-ROM) is used to store related commands and data. The communication interface 1103 is for receiving and transmitting data.
处理器1101可以是一个或多个中央处理器(英文:Central Processing Unit,简称:CPU),在处理器1101是一个CPU的情况下,该CPU可以是单核CPU,也可以是多核CPU。The processor 1101 may be one or more central processing units (English: Central Processing Unit, CPU for short). In the case where the processor 1101 is a CPU, the CPU may be a single core CPU or a multi-core CPU.
该eUICC模块110中的处理器1101用于读取所述存储器1102中存储的程序代码,执行以下操作:The processor 1101 in the eUICC module 110 is configured to read the program code stored in the memory 1102, and perform the following operations:
接收本地eUICC配置文件辅助模块发送的用户意图验证指令,其中,所述用户意图验证指令中携带用户意图配置信息,所述用户意图配置信息为所述本地eUICC配置文件辅助模块从与eUICC远程管理服务器的eUICC管理会话获取;Receiving a user intent verification instruction sent by the local eUICC configuration file auxiliary module, where the user intent verification instruction carries user intent configuration information, where the local intent configuration information is the local eUICC configuration file auxiliary module from the eUICC remote management server The eUICC management session is obtained;
对所述用户意图配置信息进行验证;Verifying the user intent configuration information;
在对所述用户意图配置信息的验证通过的情况下,在本次eUICC管理会话过程中,不执行用户意图确认步骤,其中,所述eUICC管理会话用于执行eUICC配置文件下载和安装操作、eUICC配置文件激活操作、eUICC配置文件去激活操作或eUICC配置文件删除操作中的至少一种操作。In the case that the verification of the user intent configuration information is passed, the user intent confirmation step is not performed during the current eUICC management session, wherein the eUICC management session is used to execute the eUICC configuration file download and installation operation, eUICC At least one of a profile activation operation, an eUICC profile deactivation operation, or an eUICC profile deletion operation.
需要说明的是,各个操作的实现还可以对应参照图1、图1、图3、图6、图7或图8所示的方法实施例的相应描述。It should be noted that the implementation of each operation may also correspond to the corresponding description of the method embodiment shown in FIG. 1 , FIG. 1 , FIG. 3 , FIG. 6 , FIG. 7 or FIG. 8 .
综上所述,通过实施本发明实施例,可以实现对Profile的高效下载和安装,以及高效远程Profile管理。In summary, by implementing the embodiments of the present invention, efficient downloading and installation of profiles and efficient remote profile management can be realized.
本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,该流程可以由计算机程序来指令相关的硬件完成,该程序可存储于计算机可读取存储介质中,该程序在执行时,可包括如上述各方法实施例的流程。而前述的存储介质包括:ROM或随机存储记忆体RAM、磁碟或者光盘等各种可存储程序代码的介质。 One of ordinary skill in the art can understand all or part of the process of implementing the above embodiments, which can be completed by a computer program to instruct related hardware, the program can be stored in a computer readable storage medium, when the program is executed The flow of the method embodiments as described above may be included. The foregoing storage medium includes various media that can store program codes, such as a ROM or a random access memory RAM, a magnetic disk, or an optical disk.

Claims (21)

  1. 一种eUICC配置文件管理方法,其特征在于,包括:An eUICC configuration file management method, comprising:
    建立与eUICC远程管理服务器的eUICC管理会话;Establish an eUICC management session with the eUICC remote management server;
    通过所述eUICC管理会话从所述eUICC远程管理服务器获取用户意图配置信息;Obtaining user intent configuration information from the eUICC remote management server through the eUICC management session;
    对所述用户意图配置信息进行验证;Verifying the user intent configuration information;
    在对所述用户意图配置信息的验证通过的情况下,在本次eUICC管理会话过程中,不执行用户意图确认步骤,其中,所述eUICC管理会话用于执行eUICC配置文件下载和安装操作、eUICC配置文件激活操作、eUICC配置文件去激活操作或eUICC配置文件删除操作中的至少一种操作。In the case that the verification of the user intent configuration information is passed, the user intent confirmation step is not performed during the current eUICC management session, wherein the eUICC management session is used to execute the eUICC configuration file download and installation operation, eUICC At least one of a profile activation operation, an eUICC profile deactivation operation, or an eUICC profile deletion operation.
  2. 如权利要求1所述的方法,其特征在于,所述用户意图配置信息包括用户意图标示;或The method of claim 1 wherein said user intent configuration information comprises a user intent indication; or
    所述用户意图配置信息包括第一签名值;或The user intent configuration information includes a first signature value; or
    所述用户意图配置信息包括所述第一签名值及与所述第一签名值对应的数字证书的拥有者名称。The user intent configuration information includes the first signature value and an owner name of a digital certificate corresponding to the first signature value.
  3. 如权利要求1所述的方法,其特征在于,所述用户意图配置信息包括第一签名值,其中,所述第一签名值包括采用第一密钥对第一待签名数据的签名,所述第一密钥包括公钥、私钥或对称密钥;The method of claim 1, wherein the user intent configuration information comprises a first signature value, wherein the first signature value comprises a signature of the first to-be-signed data using the first key, The first key includes a public key, a private key, or a symmetric key;
    所述对所述用户意图配置信息进行验证包括:The verifying the user intent configuration information includes:
    生成本地第一待签名数据,其中,所述本地第一待签名数据包括操作类型、运营商标识及eUICC远程管理服务器对象标识;Generating a local first to-be-signed data, where the local first to-be-signed data includes an operation type, an operator identifier, and an eUICC remote management server object identifier;
    通过与所述第一密钥对应的第二密钥及所述本地第一待签名数据对所述第一签名值进行验证。The first signature value is verified by a second key corresponding to the first key and the local first to-be-signed data.
  4. 如权利要求3所述的方法,其特征在于,所述通过所述eUICC管理会话从所述eUICC远程管理服务器获取用户意图配置信息包括:The method of claim 3, wherein the obtaining the user intent configuration information from the eUICC remote management server by using the eUICC management session comprises:
    通过所述eUICC管理会话从所述eUICC远程管理服务器获取第二待签名数据及第二签名值,其中,所述第二待签名数据包括所述用户意图配置信息,所述第二签名值包括采用第三密钥对所述第二待签名数据和鉴权签名值的签名,所述鉴权签名值在所述eUICC管理会话的建立过程中产生;Acquiring the second to-be-signed data and the second signature value from the eUICC remote management server by using the eUICC management session, where the second to-be-signed data includes the user intent configuration information, and the second signature value includes a signature of the second key to the second signature data and the authentication signature value, the authentication signature value being generated during the establishment of the eUICC management session;
    所述通过与所述第一密钥对应的第二密钥及所述本地第一待签名数据对所述第一签名值进行验证之前还包括:The method further includes: before verifying the first signature value by using the second key corresponding to the first key and the local first to-be-signed data:
    通过与所述第三密钥对应的第四密钥、所述第二待签名数据和所述鉴权签名值对所述第二签名值进行验证并确认验证通过。The second signature value is verified by the fourth key corresponding to the third key, the second signature to be signed data, and the authentication signature value, and the verification is confirmed to pass.
  5. 如权利要求1所述的方法,其特征在于,所述用户意图配置信息包括用户意图标 示;所述通过所述eUICC管理会话从所述eUICC远程管理服务器获取用户意图配置信息包括:The method of claim 1 wherein said user intent configuration information comprises a user icon The obtaining the user intent configuration information from the eUICC remote management server by using the eUICC management session includes:
    通过所述eUICC管理会话从所述eUICC远程管理服务器获取第三待签名数据及第三签名值,其中,所述第三待签名数据包括所述用户意图配置信息,所述第三签名值包括采用第三密钥对所述第三待签名数据和鉴权签名值的签名,所述鉴权签名值在所述eUICC管理会话的建立过程中产生;Acquiring the third to-be-signed data and the third signature value from the eUICC remote management server by using the eUICC management session, where the third to-be-signed data includes the user intent configuration information, and the third signature value includes a signature of the third key to the third signature data and the authentication signature value, where the authentication signature value is generated during the establishment of the eUICC management session;
    所述对所述用户意图配置信息进行验证包括:The verifying the user intent configuration information includes:
    通过与所述第三密钥对应的第四密钥、所述第三待签名数据和所述鉴权签名值对所述第三签名值进行验证并确认验证通过;And verifying the third signature value by using a fourth key corresponding to the third key, the third to-be-signed data, and the authentication signature value, and confirming that the verification is passed;
    验证所述用户意图标示是否有效。Verify that the user intent flag is valid.
  6. 一种eUICC配置文件管理方法,其特征在于,包括:An eUICC configuration file management method, comprising:
    建立与eUICC远程管理服务器的eUICC管理会话;Establish an eUICC management session with the eUICC remote management server;
    通过所述eUICC管理会话从所述eUICC远程管理服务器获取用户意图配置信息;Obtaining user intent configuration information from the eUICC remote management server through the eUICC management session;
    向eUICC模块发送用户意图验证指令,所述用户意图验证指令被所述eUICC模块用于对所述用户意图配置信息进行验证,其中,所述用户意图验证指令中携带所述用户意图配置信息;Sending a user intent verification instruction to the eUICC module, where the user intent verification instruction is used by the eUICC module to verify the user intent configuration information, wherein the user intent verification instruction carries the user intent configuration information;
    在对所述用户意图配置信息的验证通过的情况下,在本次eUICC管理会话过程中,不执行用户意图确认步骤,其中,所述eUICC管理会话用于执行eUICC配置文件下载和安装操作、eUICC配置文件激活操作、eUICC配置文件去激活操作或eUICC配置文件删除操作中的至少一种操作。In the case that the verification of the user intent configuration information is passed, the user intent confirmation step is not performed during the current eUICC management session, wherein the eUICC management session is used to execute the eUICC configuration file download and installation operation, eUICC At least one of a profile activation operation, an eUICC profile deactivation operation, or an eUICC profile deletion operation.
  7. 如权利要求6所述的方法,其特征在于,所述用户意图配置信息包括用户意图标示;或The method of claim 6 wherein said user intent configuration information comprises a user intent indication; or
    所述用户意图配置信息包括第一签名值;或The user intent configuration information includes a first signature value; or
    所述用户意图配置信息包括所述第一签名值及与所述第一签名值对应的数字证书的拥有者名称。The user intent configuration information includes the first signature value and an owner name of a digital certificate corresponding to the first signature value.
  8. 如权利要求6所述的方法,其特征在于,所述用户意图配置信息包括第一签名值,其中,所述第一签名值包括采用第一密钥对第一待签名数据的签名,所述第一密钥包括公钥、私钥或对称密钥;The method of claim 6, wherein the user intent configuration information comprises a first signature value, wherein the first signature value comprises a signature of the first to-be-signed data using the first key, The first key includes a public key, a private key, or a symmetric key;
    所述向eUICC模块发送用户意图验证指令之前包括:Before the sending the user intent verification instruction to the eUICC module, the method includes:
    生成本地第一待签名数据,其中,所述本地第一待签名数据包括操作类型、运营商标识及eUICC远程管理服务器对象标识;Generating a local first to-be-signed data, where the local first to-be-signed data includes an operation type, an operator identifier, and an eUICC remote management server object identifier;
    所述用户意图验证指令中还携带所述本地第一待签名数据,所述本地第一待签名数据被所述eUICC模块用于与所述第一密钥对应的第二密钥对所述第一签名值进行验证。The user intent verification command further carries the local first to-be-signed data, and the local first to-be-signed data is used by the eUICC module to use a second key pair corresponding to the first key. A signature value is verified.
  9. 如权利要求8所述的方法,其特征在于,所述通过所述eUICC管理会话从所述 eUICC远程管理服务器获取用户意图配置信息包括:The method of claim 8 wherein said managing said session through said eUICC The eUICC remote management server obtains user intent configuration information including:
    通过所述eUICC管理会话从所述eUICC远程管理服务器获取第二待签名数据及第二签名值,其中,所述第二待签名数据包括所述用户意图配置信息,所述第二签名值包括采用第三密钥对所述第二待签名数据和鉴权签名值的签名,所述鉴权签名值在所述eUICC管理会话过程中产生;Acquiring the second to-be-signed data and the second signature value from the eUICC remote management server by using the eUICC management session, where the second to-be-signed data includes the user intent configuration information, and the second signature value includes Signing of the second to-be-signed data and the authentication signature value by the third key, the authentication signature value being generated during the eUICC management session;
    所述用户验证指令中还携带所述第二待签名数据及所述第二签名值,其中,所述第二待签名数据和所述鉴权签名值被所述eUICC模块用于与所述第三密钥对应的第四密钥对所述第二签名值进行验证。The second verification data and the second signature value are further carried in the user verification instruction, where the second to-be-signed data and the authentication signature value are used by the eUICC module and the first The fourth key corresponding to the three keys verifies the second signature value.
  10. 如权利要求6所述的方法,其特征在于,所述用户意图配置信息包括用户意图标示;The method of claim 6 wherein said user intent configuration information comprises a user intent indication;
    所述通过所述eUICC管理会话从所述eUICC远程管理服务器获取用户意图配置信息包括:The obtaining the user intent configuration information from the eUICC remote management server by using the eUICC management session includes:
    通过所述eUICC管理会话从所述eUICC远程管理服务器获取第三待签名数据及第三签名值,其中,所述第三待签名数据包括所述用户意图配置信息,所述第三签名值包括采用第三密钥对所述第三待签名数据和鉴权签名值的签名,所述鉴权签名值在所述eUICC管理会话过程中产生;Acquiring the third to-be-signed data and the third signature value from the eUICC remote management server by using the eUICC management session, where the third to-be-signed data includes the user intent configuration information, and the third signature value includes Signing the third to-be-signed data and the authentication signature value by the third key, the authentication signature value being generated during the eUICC management session;
    所述用户验证指令中还携带所述第三待签名数据及所述第三签名值,其中,所述第三待签名数据和所述鉴权签名值被所述eUICC模块用于与所述第三密钥对应的第四密钥对所述第三签名值进行验证;The third verification data and the third signature value are further carried in the user verification instruction, where the third to-be-signed data and the authentication signature value are used by the eUICC module and the first The fourth key corresponding to the three keys verifies the third signature value;
    所述用户意图标示被所述eUICC用于验证是否有效。The user intent indication is used by the eUICC for verification to be valid.
  11. 一种eUICC远程配置文件管理方法,其特征在于,包括:An eUICC remote configuration file management method, comprising:
    接收本地eUICC配置文件辅助模块发送的用户意图验证指令,其中,所述用户意图验证指令中携带用户意图配置信息,所述用户意图配置信息为所述本地eUICC配置文件辅助模块从与eUICC远程管理服务器的eUICC管理会话获取;Receiving a user intent verification instruction sent by the local eUICC configuration file auxiliary module, where the user intent verification instruction carries user intent configuration information, where the local intent configuration information is the local eUICC configuration file auxiliary module from the eUICC remote management server The eUICC management session is obtained;
    对所述用户意图配置信息进行验证;Verifying the user intent configuration information;
    在对所述用户意图配置信息的验证通过的情况下,在本次eUICC管理会话过程中,不执行用户意图确认步骤,其中,所述eUICC管理会话用于执行eUICC配置文件下载和安装操作、eUICC配置文件激活操作、eUICC配置文件去激活操作或eUICC配置文件删除操作中的至少一种操作。In the case that the verification of the user intent configuration information is passed, the user intent confirmation step is not performed during the current eUICC management session, wherein the eUICC management session is used to execute the eUICC configuration file download and installation operation, eUICC At least one of a profile activation operation, an eUICC profile deactivation operation, or an eUICC profile deletion operation.
  12. 如权利要求11所述的方法,其特征在于,所述用户意图配置信息包括用户意图标示;或The method of claim 11 wherein said user intent configuration information comprises a user intent indication; or
    所述用户意图配置信息包括第一签名值;或The user intent configuration information includes a first signature value; or
    所述用户意图配置信息包括所述第一签名值及与所述第一签名值对应的数字证书的拥有者名称。 The user intent configuration information includes the first signature value and an owner name of a digital certificate corresponding to the first signature value.
  13. 如权利要求11所述的方法,其特征在于,所述用户意图配置信息包括第一签名值,其中,所述第一签名值包括采用第一密钥对第一待签名数据的签名,所述第一密钥包括公钥、私钥或对称密钥;The method of claim 11, wherein the user intent configuration information comprises a first signature value, wherein the first signature value comprises a signature of the first to-be-signed data using the first key, The first key includes a public key, a private key, or a symmetric key;
    所述用户意图验证指令中还携带本地第一待签名数据,其中,所述本地第一待签名数据由所述本地eUICC配置文件辅助模块生成,所述本地第一待签名数据包括操作类型、运营商标识及eUICC远程管理服务器对象标识;The user intent verification command further includes a local first to-be-signed data, where the local first to-be-signed data is generated by the local eUICC configuration file auxiliary module, where the local first to-be-signed data includes an operation type and an operation. Vendor ID and eUICC remote management server object identifier;
    所述对所述用户意图配置信息进行验证包括:The verifying the user intent configuration information includes:
    通过与所述第一密钥对应的第二密钥及所述本地第一待签名数据对所述第一签名值进行验证。The first signature value is verified by a second key corresponding to the first key and the local first to-be-signed data.
  14. 如权利要求13所述的方法,其特征在于,所述用户验证指令中还携带第二待签名数据及第二签名值,其中,所述第二待签名数据包括所述用户意图配置信息,所述第二签名值包括采用第三密钥对所述第二待签名数据和鉴权签名值的签名;The method of claim 13, wherein the user verification instruction further carries a second to-be-signed data and a second signature value, wherein the second to-be-signed data includes the user intent configuration information, The second signature value includes a signature of the second to-be-signed data and an authentication signature value by using a third key;
    所述通过与所述第一密钥对应的第二密钥及所述本地第一待签名数据对所述第一签名值进行验证之前还包括:The method further includes: before verifying the first signature value by using the second key corresponding to the first key and the local first to-be-signed data:
    通过与所述第三密钥对应的第四密钥、所述第二待签名数据和所述鉴权签名值对所述第二签名值进行验证并确认验证通过。The second signature value is verified by the fourth key corresponding to the third key, the second signature to be signed data, and the authentication signature value, and the verification is confirmed to pass.
  15. 如权利要求11所述的方法,其特征在于,所述用户意图配置信息包括用户意图标示;所述用户验证指令中还携带第三待签名数据及第三签名值,其中,所述第三待签名数据包括所述用户意图配置信息,所述第三签名值包括采用第三密钥对所述第三待签名数据和鉴权签名值的签名,所述鉴权签名值在所述eUICC管理会话过程中产生;The method of claim 11, wherein the user intent configuration information comprises a user intent indication; the user verification instruction further carries a third to-be-signed data and a third signature value, wherein the third to-be-checked The signature data includes the user intent configuration information, and the third signature value includes a signature of the third to-be-signed data and an authentication signature value by using a third key, the authentication signature value being in the eUICC management session Produced during the process;
    所述对所述用户意图配置信息进行信息验证包括:The verifying the information about the user intent configuration information includes:
    通过与所述第三密钥对应的第四密钥、所述第三待签名数据和所述鉴权签名值对所述第三签名值进行验证并确认验证通过;And verifying the third signature value by using a fourth key corresponding to the third key, the third to-be-signed data, and the authentication signature value, and confirming that the verification is passed;
    验证所述用户意图标示是否有效。Verify that the user intent flag is valid.
  16. 一种eUICC配置文件管理装置,其特征在于,包括:An eUICC configuration file management apparatus, comprising:
    管理会话建立模块,用于建立与eUICC远程管理服务器的eUICC管理会话;a management session establishing module, configured to establish an eUICC management session with the eUICC remote management server;
    配置信息获取模块,用于通过所述eUICC管理会话从所述eUICC远程管理服务器获取用户意图配置信息;a configuration information obtaining module, configured to acquire user intent configuration information from the eUICC remote management server by using the eUICC management session;
    验证模块,用于对所述用户意图配置信息进行验证;a verification module, configured to verify the user intent configuration information;
    执行模块,用于在对所述用户意图配置信息的验证通过的情况下,在本次eUICC管理会话过程中,不执行用户意图确认步骤,其中,所述eUICC管理会话用于执行eUICC配置文件下载和安装操作、eUICC配置文件激活操作、eUICC配置文件去激活操作或eUICC配置文件删除操作中的至少一种操作。An execution module, configured to perform a user intent confirmation step during the current eUICC management session, where the eUICC management session is used to perform eUICC configuration file downloading, if the verification of the user intent configuration information is passed And at least one of an installation operation, an eUICC profile activation operation, an eUICC profile deactivation operation, or an eUICC profile deletion operation.
  17. 一种本地eUICC配置文件辅助模块,其特征在于,包括: A local eUICC configuration file auxiliary module, comprising:
    管理会话建立单元,用于建立与eUICC远程管理服务器的eUICC管理会话;a management session establishing unit, configured to establish an eUICC management session with the eUICC remote management server;
    配置信息获取单元,用于通过所述eUICC管理会话从所述eUICC远程管理服务器获取用户意图配置信息;a configuration information acquiring unit, configured to acquire user intent configuration information from the eUICC remote management server by using the eUICC management session;
    验证指令发送单元,用于向eUICC模块发送用户意图验证指令,所述用户意图验证指令被所述eUICC模块用于对所述用户意图配置信息进行验证,其中,所述用户意图验证指令中携带所述用户意图配置信息;a verification instruction sending unit, configured to send a user intention verification instruction to the eUICC module, where the user intention verification instruction is used by the eUICC module to verify the user intent configuration information, where the user intention verification instruction carries User intent configuration information;
    第一执行单元,用于在对所述用户意图配置信息的验证通过的情况下,在本次eUICC管理会话过程中,不执行用户意图确认步骤,其中,所述eUICC管理会话用于执行eUICC配置文件下载和安装操作、eUICC配置文件激活操作、eUICC配置文件去激活操作或eUICC配置文件删除操作中的至少一种操作。a first execution unit, configured to perform a user intent confirmation step during the current eUICC management session, where the eUICC management session is used to perform eUICC configuration, in the case that the verification of the user intent configuration information is passed At least one of a file download and install operation, an eUICC profile activation operation, an eUICC profile deactivation operation, or an eUICC profile delete operation.
  18. 一种eUICC模块,其特征在于,包括:An eUICC module, comprising:
    验证指令接收单元,用于接收本地eUICC配置文件辅助模块发送的用户意图验证指令,其中,所述用户意图验证指令中携带用户意图配置信息,所述用户意图配置信息为所述本地eUICC配置文件辅助模块从与eUICC远程管理服务器的eUICC管理会话获取;a verification instruction receiving unit, configured to receive a user intent verification instruction sent by the local eUICC configuration file auxiliary module, where the user intent verification instruction carries user intent configuration information, where the user intent configuration information is the local eUICC configuration file auxiliary The module is obtained from an eUICC management session with the eUICC remote management server;
    验证单元,用于对所述用户意图配置信息进行验证;a verification unit, configured to verify the user intent configuration information;
    第二执行单元,用于在对所述用户意图配置信息的验证通过的情况下,在本次eUICC管理会话过程中,不执行用户意图确认步骤,其中,所述eUICC管理会话用于执行eUICC配置文件下载和安装操作、eUICC配置文件激活操作、eUICC配置文件去激活操作或eUICC配置文件删除操作中的至少一种操作。a second execution unit, configured to perform a user intent confirmation step during the current eUICC management session, where the eUICC management session is used to perform eUICC configuration, in the case that the verification of the user intent configuration information is passed At least one of a file download and install operation, an eUICC profile activation operation, an eUICC profile deactivation operation, or an eUICC profile delete operation.
  19. 一种eUICC配置文件管理装置,其特征在于,包括:处理器、存储器和收发器,所述处理器、存储器和收发器通过总线相互连接,其中,所述存储器用于存储程序代码,所述处理器用于调用所述程序代码,执行以下操作:An eUICC configuration file management apparatus, comprising: a processor, a memory, and a transceiver, wherein the processor, the memory, and the transceiver are connected to each other by a bus, wherein the memory is configured to store program code, and the processing The program is used to call the program code, and performs the following operations:
    建立与eUICC远程管理服务器的eUICC管理会话;Establish an eUICC management session with the eUICC remote management server;
    通过所述eUICC管理会话从所述eUICC远程管理服务器获取用户意图配置信息;Obtaining user intent configuration information from the eUICC remote management server through the eUICC management session;
    对所述用户意图配置信息进行验证;Verifying the user intent configuration information;
    在对所述用户意图配置信息的验证通过的情况下,在本次eUICC管理会话过程中,不执行用户意图确认步骤,其中,所述eUICC管理会话用于执行eUICC配置文件下载和安装操作、eUICC配置文件激活操作、eUICC配置文件去激活操作或eUICC配置文件删除操作中的至少一种操作。In the case that the verification of the user intent configuration information is passed, the user intent confirmation step is not performed during the current eUICC management session, wherein the eUICC management session is used to execute the eUICC configuration file download and installation operation, eUICC At least one of a profile activation operation, an eUICC profile deactivation operation, or an eUICC profile deletion operation.
  20. 一种终端,其特征在于,包括:处理器、存储器和收发器,所述处理器、存储器和收发器通过总线相互连接,其中,所述存储器用于存储程序代码,所述处理器用于调用所述程序代码,执行以下操作:A terminal, comprising: a processor, a memory and a transceiver, wherein the processor, the memory and the transceiver are connected to each other by a bus, wherein the memory is used to store program code, and the processor is used to call the The program code, do the following:
    建立与eUICC远程管理服务器的eUICC管理会话;Establish an eUICC management session with the eUICC remote management server;
    通过所述eUICC管理会话从所述eUICC远程管理服务器获取用户意图配置信息;Obtaining user intent configuration information from the eUICC remote management server through the eUICC management session;
    向eUICC模块发送用户意图验证指令,所述用户意图验证指令被所述eUICC模块用 于对所述用户意图配置信息进行验证,其中,所述用户意图验证指令中携带所述用户意图配置信息;Sending a user intent verification instruction to the eUICC module, the user intent verification instruction being used by the eUICC module And verifying the user intent configuration information, where the user intent verification instruction carries the user intent configuration information;
    在对所述用户意图配置信息的验证通过的情况下,在本次eUICC管理会话过程中,不执行用户意图确认步骤,其中,所述eUICC管理会话用于执行eUICC配置文件下载和安装操作、eUICC配置文件激活操作、eUICC配置文件去激活操作或eUICC配置文件删除操作中的至少一种操作。In the case that the verification of the user intent configuration information is passed, the user intent confirmation step is not performed during the current eUICC management session, wherein the eUICC management session is used to execute the eUICC configuration file download and installation operation, eUICC At least one of a profile activation operation, an eUICC profile deactivation operation, or an eUICC profile deletion operation.
  21. 一种eUICC模块,其特征在于,包括:处理器、存储器和通信接口,所述处理器、存储器和通信接口通过总线相互连接,其中,所述存储器用于存储程序代码,所述处理器用于调用所述程序代码,执行以下操作:An eUICC module, comprising: a processor, a memory, and a communication interface, wherein the processor, the memory, and the communication interface are connected to each other by a bus, wherein the memory is used to store program code, and the processor is used to call The program code performs the following operations:
    接收本地eUICC配置文件辅助模块发送的用户意图验证指令,其中,所述用户意图验证指令中携带用户意图配置信息,所述用户意图配置信息为所述本地eUICC配置文件辅助模块从与eUICC远程管理服务器的eUICC管理会话获取;Receiving a user intent verification instruction sent by the local eUICC configuration file auxiliary module, where the user intent verification instruction carries user intent configuration information, where the local intent configuration information is the local eUICC configuration file auxiliary module from the eUICC remote management server The eUICC management session is obtained;
    对所述用户意图配置信息进行验证;Verifying the user intent configuration information;
    在对所述用户意图配置信息的验证通过的情况下,在本次eUICC管理会话过程中,不执行用户意图确认步骤,其中,所述eUICC管理会话用于执行eUICC配置文件下载和安装操作、eUICC配置文件激活操作、eUICC配置文件去激活操作或eUICC配置文件删除操作中的至少一种操作。 In the case that the verification of the user intent configuration information is passed, the user intent confirmation step is not performed during the current eUICC management session, wherein the eUICC management session is used to execute the eUICC configuration file download and installation operation, eUICC At least one of a profile activation operation, an eUICC profile deactivation operation, or an eUICC profile deletion operation.
PCT/CN2017/071322 2017-01-16 2017-01-16 Euicc configuration file management method and related device WO2018129754A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201780061983.1A CN109792604B (en) 2017-01-16 2017-01-16 eUICC configuration file management method and related device
PCT/CN2017/071322 WO2018129754A1 (en) 2017-01-16 2017-01-16 Euicc configuration file management method and related device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2017/071322 WO2018129754A1 (en) 2017-01-16 2017-01-16 Euicc configuration file management method and related device

Publications (1)

Publication Number Publication Date
WO2018129754A1 true WO2018129754A1 (en) 2018-07-19

Family

ID=62839152

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/071322 WO2018129754A1 (en) 2017-01-16 2017-01-16 Euicc configuration file management method and related device

Country Status (2)

Country Link
CN (1) CN109792604B (en)
WO (1) WO2018129754A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110446201A (en) * 2019-09-20 2019-11-12 恒宝股份有限公司 A kind of communications module that realizing eSIM Remote configuration, communication means and system
CN111142892A (en) * 2019-12-30 2020-05-12 飞天诚信科技股份有限公司 Automatic installation method of ios application program and communication device
CN113132990A (en) * 2021-04-19 2021-07-16 东信和平科技股份有限公司 Profile remote subscription method based on eSIM, server and terminal equipment
CN113572861A (en) * 2021-09-27 2021-10-29 北京华安天成智能技术有限公司 Configuration file management method, device, equipment and storage medium
CN113784331A (en) * 2020-06-09 2021-12-10 华为技术有限公司 Method and device for updating data of user identity module card system

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110545309B (en) * 2019-08-07 2022-08-19 中国联合网络通信集团有限公司 Internet of things terminal eUICC card management method, device and system
FR3105703A1 (en) * 2019-12-20 2021-06-25 Orange Administration technique for an access profile to a communication network
CN114513787A (en) * 2021-12-29 2022-05-17 博鼎实华(北京)技术有限公司 Method and device for testing consistency of code number downloading process of eSIM (embedded subscriber identity Module) terminal
CN117135620A (en) * 2023-02-01 2023-11-28 荣耀终端有限公司 Profile file downloading management method, electronic equipment and computer storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104703199A (en) * 2013-12-05 2015-06-10 华为终端有限公司 Management method for embedded universal integrated circuit card, related equipment and system
WO2015081545A1 (en) * 2013-12-05 2015-06-11 华为终端有限公司 Security control method for euicc, and euicc
US20160277930A1 (en) * 2015-03-22 2016-09-22 Apple Inc. Methods and apparatus for user authentication and human intent verification in mobile devices
CN106162602A (en) * 2014-08-14 2016-11-23 三星电子株式会社 The method and apparatus downloaded for the configuration file of group device

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7600015B2 (en) * 2004-06-28 2009-10-06 Nokia Corporation User confirmation in data downloading
CN101505549B (en) * 2008-02-04 2012-08-08 华为技术有限公司 Configuration method and apparatus for terminal equipment
CN101777101B (en) * 2010-01-22 2013-12-18 北京深思洛克软件技术股份有限公司 Method for improving usability of intelligent secret key device and intelligent secret key device
JP2011257954A (en) * 2010-06-08 2011-12-22 Sony Corp Update management server, electronic device, update management system having the server and the device, and method of the system
EP3293993B1 (en) * 2015-05-07 2021-06-30 Samsung Electronics Co., Ltd. Method and apparatus for providing profile

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104703199A (en) * 2013-12-05 2015-06-10 华为终端有限公司 Management method for embedded universal integrated circuit card, related equipment and system
WO2015081545A1 (en) * 2013-12-05 2015-06-11 华为终端有限公司 Security control method for euicc, and euicc
CN106162602A (en) * 2014-08-14 2016-11-23 三星电子株式会社 The method and apparatus downloaded for the configuration file of group device
US20160277930A1 (en) * 2015-03-22 2016-09-22 Apple Inc. Methods and apparatus for user authentication and human intent verification in mobile devices

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110446201A (en) * 2019-09-20 2019-11-12 恒宝股份有限公司 A kind of communications module that realizing eSIM Remote configuration, communication means and system
CN110446201B (en) * 2019-09-20 2022-03-18 恒宝股份有限公司 Communication module, communication method and system for realizing eSIM remote configuration
CN111142892A (en) * 2019-12-30 2020-05-12 飞天诚信科技股份有限公司 Automatic installation method of ios application program and communication device
CN113784331A (en) * 2020-06-09 2021-12-10 华为技术有限公司 Method and device for updating data of user identity module card system
CN113784331B (en) * 2020-06-09 2022-12-30 华为技术有限公司 Method and device for updating system data of user identity module card
CN113132990A (en) * 2021-04-19 2021-07-16 东信和平科技股份有限公司 Profile remote subscription method based on eSIM, server and terminal equipment
CN113572861A (en) * 2021-09-27 2021-10-29 北京华安天成智能技术有限公司 Configuration file management method, device, equipment and storage medium
CN113572861B (en) * 2021-09-27 2021-12-28 北京华安天成智能技术有限公司 Configuration file management method, device, equipment and storage medium

Also Published As

Publication number Publication date
CN109792604B (en) 2021-12-03
CN109792604A (en) 2019-05-21

Similar Documents

Publication Publication Date Title
WO2018129754A1 (en) Euicc configuration file management method and related device
US11076295B2 (en) Remote management method, and device
RU2414086C2 (en) Application authentication
KR101202671B1 (en) Remote access system and method for enabling a user to remotely access a terminal equipment from a subscriber terminal
EP3742696A1 (en) Identity management method, equipment, communication network, and storage medium
KR101243073B1 (en) Method for terminal configuration and management and terminal apparatus
US10595193B2 (en) Method of provisioning a subscriber profile for a secure module
WO2015029945A1 (en) Member profile transfer method, member profile transfer system, and user device
WO2016197764A1 (en) Data processing method, apparatus and system based on mobile application entrance
WO2021004392A1 (en) Authentication method, device, and server
CN112533211B (en) Certificate updating method and system of eSIM card and storage medium
CN114157432B (en) Digital certificate acquisition method, device, electronic equipment, system and storage medium
WO2015176465A1 (en) Account management method and apparatus
WO2018129753A1 (en) Method and device for downloading subscription information set, and related equipment
CN114598555B (en) Broadcast implementation method and system with switchable different platforms
JP6783527B2 (en) Electronic key re-registration system, electronic key re-registration method and program
CN115296822B (en) Method and system for realizing service processing
WO2020201051A1 (en) Methods and apparatus for enabling end-to-end data protection
WO2023273279A1 (en) Network authentication system and method for robot
JP6640949B2 (en) Connection information transmitting device, method and program
WO2023221502A1 (en) Data transmission method and system, and signaling security management gateway
JP2012138729A (en) Data processing device, program and data processing system
KR20240042059A (en) Delegated eUICC Profile Management
Yuan et al. eSIM Technology in IoT Architecture
WO2023237187A1 (en) Provisioning of a subscription profile to a subscriber module

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17891944

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17891944

Country of ref document: EP

Kind code of ref document: A1