WO2018129754A1 - Procédé de gestion de fichier de configuration d'euicc et dispositif associé - Google Patents

Procédé de gestion de fichier de configuration d'euicc et dispositif associé Download PDF

Info

Publication number
WO2018129754A1
WO2018129754A1 PCT/CN2017/071322 CN2017071322W WO2018129754A1 WO 2018129754 A1 WO2018129754 A1 WO 2018129754A1 CN 2017071322 W CN2017071322 W CN 2017071322W WO 2018129754 A1 WO2018129754 A1 WO 2018129754A1
Authority
WO
WIPO (PCT)
Prior art keywords
euicc
user intent
configuration information
signature value
key
Prior art date
Application number
PCT/CN2017/071322
Other languages
English (en)
Chinese (zh)
Inventor
龙水平
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to PCT/CN2017/071322 priority Critical patent/WO2018129754A1/fr
Priority to CN201780061983.1A priority patent/CN109792604B/zh
Publication of WO2018129754A1 publication Critical patent/WO2018129754A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Definitions

  • the present invention relates to the field of eUICC telecommunications smart cards, and in particular, to an eUICC configuration file management method and related apparatus.
  • the eUICC is a removable or non-removable Universal Integrated Circuit Card (UICC) that performs remote profile management in a secure manner or performs local profile management (eg, terminal device user triggered profiles) Activate, deactivate or delete, etc.).
  • UICC Universal Integrated Circuit Card
  • the word eUICC is derived from an embedded UICC, which may be embedded in a terminal device in a single chip form, or as part of other single chips in the terminal device, but does not mean that it must be embedded in the terminal device and cannot be moved, or it may be
  • the removable card form is like a SIM card, a Micro SIM card or a Nano SIM card.
  • eUICC is sometimes called eSIM.
  • the eUICC profile is a combination of data and applications.
  • the Profile can also be regarded as a SIM (Subscriber Identification Module) software module. Like the traditional SIM card, it performs functions such as authentication calculation when the terminal device accesses the mobile network.
  • SIM Subscriber Identification Module
  • the eUICC remote configuration/management system (also known as the remote SIM configuration system) is shown in Figure 1, where the Contract Manager Data Preparation+ (SM-DP+) server is used to prepare the profile and will be ready.
  • the profile is securely sent to the eUICC module of the terminal device, and the profile is remotely managed.
  • the SM-DP+ can be deployed on the server of the operator, the eUICC manufacturer, the original equipment manufacturer (OEM) or other parties;
  • the Subscription Manager Discovery Service (SM-DS) server is used to provide the SM-DP+ address (or one or more) to the terminal device, and the terminal device can communicate with the SM through the SM-DP+ address.
  • -DP+ establishes a connection, or the terminal device further obtains the SM-DP+ address by replacing the SM-DS;
  • the terminal device (Device) includes a local profile assistant (LPA) module for establishing a connection with the SM-DP+.
  • LPA local profile assistant
  • Related management operations for Profile and eUICC such as download and installation, remote profile management and remote eUICC management, eUICC module for implementing SIM Card functions and profile and eUICC configuration and management functions;
  • Operator BSS is the operator's business support system, which is responsible for ordering profiles to SM-DP+ and requesting management of profiles on eUICC; End User is End device user/user; eUICC Manufacturer (EUM) is a manufacturer of eUICC.
  • SM-DP+, SM-DS are all called eUICC management servers (or remote SIM configuration servers).
  • the information needs to be downloaded to the eUICC module of the terminal device to enable the terminal device to have a communication function.
  • the download, activation, deactivation, or deletion of the profile requires the terminal device to interact with the user and obtain the user intention confirmation command. Achieved.
  • the enterprise needs to purchase a batch of profiles in batches, and then interact with each terminal device separately, downloading the profiles one by one to the terminal device, which wastes time, and the download efficiency of the profile is very high.
  • the enterprise asset administrator needs to manage the installed profiles on all terminal devices, when the asset administrator triggers the remote profile management process, The enterprise employee who wants to hold the terminal device can confirm the profile on the terminal device, which is not conducive to unified management of the profile on the terminal device.
  • the technical problem to be solved by the embodiments of the present invention is to provide an eUICC configuration file management method and related devices, which implement efficient downloading and installation of profiles, and efficient remote profile management.
  • an embodiment of the present invention provides an eUICC configuration file management method, including: establishing an eUICC management session with an eUICC remote management server;
  • the user intent confirmation step is not performed during the current eUICC management session, wherein the eUICC management session is used to execute the eUICC configuration file download and installation operation, eUICC At least one of a profile activation operation, an eUICC profile deactivation operation, or an eUICC profile deletion operation.
  • the user intention configuration information is a user intention indication; or the user intention configuration information is a first signature value; or the user intention configuration information is a first signature value and the first The owner name of the digital certificate corresponding to the signature value.
  • the user intention configuration information is a first signature value, where the first signature value includes a signature of the first to-be-signed data by using the first key, where the first key is The public key, the private key, or the symmetric key; after the user intent configuration information is obtained, the local first to-be-signed data is generated, where the local first to-be-signed data includes an operation type, an operator identifier, and an eUICC remote management server object identifier; The second key corresponding to the first key and the local first to-be-signed data verify the first signature value to implement verification of the user intent configuration information.
  • the second to-be-signed data and the second signature value are obtained from the eUICC remote management server by using the eUICC management session, where the second to-be The signature data includes user intention configuration information, and the second signature value is a signature of the second signature data and the authentication signature value by using the third key, and the authentication signature value is generated during the establishment of the eUICC management session;
  • the local first to-be-signed data is generated;
  • the second signature value is verified by the fourth key corresponding to the third key, the second to-be-signed data, and the authentication signature value, and then The first signature value is verified by the second key corresponding to the first key and the local first to-be-signed data, thereby verifying the user intention configuration information.
  • the user intention configuration information is a first signature value and an owner name of the digital certificate corresponding to the first signature value, where the first signature value includes using the first key pair
  • the signature of the first data to be signed the first key is a public key, a private key, or a symmetric key
  • the local first to-be-signed data is generated, where the local first to-be-signed data includes an operation type.
  • the owner name of the certificate is verified to verify the user intent configuration information.
  • the second to-be-signed data and the second signature value are obtained from the eUICC remote management server by using the eUICC management session, where the second to be The signature data includes user intention configuration information, and the second signature value is a signature of the second signature data and the authentication signature value by using the third key, wherein the authentication signature value is generated during the establishment of the eUICC management session;
  • the local first to-be-signed data is generated, where the local first to-be-signed data includes an operation type, an operator identifier, and an eUICC remote management server object identifier;
  • the fourth key, the second to-be-signed data, and the authentication signature value verify the second signature value, and then perform the first signature value by using the second key corresponding to the first key and the local first to-be-signed data. Verification, at the same time, verifying the owner name of the data certificate corresponding to the first signature value, thereby real
  • the user intention configuration information is a user intention indication
  • the third to-be-signed data and the third signature value are obtained from the eUICC remote management server by using the eUICC management session, where the third to be The signature data includes user intention configuration information
  • the third signature value is a signature of the third signature data and the authentication signature value by using the third key, wherein the authentication signature value is generated during the establishment of the eUICC management session;
  • the third signature value is verified by the fourth key, the third to-be-signed data, and the authentication signature value corresponding to the third key, and then the user intention indication is verified.
  • an embodiment of the present invention provides another eUICC configuration file management method, including:
  • the user intent confirmation step is not performed during the current eUICC management session, wherein the eUICC management session is used to execute the eUICC configuration file download and installation operation, eUICC At least one of a profile activation operation, an eUICC profile deactivation operation, or an eUICC profile deletion operation.
  • the user intention configuration information is a user intention indication; or the user intention configuration information is a first signature value; or the user intention configuration information is a first signature value and the first The owner name of the digital certificate corresponding to the signature value.
  • the user intention configuration information is a first signature value, where the first signature value includes a signature of the first to-be-signed data by using the first key, where the first key is a public key, a private key, or a symmetric key; generating a local first to-be-signed data before sending the user intent instruction to the eUICC module, where the local first to-be-signed data includes an operation type, an operator identifier, and an eUICC remote management server object identifier;
  • the user intent verification command carries the local first to-be-signed data, and the local first to-be-signed data is used by the eUICC module to verify the first signature value by using the second key corresponding to the first key to verify the user intent configuration information.
  • the second to-be-signed data and the second signature value are obtained from the eUICC remote management server by using the eUICC management session, where the second to-be The signature data includes user intention configuration information, and the second signature value is a signature of the second signature data and the authentication signature value by using the third key, wherein the authentication signature value is generated during the establishment of the eUICC management session; user verification In the instruction And carrying the second to-be-signed data and the second signature value, wherein the second to-be-signed data and the authentication signature value are used by the eUICC module to verify the second key value corresponding to the third key. Thereby verifying the user intent configuration information.
  • the user intention configuration information is a user intention indication; obtaining the third to-be-signed data and the third signature value from the eUICC remote management server by using the eUICC management session, where the third The data to be signed includes user intention configuration information, and the third signature value is a signature of the third to-be-signed data and the authentication signature value by using the third key, wherein the authentication signature value is generated during the establishment process of the eUICC management session;
  • the verification instruction further carries the third to-be-signed data and the third signature value, wherein the third to-be-signed data and the authentication signature value are used by the eUICC module for the fourth key pair corresponding to the third key to the third signature.
  • the value is verified; the user intent is used by the eUICC to verify whether the validation is valid to enable verification of the user intent configuration information.
  • the embodiment of the present invention provides another eUICC configuration file management method, including:
  • the user intent confirmation step is not performed during the current eUICC management session, wherein the eUICC management session is used to execute the eUICC configuration file download and installation operation, eUICC At least one of a profile activation operation, an eUICC profile deactivation operation, or an eUICC profile deletion operation.
  • the user intention configuration information is a user intention indication; or the user intention configuration information is a first signature value; or the user intention configuration information is a first signature value and the first The owner name of the digital certificate corresponding to the signature value.
  • the user intention configuration information is a first signature value, where the first signature value includes a signature of the first to-be-signed data by using the first key, where the first key is The public key, the private key, or the symmetric key; the user intent verification command further carries the local first to-be-signed data, wherein the local first to-be-signed data is generated by the local eUICC configuration file auxiliary module, and the local first to-be-signed data includes the operation type.
  • the operator identifier and the eUICC remote management server object identifier verifying the user signature configuration information by verifying the first signature value by using the second key corresponding to the first key and the local first to-be-signed data.
  • the user verification instruction further carries the second to-be-signed data and the second signature value, where the second to-be-signed data includes the User intention configuration information, the second signature value includes a signature of the second signature data and an authentication signature value by using a third key; and a fourth key corresponding to the third key, the second And verifying, by the signature data and the authentication signature value, the second signature value, and verifying the first signature value by using the second key corresponding to the first key and the local first to-be-signed data to implement The user intends to configure the information for verification.
  • the user intent configuration information includes a first signature value, where the first signature value includes a signature of the first to-be-signed data by using the first key,
  • the first key includes a public key, a private key, or a symmetric key;
  • the user intent verification instruction further carries a configuration tube that generates a local first to-be-signed data.
  • the first data to be signed is generated after receiving the user intent verification command sent by the local eUICC configuration file auxiliary module, where the local first to-be-signed data is generated by the local eUICC configuration file auxiliary module,
  • the local first to-be-signed data includes an operation type, an operator identifier, and an eUICC remote management server object identifier; and the first signature is obtained by using a second key corresponding to the first key and the local first to-be-signed data The value is verified.
  • the user intention configuration information is a user intention indication
  • the user verification instruction further carries a third to-be-signed data and a third signature value, where the third to-be-signed data includes the User intention configuration information, the third signature value includes a signature of the third signature data and an authentication signature value by using a third key; and a fourth key corresponding to the third key, the third The to-be-signed data and the authentication signature value verify the third signature value and confirm that the verification passes; and then verify whether the user intention indication is effective to verify the user intent configuration information.
  • an eUICC configuration file management apparatus including:
  • a management session establishing module configured to establish an eUICC management session with the eUICC remote management server
  • a configuration information obtaining module configured to acquire user intent configuration information from the eUICC remote management server by using the eUICC management session
  • a verification module configured to verify the user intent configuration information
  • An execution module configured to perform a user intent confirmation step during the current eUICC management session, where the eUICC management session is used to perform eUICC configuration file downloading, if the verification of the user intent configuration information is passed And at least one of an installation operation, an eUICC profile activation operation, an eUICC profile deactivation operation, or an eUICC profile deletion operation.
  • an embodiment of the present invention provides a local eUICC configuration file auxiliary module, including:
  • a management session establishing unit configured to establish an eUICC management session with the eUICC remote management server
  • a configuration information acquiring unit configured to acquire user intent configuration information from the eUICC remote management server by using the eUICC management session
  • a verification instruction sending unit configured to send a user intention verification instruction to the eUICC module, where the user intention verification instruction is used by the eUICC module to verify the user intent configuration information, where the user intention verification instruction carries User intent configuration information;
  • a first execution unit configured to perform a user intent confirmation step during the current eUICC management session, where the eUICC management session is used to perform eUICC configuration, in the case that the verification of the user intent configuration information is passed At least one of a file download and install operation, an eUICC profile activation operation, an eUICC profile deactivation operation, or an eUICC profile delete operation.
  • an eUICC module including:
  • a verification instruction receiving unit configured to receive a user intent verification instruction sent by the local eUICC configuration file auxiliary module, where the user intent verification instruction carries user intent configuration information, where the user intent configuration information is the local eUICC configuration file auxiliary
  • the module is obtained from an eUICC management session with the eUICC remote management server;
  • a verification unit configured to verify the user intent configuration information
  • a second execution unit configured to perform a user intent confirmation step during the current eUICC management session, where the eUICC management session is used to perform eUICC configuration, in the case that the verification of the user intent configuration information is passed At least one of a file download and install operation, an eUICC profile activation operation, an eUICC profile deactivation operation, or an eUICC profile delete operation.
  • an embodiment of the present invention provides an eUICC configuration file management apparatus, including: a processor, a memory, and a transceiver, wherein the processor, the memory, and the transceiver are connected to each other by a bus, wherein the memory is used for storing Program code, the processor is used to call the program code, and performs the following operations:
  • the user intent confirmation step is not performed during the current eUICC management session, wherein the eUICC management session is used to execute the eUICC configuration file download and installation operation, eUICC At least one of a profile activation operation, an eUICC profile deactivation operation, or an eUICC profile deletion operation.
  • an embodiment of the present invention provides a terminal, including: a processor, a memory, and a transceiver, wherein the processor, the memory, and the transceiver are connected to each other by a bus, where the memory is used to store program code, where The processor is configured to invoke the program code and perform the following operations:
  • the user intent confirmation step is not performed during the current eUICC management session, wherein the eUICC management session is used to execute the eUICC configuration file download and installation operation, eUICC At least one of a profile activation operation, an eUICC profile deactivation operation, or an eUICC profile deletion operation.
  • an embodiment of the present invention provides an eUICC module, including: a processor, a memory, and a transceiver, wherein the processor, the memory, and the communication interface are connected to each other by a bus, wherein the memory is used to store program code.
  • the processor is configured to invoke the program code and perform the following operations:
  • the user intent confirmation step is not performed, wherein the eUICC management session is used to perform at least one of an eUICC profile download and install operation, an eUICC profile activation operation, an eUICC profile deactivation operation, or an eUICC profile deletion operation.
  • the user intent configuration information is obtained from the eUICC remote management server, and the user intent configuration information is verified. If the verification of the user intent configuration information is passed, the eUICC management session is not executed during the current eUICC management session.
  • the user intent confirms the steps, omitting the interaction process with the user, thereby enabling efficient downloading and installation of the eUICC configuration file, and efficient remote eUICC configuration file management.
  • Figure 1 is a system architecture diagram of eUICC
  • FIG. 2 is a schematic flowchart of a method for managing an eUICC configuration file according to an embodiment of the present invention
  • FIG. 3 is a schematic flowchart of another eUICC configuration file management method according to an embodiment of the present invention.
  • FIG. 4 is a schematic flowchart of a method for initializing an SM-DP+ according to an embodiment of the present invention
  • FIG. 5 is a schematic flowchart of generating localuserintentfreeSigned by eUICC according to an embodiment of the present invention
  • FIG. 6 is a schematic flowchart of still another eUICC configuration file management method according to an embodiment of the present disclosure
  • FIG. 7 is a schematic flowchart of still another eUICC configuration file management method according to an embodiment of the present disclosure.
  • FIG. 8 is a schematic flowchart of still another eUICC configuration file management method according to an embodiment of the present disclosure.
  • FIG. 9 is a schematic structural diagram of an eUICC configuration file management apparatus according to an embodiment of the present invention.
  • FIG. 10 is a schematic structural diagram of another eUICC configuration file management apparatus according to an embodiment of the present disclosure.
  • FIG. 11 is a schematic structural diagram of a local eUICC configuration file auxiliary module according to an embodiment of the present invention.
  • FIG. 12 is a schematic structural diagram of a terminal according to an embodiment of the present disclosure.
  • FIG. 13 is a schematic structural diagram of an eUICC module according to an embodiment of the present disclosure.
  • FIG. 14 is a schematic structural diagram of another eUICC module according to an embodiment of the present invention.
  • FIG. 2 is a schematic flowchart of a method for managing an eUICC configuration file according to an embodiment of the present invention.
  • the method of the embodiment of the present invention may be implemented in the system architecture shown in FIG. 1, including but not limited to The following steps:
  • Step S101 The terminal device establishes an eUICC management session with the eUICC remote management server.
  • the terminal device may include an LPA module and an eUICC module, where the LPA module and the eUICC module may be two modules that are separated from each other and have a physical or logical connection relationship, for example, the LPA module exists on the baseband chip.
  • the LPA module can also be saved directly It is on the eUICC module.
  • the LPA module can be a software module or a plurality of software modules that are distributed and associated.
  • the eUICC management session may be a Remote SIM Provisioning (RSP) session.
  • RSP Remote SIM Provisioning
  • the eUICC management session may be initiated by the LPA module, and the LPA assists the two-way authentication authentication between the eUICC module and the eUICC remote management server to establish an eUICC management session.
  • Step S102 The terminal device acquires user intent configuration information from the eUICC remote management server by using the eUICC management session.
  • the eUICC remote management server may be an SM-DP+, or may be another server capable of providing an eUICC configuration file and capable of remotely managing the eUICC configuration file.
  • the user intent configuration information may be a first signature value; or may be a user intention indication; or may be a first signature value and an owner name of the digital certificate corresponding to the first signature value.
  • Step S103 The terminal device verifies the user intent configuration information.
  • the user intent configuration information is used to indicate that the terminal saves, deactivates, or skips the step of interacting with the user during the current eUICC management session.
  • step S105 is performed.
  • the content or type of the user's intentional configuration information is different, and the specific process for the terminal device to verify the user's intended configuration information is different.
  • the terminal may not only verify the user's intention configuration information, but also configure the information with the user's intention. Relevant information is verified.
  • Step S104 In the case where the verification of the user's intention configuration information fails, the terminal device performs a user intention confirmation step.
  • the terminal device may display, on the interface, “whether or not to agree to download”, “please input a confirmation code”, and obtain a confirmation operation of the user, and obtain the confirmation of the user.
  • the subsequent steps are performed after the operation.
  • Step S105 The terminal device performs at least one of an eUICC configuration file download and install operation, an eUICC configuration file activation operation, an eUICC configuration file deactivation operation, or an eUICC configuration file deletion operation.
  • the eUICC configuration file can be a profile.
  • the implementation of the foregoing embodiment is specifically described in the following with reference to the system architecture of FIG. 1.
  • the second embodiment to the fifth embodiment of the present invention mainly introduce the LPA module and the eUICC module.
  • the modules of the above-mentioned embodiments are implemented in the case where the LPA modules are directly present in the eUICC module, it is considered that only the steps performed by the LPA module and the eUICC module are combined to form a solution. Do the discussion.
  • the following embodiment is described in detail by using the LPA module of the LPA on behalf of the terminal device, the eUICC module of the eUICC on behalf of the terminal device, the SM-DP+ on behalf of the eUICC remote management server, and the profile on behalf of the eUICC configuration file.
  • FIG. 3 is a schematic flowchart of a method for managing an eUICC configuration file according to a second embodiment of the present invention.
  • the eUICC management session is used to perform an eUICC configuration file download and installation operation,
  • the specific implementation process is as follows:
  • Step S201 The LPA acquires the SM-DP+ address.
  • the LPA can obtain an SM-DP+ address and an event identifier (Event ID) from the SM-DS.
  • Event ID can identify the profile to be downloaded event, or can identify Profile or eUICC remote management events, download or management events can be targeted to single or multiple terminals/eUICC.
  • the LPA can send the EventID to the SM-DP+ through the Matching ID parameter.
  • the LPA may also obtain a default SM-DP+ address from the eUICC.
  • the terminal device is custom-produced by the operator A, the operator A specifies an SM-DP+ address preset in the eUICC, or the OEM terminal.
  • the vendor presets an SM-DP+ address shared by multiple operators in the eUICC.
  • Step S202 The LPA establishes a Transport Layer Security (TLS) connection with the SM-DP+.
  • TLS Transport Layer Security
  • the LPA performs one-way certificate authentication on the SM-DP+, and establishes a TLS connection after the authentication is passed.
  • Step S203 The eUICC and the SM-DP+ perform two-way authentication based on the HyperText Transfer Protocol Secure (HTTPS).
  • HTTPS HyperText Transfer Protocol Secure
  • HTTPS runs on top of a TLS connection.
  • the LPA obtains the eUICC challenge value and the like from the eUICC, sends an HTTPS request (including the eUICC challenge value) to the SM-DP+, triggers the eUICC and the SM-DP+ to perform bidirectional authentication, and the bidirectional authentication data exchange passes the HTTPS request and response.
  • the eUICC generates its own authentication signature value (euiccSignature1) and sends eucicSignature1 to SM-DP+, SM-DP+ and eUICC both store eucicSignature1; meanwhile, SM-DP+ will authenticate the certificate (CERT. DPauth.ECDSA) is sent to eUICC, eUICC saves CERT.DPauth.ECDSA; after two-way authentication is passed, SM-DP+ generates session identification (TransactionID).
  • Step S204 The SM-DP+ obtains a Profile download pending order or a Batch Profile download pending order by searching.
  • the terminal device sends a MatchingID or an eUICC identifier (EID) to the SM-DP+.
  • EID eUICC identifier
  • SM-DP+ can find a Profile download pending order or a Batch Profile download pending order by using MatchingID or EID.
  • the Profile download pending order or the Batch Profile download pending order may be generated during the profile download initialization process of the SM-DP+
  • FIG. 4 is a schematic diagram of the profile download initialization process of the SM-DP+.
  • the individual or enterprise user Before downloading the profile to the eUICC of the terminal device, the individual or enterprise user needs to sign a contract with the operator to complete the account opening process, and then the operator business support system (Operator BSS) instructs the SM-DP+ as the user.
  • the Operator business support system (Operator BSS) instructs the SM-DP+ as the user.
  • a single or batch of profiles is prepared for the user's terminal device to download.
  • the Operator mobile network can provide various services for the terminal device users, including calling, receiving short messages, and data services.
  • the Operator BSS can obtain the international mobile device identity of the user terminal device (International Mobile Equipment Identity, IMEI), capability information, and eUICC Identification (EID).
  • IMEI International Mobile Equipment Identity
  • EID eUICC Identification
  • the operator BSS sends the EID to the SM-DP+.
  • the SM-DP+ generates a profile pending event according to the Operator BSS indication, and waits for the user terminal device to perform the profile download.
  • the Operator BSS optionally sends the batch eUICC identifier (ie, EIDs) to the SM-DP+, and the SM-DP+ generates a batch profile to be downloaded event or for each terminal device/eUICC. Generate a single profile to be downloaded event.
  • EIDs batch eUICC identifier
  • Step S1 The Operator BSS sends a download command (DownloadOrder) to the SM-DP+, where the DownloadOrder can carry the batch eUICC identifier (EIDs), the profile type (Profile Type), or the batch profile ID (Integrated Circuit Card ID, ICCIDs).
  • EIDs the batch eUICC identifier
  • Profile Type the profile type
  • ICCIDs the batch profile ID
  • the EIDs are optional, that is, the DownloadOrder may also not carry the EIDs.
  • Step S2 SM-DP+ saves the ICCIDs, EIDs and sends a reply command to the Operator BSS.
  • the reply instruction is a response message.
  • the Operator BSS may generate a batch matching identifier (MatchingIDs) after receiving the reply instruction, and the MatchingID may match the profile to be downloaded event generated by the SM-DP+.
  • MatchingIDs batch matching identifier
  • Operator BSS can also be configured in the background.
  • Step S3 Optionally, the Operator BSS obtains the terminal device from the user intent to authorize the userintentfreeSignature.
  • the userintentfreeSignature may indicate that the LPA omits, deactivates, or skips the step of user intent confirmation in the current RSP session. For example, let the user confirm the steps of accepting the operator Profile Policy Rules (PPR), let the user confirm the steps of downloading and installing the profile, let the user enter the verification code, and the steps can be merged.
  • PPR Operator Profile Policy Rules
  • userintentfreeSignature can also be defined with other names.
  • the userintentfreeSignature can be sent to the LPA through the SM-DP+ included in the user intent configuration information (userintentConfiguration).
  • Operator BSS can obtain userintentfreeSignature from Enterprise, OEM, or EUM.
  • the userintentConfiguration may be a userintentfreeSignature or a ⁇ Signer, userintentfreeSignature ⁇ , where the userintentfreeSignature is a signature of the first to-be-signed data by using the first key (ie, a first signature value), and the first to-be-signed data may be ⁇ euicc Operation Type, Operatorid, SM-DP+OID ⁇ , optionally, the first to-be-signed data may further include EIDs, that is, the first to-be-signed data is ⁇ euicc Operation Type, Operatorid, SM-DP+OID, EIDs ⁇ , where the eucic Operation Type is an eUICC management operation type, the Operatorid is an operator identifier, the SM-DP+OID is an SM-DP+Object Identifications (OID), and the Signer is a digital certificate corresponding to the first key.
  • the userintentfreeSignature is a signature of the first to-be-signed data by using the first key
  • the owner name for example, may be the Distinguished Name (DN) of the OEM digital certificate, the EUM digital certificate or the Enterprise digital certificate.
  • DN Distinguished Name
  • the Operator BSS obtains the userintentfreeSignature from the OEM, and the Signer is the DN name of the OEM digital certificate.
  • the eucic Operation Type is Profile Download.
  • the first key may be a public key (PK), a private key (Secret Key, SK), or a symmetric key.
  • PK public key
  • SK private key
  • SK secret Key
  • EIDs may be represented in various forms, for example, may be represented as any one of EID start
  • Step S4 The Operator BSS sends a confirmation command (ConfirmOrder) to the SM-DP+, wherein the ConfirmOrder carries ⁇ Signer, userintentfreeSignature ⁇ .
  • Signer is optional.
  • ConfirmOrder only carries userintentfreeSignature.
  • the ConfirmOrder may further carry ICCIDs, EIDs, Confirmation Codes, MatchingIDs, wherein the Confirmation Codes are a batch of Confirmation Codes for enhancing the security of the profile download.
  • Step S5 SM-DP+ generates a Batch Profile download pending order.
  • SM-DP+ can also generate a single Profile to be downloaded event for each terminal device/eUICC.
  • the Batch Profile download pending order may include Signer, userintentfreeSignature, eventID, MatchingIDs, EIDs, and a batch of profiles generated by SM-DP+.
  • the SM-DP+ profile download initialization process is completed, and the SM-DP+ prepares a batch of profiles for the enterprise user.
  • the name of the batch pending download event is not limited to the description of the Batch Profile download pending order in the embodiment of the present invention. It can also be described by other names, mainly used to distinguish existing single profile pending download events.
  • the SM-DP+ can find a Profile download pending order or a Batch Profile download pending order according to the MatchingID or EID sent by the terminal device.
  • Step S205 The SM-DP+ performs the validity check using the terminal device information (Device Info) and the eUICC information (euicc Info2).
  • the SM-DP+ checks, for example, whether the firmware information, version information, and the like of the terminal device and the eUICC match the profile in the download pending order.
  • the TransactionID is generated by SM-DP+ during the establishment of the RSP session, and the Confirmation Code Required Flag is set to 'True' or "False' (depending on whether the SM-DP+ receives the Confirmation Code during the profile download initialization process, bppEuiccOtpk is The abruptly terminated profile downloads the public key portion of the temporary public-private key pair generated by the eUICC in the RSP session.
  • Step S207 SM-DP+ performs a signature calculation on smdpSigned2 and eucicSignature1 by using a third key (SK.DPpb.ECDSA) to generate a second signature value (for example, smdpSignature2), where SK.DPpb.ECDSA is a configuration file of SM-DP+ Bind the private key of the ProfileBinding digital certificate (CERT.DPpb.ECDSA).
  • SK.DPpb.ECDSA is a configuration file of SM-DP+ Bind the private key of the ProfileBinding digital certificate (CERT.DPpb.ECDSA).
  • SM-DP+ may generate a digest of smdpSigned2
  • A ⁇ smdpSigned2, eucicSignature1 ⁇
  • the abstract is obtained by summing A
  • the result of encrypting the digest a by SK.DPpb.ECDSA is the second signature value smdpSignature2.
  • Step S208 SM-DP+ sends Profile Metadata, smdpSigned2, smdpSignature2, CERT.DPpb.ECDSA, userintentConfiguration, and EIDs to the LPA.
  • EIDs are optional.
  • localuserintentfreeSigned ⁇ euicc Operation Type, Operatorid, SM-DP+OID, EIDs ⁇ .
  • the LPA identifies the eUICC Operation Type as Profile download by Profile Metadata, assigns the Profileowner in the Profile Metadata to the Operatorid, and obtains the SM-DP+OID from the CERT.DPpb.ECDSA certificate.
  • Step S210 The LPA verifies that the EID of the local eUICC is within the EIDs.
  • Step S211 The LPA sends localuserintentfreeSigned, userintentConfiguration, TransactionID, and CERT.DPpb.ECDSA to the eUICC.
  • the LPA reads the Transaction ID from smdpSigned2.
  • the localuserintentfreeSigned may be generated by the eUICC.
  • the steps S209 to S211 are as shown in FIG. 5, and may be replaced by:
  • Step S209-1 The LPA confirms receipt of the userintentConfiguration, and generates the eucic Operation Type and the Operatorid.
  • Step S210-1 Optionally, the LPA verifies that the EID of the local eUICC is within the EIDs.
  • Step S211-1 The LPA sends the eucic Operation Type, Operatorid, userintentConfiguration, TransactionID, and CERT.DPpb.ECDSA to the eUICC.
  • the LPA may also send the EIDs to the eUICC.
  • Step S211-2 eUICC generates localuserintentfreeSigned.
  • Step S212 The eUICC verifies that CERT.DPpb.ECDSA is legal and belongs to the same SM-DP+ as CERT.DPauth.ECDSA, and verifies that the TransactionID matches the current RSP session.
  • the eUICC compares the two SM-DP+OIDs obtained by acquiring the SM-DP+OIDs from CERT.DPpb.ECDSA and CERT.DPauth.ECDSA respectively, if the two SM-DP+OIDs are the same. Then it is determined that CERT.DPpb.ECDSA belongs to the same SM-DP+ as CERT.DPauth.ECDSA.
  • Step S213 The eUICC verifies the userintentConfiguration.
  • the eUICC verifies the userintentfreeSignature by using a second key corresponding to the first key and localuserintentfreeSigned.
  • the second key and the first key may be mutually symmetric keys or asymmetric keys, for example, the first key and the second key are mutually asymmetric keys, and then When the key is PK, the second key is SK, when the first key is SK, the second key is PK; and if the second key and the first key are symmetric keys with each other, the first Key and second secret The keys are the same.
  • the eUICC generates the local first digest of the localuserintentfreeSigned, and decrypts the userintentfreeSignature with the second key to obtain a decrypted result.
  • the verification of the userintentfreeSignature is passed.
  • the eUICC when the LPA receives both the userintentfreeSignature and the Signer, the eUICC also needs to verify whether the DN name in the Signer and the CERT.EUM/Enterprise/OEM.ESCDA is the same, and the verification is passed.
  • the verification order of Signer and userintentfreeSignature is not limited.
  • Step S214 The eUICC sends a verification completion instruction to the LPA.
  • the verification completion instruction includes a verification pass instruction or a verification non-pass instruction, which is used to indicate whether to perform a user verification step, and if the verification completion instruction is a verification pass instruction, the user intention confirmation step is not performed; if the verification complete instruction is a verification failure instruction Then, the user intent confirmation step is performed, or the LPA is instructed to terminate the current RSP session.
  • the verification completion instruction may be, for example, an OK or Error response message.
  • Step S215 The LPA determines whether to perform the user intention confirmation step according to the verification completion instruction.
  • a flag bit may be set for whether to perform a user intent confirmation step, for example, when the verification pass instruction is received, the mark position is set to '1', indicating that the step should be skipped when running to the user intention confirmation step.
  • the flag is set to '0', indicating that this step should be performed when running to the user intent confirmation step.
  • step S217 is performed.
  • Step S216 The verification completion instruction is a verification failure instruction, and the LPA performs a user intention confirmation step.
  • Step S217 The LPA continues to perform the profile download and installation process.
  • the user intends to configure the information userintentConfiguration as userintentfreeSignature or ⁇ Signer, userintentfreeSignature ⁇ , and the operator obtains the userintentfreeSignature from Enterprise, OEM or EUM and carries the userintentfreeSignature in the ConfirmOrder and sends it to the SM-DP+, when the user terminal device wants
  • SM-DP+ sends the userintentfreeSignature (and Signer) to the LPA of the terminal.
  • LPA and eUICC cooperate to complete the verification of userintentfreeSignature (and Signer), and skip the user intent confirmation step when the verification is passed, which is helpful to achieve Efficient downloading of profiles is especially beneficial for scenarios of batch enterprise user terminal devices.
  • FIG. 6 is a schematic flowchart of a method for downloading an eUICC configuration file according to a third embodiment of the present invention.
  • the eUICC management session user is configured to perform an eUICC configuration file download and installation operation, and the specific implementation process is as follows:
  • Step S301 The LPA acquires the SM-DP+ address.
  • Step S302 The LPA establishes a TLS connection with the SM-DP+.
  • Step S303 The SM-DP+ and the eUICC perform mutual authentication based on the HTTPS.
  • Step S304 The SM-DP+ search obtains a Profile download pending order or a Batch Profile download pending order.
  • Step S305 The SM-DP+ performs the validity check by using Device Info and eucic Info2.
  • steps S301-S305 are the same as steps S201-S205 of the second embodiment. The consistency of the introduction is not repeated here.
  • the userintentConfiguration may be ⁇ Signer, userintentfreeSignature ⁇ , userintentfreeSignature, or User Intent Free Required Flag.
  • the Operator BSS does not perform the step of acquiring the user device to authorize the userintentfreeSignature, and directly downloads the scenario according to the profile (for example, the enterprise user batch download, or the elderly user/helper user) Download) Instructs SM-DP+ to generate user intent configuration information (eg, indicating that the user intent flag is set to 'True' or 'False').
  • smdpSigned2 is the second data to be signed
  • smdpSigned2 is the third data to be signed.
  • Step S307 SM-DP+ performs signature calculation on smdpSigned2
  • smdpSignature2 is the second signature value
  • smdpSignature2 is the third signature value
  • Step S308 SM-DP+ sends Profile Metadata, smdpSigned2, smdpSignature2, CERT.DPpb.ECDSA to the LPA.
  • Step S309 The LPA confirms receipt of the userintentConfiguration.
  • the LPA parses smdpSigned2 to confirm receipt of the user intent configuration information userintentConfiguration.
  • the LPA may generate localuserintentfreeSigned, and the generated manner and content thereof are consistent with those described in step S209 in the second embodiment, and no longer Narration.
  • Step S310 Optionally, the LPA verifies that the EID of the local eUICC is within the EIDs.
  • Step S311 The LPA sends smdpSigned2, smdpSignature2, and CERT.DPpb.ECDSA to the eUICC.
  • the LPA also sends the generated localuserintentfreeSigned to the eUICC.
  • userintentfreeSigned may be generated by the eUICC.
  • the LPA also needs to send the Operation Type, Operatorid, and EIDs (optional) to the eUICC.
  • Step S312 The eUICC verifies that CERT.DPpb.ECDSA is legal and belongs to the same SM-DP+ as CERT.DPauth.ECDSA, and verifies that the TransactionID matches the current RSP session.
  • Step S313 The eUICC verifies the smdpSignature2.
  • the eUICC verifies the smdpSignature2 by using the fourth key (PK.DPpb.ECDSA), smdpSigned2, and eucicsignature1 corresponding to the SK.DPpb.ECDSA, wherein the eucicSignature1 is the authentication generated and saved by the eUICC during the establishment of the RSP session. Signature value.
  • the eUICC generates a third digest of smdpSigned2
  • the third digest is the same as the fourth digest, the verification of smdpSignature2 is passed.
  • smdpSignature2 is the signature value obtained by encrypting the summary a with SK.DPpb.ECDSA; when smdpSigned2 and smdpSignature2 are transmitted to In eUICC, the abstract is obtained by summarizing smdpSigned2
  • Step S314 The eUICC verifies the userintentConfiguration.
  • the steps of verifying the userintentfreeSignature and the signer may refer to step S213 of the second embodiment, and details are not described herein.
  • the eUICC determines whether the User Intent Free Required Flag is valid for verification. For example, the value of the User Intent Free Required Flag is 'True' (or '1'), and the userintentConfiguration is determined to be valid. The verification is passed; the value of User Intent Free Required Flag is 'False' (or '0'), it is invalid, and the verification of userintentConfiguration is not passed.
  • the eUICC does not verify it, but returns the verification result to the LPA after the smdpSignature2 is verified in step S313, and the User Intent Free Required Flag is verified by the LPA.
  • Step S315 The eUICC sends a verification completion instruction to the LPA.
  • Step S316 The LPA determines whether to perform the user intention confirmation step according to the verification completion instruction.
  • Step S317 The verification completion instruction is a verification failure instruction, and the LPA performs a user intention confirmation step.
  • Step S318 The LPA continues to perform the profile download and installation process.
  • the user intends to configure the information userintentConfiguration to be ⁇ Signer, userintentfreeSignature ⁇ , userintentfreeSignature, or User Intent Free Required Flag
  • the Operator BSS obtains the userintentfreeSignature from Enterprise, OEM, or EUM and carries the userintentfreeSignature (and Signer) in the ConfirmOrder.
  • SM-DP+ userintentConfiguration is User Intent Free Required Flag
  • Operator BSS does not perform the procedure of obtaining userintentfreeSignature.
  • the terminal device wants to perform profile download operation, SM-DP+ puts userintentConfiguration into smdpSigned2 for signature protection and sends it to the terminal device.
  • LPA, LPA and eUICC cooperate to complete the verification of smdpSignature2 and userintentConfiguration.
  • the user intent confirmation step is skipped, which helps to achieve efficient download of the profile, especially for batch enterprises. The scenario of the user terminal device.
  • FIG. 7 is a schematic flowchart diagram of a method for remotely managing an eUICC configuration file according to a fourth embodiment of the present invention.
  • the eUICC management operation performed by the terminal device is an RPM operation, and the specific implementation process is as follows:
  • Step S401 The LPA acquires the SM-DP+ address.
  • Step S402 The LPA establishes a TLS connection with the SM-DP+.
  • Step S403 The SM-DP+ and the eUICC perform mutual authentication based on the HTTPS.
  • Step S404 The SM-DP+ search obtains a profile remote management pending event (pending RPM order) or a batch profile remote management pending event (pending batch RPM order).
  • the pending RPM order or the pending Batch RPM order may be generated after the SM-DP+ receives the Remote Profile Management Order (RPMOrder) of the Operator BSS.
  • RPMOrder Remote Profile Management Order
  • Step S11 The Operator BSS obtains the user-intention-free authorization userintentfreeSignature.
  • the manner in which the operator BSS obtains the userintentfreeSignature is the same as that described in the step S3 of the profile download initialization process of the SM-DP+ described in conjunction with FIG. 3.
  • the eucic Operation Type is various profiles. Remote management operations (for example, deactivate Disable, activate Enable, delete Delete, update Update, query Query).
  • Step S12 The Operator sends an RPMorder to the SM-DP+, where the RPMorder carries the userintentfreeSignature, RPM Command.
  • ICDRDs may also be carried in the RPMOrder.
  • Signer may also be carried in the RPMOrder.
  • EIDs may also be carried in the RPMOrder.
  • Step S13 The SM-DP+ performs a legality check.
  • SM-DP+ checks EIDs or ICCIDs to see if they belong to their management scope.
  • Step S14 SM-DP+ generates one or more pending RPM orders or generates a pending Batch RPM order.
  • the SM-DP+ also performs event registration at the SM-DS.
  • each RPM Oder event has an eventID identifier.
  • SM-DP+ finds a pending RPM order or a pending Batch RPM order through eventID or EID.
  • Step S406 SM-DP+ performs a signature calculation on smdpSigned3
  • RPM Remote Profile Management
  • the RPM certificate can be distinguished or multiplexed from the authentication certificate.
  • SM-DP+ can generate a summary of smdpSigned3
  • C ⁇ smdpSigned3, eucicsignature1 ⁇
  • the C is digested to obtain c
  • the result of encrypting the digest c by SK.DPrpm.ECDSA is the second signature value smdpSignature3.
  • Step S407 SM-DP+ sends smdpSigned3, smdpSignature3, CERT.DPrpm.ECDSA, userintentConfiguration, EIDs and Operatorid to the LPA.
  • EIDs are optional; Operatorid can be included in RPM Command.
  • localuserintentfreeSigned ⁇ euicc Operation Type, Operatorid, SM-DP+OID, EIDs ⁇ .
  • the LPA identifies the eucic Operation Type through the RPM Command, reads the Operatorid from the smdpSigned3 or the RPM Command, and obtains the SM-DP+OID from the CERT.DPrpm.ECDSA certificate.
  • the eucic Operation Type includes, for example, a Disable, an Enable, a Delete, an Update, or a Query.
  • Step S409 The LPA verifies that the EID of the local eUICC is within the EIDs.
  • Step S410 The LPA sends localuserintentfreeSigned, userintentConfiguration, TransactionID, and CERT.DPrpm.ECDSA to the eUICC.
  • the TransactionID is read from smdpSigned3.
  • localuserintentfreeSigned may be generated by eUICC, which sends eucic Operation Type, Operatorid, userintentConfiguration, TransactionID, and CERT.DPrpm.ECDSA to eUICC.
  • the LPA also sends EIDs to the eUICC.
  • Step S411 The eUICC verifies that CERT.DPrpm.ECDSA is legal and belongs to the same SM-DP+ as CERT.DPauth.ECDSA, and verifies that the TransactionID matches the current RSP session.
  • the eUICC compares the two SM-DP+OIDs obtained by acquiring the SM-DP+OIDs from CERT.DPrpm.ECDSA and CERT.DPauth.ECDSA respectively, if the two SM-DP+OIDs are the same. Then it is determined that CERT.DPrpm.ECDSA belongs to the same SM-DP+ as CERT.DPauth.ECDSA.
  • Step S412 The eUICC verifies the userintentConfiguration.
  • the method for verifying the userintentConfiguration by the eUICC is the same as that in the foregoing second embodiment, and details are not described herein again.
  • Step S413 The eUICC sends a verification completion instruction to the LPA.
  • Step S414 The LPA determines whether to perform the user intention confirmation step according to the verification completion instruction.
  • Step S415 The verification completion instruction is a verification failure instruction, and the LPA performs a user intention confirmation step.
  • Step S416 The LPA continues to execute the profile remote management process.
  • userintentConfiguration is ⁇ Signer, userintentfreeSignature ⁇ , userintentfreeSignature, and Operator BSS is obtained from Enterprise, OEM, or EUM.
  • UserintentfreeSignature (and Signer) and userintentConfiguration are carried in RPMOrder and sent to SM-DP+.
  • SM-DP+ sends userintentConfiguration to the LPA of the terminal, and LPA and eUICC cooperate to complete the verification of userintentConfiguration.
  • the user intent confirmation step is not performed when the verification is passed, which facilitates efficient remote management of the profile.
  • FIG. 8 is a schematic flowchart diagram of a method for remotely managing an eUICC configuration file according to a fifth embodiment of the present invention.
  • the eUICC management operation performed by the terminal device is an RPM operation, and the specific implementation process is as follows:
  • Step S501 The LPA acquires the SM-DP+ address.
  • Step S502 The LPA establishes a TLS connection with the SM-DP+.
  • Step S503 SM-DP+ and eUICC perform mutual authentication based on HTTPS.
  • Step S504 The SM-DP+ search finds a pending RPM order or a pending Batch RPM order.
  • step S504 The implementation logic and mode of the step S504 are the same as those of the step S404 in the fourth embodiment, and details are not described herein.
  • EIDs are optional; Operatorid can also be included in RPM Command.
  • smdpSigned3 is the second data to be signed
  • smdpSigned3 is the third data to be signed.
  • Step S506 SM-DP+ performs signature calculation on smdpSigned3
  • step S406 of the fourth embodiment described above The generation manner of smdpSignature3 is mentioned in step S406 of the fourth embodiment described above, and will not be described again.
  • the smdpSignature3 is the second signature value
  • the userintentConfiguration is the User Itent Free Ruired Flag
  • Step S507 SM-DP+ sends smdpSigned3, smdpSignature3, CERT.DPrpm.ECDSA to the LPA.
  • Step S508 The LPA confirms receipt of the userintentConfiguration.
  • the LPA parses the data in smdpSigned3 to confirm receipt of the userintentConfiguration.
  • the LPA can generate localuserintentfreeSigned, and the manner and content of the LPA are consistent with those described in step S408 in the fourth embodiment, and details are not described herein.
  • Step S509 The LPA verifies that the EID of the local eUICC is within the EIDs.
  • Step S510 The LPA sends smdpSigned3, smdpSignature3, and CERT.DPrpm.ECDSA to the eUICC.
  • the LPA will send localuserintentfreeSigned Send it to eUICC.
  • localuserintentfreeSigned may be generated by the eUICC, and the LPA also needs to send the eucic Operation Type, the Operatorid, and the optional EIDs to the eUICC.
  • Step S511 The eUICC verifies that CERT.DPrpm.ECDSA is legal and belongs to the same SM-DP+ as CERT.DPauth.ECDSA, and verifies that the TransactionID matches the current RSP session.
  • Step S512 The eUICC verifies the smdpSignature3.
  • the eUICC verifies the smdpSignature3 using the fourth key (PK.DPrpm.ECDSA), smdpSigned3, and eucicSignature1 corresponding to SK.DPrpm.ECDSA.
  • the eUICC generates a fifth digest for smdpSigned3 and the locally saved eucicSignature1, and then decrypts smdpSignature3 with PK.DPrpm.ECDSA.
  • the fifth digest and the decrypted result are the same, the verification of smdpSignature3 is passed.
  • Step S513 The eUICC verifies the userintentConfiguration
  • the step of verifying the userintentConfiguration may refer to step S213 of the second embodiment, and details are not described herein.
  • the verification of the userintentConfiguration may refer to step S314 of the third embodiment, and details are not described herein.
  • Step S514 The eUICC sends a verification completion instruction to the LPA.
  • Step S515 The LPA determines whether to perform the user intention confirmation step according to the verification completion instruction.
  • Step S516 The verification completion instruction is a verification failure instruction, and the LPA performs a user intention confirmation step.
  • Step S517 The LPA continues to execute the profile remote management process.
  • userintentConfiguration is ⁇ Signer, userintentfreeSignature ⁇ , userintentfreeSignature, or User Intent Free Required Flag
  • Operator BSS obtains userintentfreeSignature (and Signer) from Enterprise, OEM, or EUM, and userintentfreeSignature (and Signer) in RPMorder.
  • Sended to SM-DP+ when the terminal wants to perform profile remote management operation, SM-DP+ puts userintentConfiguration into smdpSigned3 for signature protection and sends it to the LPA of the terminal.
  • LPA and eUICC cooperate to complete verification of smdpSigned3 and userintentConfiguration.
  • the user intent confirmation step is not performed, which facilitates efficient remote management of the profile.
  • FIG. 9 is a schematic structural diagram of an eUICC configuration file management apparatus according to an embodiment of the present invention.
  • the eUICC configuration file management apparatus may include a management session establishment module 610, a configuration information acquisition module 620, a verification module 630, and an implementation.
  • Module 640 wherein the detailed description of each module is as follows:
  • a management session establishing module 610 configured to establish an eUICC management session with the eUICC remote management server;
  • the configuration information obtaining module 620 is configured to remotely manage the service from the eUICC through the eUICC management session. Obtaining user intent configuration information;
  • the verification module 630 is configured to verify the user intent configuration information.
  • the execution module 640 is configured to: during the current eUICC management session, perform a user intent confirmation step, where the eUICC management session is used to execute the eUICC configuration file, if the verification of the user intent configuration information is passed. At least one of a download and install operation, an eUICC profile activation operation, an eUICC profile deactivation operation, or an eUICC profile deletion operation.
  • each module may also correspond to the corresponding description of the method embodiment shown in FIG. 1 , FIG. 3 , FIG. 6 , FIG. 7 or FIG. 8 .
  • FIG. 10 is an eUICC configuration file management apparatus 70 according to an embodiment of the present invention.
  • the eUICC configuration file management apparatus 70 includes a processor 701, a memory 702, and a transceiver 703.
  • the processor 701 and the memory 702 are provided.
  • the transceiver 403 are connected to each other through a bus.
  • the memory 702 includes, but is not limited to, a random access memory (English: Random Access Memory, RAM for short), a read-only memory (English: Read-Only Memory, abbreviated as: ROM), and an erasable programmable read-only memory (English: Erasable Programmable Read Only Memory (EPROM) or Portable Read-Only Memory (CD-ROM) is used to store related commands and data.
  • the transceiver 703 is configured to receive and transmit data.
  • the processor 701 may be one or more central processing units (English: Central Processing Unit, CPU for short). In the case that the processor 701 is a CPU, the CPU may be a single core CPU or a multi-core CPU.
  • CPU Central Processing Unit
  • the processor 701 in the eUICC profile management device 70 is configured to read the program code stored in the memory 702, and perform the following operations:
  • the user intent confirmation step is not performed during the current eUICC management session, wherein the eUICC management session is used to execute the eUICC configuration file download and installation operation, eUICC At least one of a profile activation operation, an eUICC profile deactivation operation, or an eUICC profile deletion operation.
  • each operation may also correspond to the corresponding description of the method embodiment shown in FIG. 1 , FIG. 1 , FIG. 3 , FIG. 6 , FIG. 7 or FIG. 8 .
  • FIG. 11 is a schematic structural diagram of a local eUICC configuration file auxiliary module according to an embodiment of the present invention.
  • the local eUICC configuration file auxiliary module includes a management session establishing unit 810, a configuration information acquiring unit 820, and a verification instruction sending unit. 830 and a first execution unit 840, wherein the detailed description of each unit is as follows:
  • a management session establishing unit 810 configured to establish an eUICC management session with the eUICC remote management server
  • the configuration information obtaining unit 820 is configured to acquire user intent configuration information from the eUICC remote management server by using the eUICC management session;
  • a verification instruction sending unit 830 configured to send a user intention verification instruction to the eUICC module, where the user intention The verification instruction is used by the eUICC module to verify the user intent configuration information, where the user intent verification instruction carries the user intent configuration information;
  • the first execution unit 840 is configured to: during the current eUICC management session, perform a user intent confirmation step, where the eUICC management session is used to execute the eUICC, if the verification of the user intent configuration information is passed. At least one of a configuration file download and install operation, an eUICC configuration file activation operation, an eUICC configuration file deactivation operation, or an eUICC configuration file deletion operation.
  • each unit may also correspond to the corresponding description of the LPA in the method embodiment shown in FIG. 1 , FIG. 3 , FIG. 6 , FIG. 7 or FIG. 8 .
  • FIG. 12 is a terminal 90 according to an embodiment of the present invention.
  • the terminal 90 includes a processor 901, a memory 902, and a transceiver 903.
  • the processor 901, the memory 902, and the transceiver 903 are connected to each other through a bus. .
  • the memory 902 includes, but is not limited to, a random access memory (English: Random Access Memory, RAM for short), a read-only memory (English: Read-Only Memory, ROM for short), and an erasable programmable read-only memory (English: Erasable Programmable Read Only Memory (EPROM) or Portable Read-Only Memory (CD-ROM) is used to store related commands and data.
  • the transceiver 903 is configured to receive and transmit data.
  • the processor 901 may be one or more central processing units (English: Central Processing Unit, CPU for short). In the case that the processor 901 is a CPU, the CPU may be a single core CPU or a multi-core CPU.
  • CPU Central Processing Unit
  • the processor 901 in the terminal 90 is configured to read the program code stored in the memory 902, and perform the following operations:
  • the user intent confirmation step is not performed during the current eUICC management session, wherein the eUICC management session is used to execute the eUICC configuration file download and installation operation, eUICC At least one of a profile activation operation, an eUICC profile deactivation operation, or an eUICC profile deletion operation.
  • each operation may also correspond to the corresponding description of the method embodiment shown in FIG. 1 , FIG. 1 , FIG. 3 , FIG. 6 , FIG. 7 or FIG. 8 .
  • FIG. 13 is a schematic structural diagram of an eUICC module according to an embodiment of the present invention.
  • the eUICC module includes a verification instruction receiving unit 1010, a verification unit 1020, and a second execution unit 1030, wherein a detailed description of each unit is provided. as follows:
  • the verification instruction receiving unit 1010 is configured to receive a user intent verification instruction sent by the local eUICC configuration file auxiliary module, where the user intent verification instruction carries user intent configuration information, where the user intent configuration information is the local eUICC configuration file.
  • the auxiliary module is obtained from an eUICC management session with the eUICC remote management server;
  • a verification unit 1020 configured to verify the user intent configuration information
  • the second execution unit 1030 is configured to: during the current eUICC management session, perform a user intent confirmation step, where the eUICC management session is used to execute the eUICC, if the verification of the user intent configuration information is passed. At least one of a configuration file download and install operation, an eUICC configuration file activation operation, an eUICC configuration file deactivation operation, or an eUICC configuration file deletion operation.
  • each unit may also correspond to the corresponding description of the eUICC in the method embodiment shown in FIG. 1 , FIG. 3 , FIG. 6 , FIG. 7 or FIG. 8 .
  • FIG. 14 is an eUICC module 110 according to an embodiment of the present invention.
  • the eUICC module 110 includes a processor 1101, a memory 1102, and a communication interface 1103.
  • the processor 1101, the memory 1102, and the communication interface 1103 pass through a bus. Connected to each other.
  • the memory 1102 includes, but is not limited to, a random access memory (English: Random Access Memory, RAM for short), a read-only memory (English: Read-Only Memory, ROM for short), and an erasable programmable read-only memory (English: Erasable Programmable Read Only Memory (EPROM) or Portable Read-Only Memory (CD-ROM) is used to store related commands and data.
  • the communication interface 1103 is for receiving and transmitting data.
  • the processor 1101 may be one or more central processing units (English: Central Processing Unit, CPU for short). In the case where the processor 1101 is a CPU, the CPU may be a single core CPU or a multi-core CPU.
  • CPU Central Processing Unit
  • the processor 1101 in the eUICC module 110 is configured to read the program code stored in the memory 1102, and perform the following operations:
  • the user intent confirmation step is not performed during the current eUICC management session, wherein the eUICC management session is used to execute the eUICC configuration file download and installation operation, eUICC At least one of a profile activation operation, an eUICC profile deactivation operation, or an eUICC profile deletion operation.
  • each operation may also correspond to the corresponding description of the method embodiment shown in FIG. 1 , FIG. 1 , FIG. 3 , FIG. 6 , FIG. 7 or FIG. 8 .
  • the program can be stored in a computer readable storage medium, when the program is executed
  • the flow of the method embodiments as described above may be included.
  • the foregoing storage medium includes various media that can store program codes, such as a ROM or a random access memory RAM, a magnetic disk, or an optical disk.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Transfer Between Computers (AREA)
  • Telephonic Communication Services (AREA)

Abstract

Selon ses modes de réalisation, la présente invention concerne un procédé de gestion de fichier de configuration de carte universelle à circuit intégré incorporée (eUICC), comprenant les étapes consistant à : établir une session de gestion d'eUICC avec un serveur de gestion d'eUICC à distance ; acquérir des informations de configuration d'intention d'utilisateur auprès du serveur de gestion d'eUICC à distance au moyen de la session de gestion d'eUICC ; vérifier les informations de configuration d'intention d'utilisateur ; n'effectuer aucune étape de confirmation d'intention d'utilisateur pendant la session de gestion d'eUICC en cours si la vérification des informations de configuration d'intention d'utilisateur est réussie, la session de gestion d'eUICC étant utilisée pour exécuter au moins une opération parmi : une opération de téléchargement et d'installation de fichier de configuration d'eUICC, une opération d'activation de fichier de configuration d'eUICC, une opération de désactivation de fichier de configuration d'eUICC ou une opération de suppression de fichier de configuration d'eUICC. En utilisant la présente invention, un profil peut être téléchargé et installé de manière efficace, et une gestion de profil à distance efficace peut être mise en œuvre.
PCT/CN2017/071322 2017-01-16 2017-01-16 Procédé de gestion de fichier de configuration d'euicc et dispositif associé WO2018129754A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/CN2017/071322 WO2018129754A1 (fr) 2017-01-16 2017-01-16 Procédé de gestion de fichier de configuration d'euicc et dispositif associé
CN201780061983.1A CN109792604B (zh) 2017-01-16 2017-01-16 一种eUICC配置文件管理方法及相关装置

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2017/071322 WO2018129754A1 (fr) 2017-01-16 2017-01-16 Procédé de gestion de fichier de configuration d'euicc et dispositif associé

Publications (1)

Publication Number Publication Date
WO2018129754A1 true WO2018129754A1 (fr) 2018-07-19

Family

ID=62839152

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/071322 WO2018129754A1 (fr) 2017-01-16 2017-01-16 Procédé de gestion de fichier de configuration d'euicc et dispositif associé

Country Status (2)

Country Link
CN (1) CN109792604B (fr)
WO (1) WO2018129754A1 (fr)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110446201A (zh) * 2019-09-20 2019-11-12 恒宝股份有限公司 一种实现eSIM远程配置的通信模组、通信方法及系统
CN111142892A (zh) * 2019-12-30 2020-05-12 飞天诚信科技股份有限公司 ios应用程序自动安装方法及通信装置
CN113132990A (zh) * 2021-04-19 2021-07-16 东信和平科技股份有限公司 一种基于eSIM的Profile远程订阅方法及服务器和终端设备
CN113572861A (zh) * 2021-09-27 2021-10-29 北京华安天成智能技术有限公司 配置文件管理方法、装置、设备及存储介质
CN113784331A (zh) * 2020-06-09 2021-12-10 华为技术有限公司 更新用户身份识别模块卡系统数据的方法及装置

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110545309B (zh) * 2019-08-07 2022-08-19 中国联合网络通信集团有限公司 物联网终端eUICC卡管理方法、装置及系统
FR3105703A1 (fr) * 2019-12-20 2021-06-25 Orange Technique d’administration d’un profil d’accès à un réseau de communication
CN114513787A (zh) * 2021-12-29 2022-05-17 博鼎实华(北京)技术有限公司 eSIM终端码号下载流程一致性测试方法及装置
CN117135620A (zh) * 2023-02-01 2023-11-28 荣耀终端有限公司 Profile文件下载管理方法、电子设备及计算机存储介质

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104703199A (zh) * 2013-12-05 2015-06-10 华为终端有限公司 嵌入式通用集成电路卡的管理方法、相关设备及系统
WO2015081545A1 (fr) * 2013-12-05 2015-06-11 华为终端有限公司 Procédé de contrôle de sécurité pour euicc et euicc
US20160277930A1 (en) * 2015-03-22 2016-09-22 Apple Inc. Methods and apparatus for user authentication and human intent verification in mobile devices
CN106162602A (zh) * 2014-08-14 2016-11-23 三星电子株式会社 用于群组设备的配置文件下载的方法和装置

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7600015B2 (en) * 2004-06-28 2009-10-06 Nokia Corporation User confirmation in data downloading
CN101505549B (zh) * 2008-02-04 2012-08-08 华为技术有限公司 终端设备的配置方法和装置
CN101777101B (zh) * 2010-01-22 2013-12-18 北京深思洛克软件技术股份有限公司 一种提高智能密钥设备易用性的方法和智能密钥设备
JP2011257954A (ja) * 2010-06-08 2011-12-22 Sony Corp 更新管理サーバ、電子機器、更新管理システム及びその方法
KR102502503B1 (ko) * 2015-05-07 2023-02-23 삼성전자 주식회사 프로파일 제공 방법 및 장치

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104703199A (zh) * 2013-12-05 2015-06-10 华为终端有限公司 嵌入式通用集成电路卡的管理方法、相关设备及系统
WO2015081545A1 (fr) * 2013-12-05 2015-06-11 华为终端有限公司 Procédé de contrôle de sécurité pour euicc et euicc
CN106162602A (zh) * 2014-08-14 2016-11-23 三星电子株式会社 用于群组设备的配置文件下载的方法和装置
US20160277930A1 (en) * 2015-03-22 2016-09-22 Apple Inc. Methods and apparatus for user authentication and human intent verification in mobile devices

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110446201A (zh) * 2019-09-20 2019-11-12 恒宝股份有限公司 一种实现eSIM远程配置的通信模组、通信方法及系统
CN110446201B (zh) * 2019-09-20 2022-03-18 恒宝股份有限公司 一种实现eSIM远程配置的通信模组、通信方法及系统
CN111142892A (zh) * 2019-12-30 2020-05-12 飞天诚信科技股份有限公司 ios应用程序自动安装方法及通信装置
CN113784331A (zh) * 2020-06-09 2021-12-10 华为技术有限公司 更新用户身份识别模块卡系统数据的方法及装置
CN113784331B (zh) * 2020-06-09 2022-12-30 华为技术有限公司 更新用户身份识别模块卡系统数据的方法及装置
CN113132990A (zh) * 2021-04-19 2021-07-16 东信和平科技股份有限公司 一种基于eSIM的Profile远程订阅方法及服务器和终端设备
CN113572861A (zh) * 2021-09-27 2021-10-29 北京华安天成智能技术有限公司 配置文件管理方法、装置、设备及存储介质
CN113572861B (zh) * 2021-09-27 2021-12-28 北京华安天成智能技术有限公司 配置文件管理方法、装置、设备及存储介质

Also Published As

Publication number Publication date
CN109792604A (zh) 2019-05-21
CN109792604B (zh) 2021-12-03

Similar Documents

Publication Publication Date Title
WO2018129754A1 (fr) Procédé de gestion de fichier de configuration d'euicc et dispositif associé
US11076295B2 (en) Remote management method, and device
RU2414086C2 (ru) Аутентификация приложения
KR101202671B1 (ko) 사용자가 가입자 단말에서 단말 장치에 원격으로 접속할 수있게 하기 위한 원격 접속 시스템 및 방법
KR101243073B1 (ko) 단말기 구성 및 관리를 위한 방법 및 단말기 장치
WO2015029945A1 (fr) Procédé de transfert de profil de membre, système de transfert de profil de membre et dispositif d'utilisateur
WO2016197764A1 (fr) Procédé, appareil et système de traitement de données reposant sur une entrée d'application mobile
WO2021004392A1 (fr) Procédé, dispositif et serveur d'authentification
KR20160067776A (ko) 보안 모듈의 가입자 프로파일 프로비저닝 방법
US20120115455A1 (en) Secure bootstrap provisioning of electronic devices in carrier networks
CN112533211B (zh) eSIM卡的证书更新方法和系统以及存储介质
CN114157432B (zh) 数字证书获取方法、装置、电子设备、系统和存储介质
WO2015176465A1 (fr) Procédé et appareil de gestion de compte
WO2018129753A1 (fr) Procédé et dispositif de chargement aval d'un ensemble d'informations d'abonnement, et équipement associé
CN114598555B (zh) 一种不同平台可切换的播报实现方法及系统
JP6783527B2 (ja) 電子鍵再登録システム、電子鍵再登録方法およびプログラム
CN115296822B (zh) 一种业务处理的实现方法及系统
WO2020201051A1 (fr) Procédés et appareil permettant une protection de données de bout en bout
WO2023273279A1 (fr) Système et procédé d'authentification de réseau pour robot
US20240031805A1 (en) Download of a subscription profile to a communication device
WO2023221502A1 (fr) Procédé et système de transmission de données, et passerelle de gestion de sécurité de signalisation
JP2012138729A (ja) データ処理装置、プログラム、およびデータ処理システム
KR20240042059A (ko) 위임 eUICC 프로파일 관리
Yuan et al. eSIM Technology in IoT Architecture
WO2023237187A1 (fr) Fourniture d'un profil d'abonnement à un module d'abonné

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17891944

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17891944

Country of ref document: EP

Kind code of ref document: A1