WO2018165983A1

WO2018165983A1 - Euicc profile deletion method and device

Info

Publication number: WO2018165983A1
Application number: PCT/CN2017/077129
Authority: WO
Inventors: 龙水平
Original assignee: 华为技术有限公司
Priority date: 2017-03-17
Filing date: 2017-03-17
Publication date: 2018-09-20
Also published as: CN109792601B; CN109792601A

Abstract

Disclosed in the embodiments of the present invention are an eUICC profile deletion method and device. An eUICC profile deletion method, comprising: receiving an eUICC profile deletion request, the eUICC profile deletion request carrying authentication confirmation information; verifying the authentication confirmation information; in the case where the authentication confirmation information has passed the verification, sending, to the eUICC of a terminal, an instruction to delete the eUICC profile, the instruction to delete the eUICC profile being used for instructing the eUICC to delete the eUICC profile. The embodiments of the present invention can reduce the risk of financial losses associated with eUICC data or information leakage associated with eUICC data, after a terminal has been lost.

Description

Method and device for deleting eUICC configuration file

Technical field

The present invention relates to the field of eUICC telecommunications smart cards, and in particular, to a method and a device for deleting an eUICC configuration file.

Background technique

The eUICC Telecom Smart Card is a removable or non-removable Universal Integrated Circuit Card (UICC) that performs remote profile management in a secure manner or performs local profile management (eg, end-user triggered configuration) File activation, deactivation or deletion, etc.). The term eUICC is derived from the embedded UICC, which can be embedded in the terminal in a single chip form, or as part of other single chips in the terminal (such as modem chips, application processor chips), but does not mean that it must be embedded in the terminal. It can't be moved, it can also be a removable card form, just like a Subscriber Identification Module (SIM) card, a Micro SIM card or a Nano SIM card. The eUICC Profile is a combination of data and applications. In order to provide mobile network services to the terminal, it is configured or installed on the eUICC. The so-called services include calling, sending and receiving text messages or data services. The Profile can also be regarded as a SIM software module. Like the traditional SIM card, it performs functions such as authentication calculation and key generation when the terminal accesses the mobile network. The traditional SIM card is to harden the data and the application on the SIM card, and the user cannot delete it. The eUICC is different. The eUICC configuration file can be downloaded to the eUICC remotely. The user can also delete the eUICC configuration file through local management.

At present, various accounts of the user (such as bank card accounts, e-wallet accounts, etc.) are basically associated with the data of the smart card of the telecommunication smart card. When the terminal is lost and the data of the telecommunication smart card is not cleared, the user of the lost terminal is brought Security risks such as loss of assets or information leakage. In the prior art, the anti-theft function of the terminal is generally implemented by an anti-theft application (or a mobile phone retrieving application) on the operating system, and the user can enable the anti-theft function on the terminal. When the terminal is lost, the user logs in to the website of the terminal manufacturer through the anti-theft application. The server sends a remote command to the terminal, thereby implementing remote management of the lost terminal, and causing the terminal to perform positioning and deleting data of the terminal (such as pictures, address books, short messages, etc. in the terminal). Although the anti-theft function of the terminal can cause the terminal to perform functions such as positioning and deleting data according to the remote management command after the loss, the terminal deletes only the data related to the operating system, and cannot delete the data on the telecommunication smart card. In addition, a significant percentage of users have not enabled the phone anti-theft feature.

Summary of the invention

An embodiment of the present invention provides a method and a device for deleting an eUICC configuration file, where the eUICC configuration file of the terminal is deleted, the data of the eUICC of the telecommunication smart card is cleared, and the data associated with the eUICC is deleted after the terminal is lost. The risk of asset loss or information disclosure associated with eUICC's data.

A first aspect of the embodiments of the present invention provides a method for deleting an eUICC configuration file, including:

Receiving an eUICC configuration file deletion request, where the eUICC configuration file deletion request carries authentication confirmation information;

Verifying the authentication confirmation information;

When the verification of the authentication confirmation information is passed, the instruction to delete the eUICC configuration file is sent to the eUICC of the terminal, where the instruction to delete the eUICC configuration file is used to instruct the eUICC to delete the eUICC configuration file.

In the first possible implementation manner of the first aspect, the eUICC configuration file may be deleted in two manners. In addition to the request: receiving an eUICC profile delete request sent by the eUICC remote management server; or receiving an eUICC profile delete request through the application interface. For example, the eUICC configuration file deletion request sent by the subscription manager data preparation (Data Preparation+, (SM-DP+) server) is received, and the eUICC sent by the local anti-theft application of the terminal is received through an application programming interface (API). Profile delete request.

In conjunction with the first possible implementation manner of the first aspect, in a second possible implementation, if the eUICC configuration file deletion request sent by the eUICC remote management server is received, the eUICC configuration file deletion request is received before receiving the eUICC configuration file deletion request. An indication sent by the eUICC to connect to the eUICC remote management server, where the indication carries an address of the eUICC remote management server. And establishing, by the eUICC remote management server, a communication connection with the eUICC remote management server, thereby receiving an eUICC configuration file deletion request sent by the eUICC remote management server.

In conjunction with the first possible implementation of the first aspect, in a third possible implementation, if the eUICC configuration file deletion request sent by the eUICC remote management server is received, the eUICC configuration file deletion request further carries the location acquisition Instructing, after the sending, by the eUICC of the terminal, the instruction to delete the eUICC configuration file, the method further includes: receiving a deletion success indication returned by the eUICC; and returning the deletion success indication and the location to the eUICC remote management server according to the location obtaining indication The location information of the terminal.

In a fourth possible implementation manner of the first aspect, the authentication confirmation information includes: an authentication confirmation personal code; or a message digest of the authentication confirmation personal code; or a message digest of the first data, where The first data includes the authentication confirmation personal code and eUICC profile information; or a message digest of the second data, wherein the second data includes the eUICC profile information and part of the authentication confirmation individual code.

In a fifth possible implementation manner of the first aspect, the instruction to delete the eUICC configuration file is an eUICC storage reset instruction, and the eUICC storage reset instruction is used to instruct the eUICC to delete all the operating eUICC configuration files.

In a sixth possible implementation manner of the first aspect, the instruction for deleting the eUICC configuration file carries an eUICC lock indication, and the eUICC lock indication is used to indicate that the eUICC enters a locked state.

With reference to the sixth possible implementation manner of the first aspect, in a seventh possible implementation manner, after the sending, by the eUICC of the terminal, the instruction for deleting the eUICC configuration file, the method further includes: receiving an eUICC unlock request and an authentication confirmation of the user Entering information; in case the verification of the authentication confirmation input information is passed, sending an eUICC unlocking instruction to the eUICC, the eUICC unlocking instruction is used to indicate that the eUICC enters a normal state.

With the sixth possible implementation of the first aspect, in an eighth possible implementation manner, after the sending, by the eUICC of the terminal, the instruction to delete the eUICC configuration file, the method further includes: confirming that the personal identifier does not exist in the local authentication And if the eUICC lock indication sent by the eUICC is received, the unreceived eUICC profile download request state is entered.

The second aspect of the embodiment of the present invention provides another method for deleting an eUICC configuration file, including:

Receiving, by the local eUICC configuration file auxiliary module of the terminal, an instruction to delete the eUICC configuration file;

The eUICC configuration file is deleted according to the instruction to delete the eUICC configuration file.

In a first possible implementation manner of the second aspect, the local eUICC configuration file of the receiving terminal is assisted The instruction for deleting the eUICC configuration file sent by the module further includes: receiving a push command sent by the eUICC remote management server; sending, according to the push command, an indication of connecting the eUICC remote management server to the local eUICC configuration file auxiliary module, where the indication is Carrying the address of the eUICC remote management server.

With reference to the first possible implementation manner of the second aspect, in a second possible implementation manner, the push command is included in a security packet, and the security packet further includes application information for processing the push command. That is, the receiving the push command sent by the eUICC remote management server includes: receiving the security packet, wherein the security packet carries the root issuer security domain information and a push command sent by the eUICC remote management server; The sending, by the command, the indication to the local eUICC configuration file auxiliary module to connect to the eUICC remote management server includes: the root issuer security domain sending an indication to the local eUICC configuration file auxiliary module to connect to the eUICC remote management server according to the push command.

In a third possible implementation manner of the second aspect, after the deleting the eUICC configuration file according to the instruction for deleting the eUICC configuration file, the method further includes: sending a deletion success indication to the local eUICC configuration file auxiliary module.

In a fourth possible implementation manner of the second aspect, the instruction to delete the eUICC configuration file is an eUICC storage reset instruction, and the deleting the eUICC configuration file according to the instruction to delete the eUICC configuration file includes: storing according to the eUICC The reset instruction deletes all operational eUICC configuration files.

In a fifth possible implementation manner of the second aspect, the instruction for deleting the eUICC configuration file carries an eUICC lock indication; the method further includes: entering a locked state according to the eUICC lock indication.

With the fifth possible implementation of the second aspect, in a sixth possible implementation, after the entering the locked state according to the eUICC locking indication, the method further includes: receiving the eUICC sent by the local eUICC configuration file auxiliary module And an unlocking instruction, where the eUICC unlocking instruction is sent by the local eUICC profile auxiliary module after the verification of the user's authentication confirmation input information is passed; and the normal state is entered according to the eUICC unlocking instruction.

With the fifth possible implementation of the second aspect, in a seventh possible implementation, after the entering the locked state according to the eUICC locking indication, the method further includes: sending an eUICC lock to the local eUICC profile auxiliary module The indication, the eUICC lock indication is used to indicate that the local eUICC profile auxiliary module enters an unreceivable profile download request state if the local authentication confirmation personal identification code does not exist.

A third aspect of the embodiments of the present invention provides a method for deleting an eUICC configuration file, including:

Sending an eUICC configuration file deletion request to the local eUICC configuration file auxiliary module of the terminal, where the eUICC configuration file deletion request carries the authentication confirmation information;

The authentication confirmation information is used by the local eUICC configuration file auxiliary module to perform verification, and if the verification of the authentication confirmation information is passed, sending an instruction to delete the eUICC configuration file to the eUICC of the terminal, The instruction to delete the eUICC configuration file is used to instruct the eUICC to delete the eUICC configuration file.

In a first possible implementation manner of the third aspect, before the sending, by the local eUICC configuration file auxiliary module of the terminal, the eUICC configuration file deletion request, the method further includes: sending a push command to the eUICC, where the push command is used to indicate The eUICC sends an indication to the local eUICC profile auxiliary module to connect to the eUICC remote management server, where the indication carries the address of the eUICC remote management server.

In a second possible implementation manner of the third aspect, the eUICC configuration file deletion request further carries a location Obtaining an indication; the method further includes: receiving a deletion success indication returned by the local eUICC profile auxiliary module and location information of the terminal.

In a third possible implementation manner of the third aspect, the authentication confirmation information includes: an authentication confirmation personal code; or a message digest of the authentication confirmation personal code; or a message digest of the first data, where The first data includes the authentication confirmation personal code and eUICC profile information; or a message digest of the second data, wherein the second data includes the eUICC profile information and part of the authentication confirmation individual code.

A fourth aspect of the embodiments of the present invention provides a local eUICC configuration file auxiliary module, including:

a deletion request receiving unit, configured to receive an eUICC configuration file deletion request, where the eUICC configuration file deletion request carries authentication confirmation information;

a verification unit, configured to verify the authentication confirmation information;

a deletion instruction sending unit, configured to send an instruction to delete an eUICC configuration file to the eUICC of the terminal, where the instruction to delete the eUICC configuration file is used to instruct the eUICC to delete the eUICC, if the verification of the authentication confirmation information is passed Configuration file.

In a first possible implementation manner of the fourth aspect, the deleting request receiving unit is specifically configured to: receive an eUICC configuration file deletion request sent by an eUICC remote management server; or receive an eUICC configuration file deletion request by using an application program interface.

With reference to the first possible implementation manner of the foregoing aspect, in a second possible implementation manner, the local eUICC configuration file auxiliary module further includes: an indication receiving unit, configured to receive the eUICC remote management sent by the eUICC An indication of the server, where the indication carries an address of the eUICC remote management server.

With reference to the first possible implementation manner of the fourth aspect, in a third possible implementation manner, the eUICC configuration file deletion request further carries a location acquisition indication; the local eUICC configuration file auxiliary module further includes: deleting successfully received And a location information returning unit, configured to return the deletion success indication and the location information of the terminal to the eUICC remote management server according to the location obtaining indication.

In a fourth possible implementation manner of the fourth aspect, the authentication confirmation information includes: an authentication confirmation personal code; or a message digest of the authentication confirmation personal code; or a message digest of the first data, where The first data includes the authentication confirmation personal code and eUICC profile information; or a message digest of the second data, wherein the second data includes the eUICC profile information and part of the authentication confirmation individual code.

In a fifth possible implementation manner of the fourth aspect, the instruction for deleting the eUICC configuration file includes an eUICC storage reset instruction, where the eUICC storage reset instruction is used to instruct the eUICC to delete all the operating eUICC configuration files.

In a sixth possible implementation manner of the fourth aspect, the instruction for deleting the eUICC configuration file carries an eUICC lock indication, and the eUICC lock indication is used to indicate that the eUICC enters a locked state.

With reference to the sixth possible implementation of the fourth aspect, in a seventh possible implementation, the local eUICC profile auxiliary module further includes: an unlock request receiving unit, configured to receive the eUICC unlock request and the authentication of the user Confirming the input information; the unlocking instruction sending unit is configured to send an eUICC unlocking instruction to the eUICC, where the verification of the authentication confirmation input information is passed, the eUICC unlocking instruction is used to indicate the eUICC Enter the normal state.

With reference to the sixth possible implementation manner of the foregoing aspect, in the eighth possible implementation, the local eUICC configuration file auxiliary module further includes: a reject status entry unit, configured to confirm the personal identification code in the local authentication If there is an eUICC lock indication sent by the eUICC, the unreachable eUICC profile download request state is entered.

A fifth aspect of the embodiments of the present invention provides an eUICC, including:

a deletion instruction receiving unit, configured to receive an instruction for deleting an eUICC configuration file sent by a local eUICC configuration file auxiliary module of the terminal;

And a deleting unit, configured to delete the eUICC configuration file according to the instruction to delete the eUICC configuration file.

In a first possible implementation manner of the fifth aspect, the eUICC further includes: a push command receiving unit, configured to receive a push command sent by the eUICC remote management server; and an indication sending unit, configured to send the command according to the push command The local eUICC profile auxiliary module sends an indication of connecting to the eUICC remote management server, where the indication carries the address of the eUICC remote management server.

With reference to the first possible implementation manner of the fifth aspect, in a second possible implementation manner, the push command receiving unit is specifically configured to receive a security packet, where the security packet carries a root issuer security domain information And the push command sent by the eUICC remote management server; the indication sending unit includes a root issuer security domain, configured to send an indication of connecting the eUICC remote management server to the local eUICC profile auxiliary module according to the push command.

In a third possible implementation manner of the fifth aspect, the eUICC further includes: a deletion success sending unit, configured to send a deletion success indication to the local eUICC profile auxiliary module.

In a fourth possible implementation manner of the fifth aspect, the deleting the eUICC configuration file includes: eUICC storing a reset instruction; and the deleting unit is specifically configured to delete all the operating eUICC configuration files according to the eUICC storage reset instruction.

In a fifth possible implementation manner of the fifth aspect, the instruction for deleting the eUICC configuration file carries an eUICC lock indication; the eUICC further includes a lock status entry unit, configured to enter a lock state according to the eUICC lock indication.

With reference to the fifth possible implementation manner of the fifth aspect, in a sixth possible implementation, the eUICC further includes: an unlocking instruction receiving unit, configured to receive an eUICC unlocking instruction sent by the local eUICC configuration file auxiliary module The eUICC unlocking instruction is sent by the local eUICC configuration file auxiliary module in the case that the verification of the user's authentication confirmation input information is passed; the normal state entering unit is configured to enter a normal state according to the eUICC unlocking instruction.

With reference to the fifth possible implementation manner of the fifth aspect, in a seventh possible implementation, the eUICC further includes: a lock indication sending unit, configured to send an eUICC lock indication to the local eUICC profile auxiliary module, The eUICC lock indication is used to instruct the local eUICC profile auxiliary module to enter a non-receivable profile download request state if the local authentication confirmation personal identification code does not exist.

A sixth aspect of the embodiments of the present invention provides an eUICC remote management server, including:

a deletion request sending unit, configured to send an eUICC configuration file deletion request to the local eUICC configuration file auxiliary module of the terminal, where the eUICC configuration file deletion request carries the authentication confirmation information;

In a first possible implementation manner of the sixth aspect, the eUICC remote management server further includes: a push command sending unit, configured to send a push command to the eUICC, where the push command is used to indicate the eUICC The local eUICC profile auxiliary module sends an indication of connecting to the eUICC remote management server, where the indication carries the address of the eUICC remote management server.

In a second possible implementation manner of the sixth aspect, the eUICC configuration file deletion request further carries a location acquisition indication; the eUICC remote management server further includes: a location information receiving unit, configured to receive the local eUICC configuration file The deletion success indication returned by the auxiliary module and the location information of the terminal.

In a third possible implementation manner of the sixth aspect, the authentication confirmation information includes: an authentication confirmation personal code; or a message digest of the authentication confirmation personal code; or a message digest of the first data, where The first data includes the authentication confirmation personal code and eUICC profile information; or a message digest of the second data, wherein the second data includes a portion of the authentication confirmation personal code and the eUICC configuration file information.

A seventh aspect of the embodiments of the present invention provides a terminal, including: a processor, a memory, and a transceiver, wherein the processor, the memory, and the transceiver are connected to each other by a bus, wherein the memory is configured to store program code, and the processing The program is used to call the program code, and performs the following operations:

Verifying the authentication confirmation information;

An eighth aspect of the embodiments of the present invention provides another eUICC, including: a processor, a memory, and a communication interface, wherein the processor, the memory, and the communication interface are connected to each other, wherein the memory is used to store program code, and the processor is used by the processor. To invoke the program code, do the following:

A ninth aspect of the embodiments of the present invention provides another eUICC remote management server, including: a processor, a memory, and a transceiver, wherein the processor, the memory, and the transceiver are connected to each other by a bus, wherein the memory is used to store the program code. The processor is configured to invoke the program code and perform the following operations:

The authentication confirmation information is used by the local eUICC configuration file auxiliary module to perform verification, and in the case that the verification of the authentication confirmation information is passed, the instruction to delete the eUICC configuration file is sent to the eUICC of the terminal. The instruction to delete the eUICC configuration file is used to instruct the eUICC to delete the eUICC configuration file.

In the embodiment of the present invention, the names of the local eUICC configuration file auxiliary module and the eUICC remote management server are not limited to the device itself. In actual implementation, these devices may appear under other names. As long as the functions of the respective devices are similar to the present application, they are within the scope of the claims and their equivalents.

In the embodiment of the present invention, the eUICC configuration file deletion request is received, and the authentication confirmation information in the eUICC configuration file deletion request is verified. When the authentication confirmation information is verified, the eUICC configuration file is deleted from the eUICC of the terminal. An instruction to instruct the eUICC to delete the eUICC configuration file, where the foregoing process may be performed after the terminal is lost, reducing the risk of asset loss associated with the eUICC data or information leakage associated with the eUICC data after the terminal is lost.

DRAWINGS

In order to more clearly illustrate the technical solutions in the embodiments of the present invention or the background art, the drawings to be used in the embodiments of the present invention or the background art will be described below.

FIG. 1 is a structural diagram of a method for implementing an embodiment of the present invention according to an embodiment of the present invention;

2 is another structural diagram of a method for implementing an embodiment of the present invention according to an embodiment of the present invention;

3 is a schematic flowchart of a method for deleting an eUICC configuration file according to an embodiment of the present invention;

4a is a user interaction interface diagram of an eUICC in a locked state according to an embodiment of the present invention;

FIG. 4b is a diagram of another user interaction interface in which the eUICC is in a locked state according to an embodiment of the present invention; FIG.

4c is a diagram of a user interaction interface in which a eUICC is in a normal state according to an embodiment of the present invention;

4d is a diagram of a user interaction interface of another eUICC in a normal state according to an embodiment of the present invention;

4e is a user interaction interface diagram of an LPA in an unreceivable profile download request state according to an embodiment of the present invention;

FIG. 4f is a diagram of a user interaction interface of another LPA in an unreceivable profile download request state according to an embodiment of the present invention; FIG.

FIG. 5 is a schematic flowchart of another method for deleting an eUICC configuration file according to an embodiment of the present disclosure;

FIG. 6 is a schematic flowchart of still another method for deleting an eUICC configuration file according to an embodiment of the present disclosure;

FIG. 7 is a schematic flowchart of still another method for deleting an eUICC configuration file according to an embodiment of the present invention;

FIG. 8 is a schematic flowchart of still another method for deleting an eUICC configuration file according to an embodiment of the present disclosure;

FIG. 9 is a schematic structural diagram of a local eUICC configuration file auxiliary module according to an embodiment of the present disclosure;

FIG. 10 is a schematic structural diagram of a terminal according to an embodiment of the present disclosure;

FIG. 11 is a schematic structural diagram of an eUICC according to an embodiment of the present disclosure;

FIG. 12 is a schematic structural diagram of another eUICC according to an embodiment of the present disclosure;

FIG. 13 is a schematic structural diagram of an eUICC remote management server according to an embodiment of the present invention;

FIG. 14 is a schematic structural diagram of an eUICC remote management server according to an embodiment of the present invention.

detailed description

The technical solutions in the embodiments of the present invention will be described below with reference to the accompanying drawings in the embodiments of the present invention.

In the structure of the terminal (Device, Mobile Station, Terminal or User Equipment), the Profile Assistant (LPA) module is used to implement related management operations on the Profile and eUICC modules (such as profile download and installation, remote profile management, and Remote eUICC management, etc., in the case that the terminal is lost, the anti-theft application module or the user of the terminal may perform a management operation on the eUICC module by notifying the LPA module, instructing the eUICC module to delete the profile, wherein the LPA module and the eUICC module may be Two modules that are separated from each other and have a physical or logical connection relationship, such as an LPA module, are present on the baseband chip, on the application processor, or on other hardware modules of the terminal; the LPA module can also exist directly on the eUICC module.

In a possible implementation manner, the deletion of the profile (ie, the eUICC configuration file) may be implemented based on the eUICC management system. The specific architecture of the eUICC management system is shown in Figure 1. The SM-DP+ server is used to prepare the profile, the prepared profile is securely sent to the eUICC module of the terminal, and the profile is remotely managed. The SM-DP+ can be deployed. On the server of the operator, eUICC manufacturer, original equipment manufacturer (OEM) or other party; the Subscription Manager Discovery Service (SM-DS) server is used to provide (a Or the SM-DP+ address or the SM-DP address is replaced by the terminal, and the terminal can establish a connection with the SM-DP+ through the SM-DP+ address, or the terminal further obtains the SM-DP+ address by replacing the SM-DS; the terminal includes LPA module and eUICC module, eUICC module is used to implement various functions of SIM card and configuration and management functions of profile and eUICC; Operator Business Supporting System (Operator BSS) is used to order profiles to SM-DP+. And request to manage the profile on the eUICC; the end user (End User) is the end user / (operator's) mobile user; eUICC manufacturing (EUICC Manufacturer, EUM) is a manufacturer of eUICC. SM-DP+, SM-DS are all called eUICC remote management servers (or remote SIM configuration servers). In the case that the terminal is lost, the user can contact the operator to report the loss of the profile, and then the operator's management personnel operate on the Operator BSS, and send the remote profile remote management command to the SM-DP+ through the Operator BSS (management operation of the management command) The type is set to delete), and the profile remote management command is sent by the SM-DP+ to the LPA module; after receiving the profile remote management command sent by the SM-DP+, the LPA module instructs the eUICC module to delete the profile.

In another possible implementation manner, the deletion of the profile may be implemented based on the local anti-theft application of the terminal. The system architecture for deleting the profile based on the local anti-theft application can be as shown in FIG. 2, wherein the OEM (Original Equipment Manufacture Server, OEM Server) is the server of the manufacturer of the production terminal, and can provide the cloud service for the end user (mobile phone positioning) , anti-theft, photo or address book synchronization) and other services; local anti-theft application is an application running on the terminal operating system, can achieve the terminal's anti-theft function, in the case of networking can communicate with the OEM Server, OEM Server can be local anti-theft The application sends a remote command; the LPA module and the eUICC module are used to implement communication functions such as calling, sending and receiving short messages of the terminal; and the local anti-theft application and the LPA module can communicate through the API. In the case that the terminal is lost, the user can log in to the portal corresponding to the terminal server (ie, OEM Portal), and initiate a request to delete the profile on the portal webpage. The OEM Server sends a request to delete the profile to the local anti-theft application, and the local anti-theft application uses the API to The LPA module sends a request to delete the profile. After receiving the request to delete the profile, the LPA module instructs the eUICC module to delete the profile.

In the above two possible implementation manners, before receiving the profile remote management command or deleting the profile request, the LPA module needs to determine whether the request of the sender is legal, and determines that the request of the sender is legal (for example, the sender obtains the license information of the user and sends the request. The eUICC module pairs the profile when the terminal is in the white list of the LPA module. Delete it.

The specific implementation flow of the method for deleting an eUICC configuration file provided by the implementation of the present invention in the architecture of FIG. 1 or FIG. 2 is described in the following. It should be noted that, in the following specific implementation, the LPA module of the LPA on behalf of the terminal, the eUICC module of the eUICC on behalf of the terminal, and the SM-DP+ on behalf of the eUICC remote management server (the eUICC remote management server are included, unless otherwise specified) But not limited to SM-DP+), Profile represents the eUICC configuration file (eUICC configuration files include but are not limited to Profile).

Referring to FIG. 3, FIG. 3 is a method for deleting an eUICC configuration file according to an embodiment of the present invention. The method of the embodiment of the present invention may be implemented in the system architecture shown in FIG. 1, including but not limited to the following steps:

Step S101: The Operator BSS sends a Remote Profile Management Order (RPMOrder) to the SM-DP+, where the RPMorer carries a Remote Profile Management Command (RPM Command) and an eUICC Identification (EID) , the Integrated Circuit Card Identification (ICCID), the eUICC lock indication (euiccLock), and the authentication identifier (Hash (Authenticated Confirmation Personal Identification Number) (ACP)), wherein the operation type of the RPM Command is set to Memory reset (euiccmemoryReset).

The ACP is a personal password used for authentication confirmation, and the end user (End User) confirms the terminal operation by inputting personal biometrics such as ACP or a substitute fingerprint.

Optionally, the RPMOrder may also carry an SM-DS address (Location-Flag), where the SM-DS Address is used for the SM-DP+ to generate a remote management event and notify the SM-DS to record the event. The locationFlag is used to instruct the LPA to acquire current or historical location information of the terminal.

Specifically, when the operation type of the PRM Command is eucememoryReset, it is used to instruct the eUICC to delete all the operation profiles (Operational Profiles), wherein the Operational Profile supports a subscription between the user and the operator, and allows the terminal to connect to a mobile network, the Operational Profile. The non-telecom service may also be included. Alternatively, in another implementation manner, when the operation type of the PRM Command is eucememoryReset, the eUICC may also be used to instruct the eUICC to delete all the Operational Profiles and Provisioning Profiles, wherein Provisioning The Profile is only used to connect to a mobile network and configure profiles on the eUICC (such as downloading profiles, remote profile enable or delete operations). The Provisioning Profile is a profile that maintains and sets functions.

The Hash (ACP) is the authentication confirmation information, and the authentication confirmation information may also be the message digest of the first data, where the first data includes the ACP and the profile information, that is, the Hash (ACP) may be replaced with the Hash ( ACP|Profile information), the symbol "|" is used to concatenate the two data before and after; it can also be a message digest of the second data, wherein the second data includes part of the ACP and profile information, ie Hash (ACP) can be replaced with Hash (partial ACP|Profile information), the authentication confirmation information can also be ACP, that is, Hash (ACP) can be replaced with ACP.

Specifically, the profile information may be, for example, an identifier (EID), a profile owner (Profileowner), an ICCID, or an operator name of the eUICC where the profile is located.

The first data and the second data are described below by way of example. Assume that the ACP is 123456 and the profile information is the carrier name (assumed to be CMCC). If the first, third and fifth characters of the ACP are agreed to be part of the ACP, the first data is Hash (123456|CMCC), which is the first. The data is 123456|CMCC message digest; the second data is Hash (135|CMCC), that is, the second data is a message digest of 135|CMCC.

Specifically, the ACP (or part of the ACP) is provided by the user to the Operator BSS. For example, after discovering that the terminal is lost, the user reports the loss to the operator's customer service personnel and authenticates the identity (for example, by saying the customer service password or presenting the ID card), and the ACP (or part of the ACP) is provided to the operator after the identity authentication is passed. The customer service personnel, then the operator's customer service personnel record the ACP (or part of the ACP) to the Operator BSS. Profile information such as EID, Profileowner, ICCID, and carrier name may exist in the Operator BSS or other systems of the operator.

Specifically, the Operator BSS may use a standard hash algorithm to abstract the ACP, the first data, or the second data. The Hash algorithm may be, for example, a first Secure Hash Algorithm (SHA)-1. The second secure hash algorithm SHA-2, SHA-256, and the like.

Specifically, eucicLock=True, eucicLock is used to indicate the state that eUICC needs to enter, and when eucicLock=True or eucicLock is set to be valid, it indicates that eUICC enters the locked state.

Step S102: The SM-DP+ performs a legality check.

Specifically, SM-DP+ checks the EID or ICCID to see if it belongs to its management scope.

Step S103: The SM-DP+ generates a profile remote management pending event (pending RPM order).

Specifically, each RPM Order event has an Event Identification (EventID).

Specifically, SM-DP+ can find the pending RPM order through eventID or EID.

Optionally, the SM-DP+ may also perform remote management event registration at the SM-DS for query by the LPA. The SM-DS stores the address, eventID and EID of the SM-DP+.

Specifically, the LPA may initiate a query request to the SM-DS (the EID is carried in the query request). If the SM-DS queries the event record corresponding to the EID (the event record includes the eventID and the SM-DP+ address), then the SM- DS returns the event record to the LPA.

At this point, the SM-DP+ saves the remote management event of the eUICC of the terminal, waits for the LPA of the terminal to initiate a connection and performs a remote management operation.

Specifically, the LPA obtains the address of the SM-DP+ to initiate a connection to the SM-DP+. In a possible implementation manner, the LPA can be from the SM-DS under the conditions of user operation, power-on, timing trigger, or eUICC trigger. Obtaining the SM-DP+ address and the EventID, the LPA can initiate a connection to the SM-DP+ and send the EventID to the SM-DP+; in another possible implementation, the LPA obtains the address of the SM-DP+ saved in itself, eUICC or Profile. Then initiate a connection to SM-DP+ and send the EID to SM-DP+.

Optionally, the SM-DP+ can also actively inform the LPA of the address of the SM-DP+ in a push manner to trigger the LPA to quickly initiate a connection.

Specifically, the SM-DP+ can transmit the address of the SM-DP+ to the LPA by using a terminal manufacturer's Push Service. SM-DP+ can use a new Request Type, such as "Request for ES interface" or "Request for ES9+interface", to indicate that the LPA establishes a connection to SM-DP+, SM-DP+ through the ES/ES9+ interface. The address of the Request Type and the SM-DP+ itself may be carried as a destination address (Data destination Address) in a push command (Push Command) and pushed to the LPA by the terminal manufacturer's Push Service.

Specifically, the SM-DP+ may also send the address of the SM-DP+ to the eUICC based on an Over The Air (OTA) of the Short Message Service (SMS), and then send it to the LPA by the eUICC. The OTA-based implementation flow is described below through steps S104-105.

Step S104: The SM-DP+ carries the Push Command (Request for ES/ES9+interface, Data destination Address=RSP Server IP address) in the Secured Packet, and sends it to the eUICC based on the air interface mechanism, where the Secured Packet is used. It also carries the Toolkit Application Reference (TAR), TAR=Issuer Security Domain-Root (ISD-R).

Specifically, TAR=ISD-R is used to indicate that the Push Command is processed by the ISD-R application of the eUICC.

Optionally, the Secured Packet can be generated by the SM-DP+, and then the SM-DP+ sends the Secured Packet to the OTA server of the operator. The OTA server sends the Secured Packet to the eUICC. The Secured Packet can also be generated by the OTA server. First, The SM-DP+ sends the Push Command to the operator's OTA server, the operator OTA server generates the Secured Packet, and then sends the Secured Packet to the eUICC.

Step S105: The eUICC sends an Open Channel command to the LPA, where the Open Channel carries the address of the destination server SM-DP+ (RSP Server IP address), the bearer type (Bearer Type), and the interface transmission type between the terminal and the eUICC ( UICC/terminal interface transport level), where Bearer Type=ES/ES9+interface, UICC/terminal interface transport level=ES10interface.

Specifically, the Open Channel is an active command initiated by the eUICC to the LPA.

Specifically, the eUICC parses the Secured Packet, and then the ISD-R application in the eUICC extracts the request type and the SM-DP+ address from the Push Command, and generates a Bearer Type and a UICC/terminal interface transport level based on the request type, together with the SM- The address of DP+ is placed in the Open Channel command.

Specifically, BearerType=ES/ES9+interface is a new Bearer Type, which is used to indicate that the connection between the LPA and the SM-DP+ is established through the ES/ES9+ interface.

Specifically, the UICC/terminal interface transport level=ES10interface is a new UICC/terminal interface transport level, which is used to indicate that the ES10 interface is adopted between the eUICC and the terminal (LPA).

Step S106: The LPA establishes a Transport Layer Security (TLS) connection with the SM-DP+.

Specifically, for example, the LPA performs one-way certificate authentication on the SM-DP+, and establishes a TLS connection after the authentication is passed.

Step S107: The SM-DP+ and the eUICC perform two-way authentication based on the HyperText Transfer Protocol Secure (HTTPS).

Specifically, HTTPS runs on top of a TLS connection.

Specifically, the LPA obtains the eUICC challenge value and the like from the eUICC, sends an HTTPS request (including the eUICC challenge value) to the SM-DP+, triggers the eUICC and the SM-DP+ to perform bidirectional authentication, and the bidirectional authentication data exchange passes the HTTPS request and response. Message and interface implementation of LPA and eUICC. In the two-way authentication process, the eUICC generates its own authentication signature value (euiccSignature1) and sends eucicSignature1 to SM-DP+, SM-DP+ and eUICC both store eucicSignature1; meanwhile, SM-DP+ will authenticate the certificate (CERT. DPauth.ECDSA) is sent to eUICC, eUICC saves CERT.DPauth.ECDSA; after two-way authentication is passed, SM-DP+ generates session identification (TransactionID).

Step S108: The SM-DP+ lookup obtains the pending RPM order.

Specifically, in the two-way authentication process, the terminal sends an EID to the SM-DP+.

Specifically, the SM-DP+ can find the pending RPM order based on the EID lookup.

Step S109: SM-DP+ generates data to be signed (smdpSigned3), smdpSigned3={TransactionID, RPM Command, eucicLock, Hash (ACP)}.

In another implementation, smdpSigned3={TransactionID, RPM Command, eucicLock, Hash (ACP), locationFlag}.

Specifically, the TransactionID is generated by SM-DP+ during the establishment of the RSP session.

Step S110: SM-DP+ performs signature calculation on smdpSigned3 and eucicSignature1 using the private key (SK.DPrpm.ECDSA) to generate a signature value (smdpSignature3).

Specifically, SM-DP+ may generate a digest of smdpSigned3|euiccSignature1, and then encrypt the digest with SK.DPrpm.ECDSA to generate smdpSignature3. For example, A={smdpSigned3, eucicsignature1}, the abstract is obtained by summing A, and the result of encrypting the digest a by SK.DPrpm.ECDSA is the signature value smdpSignature3.

Step S111: SM-DP+ sends smdpSigned3, smdpSignature3 and Remote Profile Management (RPM) certificate (CERT.DPrpm.ECDSA) to the LPA.

At this point, the SM-DP+ sends a profile deletion request carrying the RPM Command to the LPA, instructing the terminal to delete the profile, and the profile deletion request carries smdpSigned3, smdpSignature3, and CERT.DPrpm.ECDSA.

Step S112: The LPA verifies the Hash (ACP).

Specifically, the LPA obtains the locally stored ACP, extracts the local ACP into a hash (local ACP), and compares the Hash (ACP) with the Hash (local ACP). If the Hash (ACP) is the same as the Hash (local ACP), then The verification of the Hash (ACP) is passed, that is, the verification of the authentication confirmation information is passed.

Optionally, if the authentication confirmation information received by the LPA is the message digest of the first data, the LPA obtains the locally stored ACP and profile information, and abstracts the local ACP and the profile information to obtain a hash (local ACP|Profile information). Comparing the message digest of the first data with the Hash (local ACP|Profile information), if the message digest of the first data is the same as the Hash (local ACP|Profile information), the verification of the message digest of the first data is passed, ie The authentication of the authentication confirmation information is passed; if the authentication confirmation information received by the LPA is the message digest of the second data, the locally stored local ACP and profile information is obtained, and the local part ACP is obtained from the local ACP, and the local part is obtained. ACP and profile information are abstracted to get Hash (local part ACP|Profile information), and the message digest of the second data is compared with Hash (local part ACP|Profile information), if the message digest of the second data and Hash (local part ACP) If the profile information is the same, the verification of the message digest of the second data is passed, that is, the verification of the authentication confirmation information is passed; if the authentication confirmation information received by the LPA is the ACP, the LPA The ACP is compared with the local ACP. If the ACP is the same as the local ACP, the authentication confirmation information is verified. The LPA may obtain the profile information from the profile deletion request, or obtain the profile information from the RPM Command, or obtain the profile information from the eUICC.

Specifically, in the case where the verification of the Hash (ACP) is passed, the LPA performs step S113; in the case where the verification of the Hash (ACP) does not pass, the LPA terminates the profile deletion process.

Step S113: The LPA sends a load RPMCommand command (LoadRPMCommand) to the eUICC, where the LoadRPMCommand carries smdpSigned3, smdpSignature3, and CERT.DPrpm.ECDSA.

Specifically, the LoadRPMCommand is an instruction to delete the profile, and is used to indicate that the eUICC is based on the PRM. Command's action type deletes the profile.

Optionally, if smdpSigned3={TransactionID, RPM Command, eucicLock, Hash (ACP), locationFlag}, the LPA also acquires the location information of the terminal and returns the location information of the terminal to the SM-DP+.

Specifically, the LPA can acquire the current or historical geographical location information of the terminal by using a positioning system such as a Global Positioning System (GPS) or a Beidou system of the terminal, and return the geographical location information to the SM-DP+; the LPA can also acquire the terminal. The cell list in the vicinity of the cell in the current or previous time and the signal strength of each cell, and return the cell list and its corresponding signal strength list to the SM-DP+; the LPA can also be obtained in the search range of the terminal. The list of wireless networks and the signal strength of each wireless network, and returning the list of wireless networks and their corresponding signal strengths to the SM-DP+.

Step S114: The eUICC verifies that CERT.DPrpm.ECDSA is legal and belongs to the same SM-DP+ as CERT.DPauth.ECDSA, and verifies that the TransactionID matches the current Remote SIM Provisioning (RSP) session.

Specifically, the eUICC compares the two SM-DP+OIDs obtained by acquiring the SM-DP+ Object Identifications (OID) from CERT.DPrpm.ECDSA and CERT.DPauth.ECDSA respectively, if two The same SM-DP+OID determines that CERT.DPrpm.ECDSA and CERT.DPauth.ECDSA belong to the same SM-DP+.

Step S115: The eUICC verifies the smdpSignature3.

Specifically, the eUICC verifies the smdpSignature3 using the public key (PK.DPrpm.ECDSA), smdpSigned3, and eucicsignature1 corresponding to SK.DPrpm.ECDSA, where eucicSignature1 is the authentication signature value generated and saved by the eUICC during the establishment of the RSP session. .

Specifically, the eUICC generates a first digest of smdpSigned3|euiccSignature1, and then decrypts smdpSignature2 with PK.DPrpm.ECDSA to generate a second digest. When the first digest is the same as the second digest, the verification of smdpSignature3 is passed. For example, in SM-DP+, A={smdpSigned3, eucicSignature1}, a summary is obtained for A, and smdpSignature3 is a signature value obtained by encrypting the summary a with SK.DPrpm.ECDSA; when smdpSigned2 and smdpSignature3 are transmitted to In eUICC, the abstract is obtained by summarizing smdpSigned3|euiccSignature1 to obtain the abstract a1, and smdpSignature3 is decrypted by PK.DPrpm.ECDSA to generate a new digest b. When the digest a1 and the digest b are the same, the verification of smdpSignature2 is passed.

Step S116: The eUICC deletes all the Operational Profiles according to the eucicemoryReset.

Specifically, the eUICC extracts the RPM Command from the smdpSigned3, and the operation type of the PRM Command is set to euciccmoryReset, and the eUICC deletes all the Operational Profiles according to the operation type of the PRM Command.

Further, after the eUICC deletes all the Operational Profiles, the eUICC can also clear the Profile Policy Rules (PPR) information of the Operational Profile in the Profile Policy Enabler.

Step S117: The eUICC enters the locked state according to eucicLock.

Specifically, eUICC extracts eucicLock from smdpSigned3, and euciclock=True enters a locked state. After entering the locked state, eUICC downloads related commands to the profile sent by LPA (such as ES10a.GetEuiccConfiguredAddresses, ES10b.PrepareDownload, ES10b.GetEUICCChallenge, ES10b.AuthenticateServer) returns an error indication to the LPA, the error cause value indicating eUICC lock or service unavailable.

Optionally, after the eUICC enters the locked state, the LPA may also obtain the unlock request and the authentication confirmation input information of the user, and send an eUICC unlocking instruction to the eUICC when the verification of the authentication confirmation input information is passed, and the eUICC according to the eUICC The unlock command enters the normal state.

Specifically, the LPA obtains the ACP input by the user or the authentication fingerprint input information of the user fingerprint/voiceprint/iris instead of the ACP through the user interaction interface of the terminal, and inputs the authentication confirmation input information with the locally saved ACP or replaces the ACP. User fingerprint/voiceprint/iris and other information are matched. If the matching is consistent, the authentication confirmation input information is verified. The LPA sends an eUICC storage reset command (eUICCMemoryReset) to the eUICC, eUICCMemoryReset carries eucicLock, euciclock=False, and eUICC receives eUICCMemoryReset, in the case of eucicLock=False, the eUICC does not perform the deletion operation of the Operational Profile, but enters the normal state according to eucicLock. After the eUICC enters the normal state, the user can re-download the profile.

Specifically, the eUICCMemoryReset is a function instruction sent by the LPA defined in the official document (SGP22) of the Global System for Mobile Communication (GSM) Association to the eUICC, and can be used to instruct the eUICC to delete all the Operational Profiles and store them in the eUICC. Profile metadata (Metadata).

The following uses the terminal as a mobile phone as an example to describe the locked state and normal state of the eUICC. See Figures 4a-4d.

Figure 4a shows the user interaction interface after the user enters the LPA when the eUICC is in the locked state. The user interface has the “eUICC Unlock” option, the “Profile Download” option, and the “Profile Management” option. When the user clicks the “eUICC Unlock” option, “ When the profile download option or the "Profile management" option is selected, the user interaction interface is as shown in FIG. 4b, prompting the user to input ACP, and only when the ACP input by the user is correct, can the user enter the corresponding function interface (if The user clicks on the “Profile Management” option, and enters the profile management interface if the ACP entered by the user is correct; if the user clicks on the “Profile Download” option, the user enters the profile if the ACP entered by the user is correct. Download interface; if the user clicks "eUICC unlock", when the ACP input by the user is correct, the unlocked interface is entered, that is, the user interaction interface when the eUICC is in a normal state, as shown in FIG. 4c).

It should be noted that the user may also prompt the user to input a fingerprint or the like instead of the ACP authentication confirmation input information. Here, only the user is prompted to input the ACP as one of the examples.

Figure 4c shows the user interaction interface after the user enters the LPA when the eUICC is in a normal state. The user interaction interface has the "Profile download option and the "Profile management" option. When the user clicks the "Profile download" option, the user interaction interface is as shown in Fig. 4d. Show, enter the profile download interface.

In the embodiment of the present invention, after the terminal is lost, the user can send the RPMorder to the SM-DP+ through the Operator BSS, and the SM-DP+ generates the pending RPM order, and then carries the RPM Command, the euciclock, and the Hash (ACP) carried in the RPMorder in the eUICC configuration. The file deletion request is sent to the LPA. After the LPA verifies the Hash (ACP), the LPA sends the LoadRPMCommand to the eUICC. The LoadRPMCommand carries the RPM Command and the euciclock. The eUICC receives the RPM Command, and deletes all the operation profiles according to the RPM Command operation type and according to the eucicLock. Enter the locked state and delete it in time if the terminal is lost. Profile, which reduces the risk of asset loss associated with eUICC data or information leakage associated with eUICC data after the terminal is lost, and the eUICC enters a locked state so that the terminal user (such as a thief) cannot perform profile downloading, further improving Terminal security.

Referring to FIG. 5, FIG. 5 is a method for deleting another eUICC configuration file according to an embodiment of the present invention. The method of the embodiment of the present invention may be implemented on the system architecture shown in FIG. 2, where the method includes but is not limited to The following steps:

Step S201: The OEM portal (Portal) obtains the account and password input by the user.

Specifically, the account and the password are registered by the user in the terminal in advance. During the registration process, the OEM server corresponding to the OEM Portal saves the association relationship between the account and the password and the terminal. For example, the IMEI of the terminal is 123456789012345, the account registered by the user on the terminal with IMEI 123456789012345 is 1234, and the password is 5678. The OEM Server associates IMEI (123456789012345), account number (1234) and password (5678) (if saved in the same In a data table, when the user logs in to the account 1234, the OEM Server can know through 1234 that the user is the user of the terminal with the IMEI of 123456789012345.

Step S202: The OEM Portal obtains the terminal recovery operation and the ACP after the user logs in.

Specifically, for example, when the user searches for the “Retrieve Terminal” option on the OEM Portal, the OEM Portal obtains the user's terminal retrieval operation.

Optionally, the OEM Portal can also obtain profile information such as the EID and ICCID of the terminal.

Step S203: The OEM Portal sends the Hash (ACP), the storage reset indication (euiccmemoryReset), and the eucicLock to the local anti-theft application.

Specifically, eucicLock=True is used to indicate that the eUICC enters a locked state.

The Hash (ACP) is the authentication confirmation information. For the description of the authentication confirmation information, refer to the description of the authentication confirmation information in step S101 in the embodiment corresponding to FIG. 3, and details are not described herein.

At this point, the local anti-theft application has confirmed that the terminal is currently in a lost state, and then notifies the LPA to delete the profile.

Step S204: The local anti-theft application sends a profile deletion request to the LPA, wherein the profile deletion request carries Hash (ACP), eucememoryReset, and eucicLock.

Specifically, the local anti-theft application sends a profile deletion request to the LPA through the API, that is, sends an API Request (Hash (ACP), euciccmoryReset, eucicLock) to the LPA.

Step S205: The LPA verifies the Hash (ACP).

Specifically, the verification process or the authentication confirmation information of the LSA to the Hash (ACP) is otherwise (the message confirmation that the authentication confirmation information is the first data, the message digest of the authentication data as the second data, or the authentication confirmation information is For the verification process of the ACP, reference may be made to the description of step S112 in the embodiment corresponding to FIG. 3, and details are not described herein again.

Specifically, in the case where the verification of the Hash (ACP) is passed, the LPA performs step S206; in the case where the verification of the Hash (ACP) fails, the LPA terminates the profile deletion process.

Step S206: The LPA sends a storage reset instruction (eUICCMemoryReset) to the eUICC, where the eUICCMemoryReset carries the eucicLock.

Specifically, the eUICCMemoryReset is an instruction to delete the profile, and is used to instruct the eUICC to delete all the Operational Profiles.

Step S207: The eUICC deletes all the Operational Profiles according to the eUICCMemoryReset.

Step S208: The eUICC enters a locked state according to euciclock.

Specifically, the eUICC extracts eucicLock, eucicLock=True from the eUICCMemoryReset.

For details, refer to the description of step S117 in the embodiment corresponding to FIG. 3 for details of the eUICC after entering the locked state, and details are not described herein.

Optionally, the eUICC can also enter the normal state according to the eUICC unlocking command sent by the LPA. For a specific implementation process, refer to the description of the process in which the eUICC enters the normal state in step S117 in the implementation corresponding to FIG. 3, and details are not described herein.

In the embodiment of the present invention, after the terminal is lost, the user logs the previously registered account in the OEM Portal, and sends a profile deletion request to the local anti-theft application of the terminal through the terminal recovery function of the OEM Portal. The profile deletion request carries the eucicLock, the euciccmoryReset and the Hash (ACP), the local anti-theft application forwards the profile deletion request to the LPA through the API. After the LPA verifies the Hash (ACP), the LCA sends the eUICCMemoryReset carrying the euciclock to the eUICC. After receiving the eUICCMemoryReset, the eUICC deletes all the operational profiles according to the eUICCMemoryReset. According to eucicLock entering the locked state, the profile can be deleted in time when the terminal is lost, and the risk of asset loss associated with the eUICC data or information leakage associated with the eUICC data after the terminal is lost is reduced, and the eUICC enters the locked state to make Terminal users (such as thieves) cannot perform profile downloads to further improve the security of the terminal.

Referring to FIG. 6 , FIG. 6 is a method for deleting an eUICC configuration file according to an embodiment of the present invention. The method of the embodiment of the present invention may be implemented in the system architecture shown in FIG. 2 , where the method includes but is not limited to The following steps:

Step S301: The local anti-theft application determines that the terminal is in a lost state by using the context awareness module of the terminal.

In a specific implementation, the context awareness module can serve as a sub-module of the local anti-theft application, receive an instruction issued by the local application, and only provide services for the local anti-theft application; in another specific implementation, the scenario As a separate functional unit, the sensing module sends relevant information to the local anti-theft application to provide services for the local anti-theft application while also serving other applications of the terminal.

Specifically, the local anti-theft application can obtain the sound information around the terminal through the voice recognition module of the terminal; the local anti-theft application can also obtain the operation of the user on the terminal through the behavior analysis module of the terminal, thereby determining the context information of the terminal; The face information in front of the terminal can be obtained through the image recognition module of the terminal.

Specifically, when the local anti-theft application detects that the context information is in an abnormal situation, it is determined that the terminal is currently in a lost state. For example, if the voice recognition module of the terminal recognizes an abnormal vocabulary such as “going to the mobile phone”, it is determined that the terminal is currently in a lost state; The image recognition module recognizes that the face in front of the terminal belongs to the strange face information and the behavior analysis module of the terminal senses that the user inputs the wrong lock screen password a plurality of times, and determines that the terminal is currently in a lost state.

Step S302: The local anti-theft application sends a profile deletion request to the LPA, wherein the profile deletion request carries a storage reset indication (euiccmemoryReset) and eucicLock.

Specifically, eucicLock=True.

Specifically, the local anti-theft application sends a profile deletion request to the LPA through the API, that is, sends an API Request (euiccmemoryReset, euciclock) to the LPA.

Step S303: The LPA sends the eUICCMemoryReset to the eUICC, where the eUICCMemoryReset carries the eucicLock.

It should be noted that, in the embodiment of the present invention, the lost state of the terminal is determined by the local anti-theft application, and finally The terminal does not receive the remote command sent by other servers, so there is no authentication confirmation information in the profile deletion request. If the authentication confirmation information is not received and the profile deletion request is determined as the API Request, the LPA can save the reference. The right to verify the verification of this step.

Step S304: The eUICC deletes all the Operational Profiles according to the eUICCMemoryReset.

Step S305: The eUICC enters a locked state according to eucicLock.

For details, refer to the description of steps S206 to S208 in the embodiment corresponding to FIG. 4 for specific implementation of steps S303-S305, and details are not described herein.

In the embodiment of the present invention, the local anti-theft application determines that the terminal is in a lost state by using the context awareness module of the terminal, and the local anti-theft application generates a profile deletion request, and the profile deletion request carries eucicLock and euciccmoryReset, and the LPA sends eUICCMemoryReset carrying euciclock to the eUICC according to eucememoryReset. After receiving the eUICCMemoryReset, the eUICC deletes all the operating profiles according to eUICCMemoryReset and enters the locked state according to eucicLock. In the case that the terminal is lost, the profile can be deleted in time, and the assets associated with the eUICC data are lost or associated with the eUICC data after the terminal is lost. The risk of information leakage, while eUICC enters a locked state, so that the end user (such as the thief) can not perform profile download, further improving the security of the terminal.

Referring to FIG. 7, FIG. 7 is a method for deleting an eUICC configuration file according to an embodiment of the present invention. The method of the embodiment of the present invention may be implemented on the system architecture shown in FIG. 1 or FIG. Methods include, but are not limited to, the following steps:

Step S401: The LPA receives the profile deletion request, and the profile deletion request carries the authentication confirmation information.

Specifically, the authentication confirmation information may refer to the description of the authentication confirmation information in step S101 in the embodiment corresponding to FIG. 3, that is, the authentication confirmation information may be ACP; may also be Hash (ACP); or may be Hash (ACP| Profile information); can also be Hash (partial ACP|Profile information).

Specifically, the sender of the profile deletion request may be the SM-DP+ in the system architecture of FIG. 1 or the local anti-theft application of the terminal in the system architecture of FIG. 2.

Specifically, when the sender of the profile deletion request is SM-DP+, the profile deletion request carries smdpSigned3, smdpSignature3, and CERT.DPrpm.ECDSA.

Specifically, when the sending end of the profile deletion request is a local anti-theft application, the profile deletion request may be an API Request (Hash (ACP), eucememoryReset, euciclock), that is, the scenario involved in the embodiment corresponding to FIG. 5; the profile deletion request may also be It is an API Request (euiccmemoryReset, eucicLock), that is, the scenario involved in the embodiment corresponding to FIG. 6.

Step S402: The LPA verifies the authentication confirmation information.

For a specific implementation of the LPA to verify the authentication confirmation information, refer to the description of step S112 in the embodiment corresponding to FIG. 3, and details are not described herein.

Specifically, in the case where the verification of the authentication confirmation information is passed, the LPA performs step S403.

Step S403: The LPA sends an instruction to delete the profile to the eUICC, and the instruction to delete the profile carries eucicLock.

Specifically, eucicLock=True.

Specifically, the instruction to delete the profile may be the LoadRPMCommand in the embodiment corresponding to FIG. 3, or may be the eUICCMemoryReset in the embodiment corresponding to FIG. 5 or FIG. 6.

Step S404: The eUICC deletes the profile.

Specifically, the eUICC may extract the RPM Command from the smdpSigned3 carried in the LoadRPMCommand, and the operation type of the PRM Command is set to euciccmoryReset, and all the Operational Profiles are deleted according to the type of the PRM Command.

Specifically, the eUICC can also delete all Operational Profiles according to eUICCMemoryReset.

Step S405: The eUICC enters a locked state according to eucicLock.

Specifically, the specific implementation of step S405 may refer to the description of step S117 in the embodiment corresponding to FIG. 3, and details are not described herein again.

Step S406: The eUICC sends an Answer to Reset (ATR) response to the LPA when the terminal is restarted or powered on, where the ATR response carries eucicLock.

Specifically, eucicLock=True.

Optionally, step S408 may be replaced by: the LPA sends a Select ISD-R Application (Select ISD-R) instruction to the eUICC, and the eUICC sends a File Control Parameters (FCP) response to the LPA, and the FCP response carries eucicLock.

Optionally, when the eUICC is in a normal state (ie, the eUICC has been unlocked), eucicLock=False.

Through step S406, the LPA can know the state of the eUICC, thereby making further judgment on step S407. In the case of eucicLock=True, the LPA performs step S407.

Step S407: In the case where the local ACP does not exist, the LPA enters a state in which the profile download request cannot be received.

Specifically, the LPA performs grayscale processing on the button, menu item or icon downloaded by the profile to enter the unreceivable profile download request state. Specifically, as shown in FIG. 4 e, FIG. 4 e is a user interaction interface after the user enters the LPA when the LPA enters the unreceivable profile download request state, and the “Profile Download” option and the “Profile Management” option on the user interaction interface are in a shadow state. After the end user clicks on the option, the interface will not change.

Specifically, after the LPA enters the unreceivable profile download request state, the LPA does not have the function of “receiving the terminal user's profile download request, eUICC unlock request, and authentication confirmation input information”, and the terminal user cannot unlock the eUICC. The profile download cannot be performed by the LPA, that is, the LPA cannot perform the embodiment of the embodiment corresponding to FIG. 3, in step S117, “the LPA obtains the user-entered ACP or user fingerprint, etc., and the authentication confirmation input information used to prove the identity of the user through the user interaction interface of the terminal”. An operation and its subsequent operations. Specifically, as shown in FIG. 4f, when the user wants to enter the LPA, the user interaction interface displays a "service abnormality" bullet box as shown in FIG. 4f; further, may also exit after displaying the user interaction interface as shown in FIG. 4f. The user interface of the LPA is returned to the main interface of the terminal.

In the embodiment of the present invention, the LPA receives the profile deletion request, and verifies the authentication confirmation information in the profile deletion request, and sends a profile deletion instruction to the eUICC in the case of verifying the authentication confirmation information, in the profile deletion instruction. Carrying eucicLock, eUICC deletes all profiles according to eucicLock to enter the locked state, and can delete the profile in time when the terminal is lost, reducing the risk of asset loss associated with eUICC data or information leakage associated with eUICC data after the terminal is lost. ;LPA also gets the status of eUICC, in the hair If the eUICC enters the locked state and the ACP does not exist, the user cannot enter the unreceived profile download request state, that is, the user cannot unlock the eUICC, even if the terminal user clears the ACP by double clearing (clearing the user data and restoring the factory settings). Profile download is also not possible.

In the foregoing embodiment, the eUICC deletes all the Operational Profiles according to the instruction of deleting the profile sent by the LPA. In the specific implementation, if the sender of the profile deletion request is SM-DP+, the operation of the RPM Command of the SM-DP+ The type can also be set to Delete (Delete), and Delete indicates that the eUICC deletes the target profile, that is, the profile corresponding to the RPM Command. The following describes the case when the RPM Command operation type is Delete.

Referring to FIG. 8, FIG. 8 is a method for deleting an eUICC configuration file according to an embodiment of the present invention, where the method includes but is not limited to the following steps:

Step S501: The Operator BSS sends an RPMorder to the SM-DP+, where the RPMorer carries an RPM Command, an EID, an ICCID, and a Profile Policy Rules Unset (PPR Unset), where the RPM Command operation type is set to delete (Delete ).

In another implementation, the ICCID may also be carried in the RPM Command, that is, the PRMOrder carries the RPM Command, EID, PPR Unset, RPM Command (ICCID Delete).

The PPR Unset is used to instruct the eUICC to clear the PPR setting corresponding to the target profile that the user wants to delete.

Optionally, the RPMOrder may also carry an SM-DS Address, a locationFlag, where the SM-DS Address is used to notify the SM-DS to perform event recording while the SM-DP+ generates a remote management event, and the locationFlag is used to indicate that the LPA acquires the current or terminal of the terminal. Historical location information.

It should be noted that, in the embodiment of the present invention, only one profile is deleted, so the PPR Unset can be used instead of the authentication confirmation information, and the LPA receives the PPR Unset default verification of the authentication confirmation information and sends the PPR Unset to the eUICC, eUICC. The PPR setting can be cleared by receiving the PPR Unset. In the embodiment of the present invention, the description of the verification process of the LPA authentication confirmation information is omitted.

Step S502: The SM-DP+ performs a legality check.

Step S503: SM-DP+ generates a pending RPM order.

Specifically, the specific processes of the steps S502 to S503 are the same as those of the steps S102 to S103 in the embodiment corresponding to FIG. 3, and details are not described herein again.

Specifically, the LPA obtains the address of the SM-DP+ to initiate the connection to the SM-DP+, and the specific manner in which the LPA obtains the address of the SM-DP+ is introduced in step S103 in the embodiment corresponding to FIG. 3, and details are not described herein again.

The following takes the LPA to obtain the address of the locally saved SM-DP+ as an example to describe the subsequent process.

Step S504: The LPA establishes a TLS connection with the SM-DP+.

Step S505: The SM-DP+ and the eUICC perform mutual authentication based on the HTTPS.

Step S506: The SM-DP+ lookup obtains the pending RPM order.

Specifically, steps S504 to S506 have been introduced in steps S106 to S108 in the embodiment corresponding to FIG. 3, and details are not described herein.

Step S507: SM-DP+ generates smdpSigned3, smdpSigned3={TransactionID, RPM Command, PPR Unset, ICCID}.

In another implementation, smdpSigned3={TransactionID, RPM Command, PPR Unset, ICCID, locationFlag}.

Specifically, when the ICDRID is carried in the RPM Command, smdpSigned3={TransactionID, RPM Command, PPR Unset}.

Step S508: SM-DP+ performs signature calculation on smdpSigned3 and eucicSignature1 by using SK.DPrpm.ECDSA to generate smdpSignature3.

Step S509: SM-DP+ sends smdpSigned3, smdpSignature3 and CERT.DPrpm.ECDSA to the LPA.

For details, refer to the description of steps S109 to S111 in the embodiment corresponding to FIG. 3, and details are not described herein again.

At this point, the SM-DP+ sends a profile deletion request carrying the RPM Command to the LPA, instructing the terminal to delete the profile, that is, the profile deletion request carries smdpSigned3, smdpSignature3, and CERT.DPrpm.ECDSA.

Step S510: The LPA sends the LoadRPMCommand to the eUICC, where the LoadRPMCommand carries smdpSigned3, smdpSignature3, and CERT.DPrpm.ECDSA.

Optionally, if the smdpSigned3={TransactionID, RPM Command, PPR Unset, ICCID, locationFlag}, the LPA also obtains the current or historical location information of the terminal. For details, refer to the description of step S113 in the embodiment corresponding to FIG. 3 .

Step S511: The eUICC verifies that CERT.DPrpm.ECDSA is legal and belongs to the same SM-DP+ as CERT.DPauth.ECDSA, and verifies that the TransactionID matches the current RSP session.

Step S512: The eUICC verifies the smdpSignature3.

Specifically, the specific implementation manners of the steps S510 to S512 are the same as the steps S113 to S115 in the embodiment corresponding to FIG. 3, and details are not described herein again.

Step S513: The eUICC clears the PPR setting according to the PPR Unset.

Specifically, the eUICC extracts the PPR Unset and the ICCID from the smdpSigned3, determines the target profile to be deleted according to the ICCID, and clears the PPR setting in the target profile according to the PPR Unset.

Further, the eUICC can also clear the PPR information of the target profile in the Profile Policy Enabler.

Step S514: The eUICC deletes the target profile corresponding to the ICCID.

Specifically, the eUICC determines the target profile according to the ICCID, and performs a delete operation on the target profile.

In the embodiment of the present invention, after the terminal is lost, the user can send the RPMorder to the SM-DP+ through the Operator BSS, and the SM-DP+ generates the pending RPM order, and then the RPM Command, the ICCID, and the PPR Unset carried in the RPMOrder are deleted in the eUICC configuration file. The request is sent to the LPA, and the LPA sends a LoadRPMCommand to the eUICC. The LoadRPMCommand carries the RPM Command, the ICCID, and the PPR Unset. The eUICC determines the target profile to be deleted according to the ICCID, and deletes the PPR setting of the target profile according to the PPR Unset, thereby deleting the profile. In the case that the terminal is lost, the profile can be deleted in time, and the risk of asset loss associated with the eUICC data or information leakage associated with the eUICC data after the terminal is lost is reduced, and on the other hand, the user retrieves the terminal. You can also re-download the profile.

The above describes the method of the embodiment of the present invention in detail, and the apparatus of the embodiment of the present invention is provided below.

Referring to FIG. 9, FIG. 9 is a schematic structural diagram of a local eUICC configuration file auxiliary module according to an embodiment of the present invention. The local eUICC configuration file auxiliary module may include a deletion request receiving unit 610, a verification unit 620, and a deletion instruction sending unit 630. , wherein the detailed description of each unit is as follows:

a deletion request receiving unit 610, configured to receive an eUICC configuration file deletion request, where the eUICC configuration file deletion request carries authentication confirmation information;

The verification unit 620 is configured to verify the authentication confirmation information.

The deletion instruction sending unit 630 is configured to send, to the eUICC of the terminal, an instruction to delete the eUICC configuration file, where the instruction to delete the eUICC configuration file is used to indicate the eUICC deletion, if the verification of the authentication confirmation information is passed. eUICC configuration file.

Specifically, the deletion request receiving unit 610 is specifically configured to receive an eUICC configuration file deletion request sent by the eUICC remote management server; or receive an eUICC configuration file deletion request through an application program interface.

Optionally, the local eUICC profile auxiliary module further includes:

The indication receiving unit 640 is configured to receive an indication sent by the eUICC to connect to the eUICC remote management server, where the indication carries an address of the eUICC remote management server.

Optionally, the eUICC configuration file deletion request further carries a location acquisition indication; the local eUICC configuration file auxiliary module further includes:

Deleting a successful receiving unit 650, configured to receive a deletion success indication returned by the eUICC;

The location information returning unit 660 is configured to return the deletion success indication and the location information of the terminal to the eUICC remote management server according to the location acquisition indication.

Specifically, the authentication confirmation information includes: a message digest of the authentication confirmation personal code; or a message digest of the first data, where the first data includes the authentication confirmation personal code and eUICC configuration file information; or a message digest of the second data, wherein the second data includes the eUICC profile information and a portion of the authentication confirmation personal code.

Specifically, the instruction to delete the eUICC configuration file includes an eUICC storage reset instruction, and the eUICC storage reset instruction is used to instruct the eUICC to delete all the operating eUICC configuration files.

Specifically, the instruction to delete the eUICC configuration file carries an eUICC lock indication; the eUICC lock indication is used to indicate that the eUICC enters a locked state.

Optionally, the local eUICC configuration file auxiliary module further includes:

The unlock request receiving unit 670 is configured to receive an eUICC unlock request and an authentication confirmation input information of the user;

The unlocking instruction sending unit 680 is configured to send an eUICC unlocking instruction to the eUICC, where the verification of the authentication confirmation input information is passed, where the eUICC unlocking instruction is used to indicate that the eUICC enters a normal state.

The reject status entry unit 690 is configured to enter the unreceivable eUICC profile download request status if the local authentication confirms that the personal identification code does not exist and receives the eUICC lock indication sent by the eUICC.

It should be noted that the implementation of each unit may also be referred to FIG. 3, FIG. 5, FIG. 6, FIG. 7, or FIG. Corresponding description of the method embodiment.

In the local eUICC configuration file auxiliary module described in FIG. 9, the local eUICC configuration file auxiliary module receives the eUICC configuration file deletion request and verifies the authentication confirmation information carried in the eUICC configuration file deletion request, and if the verification is passed, The eUICC sends an instruction to delete the eUICC configuration file, instructing the eUICC to delete the eUICC configuration file, and the local eUICC configuration file auxiliary module may perform the foregoing operations after the terminal is lost, and reduce the asset loss associated with the eUICC data after the terminal is lost or related to the eUICC data. The risk of information disclosure.

Referring to FIG. 10, FIG. 10 is a terminal 70. The terminal 70 includes a processor 701, a memory 702, and a transceiver 703. The processor 701, the memory 702, and the transceiver 703 are connected to each other through a bus. .

The memory 702 includes, but is not limited to, a random access memory (English: Random Access Memory, RAM for short), a read-only memory (English: Read-Only Memory, abbreviated as: ROM), and an erasable programmable read-only memory (English: Erasable Programmable Read Only Memory (EPROM), or Portable Read-Only Memory (CD-ROM), which is used for related commands and data. The transceiver 703 is configured to receive and transmit data.

The processor 701 may be one or more central processing units (English: Central Processing Unit, CPU for short). In the case that the processor 701 is a CPU, the CPU may be a single core CPU or a multi-core CPU.

The processor 701 in the terminal 70 is configured to read the program code stored in the memory 702, and perform the following operations:

Verifying the authentication confirmation information;

It should be noted that the implementation of each operation may also correspond to the corresponding description of the method embodiment shown in FIG. 3, FIG. 5, FIG. 6, FIG. 7, or FIG.

In the terminal 70 depicted in FIG. 10, the terminal may perform the above operations after the loss, reducing the risk of asset loss associated with the eUICC data or information leakage associated with the eUICC data after the terminal is lost.

FIG. 11 is a schematic structural diagram of an eUICC according to an embodiment of the present invention. The eUICC may include a deletion instruction receiving unit 810 and a deleting unit 820. The detailed description of each unit is as follows:

The deletion instruction receiving unit 810 is configured to receive an instruction for deleting the eUICC configuration file sent by the local eUICC configuration file auxiliary module of the terminal;

The deleting unit 820 is configured to delete the eUICC configuration file according to the instruction to delete the eUICC configuration file.

Optionally, the eUICC further includes:

The push command receiving unit 830 is configured to receive a push command sent by the eUICC remote management server;

The indication sending unit 840 is configured to send an indication of connecting the eUICC remote management server to the local eUICC profile auxiliary module according to the push command, where the indication carries an address of the eUICC remote management server.

Specifically, the push command receiving unit 830 is specifically configured to receive a security packet, where the security packet is Carrying a push command sent by the eUICC remote management server and root issuer security domain information; the indication sending unit includes a root issuer security domain, configured to send a connection to the local eUICC profile auxiliary module according to the push command The eUICC remote management server instructions.

Optionally, the eUICC further includes:

The deletion success sending unit 850 is configured to send a deletion success indication to the local eUICC profile auxiliary module.

Specifically, the instruction to delete the eUICC configuration file includes an eUICC storage reset instruction, and the deleting unit 820 is specifically configured to delete all the operating eUICC configuration files according to the eUICC storage reset instruction.

Optionally, the eUICC further includes:

The unlocking instruction receiving unit 860 is configured to receive an eUICC unlocking instruction sent by the local eUICC configuration file auxiliary module, where the eUICC unlocking instruction is verified by the local eUICC configuration file auxiliary module in verifying the authentication input information of the user. Send in case;

The normal state entering unit 870 is configured to enter a normal state according to the eUICC unlocking instruction.

Optionally, the eUICC further includes:

The lock indication sending unit 880 is configured to send an eUICC lock indication to the local eUICC profile auxiliary module, where the eUICC lock indication is used to indicate that the local eUICC profile auxiliary module confirms that the personal identifier does not exist in the local authentication Next, enter the unreceivable profile download request status.

It should be noted that the implementation of each unit may also correspond to the corresponding description of the method embodiment shown in FIG. 3, FIG. 5, FIG. 6, FIG. 7, or FIG.

In the local eUICC profile auxiliary module described in FIG. 11, the eUICC may delete the eUICC configuration file after the terminal is lost, and reduce the risk of asset loss associated with the eUICC data or information leakage associated with the eUICC data after the terminal is lost. .

Referring to FIG. 12, FIG. 12 is an eUICC 90 according to an embodiment of the present invention. The eUICC 90 includes a processor 901, a memory 902, and a communication interface 903. The processor 901, the memory 902, and the communication interface 903 are connected to each other.

The memory 902 includes, but is not limited to, a random access memory (English: Random Access Memory, RAM for short), a read-only memory (English: Read-Only Memory, ROM for short), and an erasable programmable read-only memory (English: Erasable Programmable Read Only Memory (EPROM) or Portable Read-Only Memory (CD-ROM) is used to store related commands and data. Communication interface 903 is used to receive and transmit data.

The processor 901 may be one or more central processing units (English: Central Processing Unit, CPU for short). In the case that the processor 901 is a CPU, the CPU may be a single core CPU or a multi-core CPU.

The processor 901 in the eUICC 90 is configured to read the program code stored in the memory 902, and perform the following operations:

Receiving a user intent verification instruction sent by the local eUICC configuration file auxiliary module, where the user intent verification instruction carries user intent configuration information, where the local intent configuration information is the local eUICC configuration file auxiliary module from the eUICC remote management server The eUICC management session is obtained;

In the eUICC described in FIG. 12, the eUICC may perform the above operations after the terminal is lost, reducing the risk of asset loss associated with the eUICC data or information leakage associated with the eUICC data after the terminal is lost.

Referring to FIG. 13, FIG. 13 is a schematic structural diagram of an eUICC remote management server according to an embodiment of the present invention. The eUICC remote management server may include a deletion request sending unit 1010, where a detailed description of the deletion request sending unit is as follows:

The deletion request sending unit 1010 is configured to send an eUICC configuration file deletion request to the local eUICC configuration file auxiliary module of the terminal, where the eUICC configuration file deletion request carries the authentication confirmation information;

Specifically, the authentication confirmation information includes: an authentication confirmation personal code; or a message digest of the authentication confirmation personal code; or a message digest of the first data, where the first data includes the authentication confirmation a personal code and eUICC profile information; or a message digest of the second data, wherein the second data includes a portion of the authentication confirmation personal code and the eUICC profile information.

Optionally, the eUICC configuration file deletion request further carries a location acquisition indication; the eUICC remote management server further includes:

The location information receiving unit 1020 is configured to receive a deletion success indication returned by the local eUICC profile auxiliary module and location information of the terminal.

Specifically, the eUICC remote management server further includes: a location information receiving unit, configured to receive location information of the terminal returned by the local eUICC profile auxiliary module.

It should be noted that the implementation of each unit may also correspond to the corresponding description of the method embodiment shown in FIG. 3 or FIG. 8.

In the eUICC remote management server described in FIG. 13, the eUICC remote management server sends an eUICC configuration file deletion request to the local eUICC configuration file auxiliary module of the terminal in case the terminal is lost, so that the terminal can delete the eUICC configuration file in time, thereby reducing the terminal loss. The risk of missing assets associated with eUICC's data or information disclosure associated with eUICC's data.

Referring to FIG. 14, FIG. 14 is an eUICC remote management server 110 according to an embodiment of the present invention. The eUICC remote management server 110 includes a processor 1101, a memory 1102, and a transceiver 1103. The processor 1101, the memory 1102, and the transceiver 1102 The units 1103 are connected to each other through a bus.

The memory 1102 includes, but is not limited to, a random access memory (English: Random Access Memory, RAM for short), a read-only memory (English: Read-Only Memory, ROM for short), and an erasable programmable read-only memory (English: Erasable Programmable Read Only Memory (EPROM), or portable read-only memory The memory (English: Compact Disc Read-Only Memory, CD-ROM for short) is used for the related instructions and data. The transceiver 1103 is for receiving and transmitting data.

The processor 1101 may be one or more central processing units (English: Central Processing Unit, CPU for short). In the case where the processor 1101 is a CPU, the CPU may be a single core CPU or a multi-core CPU.

The processor 1101 of the eUICC remote management server 110 is configured to read the program code stored in the memory 1102, and perform the following operations:

It should be noted that the implementation of each operation may also correspond to the corresponding description of the method embodiment shown in FIG. 3 or FIG. 8.

In the eUICC remote management server 110 described in FIG. 14, the eUICC remote management server sends an eUICC configuration file deletion request to the local eUICC configuration file auxiliary module of the terminal in case the terminal is lost, so that the terminal can delete the eUICC configuration file in time, and lower the terminal. The risk of loss of assets associated with eUICC's data or information disclosure associated with eUICC's data after loss.

In summary, by implementing the embodiments of the present invention, the risk of asset loss associated with the data of the eUICC or information leakage associated with the data of the eUICC after the terminal is lost can be reduced.

One of ordinary skill in the art can understand all or part of the process of implementing the above embodiments, which can be completed by a computer program to instruct related hardware, the program can be stored in a computer readable storage medium, when the program is executed The flow of the method embodiments as described above may be included. The foregoing storage medium includes various media that can store program codes, such as a ROM or a random access memory RAM, a magnetic disk, or an optical disk.

Claims

A method for deleting an eUICC configuration file, comprising:

Receiving an eUICC configuration file deletion request, where the eUICC configuration file deletion request carries authentication confirmation information;

Verifying the authentication confirmation information;

When the verification of the authentication confirmation information is passed, the instruction to delete the eUICC configuration file is sent to the eUICC of the terminal, where the instruction to delete the eUICC configuration file is used to instruct the eUICC to delete the eUICC configuration file.
The method of claim 1, wherein the receiving an eUICC profile delete request comprises:

Receiving an eUICC profile deletion request sent by the eUICC remote management server; or

The eUICC configuration file deletion request is received through the application interface.
The method of claim 2, wherein the receiving the eUICC configuration file deletion request sent by the eUICC remote management server further comprises:

Receiving an indication sent by the eUICC to connect to the eUICC remote management server, where the indication carries an address of the eUICC remote management server.
The method of claim 2, wherein the receiving an eUICC configuration file deletion request sent by the eUICC remote management server comprises:

Receiving an eUICC configuration file deletion request sent by the eUICC remote management server, where the eUICC configuration file deletion request further carries a location acquisition indication;

After the sending, by the eUICC of the terminal, the instruction to delete the eUICC configuration file, the method further includes:

Receiving a deletion success indication returned by the eUICC;

Returning the deletion success indication and the location information of the terminal to the eUICC remote management server according to the location acquisition indication.
The method according to any one of claims 1 to 4, wherein the authentication confirmation information comprises:

Authentication confirmation personal code; or

The authentication confirms the message digest of the personal code; or

a message digest of the first data, wherein the first data includes the authentication confirmation personal code and eUICC profile information; or

a message digest of the second data, wherein the second data includes the eUICC profile information and a portion of the authentication confirmation personal code.
The method according to any one of claims 1 to 5, wherein the instruction to delete an eUICC configuration file comprises an eUICC storing a reset instruction;

The eUICC storage reset instruction is used to instruct the eUICC to delete all operating eUICC configuration files.
The method according to any one of claims 1-6, wherein the instruction to delete an eUICC configuration file carries an eUICC lock indication;

The eUICC lock indication is used to indicate that the eUICC enters a locked state.
The method of claim 7, wherein the sending, after the sending of the eUICC configuration file to the eUICC of the terminal, the method further comprises:

Receiving an eUICC unlock request and an authentication confirmation input information of the user;

And sending, by the eUICC, an eUICC unlocking instruction, where the eUICC unlocking instruction is used to indicate that the eUICC enters a normal state, when the verification of the authentication confirmation input information is passed.
The method of claim 7, wherein the sending, after the sending of the eUICC configuration file to the eUICC of the terminal, the method further comprises:

In the case where the local authentication confirms that the personal identification code does not exist and receives the eUICC lock indication sent by the eUICC, the unreceived eUICC profile download request state is entered.
A method for deleting an eUICC configuration file, comprising:

Receiving, by the local eUICC configuration file auxiliary module of the terminal, an instruction to delete the eUICC configuration file;

The eUICC configuration file is deleted according to the instruction to delete the eUICC configuration file.
The method of claim 10, wherein the instruction to delete the eUICC configuration file sent by the local eUICC profile auxiliary module of the receiving terminal further includes:

Receiving a push command sent by the eUICC remote management server;

And sending, by the local eUICC configuration file auxiliary module, an indication of connecting to the eUICC remote management server, where the indication carries an address of the eUICC remote management server.
The method of claim 11, wherein the receiving the push command sent by the eUICC remote management server comprises:

Receiving a security packet, wherein the security packet carries root issuer security domain information and a push command sent by the eUICC remote management server;

And the sending, by the local eUICC configuration file auxiliary module, the indication for connecting the eUICC remote management server according to the pushing command includes:

The root issuer security domain sends an indication to the local eUICC profile support module to connect to the eUICC remote management server according to the push command.
The method of claim 10, further comprising: deleting the eUICC configuration file according to the instruction to delete the eUICC configuration file, further comprising:

Sending a delete success indication to the local eUICC profile auxiliary module.
The method according to any one of claims 10 to 13, wherein the instruction to delete the eUICC configuration file comprises an eUICC storing a reset instruction;

The deleting the eUICC configuration file according to the instruction to delete the eUICC configuration file includes:

All operating eUICC configuration files are deleted according to the eUICC storage reset instruction.
The method according to any one of claims 10 to 14, wherein the instruction to delete the eUICC configuration file carries an eUICC lock indication;

The method further includes:

The locked state is entered according to the eUICC lock indication.
The method according to claim 15, wherein the entering the locked state according to the eUICC lock indication further comprises:

And receiving an eUICC unlocking instruction sent by the local eUICC configuration file auxiliary module, where the eUICC unlocking instruction is sent by the local eUICC configuration file auxiliary module after the verification of the user's authentication confirmation input information is passed;

The normal state is entered according to the eUICC unlocking instruction.
The method according to claim 15, wherein the entering the locked state according to the eUICC lock indication further comprises:

Sending an eUICC lock indication to the local eUICC profile auxiliary module, where the eUICC lock indication is used to indicate that the local eUICC profile auxiliary module enters an unreceivable profile download request if the local authentication confirmation personal identifier does not exist status.
A method for deleting an eUICC configuration file, comprising:

Sending an eUICC configuration file deletion request to the local eUICC configuration file auxiliary module of the terminal, where the eUICC configuration file deletion request carries the authentication confirmation information;

The authentication confirmation information is used by the local eUICC configuration file auxiliary module to perform verification, and if the verification of the authentication confirmation information is passed, sending an instruction to delete the eUICC configuration file to the eUICC of the terminal, The instruction to delete the eUICC configuration file is used to instruct the eUICC to delete the eUICC configuration file.
The method of claim 18, wherein before the sending, by the local eUICC profile auxiliary module of the terminal, the eUICC profile deletion request, the method further comprises:

Sending a push command to the eUICC, the push command is used to instruct the eUICC to send an indication to the local eUICC profile auxiliary module to connect to the eUICC remote management server, where the indication carries the address of the eUICC remote management server.
Method according to claim 18 or 19, wherein said eUICC profile delete request Also carrying a location acquisition indication;

The method further includes:

And receiving a deletion success indication returned by the local eUICC configuration file auxiliary module and location information of the terminal.
The method according to any one of claims 18 to 20, wherein the authentication confirmation information comprises:

Authentication confirmation personal code; or

The authentication confirms the message digest of the personal code; or

a message digest of the first data, wherein the first data includes the authentication confirmation personal code and eUICC profile information; or

a message digest of the second data, wherein the second data includes a portion of the authentication confirmation personal code and the eUICC profile information.
A local eUICC configuration file auxiliary module, comprising:

a deletion request receiving unit, configured to receive an eUICC configuration file deletion request, where the eUICC configuration file deletion request carries authentication confirmation information;

a verification unit, configured to verify the authentication confirmation information;

a deletion instruction sending unit, configured to send an instruction to delete an eUICC configuration file to the eUICC of the terminal, where the instruction to delete the eUICC configuration file is used to instruct the eUICC to delete the eUICC, if the verification of the authentication confirmation information is passed Configuration file.
An eUICC, which is characterized by comprising:

a deletion instruction receiving unit, configured to receive an instruction for deleting an eUICC configuration file sent by a local eUICC configuration file auxiliary module of the terminal;

And a deleting unit, configured to delete the eUICC configuration file according to the instruction to delete the eUICC configuration file.
An eUICC remote management server, comprising:

a deletion request sending unit, configured to send an eUICC configuration file deletion request to the local eUICC configuration file auxiliary module of the terminal, where the eUICC configuration file deletion request carries the authentication confirmation information;

The authentication confirmation information is used by the local eUICC configuration file auxiliary module to perform verification, and if the verification of the authentication confirmation information is passed, sending an instruction to delete the eUICC configuration file to the eUICC of the terminal, The instruction to delete the eUICC configuration file is used to instruct the eUICC to delete the eUICC configuration file.
A terminal, comprising: a processor, a memory and a transceiver, wherein the processor, the memory and the transceiver are connected to each other by a bus, wherein the memory is used to store program code, and the processor is used to call the The program code, do the following:

Receiving an eUICC configuration file deletion request, where the eUICC configuration file deletion request carries authentication confirmation information;

Verifying the authentication confirmation information;

Sending the deleted eUICC configuration to the eUICC of the terminal when the verification of the authentication confirmation information is passed The instruction of the file, the instruction to delete the eUICC configuration file is used to instruct the eUICC to delete the eUICC configuration file.
An eUICC, comprising: a processor, a memory, and a communication interface, wherein the processor, the memory, and the communication interface are connected to each other, wherein the memory is configured to store program code, and the processor is configured to invoke the program Code, do the following:

Receiving, by the local eUICC configuration file auxiliary module of the terminal, an instruction to delete the eUICC configuration file;

The eUICC configuration file is deleted according to the instruction to delete the eUICC configuration file.
An eUICC remote management server, comprising: a processor, a memory and a transceiver, wherein the processor, the memory and the transceiver are connected to each other by a bus, wherein the memory is used for storing program code, and the processor is used by the processor To invoke the program code, do the following:

Sending an eUICC configuration file deletion request to the local eUICC configuration file auxiliary module of the terminal, where the eUICC configuration file deletion request carries the authentication confirmation information;

The authentication confirmation information is used by the local eUICC configuration file auxiliary module to perform verification, and if the verification of the authentication confirmation information is passed, sending an instruction to delete the eUICC configuration file to the eUICC of the terminal, The instruction to delete the eUICC configuration file is used to instruct the eUICC to delete the eUICC configuration file.