CN111935704B - Profile downloading method, device and equipment - Google Patents
Profile downloading method, device and equipment Download PDFInfo
- Publication number
- CN111935704B CN111935704B CN202010957564.XA CN202010957564A CN111935704B CN 111935704 B CN111935704 B CN 111935704B CN 202010957564 A CN202010957564 A CN 202010957564A CN 111935704 B CN111935704 B CN 111935704B
- Authority
- CN
- China
- Prior art keywords
- nusim
- profile
- certificate
- internet
- eid
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/18—Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
- H04W8/183—Processing at user equipment or user record carrier
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/18—Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
- H04W8/20—Transfer of user or subscriber data
- H04W8/205—Transfer to or from user equipment or user record carrier
Landscapes
- Engineering & Computer Science (AREA)
- Databases & Information Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention provides a Profile downloading method, a Profile downloading device and Profile downloading equipment, wherein nuSIM certificates carrying EIDs are imported into an LA database in batches; downloading profiles in batches from a server according to the nuSIM certificate, establishing a binding relationship between an EID of the nuSIM certificate and an ICCID of the profiles, and storing the profiles in an LA database in a ciphertext mode; the method comprises the steps that the Internet of things equipment is communicated through a physical interface, and an international mobile equipment identification code IMEI of the Internet of things equipment is obtained; obtaining an unused nuSIM certificate from an LA database and writing the nuSIM certificate into the Internet of things equipment; according to the binding relationship between the EID and the ICCID, the Profile corresponding to the nuSIM certificate is written into the corresponding Internet of things equipment, the binding relationship among the EID, the ICCID and the IMEI is established, and the security of Profile downloading under the nuSIM scheme is improved.
Description
Technical Field
The invention relates to the technical field of communication, in particular to a Profile downloading method, device and equipment.
Background
Currently, Internet of Things (IoT) devices usually establish a connection with a cellular communication network provided by an operator through an embedded Subscriber Identity Module (eSIM). Although the dynamic download of the Profile can be realized through the eSIM scheme, it not only needs to participate in an embedded Universal Integrated Circuit Card (eUICC), but also needs to acquire an initial network through a seed Card with global roaming capability to complete the download of the Profile. Whether an eUICC physical card or a seed card, certainly increases the manufacturing or usage cost of the IoT device. The Profile is a combination of data and applications supplied on a Subscriber Identity Module (SIM) for providing services, and may include, for example, a network access key parameter, an auxiliary security domain, and application data.
In order to solve the problems, the german telecom proposes a nuSIM security protocol based on an eSIM specification, and by integrating the SIM function into the chip of the IoT device, the eUICC entity card is not required to participate, so that the cost investment for purchasing the card is reduced; by deploying LA components on a Personal Computer (PC) of a production line and downloading the Profile by means of the network environment of the PC of the production line, an initial network is acquired without relying on a seed card. Compared with the eSIM scheme, the security of Profile downloading through the LA component in the nuSIM scheme is still to be improved for Profile downloading through the LPA component integrated in the eUICC or the IoT device.
Disclosure of Invention
The embodiment of the invention provides a Profile downloading method, a Profile downloading device and Profile downloading equipment, which are used for improving the security of Profile downloading under a nuSIM scheme.
In a first aspect, an embodiment of the present invention provides a Profile downloading method, including:
leading nuSIM certificates carrying electronic identity cards EID into an LA database in batches;
downloading profiles in batches from a server according to the nuSIM certificate, establishing a binding relationship between the EID of the nuSIM certificate and the ICCID of the integrated circuit card of the profiles, and storing the profiles in the LA database in a ciphertext mode;
the method comprises the steps that a physical interface is communicated with Internet of things equipment, the international mobile equipment identification code IMEI of the Internet of things equipment is obtained, and an identity authentication module SIM conforming to a nuSIM protocol is integrated with the Internet of things equipment;
obtaining an unused nuSIM certificate from the LA database and writing the nuSIM certificate into the Internet of things equipment so as to complete the personalized process of the Internet of things equipment;
and writing the Profile corresponding to the nuSIM certificate into corresponding Internet of things equipment according to the binding relationship between the EID and the ICCID, and establishing the binding relationship among the EID, the ICCID and the IMEI.
In one embodiment, the method further comprises:
the nuSIM certificate and the Profile are written into the internet of things devices in parallel through the physical interface and the internet of things devices.
In one embodiment, the method further comprises:
and in the process of writing the Profile, generating a state display interface, wherein the state display interface displays the port number of each physical interface, the IMEI of the connected Internet of things equipment, the EID of the written nuSIM certificate, the ICCID of the written Profile and the status information of the writing process.
In an embodiment, before importing the nuSIM certificates carrying the electronic identity cards EID into the LA database in batches, the method further includes:
generating a parameter configuration interface, wherein setting items for configuring one or more of server addresses, timeout time, retry times and connection number are arranged in the parameter configuration interface;
and configuring parameters according to the user instruction.
In one embodiment, the method further comprises recording an operation log.
In an embodiment, before importing the nuSIM certificates carrying the electronic identity cards EID into the LA database in batches, the method further includes:
receiving an account and a password input by a user in a login interface;
and verifying the account and the password.
In one embodiment, the method further comprises the following steps of, before the receiving the account and the password input by the user in the login interface: the validity of the license file is verified.
In a second aspect, an embodiment of the present invention provides a Profile downloading apparatus, including:
the import module is used for importing the nuSIM certificates carrying the electronic identity cards EID into an LA database in batches;
the download module is used for downloading the Profile from the server in batches according to the nuSIM certificate, establishing a binding relationship between the EID of the nuSIM certificate and the ICCID of the integrated circuit card of the Profile, and storing the Profile in the LA database in a ciphertext mode;
the communication module is used for communicating with the Internet of things equipment through a physical interface to acquire an International Mobile Equipment Identity (IMEI) of the Internet of things equipment, and the Internet of things equipment is integrated with an identity authentication module (SIM) conforming to a nuSIM protocol;
the first writing module is used for acquiring an unused nuSIM certificate from the LA database and writing the nuSIM certificate into the Internet of things equipment so as to complete the personalized process of the Internet of things equipment;
and the second writing module is used for writing the Profile corresponding to the nuSIM certificate into corresponding Internet of things equipment according to the binding relationship between the EID and the ICCID, and establishing the binding relationship among the EID, the ICCID and the IMEI.
In a third aspect, an embodiment of the present invention provides a Profile downloading device, including:
at least one processor and memory;
the memory stores computer-executable instructions;
the at least one processor executing the memory-stored computer-executable instructions causes the at least one processor to perform the Profile download method as defined in any one of the first aspects.
In a fourth aspect, an embodiment of the present invention provides a computer-readable storage medium, where computer-executable instructions are stored in the computer-readable storage medium, and when the computer-executable instructions are executed by a processor, the computer-executable instructions are used to implement the Profile downloading method according to any one of the first aspect.
According to the Profile downloading method, device and equipment provided by the embodiment of the invention, nuSIM certificates carrying EIDs are imported into an LA database in batches; downloading profiles in batches from a server according to the nuSIM certificate, establishing a binding relationship between an EID of the nuSIM certificate and an ICCID of the profiles, and storing the profiles in an LA database in a ciphertext mode; the method comprises the steps that the Internet of things equipment is communicated through a physical interface, and an international mobile equipment identification code IMEI of the Internet of things equipment is obtained; obtaining an unused nuSIM certificate from an LA database and writing the nuSIM certificate into the Internet of things equipment; according to the binding relationship between the EID and the ICCID, the Profile corresponding to the nuSIM certificate is written into the corresponding Internet of things equipment, the binding relationship among the EID, the ICCID and the IMEI is established, and the security of Profile downloading under the nuSIM scheme is improved.
Drawings
Fig. 1 is a block diagram of a system for downloading Profile according to an embodiment of the present invention;
fig. 2 is a flowchart of a Profile downloading method according to an embodiment of the present invention;
FIG. 3 is a diagram illustrating a status display interface according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of a parameter configuration interface according to an embodiment of the present invention;
fig. 5 is a signaling flowchart of a Profile downloading method according to an embodiment of the present invention;
fig. 6 is a flowchart of a Profile downloading method according to another embodiment of the present invention;
fig. 7 is a schematic structural diagram of a Profile downloading device according to an embodiment of the present invention;
fig. 8 is a schematic structural diagram of a Profile downloading device according to an embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the following detailed description and accompanying drawings. Wherein like elements in different embodiments are numbered with like associated elements. In the following description, numerous details are set forth in order to provide a better understanding of the present application. However, those skilled in the art will readily recognize that some of the features may be omitted or replaced with other elements, materials, methods in different instances. In some instances, certain operations related to the present application have not been shown or described in detail in order to avoid obscuring the core of the present application from excessive description, and it is not necessary for those skilled in the art to describe these operations in detail, so that they may be fully understood from the description in the specification and the general knowledge in the art.
Furthermore, the features, operations, or characteristics described in the specification may be combined in any suitable manner to form various embodiments. Also, the various steps or actions in the method descriptions may be transposed or transposed in order, as will be apparent to one of ordinary skill in the art. Thus, the various sequences in the specification and drawings are for the purpose of describing certain embodiments only and are not intended to imply a required sequence unless otherwise indicated where such sequence must be followed.
The numbering of the components as such, e.g., "first", "second", etc., is used herein only to distinguish the objects as described, and does not have any sequential or technical meaning. The term "connected" and "coupled" when used in this application, unless otherwise indicated, includes both direct and indirect connections (couplings).
The present application is directed to the abbreviations and terms first:
DP: data Preparator. The DP cultures and transmitters The secure to authorized/authenticated numsims. The component responsible for generating and securely distributing the Profile to the authorized/authenticated usims.
LA: loader Application. Functional element/software to secure download a profile from the DP to a numSIM. A functional component running in the PC environment for securely requesting, transferring and downloading Profile from the DP to the inside of the nuSIM.
Profile: a combination of data and applications to be rendered on an SIM or eUICC for the purpose of rendering services. A series of data and applications stored in the SIM card, eUICC card.
TE: terminal Equipment.
COS: chip Operating System, on-Chip Operating System.
ICCID: integrated Circuit card identification.
EID: electronic Identity, Electronic identification card.
IMEI: international Mobile Equipment Identity.
The connection establishment between the IoT device and the cellular communication Network provided by the Mobile Operator (MNO) goes through three stages, namely, a physical entity card, a virtual SIM and an eSIM.
The physical card is usually a plug-in plastic card or a patch card. Under the condition of adopting the physical entity card, usually, a client only needs to deal with an MNO, orders the MNO directly, and appoints related Profile data, corresponding order package information and the like during ordering. The MNO passes this portion of the data file (including the Profile data) to the card manufacturer in an encrypted form under line, during which time logistics in the field are involved, ensuring that the data file is passed to the card manufacturer without errors. After a card manufacturer takes the data file, the card hardware and the operating system are prepared in advance according to specific requirements of an MNO and a client, the data file is written into the card, then packaging with different specifications is carried out, and then the data file is sent back to the MNO in a fast delivery mode and is accompanied with card making data corresponding to each card. And finally, the MNO sends the card to a final client for use. In the Profile distribution process, a physical entity card is used for carrying the SIM function, and although the security is very high, it can be seen that the capital cost required for the human management, the operation management and the logistics management invested in the transmission chain of the Profile is huge, and each link is linked with each other, and any problem in any link directly affects the delivery and use of the SIM card. On the other hand, the customer is also faced with the difficulty of managing the physical SIM card when he/she is getting to it, which has raised a number of obstacles to the rapid development of the industry.
The Virtual SIM, also called Soft SIM, vSIM, Virtual SIM, etc., uses a privatized instruction protocol to complete online downloading or local downloading of Profile from the service side to the device side. In the virtual SIM card solution, the third party service provider is the dominant one, which has started a key role in the development. For the application, different MNOs are connected, different profiles are taken from the MNOs, and then the MNOs package the profiles into different traffic packages to provide traffic services for the external. It will then interface with different clients that need to use traffic, providing them with traffic services that are indistinguishable from the MNO. In the industry chain, real customers using flow do not need to be connected with specific MNOs, the customers only need to integrate a virtual SIM card scheme of a third-party service provider, do not need a physical entity SIM card to achieve the function of the SIM, and can also have the right of selecting different operators, so that the business of SIM card development is expanded to a certain extent, and the resource integration is completed by the third-party service provider. The Profile distribution in the form is a completely privatized process, and has integrated participation of a third-party service provider, so that the Profile information can be electronized, the cost of a physical entity card is eliminated, the SIM distribution and management cost of a client is reduced, but the greatest defects are that the safety of Profile transmission, distribution and management is difficult to guarantee, the whole Profile transmission chain, including a service end, air transmission and terminal security, is privately realized, and the safety is the greatest hidden danger of the Profile transmission chain, which is also an important factor for preventing the virtual SIM card technology from being popularized and used in a large scale in real life.
The eSIM follows the international telecommunication union (GSM Association, abbreviated as GSMA) specification, and dynamically downloads the Profile to the device side by deploying a Subscription Manager Data provisioning server (SM-DP +) service with the help of the existing network capability of the device side. According to the eSIM specification dominated by GSMA, there are roughly two categories: the Consumer protocol and the M2M protocol. The Consumer scheme focuses on application scenes with manual participation, a user operation interface exists, and the user can realize the requirements of dynamically downloading and updating the Profile from the server side through simple operation on the menu interface. The M2M scheme is particularly suitable for application scenarios of unattended Internet of things equipment, active pushing from a server side can be completed by integrating SMS or BIP communication functions and combining the existing initial network capacity of the equipment side, and the equipment dynamically downloads and updates Profile according to push messages. In this solution, a component bearing server-side functions, which is called SM-DP +, belongs to an operator and is used to store Profile securely, and another important component is called Local Profile Assistant (LPA), which is generally integrated in the eUICC card or in the device and assists the eUICC card in downloading and managing the Profile. In the process of Profile distribution and downloading, all communication protocols follow a Remote SIM Provisioning (RSP) protocol, security mechanisms of a server side, an over-the-air transmission side and an equipment side are fully considered, interoperability among different components is guaranteed, a certificate verification system is added, and the method is very suitable in security. However, in the process of downloading Profile, there are several disadvantages: firstly, the cost is high, the Profile downloading of the eSIM scheme needs to be carried out by the participation of an eUICC entity card, the cost of a single eUICC card is about 1.5 dollars, and meanwhile, an operator needs to deploy SM-DP + service, which probably needs the investment of 10-100 dollars, and the investment of huge cost reduces the enthusiasm popularization of the operator to a certain extent; secondly, acquiring the initial network capacity of the equipment side: in this regard, a great problem is provided for the device side, deploying and acquiring the initial network capability is obviously not an effective solution on Low Power Wide Area (LPWA) devices, and often a seed card provided by a third party and similar to a seed card with global roaming capability is needed to complete the initial network, and the cost of the seed card roaming service is generally very expensive and has no universality; thirdly, Short Message Service (SMS) or Independent transport Protocol (BIP) communication needs to be integrated, the SMS and the BIP are optional for most of the scenes of the Internet of things, when the SMS and the BIP become optional, the development workload of the equipment side is increased, the bandwidth provided by the LPWA is limited, the Profile information with huge data volume specified by the eSIM specification is difficult to carry, and the practicability and the efficiency are greatly reduced.
Therefore, the existing Profile downloading scheme cannot give consideration to safety, high efficiency and low cost, and especially provides new requirements for management and safe and efficient distribution of the SIM card when the market demand for explosive growth is met. The present application addresses the problems of the prior art solutions, and in particular is directed to LPWA, such as applications in water meters, electricity meters, trackers, smart cities, and smart logistics.
Fig. 1 is a block diagram of a system for downloading Profile according to an embodiment of the present invention. As shown in fig. 1, the system for downloading Profile provided in this embodiment may include: DP, PC and TE. The PC is deployed with LA, and the LA includes a User Interface (UI) portion and a Dynamic Link Library (DLL) portion. The core DLL part is compiled by C language, is not easy to be decompiled and cracked, can strengthen the code protection of the core logic, and improves the safety of the scheme; meanwhile, an interface is exported in a DLL library mode, and the Windows platform can be conveniently butted by using different programming languages. JS can be used for writing the UI part, so that the expansion is convenient, and the optimization and rendering of some interfaces are facilitated. The UI part and the DLL part are separated, functionally decoupled, and convenient for expansion and iterative upgrade. In addition, Profile downloading is carried out by means of the network environment of the production line PC, an initial network does not need to be deployed on the equipment side, and dependence on the initial network is eliminated. The integration has nuSIM COS in the TE, through with the SIM function integration to the equipment side, need not entity SIM card or eUICC card, not only the cost is reduced effectively, can satisfy the demand to antidetonation, resistance to compression etc. under the outside adverse circumstances moreover. And the DP acquires the Profile file from the MNO, introduces the Profile file into the DP system in an encrypted form, and generates an ICCID list corresponding to the Profile.
Fig. 2 is a flowchart of a Profile downloading method according to an embodiment of the present invention. The method can be applied to LA. As shown in fig. 2, the Profile downloading method provided in this embodiment may include:
s201, importing nuSIM certificates carrying electronic identity cards EIDs into an LA database in batches.
In this embodiment, nuSIM certificates with EID information may be manufactured in batch by an online certificate manufacturing center, for example, and are imported by LA and DP. In this embodiment, the nuSIM certificate may be imported into LA and DP, respectively. Specifically, a nuSIM certificate is imported into a DP server, and a binding relationship between an EID of the nuSIM certificate and an ICCID corresponding to a Profile is established; and importing nuSIM certificates carrying EIDs into an LA database in batches. For example, the nuSIM certificate compression package may be imported in batch, and the nuSIM certificate compression package may be decompressed to obtain the nuSIM certificate.
S202, downloading the Profile from the server in batch according to the nuSIM certificate, establishing a binding relationship between the EID of the nuSIM certificate and the ICCID of the integrated circuit card of the Profile, and storing the Profile in the LA database in a ciphertext mode.
In this embodiment, the LA may send the EID of the nuSIM certificate to the DP server to request downloading of the corresponding Profile. And the DP server determines the Profile corresponding to the EID according to the binding relationship between the EID and the ICCID for LA downloading. When multiple profiles need to be downloaded, the LA sends EIDs of multiple nuSIM certificates to the DP server. When downloading in bulk, the LA may build an EID list and send it to the DP server.
And after the LA downloads the Profile from the server, establishing a binding relationship between the EID of the nuSIM certificate and the ICCID of the integrated circuit card of the Profile, and storing the Profile in the LA database in a ciphertext mode. For the Profile, for example, algorithms such as Advanced Encryption Standard (AES) and ECC Elliptic curve-based Key Agreement (ECKA) may be used for Encryption.
S203, communicating with the Internet of things equipment through a physical interface to obtain an International Mobile Equipment Identity (IMEI) of the Internet of things equipment, wherein the Internet of things equipment is integrated with an identity authentication module (SIM) following a nuSIM protocol.
In this embodiment, the internet of things device may be connected to the internet of things device through a physical interface such as a Universal Serial Bus (USB), a Universal Asynchronous Receiver/Transmitter (UART), and the like. The LA can be adapted to different TE interfaces to transmit data, namely, the corresponding interface can be flexibly selected according to the existing hardware interface of the TE, and the docking difficulty is greatly reduced. When connected with a plurality of internet of things devices, the interfaces used by the respective internet of things devices may be different. The internet of things device in this embodiment is integrated with an identity authentication module SIM conforming to the nuSIM protocol, and the SIM is directly integrated into a device chip without a physical entity card, so that a security Environment owned by the device, such as a Security Element (SE), a Trusted Execution Environment (TEE), and the like, can be used, which is helpful for improving security. When the device is communicated with the Internet of things device through the physical interface, the device information, such as IMEI, of the device side is read.
And S204, acquiring an unused nuSIM certificate from the LA database, and writing the nuSIM certificate into the Internet of things equipment so as to complete the personalized process of the Internet of things equipment.
In this embodiment, nuSIM certificates with the same number as the number of the connected internet-of-things devices can be randomly selected from the LA database and written into the internet-of-things devices, so as to complete the personalization process of the internet-of-things devices. When the nuSIM certificate is written in the Internet of things equipment and personalization is completed, only the Profile corresponding to the certificate can be written in, and the safety is further improved.
S205, according to the binding relationship between the EID and the ICCID, the Profile corresponding to the nuSIM certificate is written into the corresponding Internet of things equipment, and the binding relationship among the EID, the ICCID and the IMEI is established.
And after the Internet of things equipment completes personalization, the LA writes the Profile corresponding to the nuSIM certificate into the corresponding Internet of things equipment according to the binding relationship between the EID and the ICCID. And a binding relation among the EID, the ICCID and the IMEI is established, so that the nuSIM can be managed conveniently in the follow-up process.
Specifically, when communicating with a plurality of thing networking devices through physical interface, can write in nuSIM certificate and Profile a plurality of in parallel thing networking devices realizes writing in batches, can improve the production efficiency of producing the line.
After the internet of things equipment successfully downloads and installs the Profile and disconnects the LA, the installed Profile can be automatically started, and a cellular communication network provided by the MNO is used.
In order to facilitate the quick tracking of the root of the operation when an operation problem occurs, the LA also records all operation logs; DLL libraries also provide complete log records to troubleshoot LA interactions with DP or TE.
According to the Profile downloading method provided by the embodiment, nuSIM certificates carrying EIDs are imported into an LA database in batches; downloading profiles in batches from a server according to the nuSIM certificate, establishing a binding relationship between an EID of the nuSIM certificate and an ICCID of the profiles, and storing the profiles in an LA database in a ciphertext mode; the method comprises the steps that the Internet of things equipment is communicated through a physical interface, and an international mobile equipment identification code IMEI of the Internet of things equipment is obtained; obtaining an unused nuSIM certificate from an LA database and writing the nuSIM certificate into the Internet of things equipment; according to the binding relationship between the EID and the ICCID, the Profile corresponding to the nuSIM certificate is written into the corresponding Internet of things equipment, and the binding relationship among the EID, the ICCID and the IMEI is established, so that the efficiency of Profile downloading is improved, and the security of Profile downloading under the nuSIM scheme is improved.
On the basis of the foregoing embodiment, in order to facilitate a user to timely and accurately grasp related information of a Profile downloading process, in the method provided in this embodiment, in a process of writing in a Profile, a state display interface is generated, where the state display interface displays a port number of each physical interface, an IMEI of a connected internet of things device, an EID of a nuSIM certificate written in, an ICCID of the Profile written in, and status information of the writing process. Referring to fig. 3, fig. 3 is a schematic view of a status display interface according to an embodiment of the present invention. It should be noted that the port numbers, EIDs, IMEIs, ICCIDs, and the like shown in fig. 3 are only used for illustration, and are not limited thereto. The total number of profiles in the LA, the number used and the number remaining available may also be displayed in the status display interface.
On the basis of the above embodiment, to further improve security, in the method provided in this embodiment, before importing nuSIM certificates carrying electronic identity cards EID into an LA database in batches, a login interface is generated for receiving an account and a password input by a user; after receiving the account and the password input by the user in the login interface, the received account and the password are verified. The LA tool is only allowed to be used by authenticated users, but not by users that are not valid account and password authenticated.
In an optional embodiment, before receiving the account and the password input by the user at the login interface, the method further comprises: the validity of the license file is verified. That is, the LA production line tool supports License activation, and unauthorized version functions can only read information, but cannot write information, and thus the tool can be prevented from being illegally used.
In an optional implementation manner, before importing the nuSIM certificates carrying the electronic identity cards EID into the LA database in batch, the method further includes: generating a parameter configuration interface, wherein setting items for configuring one or more of server addresses, timeout time, retry times and connection number are arranged in the parameter configuration interface; and configuring parameters according to the user instruction. Referring to fig. 4, fig. 4 is a schematic diagram of a parameter configuration interface according to an embodiment of the present invention. Fig. 4 is only an illustration, and is not limited thereto.
Fig. 5 is a signaling flowchart of a Profile downloading method according to an embodiment of the present invention. As shown in fig. 5, the method provided by this embodiment may include:
s501, the MNO server sends a downloading command to the DP server, and the downloading command is used for indicating the DP server to download the Profile.
S502, the DP server downloads the Profile file from the MNO server and generates an ICCID list corresponding to the Profile.
S503, the DP server imports the nuSIM certificate which is manufactured by the certificate manufacturing center and carries the EID information, and establishes the binding relationship between the EID and the ICCID.
And S504, the LA imports the nuSIM certificate which is manufactured by the certificate manufacturing center and carries the EID information.
And S505, the LA initiates a Profile downloading request to the DP.
S506, LA downloads Profile from DP according to EID.
And S507, the LA writes the nuSIM certificate into the connected TE.
And S508, the TE completes equipment personalization according to the written nuSIM certificate.
S509, the LA writes Profile corresponding to the nuSIM certificate to the connected TE.
And S510, enabling the Profile to connect the network when the TE is started up/restarted.
S511 and LA notify the DP of the installation result of the Profile.
Fig. 6 is a flowchart of a Profile downloading method according to another embodiment of the present invention. As shown in fig. 6, the method provided by this embodiment may include:
s601, receiving an account and a password input by a user in a login interface.
S602, verifying the received account and the password, and judging whether the account and the password pass the verification. If yes, continue to execute step S603; if not, step S601 is executed to continue receiving the user input.
And S603, generating a parameter configuration interface, and configuring parameters according to the user instruction.
And S604, importing the nuSIM certificates carrying the EID into an LA database in batches. And after the user clicks an import button, importing the nuSIM certificates which are manufactured by the certificate manufacturing center and carry EID information into the LA database in batches.
S605, judging whether the nuSIM certificate is successfully imported. If yes, go to step S606; if not, the process continues to step S604 to import the certificate.
And S606, downloading the profiles from the server in batch according to the nuSIM certificate.
S607, judging whether the Profile is downloaded successfully. If yes, go to step S608; if not, the step S606 continues to download the Profile.
And S608, communicating with the Internet of things equipment through a physical interface.
And S609, writing the nuSIM certificate into the nuSIM certificate, so as to realize the personalized process of the equipment of the Internet of things.
And S610, writing the Profile corresponding to the nuSIM certificate.
S611, saving the log record.
To sum up, the present application requests, distributes and downloads Profile to the terminal device through LA deployed on the PC, and makes use of existing network conditions of the PC environment to the maximum extent, and securely downloads Profile in a form of ciphertext from the DP server to the local LA database in batch, and after completing the batch downloading of Profile, the present application can enter a safer network-less secure room environment, and write the Profile in the form of ciphertext into the terminal device in an offline manner. After leaving the factory, the terminal equipment has the SIM function, can complete data interaction on the network side by network residence, and does not need to update the Profile subsequently. The method is particularly suitable for the field of Low Cost (Low Cost) equipment, such as water meters, electric meter T trackers, smart cities, intelligent logistics and other industries.
The present application is further illustrated by the following two specific examples. First, an example of the MT2625 NB Modem Chip IC will be described. Completing adaptation on a chip, a chip general agent and a module, and integrating the nuSIM COS into corresponding software SW; the nuSIM COS can be realized inside the 2625 chip, and communicates with the Modem side through the SIM Driver, and then the production of corresponding chip, module is carried out. And acquiring a Profile file from an operator, importing the Profile file into a DP system in an encrypted form, and generating an ICCID list corresponding to the Profile. nuSIM certificates with EID information are manufactured in batch from a certificate manufacturing center for subsequent import into an LA database. And respectively importing the nuSIM certificate into a DP management system, and establishing a binding relationship between the EID and the ICCID corresponding to the Profile. And starting an LA production line tool, logging in the configured account, configuring relevant parameters of the DP server, clicking an Import (Import) button, and importing the acquired nuSIM certificate into an LA database. And reading the nuSIM certificate from the LA database, initiating the batch downloading of the Profile, and storing the Profile in the LA database in a ciphertext mode. Communicating LA with the module in a USB or serial port mode, clicking a start button to start inquiring equipment information of the module, randomly extracting an unused nuSIM certificate from an LA database and writing the nuSIM certificate into equipment to complete the equipment personalization process, and then downloading the Profile; after the Profile download is completed, the LA establishes the binding relationship of IMEI, EID and ICCID, so that the subsequent management of the nuSIM is facilitated; in this step, the downloading of the Profile in batches can be realized by connecting a plurality of devices at the same time. After the device which downloads and successfully installs the Profile is disconnected and the LA is connected, the installed Profile can be automatically started, and the device is restarted each time. The security encryption mechanism is completed by the external isolation of 2625 Modem Chip and the encryption protection of SKB, 2625 itself is isolated on NVM and RAM and external communication, will turn off illegal AT, UART interface and JTAG port, is an isolated security environment. The NVM Flash provides Secure Boot and AES OTF encryption functions to further ensure internal data security. And the SKB performs secondary encryption protection on the key data in the Profile, so that the safety of the Profile in storage and operation is ensured. The whole download (download) process of the Profile conforms to the nuSIM standard protocol, and the download safety of the Profile is ensured by certificate bidirectional verification and an ECKA and SCP03t encryption mechanism. The whole combination ensures the life cycle (life cycle) safety of the Profile.
Next, a further description will be given by taking the Qualcomm 9205 chip BG77 remote module as an example. Completing adaptation on a chip, a chip general agent and a module, and integrating the nuSIM COS into a corresponding SW; the nuSIM COS is implemented inside the TEE secure environment provided inside the Qualcomm 9205 chip, communicates through external CA and REE, and communicates with the Modem side through the QMI interface. Then, the production of the corresponding chip and module is carried out. And acquiring a Profile file from an operator, importing the Profile file into a DP system in an encrypted form, and generating an ICCID list corresponding to the Profile. nuSIM certificates with EID information are manufactured in batch from a certificate manufacturing center for subsequent import into an LA database. And respectively importing the nuSIM certificate into a DP management system, and establishing a binding relationship between the EID and the ICCID corresponding to the Profile. And starting an LA production line tool, logging in the configured account, configuring relevant parameters of the DP server, clicking an Import button, and importing the nuSIM certificate obtained by the complaint into an LA database. And reading the nuSIM certificate from the LA database, initiating the batch downloading of the Profile, and storing the Profile in the LA database in a ciphertext mode. Communicating LA with the module in a USB or serial port mode, clicking a start button to start inquiring equipment information of the module, randomly extracting an unused nuSIM certificate from a database and writing the nuSIM certificate into equipment to complete an equipment personalization process, and then downloading Profile; after the Profile download is completed, the LA establishes the binding relationship of IMEI, EID and ICCID, so that the subsequent management of the nuSIM is facilitated; in this step, the downloading of the Profile in batches can be realized by connecting a plurality of devices at the same time. And automatically starting the installed Profile after the downloaded and installed equipment is disconnected and the LA is connected, and restarting the equipment each time. The equipment does not support rewriting after leaving factory and must be returned to factory. The security encryption mechanism is guaranteed by a TEE trusted execution environment in the 9205, and the nuSIM COS executes and stores the Profile data in an NVM and an RAM in the TEE, so that the security storage and the operation of the Profile in the equipment are guaranteed. The download flow of the whole Profile conforms to an eSIM standard protocol, and the download safety of the Profile is ensured by certificate bidirectional verification and ECKA and SCP03t encryption mechanisms. The whole combination ensures the safety of the lifecycle of the Profile.
The scheme of the application does not need an entity SIM card or an eUICC card, and can effectively reduce the cost; according to the nuSIM technical specification, SIM functions are integrated to the equipment side, and the requirement support for the severe external environment can be met; the PC network environment of the production line provides network support for the request and downloading of the Profile, the initial network capacity of the equipment side is not required to be additionally required, and the writing of the Profile into the production line can be easily and conveniently finished; batch downloading is supported, and production benefits can be greatly improved; the safety characteristic of the equipment side is fully utilized, the protection of the Profile is reinforced, and the safety is further guaranteed.
Fig. 7 is a schematic structural diagram of a Profile downloading device according to an embodiment of the present invention. As shown in fig. 7, the Profile downloading apparatus 70 provided in this embodiment may include: the system comprises an import module 701, a download module 702, a communication module 703, a first write-in module 704 and a second write-in module 705.
An import module 701, configured to import nuSIM certificates carrying electronic identity cards EID into an LA database in batches;
a downloading module 702, configured to download profiles in batches from a server according to the nuSIM certificate, establish a binding relationship between the EID of the nuSIM certificate and the integrated circuit card identification code ICCID of the Profile, and store the profiles in the LA database in a ciphertext form;
the communication module 703 is configured to communicate with an internet of things device through a physical interface to obtain an international mobile equipment identity IMEI of the internet of things device, where the internet of things device is integrated with an identity authentication module SIM conforming to a nuSIM protocol;
a first writing module 704, configured to obtain an unused nuSIM certificate from the LA database and write the nuSIM certificate into the internet of things device, so as to complete a personalization process of the internet of things device;
a second writing module 705, configured to write the Profile corresponding to the nuSIM certificate into the corresponding internet of things device according to the binding relationship between the EID and the ICCID, and establish the binding relationship between the EID, the ICCID, and the IMEI.
The Profile downloading device provided in this embodiment may be used to execute the technical solution of the method embodiment corresponding to fig. 2, and the implementation principle and the technical effect are similar, which are not described herein again.
Fig. 8 is a schematic structural diagram of a Profile downloading device according to an embodiment of the present invention. As shown in fig. 8, the Profile downloading device 80 provided in this embodiment may include: a memory 801, a processor 802, and a bus 803. Bus 803 is used to enable connections between various components.
The memory 801 stores a computer program, and when the computer program is executed by the processor 802, the technical solution of the Profile downloading method provided by any of the above method embodiments may be implemented.
Wherein the memory 801 and the processor 802 are electrically connected directly or indirectly to enable data transmission or interaction. For example, the elements may be electrically connected to each other via one or more communication buses or signal lines, such as bus 803. The memory 801 stores a computer program for implementing the Profile downloading method, which includes at least one software functional module that can be stored in the memory 801 in the form of software or firmware, and the processor 802 executes various functional applications and data processing by running the software program and the module stored in the memory 801.
The Memory 801 may be, but is not limited to, a Random Access Memory (RAM), a Read Only Memory (ROM), a Programmable Read-Only Memory (PROM), an Erasable Read-Only Memory (EPROM), an electrically Erasable Read-Only Memory (EEPROM), and the like. The memory 801 is used for storing programs, and the processor 802 executes the programs after receiving execution instructions. Further, the software programs and modules within the above-described memory 801 may also include an operating system, which may include various software components and/or drivers for managing system tasks (e.g., memory management, storage device control, power management, etc.), and may communicate with various hardware or software components to provide an operating environment for other software components.
The processor 802 may be an integrated circuit chip having signal processing capabilities. The Processor 802 may be a general-purpose Processor, and includes a Central Processing Unit (CPU), a Network Processor (NP), and so on. The various methods, steps and logic blocks disclosed in the embodiments of the present invention may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. It will be appreciated that the configuration of fig. 8 is merely illustrative and may include more or fewer components than shown in fig. 8 or have a different configuration than shown in fig. 8. The components shown in fig. 8 may be implemented in hardware and/or software.
Reference is made herein to various exemplary embodiments. However, those skilled in the art will recognize that changes and modifications may be made to the exemplary embodiments without departing from the scope hereof. For example, the various operational steps, as well as the components used to perform the operational steps, may be implemented in differing ways depending upon the particular application or consideration of any number of cost functions associated with operation of the system (e.g., one or more steps may be deleted, modified or incorporated into other steps).
Additionally, as will be appreciated by one skilled in the art, the principles herein may be reflected in a computer program product on a computer readable storage medium, which is pre-loaded with computer readable program code. Any tangible, non-transitory computer-readable storage medium may be used, including magnetic storage devices (hard disks, floppy disks, etc.), optical storage devices (CD-ROMs, DVDs, Blu Ray disks, etc.), flash memory, and/or the like. These computer program instructions may be loaded onto a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions which execute on the computer or other programmable data processing apparatus create means for implementing the functions specified. These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including means for implementing the function specified. The computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified.
The present invention has been described in terms of specific examples, which are provided to aid understanding of the invention and are not intended to be limiting. For a person skilled in the art to which the invention pertains, several simple deductions, modifications or substitutions may be made according to the idea of the invention.
Claims (10)
1. A Profile downloading method is characterized by comprising the following steps:
leading nuSIM certificates carrying electronic identity cards EID into an LA database in batches;
downloading profiles in batches from a server according to the nuSIM certificate, establishing a binding relationship between the EID of the nuSIM certificate and the ICCID of the integrated circuit card of the profiles, and storing the profiles in the LA database in a ciphertext mode;
the method comprises the steps that a physical interface is communicated with Internet of things equipment, the international mobile equipment identification code IMEI of the Internet of things equipment is obtained, and an identity authentication module SIM conforming to a nuSIM protocol is integrated with the Internet of things equipment;
obtaining an unused nuSIM certificate from the LA database and writing the nuSIM certificate into the Internet of things equipment so as to complete the personalized process of the Internet of things equipment;
and writing the Profile corresponding to the nuSIM certificate into corresponding Internet of things equipment according to the binding relationship between the EID and the ICCID, and establishing the binding relationship among the EID, the ICCID and the IMEI.
2. The method of claim 1, wherein the method further comprises:
the nuSIM certificate and the Profile are written into the internet of things devices in parallel through the physical interface and the internet of things devices.
3. The method of claim 2, wherein the method further comprises:
and in the process of writing the Profile, generating a state display interface, wherein the state display interface displays the port number of each physical interface, the IMEI of the connected Internet of things equipment, the EID of the written nuSIM certificate, the ICCID of the written Profile and the status information of the writing process.
4. The method of claim 1, wherein prior to importing the nuSIM certificate carrying the electronic identity card EID into the LA database in a batch, the method further comprises:
generating a parameter configuration interface, wherein setting items for configuring one or more of server addresses, timeout time, retry times and connection number are arranged in the parameter configuration interface;
and configuring parameters according to the user instruction.
5. The method of claim 1, further comprising logging operations.
6. The method according to any one of claims 1-5, wherein before importing the nuSIM certificate carrying the electronic identity card EID into the LA database in a batch, the method further comprises:
receiving an account and a password input by a user in a login interface;
and verifying the account and the password.
7. The method of claim 6, wherein the receiving the account and password entered by the user at the login interface further comprises: the validity of the license file is verified.
8. A Profile download apparatus, comprising:
the import module is used for importing the nuSIM certificates carrying the electronic identity cards EID into an LA database in batches;
the download module is used for downloading the Profile from the server in batches according to the nuSIM certificate, establishing a binding relationship between the EID of the nuSIM certificate and the ICCID of the integrated circuit card of the Profile, and storing the Profile in the LA database in a ciphertext mode;
the communication module is used for communicating with the Internet of things equipment through a physical interface to acquire an International Mobile Equipment Identity (IMEI) of the Internet of things equipment, and the Internet of things equipment is integrated with an identity authentication module (SIM) conforming to a nuSIM protocol;
the first writing module is used for acquiring an unused nuSIM certificate from the LA database and writing the nuSIM certificate into the Internet of things equipment so as to complete the personalized process of the Internet of things equipment;
and the second writing module is used for writing the Profile corresponding to the nuSIM certificate into corresponding Internet of things equipment according to the binding relationship between the EID and the ICCID, and establishing the binding relationship among the EID, the ICCID and the IMEI.
9. A Profile download device, comprising: at least one processor and memory;
the memory stores computer-executable instructions;
the at least one processor executing the memory-stored computer-executable instructions causes the at least one processor to perform the Profile download method of any of claims 1-7.
10. A computer-readable storage medium having computer-executable instructions stored thereon, which when executed by a processor, implement the Profile download method of any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010957564.XA CN111935704B (en) | 2020-09-14 | 2020-09-14 | Profile downloading method, device and equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010957564.XA CN111935704B (en) | 2020-09-14 | 2020-09-14 | Profile downloading method, device and equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111935704A CN111935704A (en) | 2020-11-13 |
| CN111935704B true CN111935704B (en) | 2020-12-25 |
Family
ID=73309922
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010957564.XA Active CN111935704B (en) | 2020-09-14 | 2020-09-14 | Profile downloading method, device and equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111935704B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112565459B (en) * | 2020-12-28 | 2021-08-24 | 深圳杰睿联科技有限公司 | Internet of things equipment and method for managing profile in eUICC card |
| CN113785547B (en) * | 2020-12-30 | 2023-06-23 | 深圳杰睿联科技有限公司 | Safety transmission method and corresponding device for Profile data |
| US20220247577A1 (en) * | 2021-01-29 | 2022-08-04 | Arm Cloud Services Limited | Provisioning system and method |
| CN112994973B (en) * | 2021-02-04 | 2022-08-19 | 展讯通信(天津)有限公司 | Automatic batch testing method and device for Internet of things equipment and computer-readable storage medium |
| CN115623457A (en) * | 2021-07-15 | 2023-01-17 | 华为技术有限公司 | Communication method and electronic device |
| CN114258012A (en) * | 2021-12-16 | 2022-03-29 | 武汉天喻信息产业股份有限公司 | ESIM number prefabricating method, ESIM virtual system, ESIM virtual equipment and storage medium |
| CN115278644B (en) * | 2022-06-21 | 2023-09-15 | 芯安微众(上海)微电子技术有限公司 | eUICC downloading method suitable for off-line production |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110366163A (en) * | 2019-07-03 | 2019-10-22 | 深圳杰睿联科技有限公司 | ESIM management method and system based on Internet of Things |
| CN110915248A (en) * | 2017-07-20 | 2020-03-24 | T移动美国公司 | Data enhancement for ESIM profile operation callbacks |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9350550B2 (en) * | 2013-09-10 | 2016-05-24 | M2M And Iot Technologies, Llc | Power management and security for wireless modules in “machine-to-machine” communications |
| CN109257740B (en) * | 2018-09-27 | 2022-02-22 | 努比亚技术有限公司 | Profile downloading method, mobile terminal and readable storage medium |
-
2020
- 2020-09-14 CN CN202010957564.XA patent/CN111935704B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110915248A (en) * | 2017-07-20 | 2020-03-24 | T移动美国公司 | Data enhancement for ESIM profile operation callbacks |
| CN110366163A (en) * | 2019-07-03 | 2019-10-22 | 深圳杰睿联科技有限公司 | ESIM management method and system based on Internet of Things |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111935704A (en) | 2020-11-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111935704B (en) | Profile downloading method, device and equipment | |
| US12022571B2 (en) | Profile between devices in wireless communication system | |
| CN105682075B (en) | Method for supplying subscriber data to terminal, terminal and supply server | |
| CN111479259B (en) | SIM card configuration distribution method and system | |
| US11868762B2 (en) | Method for authenticating and updating eUICC firmware version and related apparatus | |
| CN114363891B (en) | Method capable of migrating subscriptions | |
| EP2861002B1 (en) | Virtual user identification data distributing method and obtaining method, and devices | |
| US11282056B2 (en) | Method, servers and system for downloading an updated profile | |
| EP3764678A1 (en) | Apparatus for implementing a trusted subscription management platform | |
| EP3337219B1 (en) | Carrier configuration processing method, device and system, and computer storage medium | |
| US20080155071A1 (en) | Method and system for bootstrap of a device | |
| US8781131B2 (en) | Key distribution method and system | |
| CN113678484A (en) | Method for providing subscription configuration file, user identity module and subscription server | |
| CN116097636B (en) | Apparatus and method for linking or profile transfer between devices | |
| US9246910B2 (en) | Determination of apparatus configuration and programming data | |
| US11012830B2 (en) | Automated activation and onboarding of connected devices | |
| CN111372224A (en) | Method, device and equipment for sharing seed code number by eSIM (embedded subscriber identity Module) | |
| US20240214817A1 (en) | Method for remote provisioning of software modules in integrated circuit cards, corresponding apparatus and computer program product | |
| US20230078765A1 (en) | Method and system for automated secure device registration and provisioning over cellular or wireless network | |
| CN115499821A (en) | eSIM signing method and device | |
| CN104918230A (en) | Card writing method, device and system | |
| CN103843378A (en) | Method for binding secure device to a wireless phone | |
| US20240129743A1 (en) | Method for personalizing a secure element | |
| CN114760195B (en) | Network access point configuration method, device, system, equipment and medium | |
| EP3993343B1 (en) | Method and device for transferring bundle between devices |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |