CN115278644A - eUICC downloading method suitable for off-line production - Google Patents
eUICC downloading method suitable for off-line production Download PDFInfo
- Publication number
- CN115278644A CN115278644A CN202210706369.9A CN202210706369A CN115278644A CN 115278644 A CN115278644 A CN 115278644A CN 202210706369 A CN202210706369 A CN 202210706369A CN 115278644 A CN115278644 A CN 115278644A
- Authority
- CN
- China
- Prior art keywords
- euicc
- data
- profile
- production line
- equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/18—Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
- H04L9/3273—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/30—Computing systems specially adapted for manufacturing
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Databases & Information Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- General Factory Administration (AREA)
Abstract
The application relates to an eUICC downloading method suitable for off-line production, which comprises the steps of acquiring and sending Profile preparation data by deploying a production line DP +; acquiring eUICC equipment information of equipment to be produced through a production line tool, and acquiring ciphertext Profile data matched with the eUICC equipment information from the Profile preparation data; mutually recognizing the production line tool and the equipment to be produced, calculating an authentication key, preprocessing the key and the ciphertext Profile data, obtaining the processed Profile data and sending the processed Profile data to the equipment to be produced; and the equipment to be produced completes eUICC number writing according to the eUICC number writing data. And deploying special software on a production line, providing necessary certificates and keys by matching with the USBKey, and producing the ciphertext Profile derived from the DP + in an offline environment to realize offline reading and writing of the eUICC.
Description
Technical Field
The disclosure relates to the technical field of eUICC (electronic integrated circuit card) internet of things, in particular to an eUICC downloading method, an eUICC off-line downloading system, a using method and a control system thereof, which are suitable for off-line production.
Background
More and more eUICC (Embedded Universal Integrated Circuit Card) equipment capable of supporting code number downloading over the air is applied to the field of Internet of things, all large ODM manufacturers actively support the eUICC standard, GSMA (GSM Association) organizations issue two sets of standards of M2M (Machine to Machine) and Consumer, the M2M scheme is realized in a short message mode, the Consumer downloads the code in a Https mode, the short message mode is very complicated for non-operation business, and the Consumer scheme is discussed later.
In an application scene of the internet of things, an ODM manufacturer can use number cards of operators to carry out surface mounting when producing equipment, and needs to prepare SIM cards issued by a plurality of operators for equipment sent to different countries and regions, so that the production of equipment hardware cannot be finished in advance, and the ODM manufacturer needs to manage various SIM card material numbers. In order to solve these problems, the requirement of adopting eUICC technology for production line production is very urgent. However, the number writing in an air mode is very unfavorable for the production of the ODM production line, which not only affects the production efficiency, but also greatly increases the risk of download failure.
An off-line downloading method is not available in the current eUICC technical system, good safety characteristics are kept on the premise of not changing the original eUICC system architecture, and the problem that ODM manufacturers are eagerly solved by how to realize off-line downloading.
Disclosure of Invention
In order to solve the above problems, the present application provides an eUICC downloading method, an eUICC offline downloading system, a using method thereof, and a control system thereof, which are suitable for offline production, and can produce ciphertext Profile derived from DP + in an offline production line environment by deploying special software on a production line to provide necessary certificates and keys in cooperation with usb keys.
One aspect of the present application provides an eUICC downloading method suitable for offline production, including the following steps:
s100, deploying a production line DP +, acquiring and sending Profile preparation data;
s200, obtaining eUICC equipment information of equipment to be produced through a production line tool, and obtaining ciphertext Profile data matched with the eUICC equipment information from the Profile preparation data;
s300, mutually authenticating the production line tool and the equipment to be produced, calculating an authentication key, preprocessing the key and the ciphertext Profile data, obtaining eUICC writing number data and sending the eUICC writing number data to the equipment to be produced;
s400, the equipment to be produced receives the eUICC number writing data and completes eUICC number writing according to the eUICC number writing data.
As an optional implementation of the present application, optionally, in step S100, deploying the production line DP +, acquiring and sending Profile preparation data includes:
s101, deploying a production line DP +, and encrypting the Profile data stored on the DP + through an encKey dispersion method and a dispersion key on the DP + to obtain Profile preparation data;
s102, preparing and generating a USBKey based on the DP + encKey dispersion method and the dispersed key;
s103, connecting the USBKey with the production line tool, exporting the Profile preparation data through the USBKey, and sending the Profile preparation data to the production line tool.
As an optional implementation of the present application, optionally, in step S200, obtaining eUICC device information of a device to be produced by using a production line tool, and obtaining ciphertext Profile data matched with the eUICC device information from the Profile preparation data includes:
s201, presetting a serial port connection mode, and connecting equipment to be produced with the eUICC with the production line tool according to the serial port connection mode;
s202, the production line tool accesses the equipment to be produced through a serial port to obtain eUICC equipment information EID of the equipment to be produced;
s203, acquiring ciphertext Profile data matched with the eUICC equipment information EID from the Profile preparation data.
As an optional implementation of the present application, optionally, in step S300, mutually recognizing the production line tool and the device to be produced, calculating an authentication key, preprocessing the key and the ciphertext Profile data, obtaining eUICC writing data, and sending the eUICC writing data to the device to be produced, includes:
s301, presetting authentication conditions, and enabling the production line tool and the equipment to be produced to mutually recognize according to the authentication conditions;
s302, calculating a one-time negotiation key encKey through the USBKey to obtain an authentication key and sending the authentication key to the production line tool;
and S303, splicing the key and the ciphertext Profile data by the production line tool according to a GSMA standard to obtain eUICC writing number data and sending the eUICC writing number data to the equipment to be produced.
In another aspect of the present application, an eUICC offline download system generated by the above eUICC download method suitable for offline production is provided, including:
the deployment module is used for deploying the production line DP +, acquiring and sending Profile preparation data;
the eUICC equipment information acquisition module is used for acquiring eUICC equipment information of equipment to be produced through a production line tool and acquiring ciphertext Profile data matched with the eUICC equipment information from the Profile preparation data;
the authentication module is used for mutually authenticating the production line tool and the equipment to be produced, calculating an authentication key, preprocessing the key and the ciphertext Profile data, obtaining eUICC writing number data and sending the eUICC writing number data to the equipment to be produced;
and the eUICC read-write module is used for receiving the eUICC number writing data through the equipment to be produced and completing eUICC number writing according to the eUICC number writing data.
In another aspect of the present application, a method for using the above-mentioned eUICC offline download system is further provided, which includes the following steps:
s100, ordering Profile, encrypting the Profile through an encKey generation algorithm on the DP +, obtaining ciphertext Profile data and importing the ciphertext Profile data into a production line tool;
s200, connecting the production line tool with the equipment to be produced, carrying out a standard GSMA downloading process, carrying out certificate bidirectional authentication, and exchanging a public key;
s300, the production line tool obtains a key through public key exchange, and the key and the ciphertext Profile data are spliced to obtain eUICC number writing data and sent to the equipment to be produced;
s400, the equipment to be produced receives eUICC number writing data, reads and writes eUICC numbers according to the eUICC number writing data, and returns read and write results to the production line tool.
As an optional implementation of the present application, optionally, in step S100, ordering a Profile, encrypting the Profile through an encKey generation algorithm on the DP +, obtaining ciphertext Profile data, and exporting the ciphertext Profile data, includes:
s101, ordering a Profile from a DP + through an ES2+ interface;
s102, generating an encKey of the Profile through an encKey generation algorithm on the DP +, and encrypting the Profile by using the encKey to obtain ciphertext Profile data;
s103, importing the ciphertext Profile data into the production line tool.
As an optional implementation of the present application, optionally, in step S300, the line production tool obtains a key by exchanging a public key, and performs splicing processing on the key and the ciphertext Profile data to obtain eUICC write number data and send the eUICC write number data to the device to be produced, including:
s301, the production line tool obtains a negotiation key OTPK identical to that of the eUICC through an ECDH key negotiation algorithm;
s302, applying an encKey to the USBKey by using EID, and encrypting the encKey by using the negotiation key OTPK to obtain a key;
s303, performing style splicing processing on the secret key and the ciphertext Profile data according to GSMA (generalized subscriber identity module) regulations to obtain eUICC number writing data, performing separation processing on the eUICC number writing data to obtain eUICC identification data, and downloading the eUICC identification data to the equipment to be produced;
as an optional implementation of the present application, optionally, in step S400, the receiving, by the device to be produced, the eUICC number writing data, performing reading and writing of the eUICC code number according to the eUICC number writing data, and returning a reading and writing result to the production line tool includes:
s401, the equipment to be produced receives the eUICC identification data, and decrypts the encKey in the eUICC identification data according to the negotiation key OTPK to obtain the encKey of a plaintext;
s402, decrypting the eUICC identification data into a plaintext Profile by using the encKey of the obtained plaintext, and writing the plaintext Profile into an eUICC card to realize offline download of the eUICC;
s403, feeding back the downloading result to the production line tool through the equipment to be produced, identifying the Profile through the production line tool, and ending the process.
In another aspect of the present application, a control system is further provided, including:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to execute the executable instructions to implement the method of using as described above.
The invention has the technical effects that:
the method comprises the steps that Profile preparation data are obtained and sent through a DP + production line; acquiring eUICC equipment information of equipment to be produced through a production line tool, and acquiring ciphertext Profile data matched with the eUICC equipment information from the Profile preparation data; mutually authenticating the production line tool and the equipment to be produced, calculating an authentication key, preprocessing the key and the ciphertext Profile data, obtaining eUICC number writing data and sending the eUICC number writing data to the equipment to be produced; and the equipment to be produced receives the eUICC number writing data and completes eUICC number writing according to the eUICC number writing data. Special software can be deployed on a production line and matched with the USBKey to provide necessary certificates and keys, and the ciphertext Profile derived from the DP + can be produced in an off-line environment of the production line, so that off-line reading and writing of the eUICC are realized.
The off-line mode is adopted for production line production, so that the data request through the network is omitted, the speed of downloading the number is higher than that through OTA, and the production efficiency is increased; the production line production in the mode can greatly avoid the influence of network instability on the production line; the data is prepared in advance, so that delay of production caused by service paralysis when the server is accessed can be avoided.
Other features and aspects of the present disclosure will become apparent from the following detailed description of exemplary embodiments, which proceeds with reference to the accompanying drawings.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of the specification, illustrate exemplary embodiments, features, and aspects of the disclosure and, together with the description, serve to explain the principles of the disclosure.
Fig. 1 is a schematic flow chart illustrating an implementation of an eUICC downloading method suitable for offline production according to embodiment 1 of the present invention;
FIG. 2 is a diagram showing a software architecture in embodiment 1 of the present invention;
fig. 3 is a flow chart illustrating a method for using an offline eUICC download system according to embodiment 3 of the present invention;
fig. 4 is a schematic diagram illustrating a process of downloading a Profile offline by the eUICC when downloading a code number according to embodiment 3 of the present invention;
fig. 5 is a schematic diagram illustrating a mechanism of distribution of encKey in embodiment 3 of the present invention.
Detailed Description
Various exemplary embodiments, features and aspects of the present disclosure will be described in detail below with reference to the accompanying drawings. In the drawings, like reference numbers indicate functionally identical or similar elements. While the various aspects of the embodiments are presented in drawings, the drawings are not necessarily drawn to scale unless specifically indicated.
The word "exemplary" is used exclusively herein to mean "serving as an example, embodiment, or illustration. Any embodiment described herein as "exemplary" is not necessarily to be construed as preferred or advantageous over other embodiments.
Furthermore, in the following detailed description, numerous specific details are set forth in order to provide a better understanding of the present disclosure. It will be understood by those skilled in the art that the present disclosure may be practiced without some of these specific details. In some instances, methods, means, elements and circuits that are well known to those skilled in the art have not been described in detail so as not to obscure the present disclosure.
In this embodiment, DP + is the SM-DP + service platform. Other letter designations or identifying terms are technical terms well known to those skilled in the art, and the present embodiment is not overly supplemented or described.
Example 1
In this embodiment, dedicated software is deployed on the production line and is matched with the USBKey to provide necessary certificates and keys, so that the ciphertext Profile derived from the DP + is produced in the offline environment of the production line, and offline reading and writing of the eUICC are realized. The off-line mode is adopted for production line production, and the speed of downloading the number is higher than that of downloading the number through OTA due to the fact that the data is not required to be requested through the network, and the production efficiency is improved; the production line production in the mode can greatly avoid the influence of network instability on the production line; the data is prepared in advance, so that delay of production caused by service breakdown when the server is accessed can be avoided.
As shown in fig. 1, in one aspect, the present application provides an eUICC downloading method suitable for offline production, which includes the following steps:
s100, deploying a production line DP +, acquiring and sending Profile preparation data;
s200, obtaining eUICC equipment information of equipment to be produced through a production line tool, and obtaining ciphertext Profile data matched with the eUICC equipment information from the Profile preparation data;
s300, mutually authenticating the production line tool and the equipment to be produced, calculating an authentication key, preprocessing the key and the ciphertext Profile data, obtaining eUICC writing number data and sending the eUICC writing number data to the equipment to be produced;
s400, the equipment to be produced receives the eUICC number writing data and completes eUICC number writing according to the eUICC number writing data.
The off-line Profile downloading method relates to three processes, namely: data preparation, data processing and data forwarding.
As shown in fig. 2:
a.: preparing data: in the data preparation process, DP + is a main implementation carrier, the Profile is in an unencrypted state before the process is started, namely UPP (UnProtected Profile Package), when the data is started to be prepared, the Profile is encrypted by an encKey dispersion method and a dispersion key on the DP + to enter ciphertext data, namely PPP (Protected Profile Package), and then the Profile data can be exported;
b. data processing: and after the ciphertext Profile data is imported into the production line tool, the downloading process can be started. After OTPK (One Time Private Key) interaction is performed with the eUICC, the production line tool can obtain the required eUICC device information, at this Time, the production line tool adds the relevant encKey and other information to generate a BPP (Bound Profile Package), and finally, the BPP is divided into a segment of data recognizable by the eUICC, that is, an SBPP (Segmented Bound Profile Package).
c. Data forwarding: in the downloading process described above, the production line tool needs to interact with the eUICC apparatus multiple times, and in the interaction process, the equipment to be produced and the computer where the production line tool is located need to be connected and communicate in a wired manner through serial ports and the like.
The technical steps of steps S100-S400 will be described in detail below.
S100, deploying a production line DP +, acquiring and sending Profile preparation data;
specifically, a user orders Profile according to intention from a deployed production line SM-DP + service platform, and ciphertext Profile data is exported after encryption processing. Specifically, as an optional implementation of the present application, optionally, in step S100, deploying a production line DP +, acquiring and sending Profile preparation data includes:
s101, deploying a production line DP +, and encrypting the Profile data stored on the DP + through an encKey dispersion method and a dispersion key on the DP + to obtain Profile preparation data;
s102, preparing and generating a USBKey based on an encKey dispersion method and a dispersed key of the DP +;
s103, connecting the USBKey with the production line tool, exporting the Profile preparation data through the USBKey, and sending the Profile preparation data to the production line tool.
Firstly, before offline downloading by using a production line, the present embodiment needs to export Profile data stored in DP + in batch;
secondly, a USBKey for decrypting the Profile is manufactured according to an encKey dispersion method and a dispersed key on the DP +; specifically, in this embodiment, an encKey dispersion method on DP + and a dispersed key need to be obtained for encryption and a USBKey is separately prepared, and in order to ensure security, the embodiment makes an algorithm and the dispersed key into the USBKey;
and further inserting the USBKey into a computer provided with a production tool, and exporting the ciphertext Profile data.
Specifically, as shown in fig. 2, the USBKey of the manufacture number is inserted into the production line computer, so that the production line tool obtains the same encKey generation method as that of the DP +, and the batch Profile data derived from the DP + is imported into the production line tool. When the data starts to be prepared, the Profile is encrypted by an encKey dispersion method and a dispersion key on the DP + to enter ciphertext data, namely PPP (Protected Profile Package), and then the Profile data can be exported.
S200, obtaining eUICC equipment information of equipment to be produced through a production line tool, and obtaining ciphertext Profile data matched with the eUICC equipment information from the Profile preparation data;
connecting equipment to be produced with the eUICC of the Profile to be downloaded to a computer of a production line tool, and acquiring information of the eUICCC equipment by using the production line tool. Specifically, as an optional implementation scheme of the present application, optionally, in step S200, obtaining eUICC device information of a device to be produced by using a production line tool, and obtaining ciphertext Profile data matched with the eUICC device information from the Profile preparation data includes:
s201, presetting a serial port connection mode, and connecting equipment to be produced with the eUICC with the production line tool according to the serial port connection mode;
s202, the production line tool accesses the equipment to be produced through a serial port to obtain eUICC equipment information EID (eSIM ID) of the equipment to be produced;
and S203, acquiring ciphertext Profile data matched with the eUICC equipment information EID from the Profile preparation data.
With reference to fig. 2, connecting the to-be-produced device with the eUICC, which is to download the Profile, to a computer of the production line tool; and accessing the equipment to be produced through a serial port to obtain the eUICCC equipment information, namely EID (eSIM ID). Matching corresponding ciphertext Profile data according to the eUICCC equipment information; the serial port connection mode can be selected according to the production line tool to be selected and the equipment model of the equipment to be produced, and the serial port mode is not limited.
S300, mutually authenticating the production line tool and the equipment to be produced, calculating an authentication key, preprocessing the key and the ciphertext Profile data, obtaining eUICC writing number data and sending the eUICC writing number data to the equipment to be produced;
after the eUICCC equipment information is obtained, after mutual authentication between the equipment to be produced and a production line tool is carried out, the USBKey calculates a one-time negotiation key encKey to the production line tool. Specifically, as an optional implementation scheme of the present application, optionally, in step S300, mutually recognizing the production line tool and the device to be produced, calculating an authentication key, preprocessing the key and the ciphertext Profile data, obtaining eUICC writing data, and sending the eUICC writing data to the device to be produced, includes:
s301, presetting authentication conditions, and enabling the production line tool and the equipment to be produced to mutually recognize according to the authentication conditions;
s302, calculating a one-time negotiation key encKey through the USBKey, obtaining an authentication key and sending the authentication key to the production line tool;
and S303, splicing the key and the ciphertext Profile data by the production line tool according to a GSMA standard to obtain eUICC writing number data and sending the eUICC writing number data to the equipment to be produced.
During specific authentication, a production line tool is connected with equipment to be produced of an eUICC code number to be downloaded, the production line tool and the equipment perform a standard GSMA downloading process, certificate mutual authentication is performed, after the mutual authentication is completed, the production line tool generates a pair of public and private key pairs (elliptic curve algorithm), the eUICC also generates a pair of public and private key pairs, and the public keys of the public and private key pairs are exchanged by the public key pairs.
As shown in fig. 2, after the production line tool interacts with the to-be-produced device with the eUICC, the production line tool can obtain the required information of the eUICC device, at this Time, the production line tool adds the relevant encKey and other information to generate a BPP (Bound Profile Package), and finally, the BPP is divided into a section of data recognizable by the eUICC, so as to obtain an SBPP (Segmented Bound Profile Package), that is, the eUICC number writing data. And the production line tool splices the ciphertext Profile data and the secret key and then sends the data to the equipment to be produced.
S400, the equipment to be produced receives the eUICC number writing data and completes eUICC number writing according to the eUICC number writing data
And the equipment to be produced receives the eUICC number writing data, the eUICC number writing is completed, and the process is finished. And realizing the off-line downloading of the eUICC. In the downloading process, the production line tool needs to interact with the to-be-produced equipment with the eUICC for multiple times, and in the interaction process, the to-be-produced equipment needs to be in wired connection and communication with a computer where the production line tool is located in a serial port mode or the like. And the eUICCC equipment information, key exchange, eUICC number writing and the like are realized.
Therefore, the production line production is carried out in an off-line mode, the data request through the network is omitted, the speed of downloading the number through the OTA is higher than that of downloading the number through the OTA, and the production efficiency is improved; the production line production in the mode can greatly avoid the influence of network instability on the production line; the embodiment also prepares the data in advance, and avoids delay of production caused by service breakdown when the server is accessed.
It should be noted that, although the manner of encrypting and decrypting as above is described as an example, those skilled in the art can understand that the disclosure should not be limited thereto. In fact, the user can flexibly set the encryption and decryption modes according to the actual application scenario, as long as the technical functions of the present application can be realized according to the above technical method.
Example 2
Based on the implementation principle of embodiment 1, in another aspect of the present application, an eUICC offline download system generated by the above eUICC download method applicable to offline production is provided, including:
the deployment module is used for deploying the production line DP +, acquiring and sending Profile preparation data;
the eUICC equipment information acquisition module is used for acquiring eUICC equipment information of equipment to be produced through a production line tool and acquiring ciphertext Profile data matched with the eUICC equipment information from the Profile preparation data;
the authentication module is used for mutually authenticating the production line tool and the equipment to be produced, calculating an authentication key, preprocessing the key and the ciphertext Profile data, obtaining eUICC writing number data and sending the eUICC writing number data to the equipment to be produced;
and the eUICC read-write module is used for receiving the eUICC number writing data through the equipment to be produced and completing eUICC number writing according to the eUICC number writing data.
By adopting the eUICC downloading method suitable for off-line production provided in embodiment 1, an eUICC off-line downloading system can be built and generated.
In this embodiment, the specific architecture and functional principle of the eUICC offline download system refer to the description of embodiment 1. And will not be described in detail herein.
The configuration module, the eUICC equipment information acquisition module, the authentication module, and the eUICC read-write module build a framework and a module design, which can refer to the software architecture shown in fig. 2.
The modules or steps of the present invention described above can be implemented by a general purpose computing device, they can be centralized in a single computing device or distributed over a network of multiple computing devices, and they can alternatively be implemented by program code executable by a computing device, so that they can be stored in a storage device and executed by a computing device, or they can be separately fabricated into various integrated circuit modules, or multiple modules or steps in them can be fabricated into a single integrated circuit module. Thus, the present invention is not limited to any specific combination of hardware and software.
Those skilled in the art will appreciate that the flow for implementing all or part of the modules in the method according to the above embodiments may be implemented by a computer program, which may be stored in a computer-readable storage medium, and when executed, may include the flow of the embodiments of the control method according to the above embodiments. The storage medium may be a magnetic disk, an optical disk, a Read-only memory (ROM), a Random Access Memory (RAM), a flash memory (FlashMemory), a hard disk (hard disk drive, abbreviated as HDD) or a Solid State Drive (SSD), etc.; the storage medium may also comprise a combination of memories of the kind described above.
Example 3
In this embodiment, a specific offline eUICC downloading procedure is provided.
As shown in fig. 3, in another aspect, the present application further provides a method for using the eUICC offline download system according to the foregoing embodiment 2, including the following steps:
s100, ordering Profile, encrypting the Profile through an encKey generation algorithm on the DP +, obtaining ciphertext Profile data and importing the ciphertext Profile data into a production line tool;
s200, connecting the production line tool with the equipment to be produced, carrying out a standard GSMA downloading process, carrying out certificate bidirectional authentication, and exchanging a public key;
s300, the production line tool obtains a secret key through public key exchange, splicing the secret key and the ciphertext Profile data to obtain eUICC number writing data and sending the eUICC number writing data to the equipment to be produced;
s400, the equipment to be produced receives eUICC number writing data, reads and writes eUICC numbers according to the eUICC number writing data, and returns read and write results to the production line tool.
As shown in fig. 4, in this embodiment, a specific eUICC code number downloading process is implemented by using an eUICC offline downloading system by taking a code number derived from DP + and downloaded as an example.
Firstly, preparing:
preparing:
(1) USBKey: a decentralized algorithm and a root key of encKey are preset, the corresponding encKey can be calculated by taking EID transmitted by the eUICC as a decentralized factor, and the decentralized mechanism of the encKey is specifically shown in figure 5;
(2) Certificate: cert.dppb.ecdsa and cert.dpauth.ecdsa certificates are preset in the production line tool and are respectively used for Profile binding and bidirectional Authentication with the eUICC, the bidirectional Authentication is the prior art in the field, and the detailed process of the bidirectional Authentication is described in Common Mutual Authentication Procedure in section 3.1.2 of SGP 22.
S100, ordering a Profile, encrypting the Profile through an encKey generation algorithm on the DP +, obtaining ciphertext Profile data and importing the ciphertext Profile data into a production line tool;
referring to fig. 2 and 4, before the user does not perform the subscription derivation, the Profile (i.e., the code number file) is stored in the DP + in the clear (the sensitive data encryption means does not belong to the scope discussed herein), and the Profile at this stage is the UPP (unprotected Profile packet);
as an optional implementation of the present application, optionally, in step S100, ordering a Profile, and encrypting the Profile by using an encKey generation algorithm on the DP +, to obtain ciphertext Profile data and export the ciphertext Profile data, includes:
s101, ordering a Profile from a DP + through an ES2+ interface;
s102, generating an encKey of the Profile through an encKey generation algorithm on the DP +, and encrypting the Profile by using the encKey to obtain ciphertext Profile data;
s103, importing the ciphertext Profile data into the production line tool through the USBKey.
The data preparer, namely the user, orders a Profile through the ES2+ interface, and at this moment, the DP + generates an encKey corresponding to the Profile according to an encKey generation algorithm, and encrypts the Profile by using the encKey to generate and export PPP file (protected Profile packet) ciphertext Profile data.
When downloading starts, the root key and the dispersion algorithm for generating encKey are written into the USBKey, and the USBKey is inserted into a production tool computer.
At this time, the production line tool is connected with the eUICC equipment of the code number to be downloaded, the production line tool and the equipment perform a standard GSMA downloading process, and the plaintext downloading process is started.
S200, connecting the production line tool with the equipment to be produced, carrying out a standard GSMA downloading process, carrying out certificate bidirectional authentication, and exchanging a public key;
the thread worker generates PPP data into an offline file and leads the PPP data into the thread worker.
The production line tool is connected with eUICC equipment of a code number to be downloaded, the production line tool and the equipment perform a standard GSMA downloading process, certificate bidirectional authentication is performed, after the bidirectional authentication is completed, the production line tool generates a pair of public and private key pairs (elliptic curve algorithm), the eUICC also generates a pair of public and private key pairs, and public keys are exchanged between the public key pairs and the private key pairs; the production line tool obtains a negotiation Key OTPK (One Time Private Key) which is the same as the eUICC through an ECDH Key negotiation algorithm; and simultaneously applying encKey to USBKey by using EID. The encKey algorithm is shown in fig. 5.
S300, the production line tool obtains a key through public key exchange, and the key and the ciphertext Profile data are spliced to obtain eUICC number writing data and sent to the equipment to be produced;
and after the encKey is obtained, the step e is used for negotiating and processing to obtain the OTPK to encrypt the encKey.
As an optional implementation of the present application, optionally, in step S300, the production line tool obtains a key by exchanging a public key, and performs splicing processing on the key and the ciphertext Profile data to obtain eUICC write number data and send the eUICC write number data to the device to be produced, including:
s301, the production line tool obtains a negotiation key OTPK which is the same as that of the eUICC through an ECDH key negotiation algorithm;
s302, applying for encKey from USBKey by using EID, and encrypting the encKey by using the negotiation key OTPK to obtain a key;
s303, performing pattern splicing processing on the secret key and the ciphertext Profile data according to GSMA (global system for mobile communications) regulations to obtain eUICC number writing data, performing separation processing on the eUICC number writing data to obtain eUICC identification data, and downloading the eUICC identification data to the equipment to be produced;
as shown in fig. 4, the production line tool encrypts encKey generated by the USBKey using the negotiation key OTPK, adds ciphertext Profile data, and concatenates the encKey and the ciphertext Profile data into Profile data (i.e., BPP) with a decryption key.
And combining the encrypted encKey and the encrypted ciphertext Profile data according to a pattern specified by GSMA to obtain BPP data (eUICC number writing data). And partitioning the BPP data to obtain SBPP data, namely eUICC identification data, wherein the SBPP data is an ISO7816 command which can be identified by the eUICC and is downloaded to the eUICC.
S400, the equipment to be produced receives eUICC number writing data, reads and writes eUICC numbers according to the eUICC number writing data, and returns read and write results to the production line tool.
After the production equipment receives the eUICC number writing data, decryption processing is firstly carried out, and a plaintext Profile is decrypted and written into the card. Specifically, as an optional implementation scheme of the present application, optionally, in step S400, the receiving, by the device to be produced, the eUICC number writing data, performing eUICC number reading and writing according to the eUICC number writing data, and returning a reading and writing result to the production line tool includes:
s401, the equipment to be produced receives the eUICC identification data, and decrypts the encKey in the eUICC identification data according to the negotiation key OTPK to obtain the encKey of a plaintext;
s402, decrypting the eUICC identification data into a plaintext Profile by using the encKey of the obtained plaintext, and writing the plaintext Profile into an eUICC card to realize offline download of the eUICC;
s403, feeding back the downloading result to the production line tool through the equipment to be produced, identifying the Profile through the production line tool, and ending the process.
E, after the eUICC equipment to be produced, which is to download the Profile, takes the SBPP data, and then firstly decrypts the encKey by using the negotiation key OTPK obtained in the step e to obtain the encKey of the plaintext;
decrypting the encKey in the eUICC identification data according to the negotiation key OTPK to obtain the encKey of a plaintext, decrypting the eUICC identification data to obtain the plaintext Profile, and writing the plaintext Profile into a prepared eUICC card; and feeding the downloading result back to the production line tool by the equipment to be produced, identifying the Profile as downloaded by the production line tool, and ending the process.
It should be apparent to those skilled in the art that all or part of the processes of the methods of the above embodiments may be implemented by hardware related to instructions of a computer program, and the program may be stored in a computer readable storage medium, and when executed, may include the processes of the embodiments of the control methods as described above.
It will be understood by those skilled in the art that all or part of the processes of the methods of the above embodiments may be implemented by hardware related to instructions of a computer program, and the program may be stored in a computer readable storage medium, and when executed, may include the processes of the embodiments of the control methods as described above. The storage medium may be a magnetic disk, an optical disk, a Read-only memory (ROM), a Random Access Memory (RAM), a flash memory (FlashMemory), a hard disk (hard disk drive, abbreviated as HDD) or a Solid State Drive (SSD), etc.; the storage medium may also comprise a combination of memories of the kind described above.
Example 4
Still further, in another aspect of the present application, a control system is further provided, including:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to implement the method of using as described in embodiment 3 above when executing the executable instructions.
Embodiments of the present disclosure provide a control system including a processor and a memory for storing processor-executable instructions. Wherein the processor is configured to execute the executable instructions to implement any one of the methods for using the eUICC offline production download system described above.
Here, it should be noted that the number of processors may be one or more. Meanwhile, in the control system of the embodiment of the present disclosure, an input device and an output device may be further included. The processor, the memory, the input device, and the output device may be connected by a bus, or may be connected by other means, and are not limited specifically herein.
The memory, as a computer-readable storage medium, may be used to store software programs, computer-executable programs, and various modules, such as: the utility model discloses a program or module corresponding to the application method of an eUICC offline production downloading system. The processor executes various functional applications of the control system and data processing by running software programs or modules stored in the memory.
The input device may be used to receive an input number or signal. Wherein the signal may be a key signal generated in connection with user settings and function control of the device/terminal/server. The output device may include a display device such as a display screen.
Having described embodiments of the present disclosure, the foregoing description is intended to be exemplary, not exhaustive, and not limited to the disclosed embodiments. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the described embodiments. The terms used herein were chosen in order to best explain the principles of the embodiments, the practical application, or technical improvements to the techniques in the marketplace, or to enable others of ordinary skill in the art to understand the embodiments disclosed herein.
Claims (10)
1. An eUICC downloading method suitable for off-line production is characterized by comprising the following steps:
s100, deploying a production line DP +, acquiring and sending Profile preparation data;
s200, obtaining eUICC equipment information of equipment to be produced through a production line tool, and obtaining ciphertext Profile data matched with the eUICC equipment information from the Profile preparation data;
s300, mutually recognizing the production line tool and the equipment to be produced, calculating an authentication key, preprocessing the key and the ciphertext Profile data, obtaining eUICC writing number data and sending the eUICC writing number data to the equipment to be produced;
s400, the equipment to be produced receives the eUICC number writing data and completes eUICC number writing according to the eUICC number writing data.
2. The eUICC downloading method applicable to offline production according to claim 1, wherein, in step S100, the deployment line DP +, acquiring and sending Profile preparation data includes:
s101, deploying a production line DP +, and encrypting the Profile data stored on the DP + through an encKey dispersion method and a dispersion key on the DP + to obtain Profile preparation data;
s102, preparing and generating a USBKey based on the DP + encKey dispersion method and the dispersed key;
s103, connecting the USBKey with the production line tool, exporting the Profile preparation data through the USBKey, and sending the Profile preparation data to the production line tool.
3. The method for downloading the eUICC suitable for offline production according to claim 1, wherein in step S200, obtaining the eUICC device information of a device to be produced by a production line tool, and obtaining ciphertext Profile data matched with the eUICC device information from the Profile preparation data comprises:
s201, presetting a serial port connection mode, and connecting equipment to be produced with the eUICC with the production line tool according to the serial port connection mode;
s202, the production line tool accesses the equipment to be produced through a serial port to obtain eUICC equipment information EID of the equipment to be produced;
and S203, acquiring ciphertext Profile data matched with the eUICC equipment information EID from the Profile preparation data.
4. The eUICC downloading method according to claim 2, wherein, in step S300, the production line tool and the device to be produced are mutually authenticated, an authentication key is calculated, the key and the ciphertext Profile data are preprocessed, eUICC writing data is obtained and sent to the device to be produced, and the method includes:
s301, presetting authentication conditions, and enabling the production line tool and the equipment to be produced to mutually recognize according to the authentication conditions;
s302, calculating a one-time negotiation key encKey through the USBKey, obtaining an authentication key and sending the authentication key to the production line tool;
and S303, splicing the key and the ciphertext Profile data by the production line tool according to a GSMA standard to obtain eUICC writing number data and sending the eUICC writing number data to the equipment to be produced.
5. An eUICC offline download system generated by the eUICC download method for offline production of any of claims 1-4, comprising:
the deployment module is used for deploying the production line DP +, acquiring and sending Profile preparation data;
the eUICC equipment information acquisition module is used for acquiring eUICC equipment information of equipment to be produced through a production line tool and acquiring ciphertext Profile data matched with the eUICC equipment information from the Profile preparation data;
the authentication module is used for mutually authenticating the production line tool and the equipment to be produced, calculating an authentication key, preprocessing the key and the ciphertext Profile data, obtaining eUICC writing number data and sending the eUICC writing number data to the equipment to be produced;
and the eUICC read-write module is used for receiving the eUICC number writing data through the equipment to be produced and completing eUICC number writing according to the eUICC number writing data.
6. A method for using the off-line eUICC download system of claim 5, comprising the steps of:
s100, ordering a Profile, encrypting the Profile through an encKey generation algorithm on the DP +, obtaining ciphertext Profile data and importing the ciphertext Profile data into a production line tool;
s200, connecting the production line tool with the equipment to be produced, carrying out a standard GSMA downloading process, carrying out certificate bidirectional authentication, and exchanging a public key;
s300, the production line tool obtains a key through public key exchange, and the key and the ciphertext Profile data are spliced to obtain eUICC number writing data and sent to the equipment to be produced;
s400, the equipment to be produced receives eUICC number writing data, reads and writes eUICC numbers according to the eUICC number writing data, and returns read and write results to the production line tool.
7. The using method according to claim 6, wherein in step S100, ordering a Profile, and encrypting the Profile through an encKey generation algorithm on the DP +, obtaining ciphertext Profile data and exporting the ciphertext Profile data, includes:
s101, ordering a Profile from a DP + through an ES2+ interface;
s102, generating an encKey of the Profile through an encKey generation algorithm on the DP +, and encrypting the Profile by using the encKey to obtain ciphertext Profile data;
s103, importing the ciphertext Profile data into the production line tool.
8. The using method of claim 6, wherein in step S300, the production line tool obtains a key by exchanging a public key, and performs splicing processing on the key and the ciphertext Profile data to obtain eUICC write number data and send the eUICC write number data to the device to be produced, including:
s301, the production line tool obtains a negotiation key OTPK identical to that of the eUICC through an ECDH key negotiation algorithm;
s302, applying for encKey from USBKey by using EID, and encrypting the encKey by using the negotiation key OTPK to obtain a key;
and S303, carrying out pattern splicing processing on the secret key and the ciphertext Profile data according to GSMA (global system for mobile communications) regulations to obtain eUICC number writing data, carrying out separation processing on the eUICC number writing data to obtain eUICC identification data, and downloading the eUICC identification data to the equipment to be produced.
9. The using method of claim 8, wherein in step S400, the device to be produced receives eUICC number writing data, reads and writes an eUICC code number according to the eUICC number writing data, and returns a reading and writing result to the production line tool, including:
s401, the equipment to be produced receives the eUICC identification data, and decrypts the encKey in the eUICC identification data according to the negotiation key OTPK to obtain the encKey of the plaintext;
s402, decrypting the eUICC identification data into a plaintext Profile by using the encKey of the obtained plaintext, and writing the plaintext Profile into an eUICC card to realize offline download of the eUICC;
and S403, feeding back the downloading result to the production line tool through the equipment to be produced, identifying the Profile state through the production line tool, and ending the process.
10. A control system, comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to implement the method of use of any one of claims 6 to 9 when executing the executable instructions.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210706369.9A CN115278644B (en) | 2022-06-21 | 2022-06-21 | eUICC downloading method suitable for off-line production |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210706369.9A CN115278644B (en) | 2022-06-21 | 2022-06-21 | eUICC downloading method suitable for off-line production |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115278644A true CN115278644A (en) | 2022-11-01 |
| CN115278644B CN115278644B (en) | 2023-09-15 |
Family
ID=83761634
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210706369.9A Active CN115278644B (en) | 2022-06-21 | 2022-06-21 | eUICC downloading method suitable for off-line production |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115278644B (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2013036011A2 (en) * | 2011-09-05 | 2013-03-14 | 주식회사 케이티 | Method for managing profile of embedded uicc, and embedded uicc, embedded uicc-equipped terminal, provision method, and method for changing mno using same |
| US20140219447A1 (en) * | 2011-09-05 | 2014-08-07 | Kt Corporation | Method for managing profile of embedded uicc, and embedded uicc, embedded uicc-equipped terminal, provision method, and method for changing mno using same |
| KR20170082122A (en) * | 2016-01-05 | 2017-07-13 | 엘지전자 주식회사 | SYSTEM AND METHOD FOR CONTROLLING PROFILE OF DEVICE COMPRISING eUICC |
| CN107016275A (en) * | 2017-04-14 | 2017-08-04 | 成都知道创宇信息技术有限公司 | A kind of USB security configurations method |
| US20180054517A1 (en) * | 2016-08-22 | 2018-02-22 | National Instruments Corporation | Methods and systems for esim programming of cellular devices |
| CN108886683A (en) * | 2016-03-29 | 2018-11-23 | 高通股份有限公司 | Use embedded user identification module(eSIM)Configuration process to provide the system and method with activation equipment configuration packet on a wireless communication device |
| US20190097794A1 (en) * | 2013-11-19 | 2019-03-28 | Network-1 Technologies, Inc. | Key Derivation for a Module Using an Embedded Universal Integrated Circuit Card |
| CN111935704A (en) * | 2020-09-14 | 2020-11-13 | 深圳杰睿联科技有限公司 | Profile downloading method, device and equipment |
| WO2021004392A1 (en) * | 2019-07-05 | 2021-01-14 | 华为技术有限公司 | Authentication method, device, and server |
-
2022
- 2022-06-21 CN CN202210706369.9A patent/CN115278644B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2013036011A2 (en) * | 2011-09-05 | 2013-03-14 | 주식회사 케이티 | Method for managing profile of embedded uicc, and embedded uicc, embedded uicc-equipped terminal, provision method, and method for changing mno using same |
| US20140219447A1 (en) * | 2011-09-05 | 2014-08-07 | Kt Corporation | Method for managing profile of embedded uicc, and embedded uicc, embedded uicc-equipped terminal, provision method, and method for changing mno using same |
| US20190097794A1 (en) * | 2013-11-19 | 2019-03-28 | Network-1 Technologies, Inc. | Key Derivation for a Module Using an Embedded Universal Integrated Circuit Card |
| KR20170082122A (en) * | 2016-01-05 | 2017-07-13 | 엘지전자 주식회사 | SYSTEM AND METHOD FOR CONTROLLING PROFILE OF DEVICE COMPRISING eUICC |
| CN108886683A (en) * | 2016-03-29 | 2018-11-23 | 高通股份有限公司 | Use embedded user identification module(eSIM)Configuration process to provide the system and method with activation equipment configuration packet on a wireless communication device |
| US20180054517A1 (en) * | 2016-08-22 | 2018-02-22 | National Instruments Corporation | Methods and systems for esim programming of cellular devices |
| CN107016275A (en) * | 2017-04-14 | 2017-08-04 | 成都知道创宇信息技术有限公司 | A kind of USB security configurations method |
| WO2021004392A1 (en) * | 2019-07-05 | 2021-01-14 | 华为技术有限公司 | Authentication method, device, and server |
| CN111935704A (en) * | 2020-09-14 | 2020-11-13 | 深圳杰睿联科技有限公司 | Profile downloading method, device and equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115278644B (en) | 2023-09-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10911939B2 (en) | Embedded universal integrated circuit card profile management method and apparatus | |
| EP2988470B1 (en) | Automatic purposed-application creation | |
| EP1688859B1 (en) | Application authentification system | |
| CN106537961B (en) | Method and apparatus for installing configuration file of embedded universal integrated circuit card | |
| EP2884692B1 (en) | Updating software on a secure element | |
| CN107358441B (en) | Payment verification method and system, mobile device and security authentication device | |
| JP6096785B2 (en) | Method for transferring control of a security module from a first entity to a second entity | |
| CN104170312A (en) | Method and device for secure communications over a network using a hardware security engine | |
| CN101667240A (en) | Intelligent card and card writing method, equipment and system thereof | |
| US11563730B2 (en) | Method and electronic device for managing digital keys | |
| CN102710412B (en) | Method and device for compatible management of encryption algorithm | |
| EP4068834A1 (en) | Initial security configuration method, security module, and terminal | |
| CN110598429B (en) | Data encryption storage and reading method, terminal equipment and storage medium | |
| CN107743067A (en) | Awarding method, system, terminal and the storage medium of digital certificate | |
| CN113613227A (en) | Data transmission method and device of Bluetooth equipment, storage medium and electronic device | |
| Park et al. | Secure profile provisioning architecture for embedded UICC | |
| CN111404706A (en) | Application downloading method, secure element, client device and service management device | |
| CN113766503B (en) | Binding method and system of intelligent device and related device | |
| CN113766496B (en) | Cross-platform binding method and system for intelligent equipment and related equipment | |
| CN113868713B (en) | Data verification method and device, electronic equipment and storage medium | |
| CN115774883A (en) | Electronic chip and method for configuring such an electronic chip | |
| US20170163417A1 (en) | Apparatus and method for key provisioning | |
| CN115278644B (en) | eUICC downloading method suitable for off-line production | |
| CN108924822B (en) | Card-contained secure communication method based on trusted environment and mobile terminal | |
| CN110569678B (en) | Security chip personalization method, terminal and server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |