[go: up one dir, main page]

WO2018176492A1 - Procédé et dispositif de gestion de fichier de configuration - Google Patents

Procédé et dispositif de gestion de fichier de configuration Download PDF

Info

Publication number
WO2018176492A1
WO2018176492A1 PCT/CN2017/079360 CN2017079360W WO2018176492A1 WO 2018176492 A1 WO2018176492 A1 WO 2018176492A1 CN 2017079360 W CN2017079360 W CN 2017079360W WO 2018176492 A1 WO2018176492 A1 WO 2018176492A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
remote management
configuration file
command
management
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2017/079360
Other languages
English (en)
Chinese (zh)
Inventor
高林毅
龙水平
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to PCT/CN2017/079360 priority Critical patent/WO2018176492A1/fr
Priority to CN201780050348.3A priority patent/CN109565666B/zh
Publication of WO2018176492A1 publication Critical patent/WO2018176492A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data

Definitions

  • the present application relates to the field of communications technologies, and in particular, to a method and an apparatus for managing a configuration file.
  • the embedded Universal Integrated Circuit Card is a telecom smart card integrated in the terminal that can support remote or local management profiles.
  • downloading and remote management of configuration files are performed separately.
  • the user wants to download the configuration file and activate the configuration file after the download is completed.
  • the specific management process is as follows: the terminal first establishes a connection with the remote management platform according to the user's download command, and obtains the confirmation of the user to download the configuration file. After that, the configuration file is downloaded; then, the terminal activates the configuration file after obtaining the confirmation of the activation profile by the user according to the activation request of the remote management platform.
  • the present application provides a management method and device for configuring a profile, which implements a combination of downloading and remote management of a configuration file, thereby simplifying network interaction and improving user experience.
  • the application provides a method for managing a configuration file, where the method includes:
  • the terminal sends the first message to the remote management platform
  • the second message includes N management commands; the N management commands include a download command and a remote management command; N is an integer greater than 1;
  • the terminal manages the configuration file according to the N management commands.
  • the terminal can obtain a plurality of management commands associated with each other by performing a communication interaction with the remote management platform (that is, sending the first message to the remote management platform and receiving the second message sent by the remote management platform).
  • the interrelated management commands include download commands and remote management commands, which enable the combination of downloading and remote management of configuration files, simplifying network interaction and improving user experience.
  • the terminal manages the configuration file according to the N management commands, including:
  • the terminal when the order of the download command is before the remote management command, the terminal first executes the download command, and then executes the remote management command;
  • the terminal When the order of the download command is after the remote management command in the second message, the terminal first executes the remote management command, and then executes the download command.
  • the terminal manages the configuration file according to the N management commands, including:
  • the terminal When the order of the download command is before the remote management command, the terminal first caches the download command, and after executing the remote management command, executes the cached download command. ;
  • the terminal when the order of the download command is after the remote management command, the terminal first caches the remote management command, and after performing the download command, performs the remote management of the cache. command.
  • the first message is sent after the terminal receives the management request command selected by the user;
  • the terminal Before the terminal manages the configuration file according to the N management commands, the terminal further includes:
  • the terminal determines that the N management commands match the management request instruction.
  • the terminal determines that the N management commands match the management request instruction, including:
  • the terminal determines that the N management commands include the download command, and determines that the N management commands match the management request instruction;
  • the terminal determines that the N management commands include a remote management command, and after the download command is not included, determining that the N management commands match the management request instruction ;
  • the terminal determines that the N management commands match the management request instruction.
  • the terminal determines that the remote management command and the download command are included in the N management commands, and determines a remote management command among the N management commands and the The management request instruction matches, and the download command of the N management commands does not match the management request instruction;
  • the terminal manages the first configuration file according to the N management commands, including:
  • the terminal executes a remote management command of the N management commands, and reports to the remote management platform that the download command of the N management commands does not match the management request command.
  • the method further includes:
  • the terminal determines that the N management commands do not match the management request instruction, reporting, to the remote management platform, that the N management commands do not match the management request instruction.
  • the terminal sends the first message to the remote management platform, including:
  • the terminal receives the N management commands sent by the remote management platform; the N management commands are management commands corresponding to the first identifier;
  • the remote management platform includes a first remote management platform and a second remote management platform;
  • the terminal Sending, by the terminal, the first identifier to the second remote management platform; the first identifier is one of the M identifiers; and M is a positive integer.
  • the method further includes:
  • the terminal After receiving the confirmation instruction that the user continues to obtain the management command, the terminal sends a second identifier to the remote management platform; the second identifier is an identifier of the M identifiers other than the first identifier.
  • the terminal sends the first message to the remote management platform, including:
  • the terminal receives K management commands corresponding to the EID of the terminal sent by the remote management platform; and the K management commands include at least one management command set formed by the N management commands.
  • the terminal sends the first message to the remote management platform, including:
  • the management request identifier is set by the terminal according to a management request command selected by the user;
  • the N management commands are obtained by the remote management platform according to the EID of the terminal and the management request identifier.
  • the terminal sends the first message to the remote management platform, including:
  • the terminal receives K management commands corresponding to the EID of the terminal sent by the remote management platform.
  • the first message is sent after the terminal receives the management request command selected by the user;
  • the terminal manages the configuration file according to the N management commands, including:
  • the second message further includes an identifier corresponding to the K management commands, and the terminal selects, from the K management commands, a first management command that matches the management request command and the first
  • the management command corresponding to the same command is used to manage the configuration file, and the configuration file is managed according to the first management command and the same management command as the first management command; or
  • the terminal selects, from the K management commands, a first management command that matches the management request command and a management command associated with the first management command, and according to the first management command and the The management command associated with the first management command manages the configuration file.
  • the application provides a method for managing a configuration file, where the method includes:
  • the remote management platform receives the first message sent by the terminal
  • the remote management platform sends a second message to the terminal; the second message includes N management commands; the N management commands include a download command and a remote management command; N is an integer greater than 1.
  • the remote management platform receives the first message sent by the terminal, including:
  • the remote management platform receives a first identifier sent by the terminal
  • the method further includes:
  • the remote management platform obtains the N management commands corresponding to the first identifier according to the first identifier.
  • the remote management platform includes a first remote management platform and a second remote management platform;
  • the remote management platform receives the first identifier sent by the terminal, including:
  • the second remote management platform receives the first identifier sent by the terminal, where the first identifier is one of the M identifiers; and M is a positive integer.
  • the remote management platform receives the first message sent by the terminal, including:
  • the remote management platform receives an EID and a management request identifier of the terminal sent by the terminal; the management request identifier is set by the terminal according to a management request command selected by a user;
  • the remote management platform acquires a first management command corresponding to the EID of the terminal, and acquires a management corresponding to the EID of the terminal and associated with the first management command. command;
  • the remote management platform acquires all management commands corresponding to the EID of the terminal.
  • the remote management platform receives the first message sent by the terminal, including:
  • the remote management platform obtains K management commands corresponding to the EID of the terminal, and sends the K management commands to the terminal; the K management commands include at least the N management commands. a collection of administrative commands; or,
  • the remote management platform obtains K management commands corresponding to the EID of the terminal, and sends an identifier corresponding to the K management commands and the K management commands to the terminal; or
  • the remote management platform obtains K management commands corresponding to the EID of the terminal, and sends the K management commands to the terminal.
  • the application provides a method for managing a configuration file, where the method includes:
  • the terminal sends a first message to the remote management platform, where the first message is used to request to download a configuration file or the first message is used to request to acquire all management commands corresponding to the EID of the terminal, where the terminal is installed.
  • the second message includes metadata of the first configuration file and a remote management command of the second configuration file;
  • the terminal downloads the first configuration file according to metadata of the first configuration file
  • the terminal manages the second configuration file according to a remote management command of the second configuration file.
  • the terminal downloads the first configuration file according to the metadata of the first configuration file; and the terminal manages the second configuration file according to the remote management command of the second configuration file, including:
  • the terminal When the order of the metadata of the first configuration file is before the remote management command of the second configuration file, the terminal first downloads the first configuration file, and then manages the first Two configuration files;
  • the terminal When the order of the metadata of the first configuration file is after the remote management command of the second configuration file, the terminal first manages the second configuration file, and then downloads the first A configuration file.
  • the terminal downloads the first configuration file according to the metadata of the first configuration file; and the terminal manages the second configuration file according to the remote management command of the second configuration file, including:
  • the terminal When the order of the metadata of the first configuration file is before the remote management command of the second configuration file, the terminal first caches the metadata of the first configuration file, and After managing the second configuration file, downloading the first configuration file according to the metadata of the cached first configuration file;
  • the terminal When the order of the metadata of the first configuration file is after the remote management command of the second configuration file, the terminal first caches the remote management command of the second configuration file, and After downloading the first configuration file, the second configuration file is managed according to the remote management command of the cached second configuration file.
  • the terminal sends the first message to the remote management platform, including:
  • the terminal sends a first identifier to the remote management platform; the first identifier is used by the remote management platform to obtain metadata of the first configuration file and a remote management command of the second configuration file.
  • the remote management platform includes a first remote management platform and a second remote management platform;
  • the terminal sends the first identifier to the second remote management platform.
  • the terminal sends the first message to the remote management platform, including:
  • the EID and the management request identifier are used by the remote management platform to obtain the metadata of the first configuration file and the remote management command of the second configuration file.
  • the first message is sent after the terminal receives the download request command selected by the user;
  • the terminal Before the terminal downloads the first configuration file according to the metadata of the first configuration file, and the terminal manages the second configuration file according to the remote management command of the second configuration file, the terminal further includes:
  • the terminal selects metadata of a first configuration file that matches the download request instruction from metadata of one or more configuration files corresponding to the EID of the terminal and remote management commands of one or more configuration files. Obtaining a remote management command of the metadata of the first configuration file and the second configuration file in the same set as the metadata of the first configuration file.
  • the terminal sends a request message to the remote management platform, including:
  • the terminal Before the terminal downloads the first configuration file according to the metadata of the first configuration file, and the terminal manages the second configuration file according to the remote management command of the second configuration file, the terminal further includes:
  • the terminal sends a request message to the remote management platform, including:
  • the terminal Before the terminal downloads the first configuration file according to the metadata of the first configuration file, and the management of the second configuration file according to the remote management command of the second configuration file, the terminal further includes:
  • the terminal selects metadata of a first configuration file that matches the download request instruction from metadata of one or more configuration files corresponding to the EID of the terminal and remote management commands of one or more configuration files. And a remote management command of the second configuration file associated with the metadata of the first configuration file.
  • the application provides a method for managing a configuration file, where the method includes:
  • the remote management platform Receiving, by the remote management platform, the first message sent by the terminal, where the first message is used to request to download a configuration file or the first message is used to request to acquire all management commands corresponding to the EID of the terminal;
  • the remote management platform sends a second message to the terminal; the second message includes metadata of the first configuration file and a remote management command of the second configuration file; the second configuration file is already in the terminal The installed configuration file.
  • the remote management platform receives the first message sent by the terminal, including:
  • the remote management platform receives a first identifier sent by the terminal
  • the method further includes:
  • the remote management platform obtains the metadata of the first configuration file corresponding to the first identifier and the remote management command of the second configuration file according to the first identifier.
  • the remote management platform includes a first remote management platform and a second remote management platform;
  • the remote management platform receives the first identifier sent by the terminal, including:
  • the second remote management platform receives the first identifier sent by the terminal; the first identifier is one of the M identifiers corresponding to the EID of the terminal; and M is a positive integer.
  • the remote management platform receives the first message sent by the terminal, including:
  • the remote management platform receives the EID and the management request identifier of the terminal sent by the terminal;
  • the management request identifier is a download request identifier or all update identifiers;
  • the method further includes:
  • the remote management platform acquires the first configuration file corresponding to the EID of the terminal, creates metadata of the first configuration file, and acquires the metadata of the first configuration file.
  • a remote management command of the second configuration file is associated with the first configuration file;
  • the remote management platform acquires the first configuration file corresponding to the EID of the terminal, and the remote management command of the second configuration file corresponding to the EID of the terminal.
  • the remote management platform receives the first message sent by the terminal, including:
  • the remote management command of the metadata of the file and the one or more configuration files includes at least a set of metadata of the first configuration file and a remote management command of the second configuration file; or
  • the metadata of the one or more configuration files includes metadata of the first configuration file; and the remote management command of the one or more configuration files includes a remote management command of the second configuration file.
  • the application provides a terminal, where the terminal includes a function module, a sending module, a receiving module, and a processing module, where the sending module, the receiving module, and the processing module are configured to execute the method flow described in the first aspect.
  • the application provides a remote management platform, where the remote management platform includes the following functional modules: a sending module, a receiving module, and a processing module.
  • the sending module, the receiving module, and the processing module are configured to perform the second aspect. Method flow.
  • the application provides a terminal, where the terminal includes the following functional modules: a sending module, a receiving module, and a processing module; the sending module, the receiving module, and the processing module are configured to execute the method flow described in the third aspect.
  • the application provides a remote management platform, where the remote management platform includes the following functional modules: a sending module, a receiving module, and a processing module; the sending module, the receiving module, and the processing module are configured to perform the fourth aspect.
  • Method flow includes the following functional modules: a sending module, a receiving module, and a processing module; the sending module, the receiving module, and the processing module are configured to perform the fourth aspect.
  • the application provides a terminal, where the terminal includes:
  • a communication interface configured to send a first message to the remote management platform; and receive a second message sent by the remote management platform; the second message includes N management commands; the N management commands are associated management Command; the N management commands include a download command and a remote management command; N is an integer greater than one;
  • a processor configured to manage the configuration file according to the N management commands.
  • the processor is specifically configured to:
  • the terminal when the order of the download command is before the remote management command, the terminal first executes the download command, and then executes the remote management command;
  • the terminal When the order of the download command is after the remote management command in the second message, the terminal first executes the remote management command, and then executes the download command.
  • the processor is specifically configured to:
  • the terminal When the order of the download command is before the remote management command, the terminal first caches the download command, and after executing the remote management command, executes the cached download command. ;
  • the terminal when the order of the download command is after the remote management command, the terminal first caches the remote management command, and after performing the download command, performs the remote management of the cache. command.
  • the first message is sent after the terminal receives the management request command selected by the user;
  • the processor Before the processor manages the configuration file according to the N management commands, the processor is further configured to:
  • the processor is specifically configured to:
  • the terminal determines that the N management commands include the download command, and determines that the N management commands match the management request instruction;
  • the terminal determines that the N management commands include a remote management command, and after the download command is not included, determining that the N management commands match the management request instruction ;
  • the terminal determines that the N management commands match the management request instruction.
  • the processor determines that the remote management command and the download command are included in the N management commands, and determines a remote management command and location in the N management commands.
  • the management request instruction matches, and the download command of the N management commands does not match the management request instruction;
  • the processor is specifically configured to:
  • the processor is further configured to:
  • the terminal determines that the N management commands do not match the management request instruction, reporting, to the remote management platform, that the N management commands do not match the management request instruction.
  • the communication interface is specifically configured to:
  • the remote management platform includes a first remote management platform and a second remote management platform;
  • the communication interface is specifically configured to:
  • the first identifier is one of the M identifiers; and M is a positive integer.
  • the communication interface is further configured to:
  • the second identifier is sent to the remote management platform; the second identifier is an identifier of the M identifiers other than the first identifier.
  • the communication interface is specifically configured to:
  • K management commands corresponding to the EID of the terminal where the K management commands include at least one management command set formed by the N management commands.
  • the communication interface is specifically configured to:
  • the management request identifier is set by the terminal according to a management request instruction selected by a user;
  • the communication interface is specifically configured to:
  • the first message is sent after the terminal receives the management request command selected by the user;
  • the processor is specifically configured to:
  • the second message further includes an identifier corresponding to each of the K management commands, and the processor selects, from the K management commands, a first management command that matches the management request command, and the first a management command corresponding to the same management command, and managing the configuration file according to the first management command and the same management command as the first management command; or
  • the processor selects, from the K management commands, a first management command that matches the management request instruction and a management command associated with the first management command, and according to the first management command and the An administrative command management profile associated with the first management command.
  • the application provides a remote management platform, where the remote management platform includes: a communication interface and a processor; and the processor performs the communication interface:
  • N is an integer greater than 1.
  • the communication interface is specifically configured to:
  • the method further includes:
  • the remote management platform includes a first remote management platform and a second remote management platform.
  • the communication interface includes a communication interface of the first remote management platform and a communication interface of the second remote management platform;
  • the communication interface of the first remote management platform receives the EID of the terminal sent by the terminal;
  • the communication interface of the first remote management platform obtains M identifiers corresponding to the EID of the terminal, and sends the identifiers to the terminal;
  • the communication interface of the second remote management platform receives the first identifier sent by the terminal, where the first identifier is one of the M identifiers; and M is a positive integer.
  • the communication interface is specifically configured to:
  • the processor is specifically configured to: if the management request identifier is a download request identifier, acquire a first management command corresponding to the EID of the terminal, and obtain an EID corresponding to the terminal and the first management The management command associated with the command; if the management request identifier is an identifier of all management commands corresponding to the EID of the terminal, all management commands corresponding to the EID of the terminal are obtained.
  • the communication interface is specifically configured to: send the first management command and a management command associated with the first management command to the terminal.
  • the communication interface is specifically configured to:
  • the K management commands include at least one management command set formed by the N management commands; or,
  • the application provides a terminal, where the terminal includes:
  • a communication interface configured to send a first message to the remote management platform, where the first message is used to request to download a configuration file or the first message is used to request to acquire all management commands corresponding to the EID of the terminal,
  • a second configuration file is installed in the terminal; and receiving a second message sent by the remote management platform; the second message includes metadata of the first configuration file and a remote management command of the second configuration file;
  • a processor configured to download the first configuration file according to metadata of the first configuration file; and manage the second configuration file according to a remote management command of the second configuration file.
  • the processor is specifically configured to:
  • the terminal When the order of the metadata of the first configuration file is before the remote management command of the second configuration file, the terminal first downloads the first configuration file, and then manages the first Two configuration files;
  • the terminal When the order of the metadata of the first configuration file is after the remote management command of the second configuration file, the terminal first manages the second configuration file, and then downloads the first A configuration file.
  • the processor is specifically configured to:
  • the terminal When the order of the metadata of the first configuration file is before the remote management command of the second configuration file, the terminal first caches the metadata of the first configuration file, and After managing the second configuration file, downloading the first configuration file according to the metadata of the cached first configuration file;
  • the terminal When the order of the metadata of the first configuration file is after the remote management command of the second configuration file, the terminal first caches the remote management command of the second configuration file, and After downloading the first configuration file, the second configuration file is managed according to the remote management command of the cached second configuration file.
  • the communication interface is specifically configured to:
  • the first identifier is used by the remote management platform to obtain metadata of the first configuration file and a remote management command of the second configuration file.
  • the remote management platform includes a first remote management platform and a second remote management platform;
  • the communication interface is specifically configured to:
  • the communication interface is specifically configured to:
  • the management request identifier is an identifier of a download request identifier or an identifier of all management commands corresponding to an EID of the terminal; an EID of the terminal and the management The request identifies a remote management command for the remote management platform to obtain the metadata of the first configuration file and the second configuration file.
  • the first message is sent after the terminal receives the download request command selected by the user;
  • the communication interface is specifically configured to:
  • the remote management command of the metadata and the one or more configuration files includes at least a set of metadata of the first configuration file and a remote management command of the second configuration file;
  • the processor is specifically configured to:
  • the communication interface is specifically configured to:
  • the processor is specifically configured to:
  • the communication interface is specifically configured to:
  • the processor is specifically configured to:
  • the application provides a method for managing a configuration file, the method comprising: a communication interface and a processor; and the processor performs the following in conjunction with the communication interface:
  • the second message includes metadata of the first configuration file and a remote management command of the second configuration file; and the second configuration file is a configuration file that is installed in the terminal.
  • the communication interface is specifically configured to:
  • the processor is further configured to: before the communication interface sends the second message to the terminal:
  • the remote management platform includes a first remote management platform and a second remote management platform;
  • the communication interface includes a communication interface of the first remote management platform and a communication interface of the second remote management platform;
  • the communication interface of the first remote management platform receives the EID of the terminal sent by the terminal;
  • the communication interface of the second remote management platform receives the first identifier sent by the terminal; the first identifier is one of the M identifiers corresponding to the EID of the terminal; and M is a positive integer.
  • the communication interface is specifically configured to:
  • the processor is further configured to: before the communication interface sends the second message to the terminal:
  • the remote management platform acquires the first configuration file corresponding to the EID of the terminal, creates metadata of the first configuration file, and acquires the metadata of the first configuration file.
  • a remote management command of the second configuration file is associated with the first configuration file;
  • the remote management platform acquires the first configuration file corresponding to the EID of the terminal, and the first corresponding to the EID of the terminal. Remote management command for the second configuration file.
  • the communication interface is specifically configured to:
  • the metadata of the one or more configuration files includes metadata of the first configuration file; and the remote management command of the one or more configuration files includes a remote management command of the second configuration file.
  • the embodiment of the present application further provides a computer storage medium, where the software program stores a software program, and the software program can implement the configuration file management method provided by any one of the above designs when being read and executed by one or more processors. .
  • the embodiment of the present application further provides a communication system, which includes any terminal provided by any one of the foregoing designs.
  • the system may further include remote management of interacting with the terminal in the solution provided by the embodiment of the present application. platform.
  • the embodiment of the present application also provides a computer program product comprising instructions which, when run on a computer, cause the computer to perform the method described in the above aspects.
  • Figure 1a is a system architecture diagram applicable to the present application
  • Figure 1b is a specific system architecture diagram applicable to the present application.
  • FIG. 3 is a schematic flowchart of a remote management profile in the prior art
  • FIG. 4 is a schematic flowchart of a method for managing a configuration file provided by the present application.
  • FIG. 5 is a schematic diagram of a management process of a first configuration file provided in Embodiment 2 of the present application.
  • FIG. 6 is a schematic diagram of a management process of a second configuration file provided in Embodiment 2 of the present application.
  • FIG. 7 is a schematic diagram of a management process of a third configuration file provided in Embodiment 2 of the present application.
  • FIG. 8 is a schematic diagram of a management process of a configuration file provided in Embodiment 3 of the present application.
  • FIG. 9 is a schematic diagram of a management process of a configuration file provided in Embodiment 4 of the present application.
  • FIG. 10 is a schematic structural diagram of a terminal provided by the present application.
  • FIG. 11 is a schematic structural diagram of a remote management platform provided by the present application.
  • FIG. 13 is a schematic structural diagram of another remote management platform provided by the present application.
  • FIG. 1a is a system architecture diagram applicable to the present application.
  • the system architecture includes a mobile operator's remote management platform 101 and one or more terminals, such as terminal 102 shown in FIG. 1a.
  • the eUICC is integrated in the terminal 102, and can communicate with the remote management platform 101 through a network (for example, a wireless network), thereby implementing downloading and remote management of the configuration file.
  • a network for example, a wireless network
  • the terminal in FIG. 1a may include a local profile assistant (LPA), and the remote management platform 101 may include a subscription manager-data preparation (SM-DP+), subscription management-discovery.
  • LPA local profile assistant
  • SM-DP+ subscription manager-data preparation
  • SM-DS subscription manager-discovery service
  • FIG. 1b To more specifically describe the system architecture to which the present application applies, the following is described in conjunction with FIG. 1b.
  • FIG. 1b is a specific system architecture diagram applicable to the present application.
  • the system architecture includes SM-DP+, SM-DS, LPA, eUICC, mobile network operator (MNO), card merchant EUM, certificate issuer (CI), user. (User).
  • MNO mobile network operator
  • CI certificate issuer
  • User User
  • SM-DP+ is mainly responsible for profile generation, profile protection, profile storage, profile binding, profile sending, and remote profile management. It should be noted that in other possible system architectures, the SM-DP+ in FIG. 1b can be split into multiple platforms, such as SM-DP, subscription manager-secure routing (SM-SR). Etc. In this case, the SM-DP is responsible for profile generation, profile protection, profile storage, profile binding, etc., SM-SR is responsible for profile transmission, remote profile management, and the like.
  • SM-DP subscription manager-secure routing
  • the SM-DS is mainly responsible for receiving event registrations sent by the SM-DP+ and transmitting the events to the terminal.
  • the event may include a profile download event (ie: SM-DP+ has a profile waiting for the terminal to download) and a profile management event (ie: SM-DP+ has a profile management command waiting for the terminal to acquire).
  • the terminal includes an LPA.
  • the LPA may include a local discovery service (LDS), a local profile download (LPD), and a local user interface (LUI).
  • LDS is responsible for event query, that is, querying the event to the SM-DS;
  • the LPD is responsible for downloading the profile, that is, the LPD downloads the profile from the SM-DP+ to the LPD through a secure connection such as a Hyper Text Transport Protocol (HTTP), and then
  • HTTP Hyper Text Transport Protocol
  • the downloaded profile is sent to the eUICC.
  • the downloaded profile can be sent to the eUICC through the local application protocol data unit (APDU) command.
  • APDU application protocol data unit
  • the LPD can also obtain the remote profile management from the SM-DP+.
  • RPM Remote profile management
  • ReM remote eUICC management
  • the command is passed to the eUICC to implement remote management of the eUICC and the profile
  • the LUI provides interaction logic and interface with the user, and the user can pass
  • the LUI performs local management of the profile, such as downloading a new profile, activating a profile, activating a profile, deleting a profile, updating a profile, or updating all profiles.
  • FIG. 2 is a schematic flowchart of downloading a profile in the prior art. As shown in Figure 2, the process includes:
  • the LPA obtains the address of the SM-DP+.
  • the LPA may also obtain an event identifier or an activation code token, where the event identifier and the activation code token may be collectively referred to as a matching identifier ( Matching identifier).
  • step 202 the LPA and the SM-DP+ perform mutual authentication.
  • the LPA sends the eUICC identifier (eIDCC identifier, EID) to the SM-DP+. If the LPA obtains the matching identifier in step 201, the LPA will The matching identifier is sent to SM-DP+.
  • eUICC identifier eIDCC identifier, EID
  • Step 203 After the mutual authentication is passed, the SM-DP+ searches for the corresponding profile according to the EID or the matching identifier, and checks the eUICC information and the terminal information to determine whether the profile can be downloaded. If the eUICC and the terminal cannot download the profile, the SM -DP+ notifies the operator; if it can be downloaded, SM-DP+ creates profile metadata, creates smdpSigned2, and calculates the signature using SM-DP+ private key SK.DPpb.ECDSA for the profile binding certificate, and Profile metadata, as well as signatures, etc. are sent to the LPA.
  • the SM-DP+ searches for the corresponding profile according to the EID or the matching identifier, and checks the eUICC information and the terminal information to determine whether the profile can be downloaded. If the eUICC and the terminal cannot download the profile, the SM -DP+ notifies the operator; if it can be downloaded, SM-DP+ creates profile metadata, creates smdp
  • Step 204 The LPA checks the profile metadata, and determines whether the policy rules are included. If yes, it is determined according to the RAT (Rules Authorisation Table) whether to allow downloading the profile including the policy rules; optionally, the user can also obtain the confirmation that the user installs the profile; If the download is allowed according to the RAT and the user agrees to download, the flow in FIG. 2 continues.
  • RAT Rules Authorisation Table
  • Step 205 The LPA sends a prepare download command to the eUICC, where the request carries information such as a certificate and a signature of the SM-DP+.
  • Step 206 The eUICC verifies the SM-DP+ certificate and the signature. After the verification is passed, the eUICC generates a temporary key pair, generates eucicSigned2, generates an eUICC signature (euiccSignature2) by using the eUICC private key, and sends the eUICC signature and the like to the LPA.
  • eUICCSignature2 an eUICC signature
  • step 207 the LPA sends information such as an eUICC signature to the SM-DP+.
  • Step 208 After verifying the eUICC signature, the SM-DP+ determines whether the confirmation code is needed. If the confirmation code is needed, it is verified whether the confirmation code input by the user is correct. After the confirmation code input by the user is correct, the SM-DP+ generates a temporary key pair. The session key is calculated, and the profile is encrypted to generate a profile to be downloaded, that is, a bound profile package (BPP), and the profile to be downloaded is sent to the LPA.
  • BPP bound profile package
  • Step 209 The LPA verifies that the metadata in the profile has changed. If the user confirmation is not obtained in step 204, the user is prompted to confirm, and after the user confirms, the BPP is sent to the eUICC for installation.
  • the LPA configuration file can be notified that the installation has been completed.
  • the LPA can further notify the SM-DP+ configuration file that the installation is complete.
  • FIG. 3 is a schematic flowchart of a remote management configuration file in the prior art. As shown in Figure 3, the process includes:
  • step 301 the LPA obtains the address of the SM-DP+, and optionally, the event identifier.
  • step 302 the LPA and the SM-DP+ perform mutual authentication.
  • the LPA sends the EID (or event identifier) to the SM-DP+.
  • Step 303 The SM-DP+ search remote management command matching the EID or the event identifier may be a command packet composed of multiple remote management commands; the SM-DP+ notifies the mobile network operator to perform remote management (if there is an error in the foregoing steps) , to inform the mobile network operator that there is an error); SM-DP+ creates smdpSigned3, including transaction ID, remote management command packet, and private key SK.DPauth.ECDSA for calculating smdpSigned3 using SM-DP+ certificate for authentication with eUICC Sign and send smdpSigned3 and the signature to LPA.
  • Step 304 the LPA determines the policy rules in the RPM, and obtains the user's consent to execute the remote management command. If the user confirms the remote management, the process of FIG. 3 is continued.
  • step 305 the LPA sends the RPM command packet to the eUICC.
  • Step 306 the eUICC verifies the signature of the SM-DP+, and after the verification is passed, sequentially executes the commands in the remote management command packet.
  • the LPA remote management command can be notified that the execution has been completed, and the LPA can further notify the SM-DP+ that the command has been executed.
  • the download and remote management profiles are separate processes.
  • the download and remote management profiles need to be combined, for example, the old profile needs to be deleted before downloading the new profile, or the profile needs to be activated after downloading the new profile, if The technical processes are executed separately.
  • it is necessary to obtain multiple user consents download and remote management separately obtain user consent).
  • downloading profiles and RPMs are performed separately, it is impossible to ensure that they are executed in the order specified, which may result in downloading profiles or Remote management command execution failed.
  • the present application provides a management method for a configuration file, which is used to combine the downloading of the configuration file and the remote management, thereby simplifying network interaction and improving the user experience.
  • the terminal in the present application also referred to as a User Equipment (UE) is a device that provides voice and/or data connectivity to a user, for example, a handheld device with a wireless connection function. , in-vehicle equipment, etc.
  • UE User Equipment
  • Common terminals include: mobile phones, tablets, laptops, PDAs, mobile internet devices (MIDs), wearable devices, and the like.
  • FIG. 4 is a schematic flowchart of a method for managing a configuration file provided by the present application. As shown in FIG. 4, the method includes:
  • Step 401 The terminal sends a first message to the remote management platform.
  • Step 402 The remote management platform receives the first message sent by the terminal, and sends a second message to the terminal.
  • the second message includes N management commands.
  • the N management commands include a download command and a remote management command. Is an integer greater than 1;
  • Step 403 The terminal receives the second message, and manages the configuration file according to the N management commands.
  • the terminal can obtain a plurality of management commands associated with each other by performing a communication interaction with the remote management platform (that is, sending the first message to the remote management platform and receiving the second message sent by the remote management platform).
  • the interrelated management commands include download commands and remote management commands, which enable the combination of downloading and remote management of configuration files, simplifying network interaction and improving user experience.
  • the first message may be sent by the terminal after receiving the management request command selected by the user.
  • the user-selected management request instruction may be any one of a download request instruction, a remote management request instruction, and an update all request instruction.
  • the download request instruction is used to request to download a profile; the remote management request instruction is used to request an instruction to update a profile; all update request instructions are used to request to acquire all management commands corresponding to the EID of the terminal; all management commands corresponding to the EID of the terminal It may include updating all profiles installed in the terminal, or it may include downloading profiles and updating all profiles installed in the terminal.
  • the first message sent by the terminal to the remote management platform may be referred to as a download request message (corresponding to a case where the management request instruction is a download request instruction), a remote management request message (corresponding to a case where the management request instruction is a remote management request instruction) or All update request messages (corresponding to the case where the management request instruction is all update request instructions) are not limited.
  • the first message may be an authentication client request, which is not limited.
  • the management command may be a download command, the download command is used to instruct the terminal to download the configuration file, and the download command may include metadata of the configuration file to be downloaded; the management command may also refer to a remote management command, and the remote management command indicates The terminal remotely manages the configuration file, and the remote management command may include remote management commands and the like. Therefore, the N management commands sent by the remote management platform can include both the download command and the remote management command, and then the terminal is based on The download command downloads the configuration file related to the download command and manages the configuration file related to the remote management command according to the remote management command.
  • the N management commands may be interrelated management commands, and the mutual association may be embodied in various forms, for example, having the same ICCID, or having the same profile owner identifier.
  • the N management commands include a download command of the first configuration file and a remote management command of the second configuration file
  • the association between the download command of the first configuration file and the remote management command of the second configuration file may refer to
  • the download schedule of one configuration file and the remote management command of the second configuration file are scheduled to correspond to the same identifier (event identifier or matching identifier), that is, due to the download schedule of the first profile and the remote management command of the second profile.
  • the download command of the subsequently generated first configuration file and the remote management command of the second configuration file are associated with each other.
  • the association between the download command of the first configuration file and the remote management command of the second configuration file may also mean that the download command of the first configuration file and the remote management command of the second configuration file have the same ICCID.
  • the association between the download command of the first configuration file and the remote management command of the second configuration file may also mean that the download command of the first configuration file and the remote management command of the second configuration file have the same profile owner (profile) Owner) identification.
  • the remote management commands included in the N management commands are not limited to be from the same owner. In some possible cases, the N management commands may also include from different profile owners (profile owner). Remote management commands.
  • the present application specifically provides five possible implementation manners, which are respectively introduced based on the system architecture shown in FIG. 1a.
  • the mobile network operator may perform a profile download reservation and an RPM reservation to the remote management platform, and if the profile download and the remote management are associated operations, the mobile network operation
  • the merchant sets the same identifier (event identifier or matching identifier) for the profile download reservation and the remote management command.
  • the terminal receives a management request instruction of the user.
  • the terminal sends the EID of the terminal to the remote management platform.
  • the remote management platform receives the EID of the terminal, obtains M identifiers corresponding to the EID of the terminal, and sends the M identifiers to the terminal;
  • A4 The terminal receives the M identifiers corresponding to the EIDs of the terminals sent by the remote management platform, and sends the first identifier to the remote management platform; the first identifier is one of the M identifiers; M is a positive integer;
  • the remote management platform obtains the N management commands corresponding to the first identifier, and sends the N management commands to the terminal.
  • the N management commands corresponding to the first identifier may include the download command corresponding to the first identifier and the first identifier.
  • the remote management command, the download command corresponding to the first identifier may specifically be the download command of the configuration file generated according to the configuration file corresponding to the first identifier;
  • the terminal After the terminal determines that the N management commands are matched with the management request command, the terminal manages the configuration file according to the N management commands; if the terminal determines that the N management commands do not match the management request command, And the terminal reports to the remote management platform that the N management commands do not match the management request instruction.
  • the terminal determines that the N management commands are matched with the management request instruction, and specifically includes: if the management request instruction is a download request instruction, the terminal determines that the N management commands include the download command Determining that the N management commands are matched with the management request instruction; if the management request instruction is a remote management request instruction, The terminal determines that the N management commands include a remote management command, and after the download command is not included, determining that the N management commands match the management request instruction; if the management request instruction is all updates (update All) requesting the instruction, the terminal may directly determine that the N management commands match the management request instruction.
  • the terminal may directly determine the N management commands and the management request. The command does not match; or the terminal may determine that the remote management command of the N management commands matches the management request instruction, and the download command of the N management commands does not match the management request instruction, such that The terminal may execute a remote management command among the N management commands, and report to the remote management platform that the download command of the N management commands does not match the management request instruction.
  • the terminal may refer to the first identifier for processing any one of the identifiers.
  • the terminal manages the configuration file according to the N management commands
  • the user may confirm whether to continue to acquire the management command and receive the user's first configuration file.
  • the second identifier is sent to the remote management platform, and the second identifier is an identifier that is not processed in the M identifiers.
  • the N management commands are related management commands, and the mutual associations are specifically represented by the N management commands corresponding to the same identifier (event identifier or matching identifier).
  • the terminal receives a management request instruction of the user, where the management request instruction includes a management request identifier.
  • the terminal sends the EID of the terminal and the management request identifier to the remote management platform.
  • a method may be: the remote management platform obtains K management commands corresponding to the EID of the terminal according to the EID of the terminal, and selects and manages the management request from the K management commands according to the management request identifier.
  • the first management command that matches the command and the management command that is associated with the first management command sends the selected N management commands (that is, the first management command and the management command associated with the first management command) to the terminal;
  • the other method may be: if the management request identifier is a download request identifier, the remote management platform acquires a first management command corresponding to the EID of the terminal, and acquires an EID corresponding to the terminal and the The management command associated with the first management command; for example, the first management command is a download command of the first configuration file, and the management command associated with the first management command is a remote management command of the second configuration file, and the remote management platform first Obtaining a first configuration file corresponding to the terminal EID, creating metadata of the first configuration file, and acquiring a remote management command of the second configuration file corresponding to the EID of the terminal, and the remote configuration command of the second configuration file and the first configuration file Corresponding (specifically, the remote management command reservation of the second configuration file and the download reservation of the first configuration file correspond to the same identifier). If the management request is identified as all update identifiers, the remote management platform acquires all management commands corresponding to the EID of the terminal.
  • the terminal manages the configuration file according to the N management commands.
  • the terminal receives a management request instruction of the user.
  • the terminal sends the EID of the terminal to the remote management platform.
  • the remote management platform after receiving the EID of the terminal, the remote management platform obtains K management commands corresponding to the EID of the terminal; the remote management platform combines the management commands associated with each other in the K management commands into one management command set, and Send the combined K management commands to the terminal.
  • the terminal may select a first management command that matches the management request command from the K management commands, thereby obtaining the first management command and being in the same management command set as the first management command.
  • the management command and manages the configuration file according to the obtained N management commands, that is, the first management command and the management command in the same set as the first management command.
  • the terminal receives a management request instruction of the user.
  • the terminal sends the EID of the terminal to the remote management platform.
  • the remote management platform After receiving the EID of the terminal, the remote management platform obtains K management commands corresponding to the EID of the terminal; the remote management platform sets the same group ID (group ID) for the management commands associated with each other in the K management commands. And sending the K management commands and the corresponding group identifiers to the terminal, where the group identifiers may be the same as the matching identifiers.
  • the terminal may select a first management command that matches the management request command from the K management commands, thereby obtaining the first management command and the same management command as the group identifier of the first management command. And managing the configuration file according to the obtained N management commands, that is, the same management command as the first management command and the group identifier of the first management command.
  • the terminal receives a management request instruction of the user.
  • the terminal sends the EID of the terminal to the remote management platform.
  • the remote management platform after receiving the EID of the terminal, the remote management platform obtains K management commands corresponding to the EID of the terminal, and sends K management commands to the terminal;
  • the terminal After receiving the K management commands, the terminal selects, from the K management commands, a first management command that matches the management request command and a management command associated with the first management command, and according to the selected N managements.
  • the command ie, the first management command and the management command associated with the first management command
  • the terminal can determine whether the two management commands are associated in multiple manners, for example, whether the two management commands include the same integrated circuit card identity (ICCID), or whether the same profile owner is included. The identity of the profile owner, or whether one of the administrative commands depends on the previous execution of another administrative command.
  • ICCID integrated circuit card identity
  • the terminal when the terminal manages the configuration file according to the N management commands, the terminal may execute N management commands in the order of N management commands in the second message.
  • the terminal when the order of the download command is before the remote management command in the second message, the terminal first executes the download command, and then executes the remote management command, for example, the second message includes downloading the first configuration file (download command) And activating the first configuration file (remote management command), the terminal may first download the first configuration file and then activate the first configuration file; and in the second message, the order of the download command is in the remote management command Thereafter, the terminal first executes a remote management command and then executes a download command.
  • the N management commands may include deactivating and deleting another configuration file and downloading the first configuration file.
  • the terminal executes N management commands in the order of N management commands in the second message, You may first perform deactivation and delete another configuration file (remote management command), resulting in no network connection to download the first configuration file (download command), so the terminal can choose to download the first configuration file before performing deactivation. And delete another configuration file. That is, the terminal may also determine the order in which the N management commands are executed according to actual conditions.
  • the terminal when the order of downloading commands is before the remote management command in the second message, the terminal first caches the download command and executes After the remote management command, the cached download command is executed; when the order of the download command is after the remote management command in the second message, the terminal first caches the remote management command, and after executing the download command, executes Cached remote management commands.
  • the message format of the second message can be various, and a possible example is given below:
  • the order of the download command is before the remote management command (rpm).
  • the download command can also be located after the remote management command.
  • the second message includes multiple management commands in the same management command set (comandSet), and an example of the management command set is given below:
  • the management command set includes a download command (profileMetaData) and a remote management command (rpm).
  • Embodiment 1 the method flow described in Embodiment 1 will be described in detail based on the system architecture shown in FIG. 1b.
  • FIG. 5 is a schematic diagram of a management process of a first configuration file provided in Embodiment 2 of the present application, corresponding to the first possible implementation manner in Embodiment 1.
  • the mobile network operator may perform profile download scheduling and RPM reservation to the remote management platform SM-DP+. If the profile download and the RPM are associated operations, the mobile network operator sets the profile download schedule and the RPM subscription setting to be the same. Event ID (or match ID). SM-DP+ performs event registration on SM-DS.
  • the specific process includes:
  • step 501 the user selects a download profile (update profile), or a remote management request profile (update profile), or all update request commands (update all) through the LPA.
  • Step 502 The LPA and the SM-DS (ie, the first remote management platform) perform mutual authentication. During the authentication process, the LPA sends the EID of the terminal to the SM-DS.
  • the two-way authentication process is the same as the existing process.
  • Step 503 After the authentication is passed, the SM-DS searches for all events corresponding to the EID of the terminal according to the EID of the terminal (set to M events), and sets an event identifier of the M events and an SM-DP+ corresponding to each event identifier (ie, The address of the second remote management platform is sent to the LPA.
  • Step 504 The LPA receives M event identifiers corresponding to the EIDs of the terminals sent by the SM-DS, and performs bidirectional authentication for each event, LPA and SM-DP+. In the two-way authentication process, the LPA sends the event identifier of each event to The event identifies the corresponding SM-DP+.
  • the first event identifier is used as an example in the process.
  • the first event identifier is an event identifier in the M event identifiers.
  • Step 505 The SM-DP+ searches for the download command and the remote management command corresponding to the first event identifier according to the first event identifier, constructs a data structure such as profile metadata, smdpSigned2, smdpSignature2, and constructs a data structure such as smdpSigned3, smdpSignature3, and the The relevant data corresponding to the first event identifier is sent to the LPA.
  • a data structure such as profile metadata, smdpSigned2, smdpSignature2
  • a data structure such as smdpSigned3, smdpSignature3
  • the LPA verifies whether the received data matches the management request command selected by the user locally.
  • verification methods For example, if the user selects a download request command, it determines whether the received data contains at least the data structure of the profile metadata, and if so, it is judged to be a match. Otherwise, it is judged that the received data does not match the management request command selected by the user; for example, 2, the user selects a remote management command (updates a profile), and determines whether the received data is a remote management command and is in a remote management command.
  • the ICCID corresponds to the ICCID of the profile selected by the user, and if so, it is determined to be a match; otherwise, it is determined that the received data does not match the management request command selected by the user; for example, 3, the user selects all update request commands, if LPA This function can process any command, so no judgment is needed. Otherwise, according to the implementation of the LPA, it may be judged whether the received data is only a remote management command, and if so, it is judged as a match, otherwise, it is judged as a mismatch.
  • the LPA sends a message that the operation does not match or the ICCID does not match to the SM-DP+.
  • the message may carry a mismatched ICCID and a specific operation type.
  • the SM-DP+ Keep mismatched events so that LPA gets it next time.
  • the LPA obtains the user's consent to the received plurality of download and/or remote management commands. For example, if the user selects a download request instruction, the received data is to deactivate and delete the current other profile, and download a new profile, the LPA prompts the user whether to agree to activate and delete the current other profile and download The new profile, if the user agrees, the LPA may further determine the execution order according to the received data. For details, refer to the content of the execution order of the N management commands described in the first embodiment, and details are not described herein again.
  • the remote management platform can send the associated management commands to the terminal together, and the terminal can uniformly obtain the user's consent and perform operations in a reasonable order, thereby effectively avoiding the user's multiple commands.
  • the second time agreed, and the number of interactions between the terminal and the network was reduced.
  • FIG. 6 is a schematic diagram of a management process of a second configuration file provided in Embodiment 2 of the present application, which corresponds to a second possible implementation manner in Embodiment 1.
  • the SM-DS is not used in FIG. 6 with respect to the management flow of the first profile shown in FIG. 5, and the LPA sends the user-selected management to the SM-DP+ in the two-way authentication process of the LPA and the SM-DP+.
  • the request identifier (specifically, the type of operation selected by the user) is embodied in steps 502 and 503. A detailed description will be given below.
  • the management request identifier is set according to the management request command selected by the user. If the management request command selected by the user is a download request command, the management request identifier is a download request identifier; if the management request command selected by the user is a remote Management request instruction, the management request identifier is a remote management request identifier (at this time, the LPA also needs to send the corresponding ICCID to the SM-DP+); if the management request command selected by the user is all the profiles installed by the update terminal in all the update instructions, The management request identifier is a remote management request identifier (in this case, the LPA may not need to send the corresponding ICCID to the SM-DP+); if the management request command selected by the user is the download profile in all the update instructions and all the profiles installed in the update terminal, The management request identifier is all update identifiers (specifically, may be an indication of all).
  • step 601 the user selects a download profile (update profile), or a remote management request profile (update profile), or all update request commands (update all) through the LPA.
  • Step 602 In the two-way authentication process, the LPA sends an EID and a management request identifier to the SM-DP+. If the user selects the add profile, the LPA sends a download request identifier. If the user selects the update profile, the LPA sends the remote management request identifier. When the user selects update all, the LPA sends an indication of the remote management request identifier or all.
  • the SM-DP+ obtains a download command and a remote management command according to the EID and the management request identifier. For example, the user selects the add profile, and the SM-DP+ determines whether there is a profile download order corresponding to the EID according to the EID and the download request identifier. If yes, it determines whether there is an event identifier related to the download reservation, if any And determining whether there is an RPM command having the same event identifier, and if so, as a download management scheduled association command, and generating a corresponding download command according to the download schedule, the generated download command and the download scheduled association management command (RPM) ) is sent to the LPA.
  • RPM download scheduled association management command
  • step 604 the LPA receives the data sent by the SM-DP+ that matches the management request command selected by the user, and performs downloading and remote management.
  • the LPA receives the data sent by the SM-DP+ that matches the management request command selected by the user, and performs downloading and remote management.
  • the terminal may not use the SM-DS, and the terminal sends the operation type selected by the user to the remote management platform, so that the remote management platform can select and match the operation type. Management commands are sent to the terminal. In this way, the terminal can directly execute the received management command without determining whether the received management command matches the operation type selected by the user, thereby effectively reducing the processing load of the terminal.
  • FIG. 7 is a schematic diagram of a management process of a third configuration file provided in Embodiment 2 of the present application, corresponding to a third possible implementation manner in Embodiment 1.
  • step 701 the user selects a download profile (update profile), or a remote management request profile (update profile), or all update request commands (update all) through the LPA.
  • Step 702 In the two-way authentication process, the LPA sends the EID of the terminal to the SM-DP+.
  • Step 703 The SM-DP+ queries all download commands and remote management commands corresponding to the EID of the terminal, and searches for a request for the same event identifier. For requests with the same event ID, SM-DP+ builds a collection of management commands, The set of control commands includes data related to the request with the same event identifier; for a separate request, the data structure of each request can be directly sent, that is, SM-DP+ sends the management command set and the separately requested data to the LPA.
  • Step 704 the LPA verifies whether there is a download command or a remote management command in each management command set that matches the management request command selected by the user, or verifies whether each individual download command or remote management command matches the management request command selected by the user. If there is a request in the management command set that matches the management request command selected by the user, the LPA executes the other requests in the data set as association requests.
  • the terminal may not use the SM-DS with respect to the first and second types, and the terminal does not need to report the type of operation selected by the user.
  • the second embodiment of the present application provides a management flow of the fourth configuration file, and corresponds to the fourth possible implementation manner in the first embodiment.
  • the management process of the fourth configuration file has the same technical effect as the third method described above.
  • the difference is that the SM-DP+ assigns the same group ID to the interrelated request, and the group identifier can be an event identifier.
  • the SM-DP+ sequentially constructs the data structure of the download command or the remote management command, and assigns the same group identifier to the interrelated request in the data structure, and sends the same group identifier to the LPA.
  • the LPA verifies whether there is a download command or a remote management command in the received management command that matches the management request command selected by the user, and if so, acquires a download command or a remote match with the management request command selected by the user. Manage the group ID of the command and execute other requests with the same group ID as the associated request for the matching request.
  • the second embodiment of the present application provides a management flow of the fifth configuration file, and corresponds to the fifth possible implementation manner in the first embodiment.
  • the difference from the above several methods is that SM-DP+ sends all management commands corresponding to the EID of the terminal to the LPA, and the LPA determines which requests are executed. Specifically, the LPA determines whether there is a management request command selected by the user. The request, if any, is further determined whether there is a request for the merge execution (the inter-related request can be combined and executed).
  • the fifth possible implementation manner does not need to modify the interface of the LPA and the network, the flexibility of the terminal implementation can be effectively improved.
  • the management request command selected by the user may be a download request instruction, a remote management request instruction, or a full update request instruction.
  • the management request instruction selected by the user is taken as an example of the download request instruction. The management method of the configuration file described in the first embodiment and the second embodiment will be described.
  • FIG. 8 is a schematic diagram of a management process of a configuration file in Embodiment 3 of the present application. As shown in Figure 8, the process includes:
  • Step 801 The terminal sends a first message to the remote management platform, where the first message is used to request to download the first configuration file, and the second configuration file is already installed in the terminal.
  • Step 802 The remote management platform receives the first message, and sends a second message to the terminal.
  • the second message includes metadata of the first configuration file and a remote management command of the second configuration file.
  • Step 803 The terminal receives the second message, and downloads the first configuration file according to the metadata of the first configuration file, and manages the second configuration file according to the remote management command of the second configuration file.
  • the foregoing steps 801 to 803 can be applied to various scenarios.
  • One exemplary scenario is that the user wants to download the first configuration file, and the second configuration file is already installed in the terminal, and the first configuration file includes the configuration that cannot be deactivated.
  • the second configuration file needs to be remotely managed before the first configuration file is successfully downloaded.
  • the terminal needs to mention The user first selects the remote management request command, and after remotely managing the second configuration file, the download request command of the first configuration file may be downloaded.
  • the remote management platform sends the metadata of the first configuration file and the remote management command of the second configuration file to the terminal by using the second message, so that the terminal can select the second configuration file according to the second configuration file.
  • the remote management command manages the second configuration file, and then downloads the first configuration file according to the metadata of the first configuration file, thereby effectively saving network interaction and improving user experience.
  • the first message sent by the terminal to the remote management platform may also be referred to as a download request message.
  • the first message may be an authentication client request, which is not limited.
  • the foregoing process is also applicable to a scenario in which the first message is used to request to acquire all management commands corresponding to the EID of the terminal (in this case, the management request command selected by the user is all update request instructions).
  • the order in which the terminal downloads the first configuration file and manages the second configuration file may be performed according to the following manner: in the second message, the order of the metadata of the first configuration file is in the second configuration file Before the remote management command, the terminal first downloads the first configuration file, and then manages the second configuration file; when the second message, the order of the metadata of the first configuration file is in the After the remote management command of the second configuration file, the terminal first manages the second configuration file, and then downloads the first configuration file. That is, the terminal performs downloading of the first configuration file and managing the second configuration file in the order of the metadata of the first configuration file and the remote management command of the second configuration file in the second message.
  • remotely managing the second configuration file refers to deactivating and deleting the second configuration file.
  • the terminal follows the metadata and the second configuration of the first configuration file in the second message. If the remote management commands of the file are executed in sequence, the second configuration file may be deactivated and deleted (remote management of the second configuration file), resulting in no network connection to download the first configuration file. Therefore, the terminal may select to download the first configuration first. A configuration file is then executed to deactivate and delete the second configuration file.
  • the order in which the terminal downloads the first configuration file and manages the second configuration file may also be performed according to the following manner: in the second message, the order of the metadata of the first configuration file is in the second configuration Before the remote management command of the file, the terminal first caches the metadata of the first configuration file, and after managing the second configuration file, downloads the first configuration file according to the metadata of the cached first configuration file;
  • the terminal first caches the remote management command of the second configuration file After downloading the first configuration file, the second configuration file is managed according to the remote management command of the cached second configuration file.
  • the terminal may confirm to the user whether to agree to download the first configuration file and remotely manage the second configuration file, specifically, the terminal may download the first When configuring the file, confirm to the user whether to agree to download the first configuration file, and when remotely managing the second configuration file, confirm to the user whether to agree to remotely manage the second configuration file, that is, the terminal separately confirms to the user whether to agree to download the first configuration file.
  • Profile and remote management of the second profile In the application, in order to improve the user experience, the terminal may confirm to the user whether to agree to download the first configuration file and remotely manage the second configuration file, and obtain the user, before downloading the first configuration file and remotely managing the second configuration file.
  • the terminal After the consent is obtained, the first configuration file is downloaded and the second configuration file is remotely managed according to the corresponding execution sequence.
  • the terminal only needs to obtain the user's first consent, and can obtain the user's multiple consents in the prior art. Effectively improve the user experience and save interaction costs.
  • the terminal downloads the first configuration file according to the metadata of the first configuration file, which may be: the terminal verifies the metadata of the first configuration file, and after the verification is passed, downloads the first configuration file.
  • the specific process can be: terminal check Whether the policy of the configuration file includes the policy rules. If yes, the RAT determines whether the first configuration file including the policy rules is allowed to be downloaded. If allowed, the terminal can execute the process shown in FIG. 2 in the prior art. Download the first configuration file, which will not be described here.
  • FIG. 9 is a schematic diagram of a management process of a configuration file provided in Embodiment 4 of the present application.
  • the mobile network operator may perform profile download scheduling and RPM reservation to the remote management platform SM-DP+. If the profile download and the RPM are associated operations, the mobile network operator sets the profile download schedule and the RPM subscription setting to be the same. Event ID (or match ID).
  • SM-DP+ performs event registration on SM-DS.
  • the specific process includes:
  • step 901 the user selects a download request instruction through the LPA.
  • Step 902 The LPA and the SM-DS perform mutual authentication. During the authentication process, the LPA sends the EID of the terminal to the SM-DS.
  • Step 903 After the authentication is passed, the SM-DS searches for an event corresponding to the EID of the terminal according to the EID of the terminal, where the event corresponding to the EID of the terminal includes downloading the first configuration file and remotely managing the second configuration file, because the first configuration file is downloaded. And the remote management second configuration file is associated operation, and therefore has the same event identifier. At this time, the SM-DS can send the event identifier and the address of the SM-DP+ to the LPA.
  • Step 904 The LPA receives the event identifier sent by the SM-DS and performs mutual authentication with the SM-DP+. In the two-way authentication process, the LPA sends the event identifier to the SM-DP+.
  • Step 905 The SM-DP+ searches for the download command and the remote management command corresponding to the event identifier according to the received event identifier, constructs a data structure such as profile metadata, smdpSigned2, smdpSignature2, and constructs a data structure such as smdpSigned3 and smdpSignature3, and constructs the data structure.
  • the relevant data corresponding to the event identifier is sent to the LPA.
  • Step 906 The LPA checks that the received data includes profile metadata, and determines that the received data matches the download request command selected by the user locally, and may continue to perform step 907.
  • step 907 the LPA confirms to the user whether to agree to download the first configuration file and remotely manage the second configuration file, and after obtaining the user's consent, proceeds to step 908.
  • step 908 the LPA determines that the second configuration file is remotely managed, and then downloads the first configuration file; the LPA sends the remote management command packet, such as smdpSigned3 and smdpSignature3, to the eUICC.
  • the remote management command packet such as smdpSigned3 and smdpSignature3, to the eUICC.
  • step 909 the eUICC verifies the smdpSignature3 of the SM-DP+, and after the verification is passed, sequentially executes the command in the remote management command packet. After the execution is completed, the eUICC sends a first notification message to the LPA to notify the LPA remote management that the second configuration file has been executed. Finished.
  • Step 910 After receiving the first notification message sent by the eUICC, the LPA checks the metadata of the first configuration file to determine whether the policy rules are included. If yes, the RAT determines whether to allow the download to include the policy rules. The first configuration file, and after determining the permission, determines whether the user is required to input the confirmation code. If the confirmation code is required, the confirmation code input by the user is obtained, and then step 911 is performed. In the process, the LPA may also obtain the consent of the user to download the first configuration file.
  • step 911 the LPA sends a prepare download command to the eUICC, where the request carries information such as a certificate and a signature of the SM-DP+.
  • Step 912 the eUICC verifies the certificate and signature of the SM-DP+. After the verification is passed, the eUICC generates a temporary key pair, eucicSigned2, and generates an eUICC signature (euiccSignature2) using the private key of the eUICC, and the public key in the temporary key pair, The eUICC certificate, eUICC signature, and the like are sent to the LPA.
  • the LPA sends information such as a public key, an eUIC certificate, and an eUICC signature in the temporary key pair to the SM-DP+.
  • Step 914 After verifying the eUICC signature, the SM-DP+ determines whether the confirmation code is needed. If the confirmation code is needed, it is verified whether the confirmation code input by the user is correct. After the confirmation code input by the user is correct, the SM-DP+ generates a temporary key pair. The session key is calculated, the first configuration file is encrypted to generate a BPP, and the BPP is sent to the LPA.
  • step 915 the LPA verifies whether the metadata of the first configuration file in the BPP is changed, prompts the user to confirm, and the BPP is sent to the eUICC for installation after the user confirms.
  • Step 916 After the eUICC is installed, send a second notification message to the LPA to notify the LPA that the installation of the first configuration file has been completed.
  • Step 917 After receiving the second notification message sent by the eUICC, the LPA sends the first notification message and the second notification message to the SM-DP+.
  • step 918 the SM-DP+ notifies the mobile network operator to execute the result.
  • Step 919 The LPA removes the first notification message and the second notification message sent by the eUICC.
  • step numbers are merely exemplary representations of the execution order.
  • the order of execution is not specifically limited in the present application.
  • step 918 and step 919 may also be performed simultaneously.
  • the present application further provides a terminal and a remote management platform.
  • the specific implementation of the terminal and the remote management platform may refer to the foregoing method flow.
  • the terminal includes the following functional modules: a sending module 1001, a receiving module 1002, and a processing module 1003; and a sending module 1001, a receiving module 1002, and a processing module 1003.
  • the method flow of the terminal side described in the above-mentioned first to fourth embodiments is performed.
  • FIG. 11 is a schematic structural diagram of a remote management platform according to the present application.
  • the remote management platform includes the following functional modules: a sending module 1101, a receiving module 1102, and a processing module 1103; a sending module 1101, a receiving module 1102, and The processing module 1103 is configured to execute the method flow of the remote management platform side described in Embodiments 1 to 4 above.
  • FIG. 12 is a schematic structural diagram of another terminal provided by the present application. As shown in FIG. 12, the terminal 1200 includes: a communication interface 1201, a processor 1202, a memory 1203, and a bus system 1204;
  • the memory 1203 is configured to store a program.
  • the program can include program code, the program code including computer operating instructions.
  • the memory 1203 may be a random access memory (RAM) or a non-volatile memory, such as at least one disk storage. Only shown in the figure A memory, of course, the memory can also be set to multiple as needed. Memory 1203 can also be a memory in processor 1202.
  • the memory 1203 stores the following elements, executable modules or data structures, or a subset thereof, or an extended set thereof:
  • Operation instructions include various operation instructions for implementing various operations.
  • Operating system Includes a variety of system programs for implementing various basic services and handling hardware-based tasks.
  • the processor 1202 controls the operation of the terminal 1200, and the processor 1202 may also be referred to as a CPU (Central Processing Unit).
  • the components of the terminal 1200 are coupled together by a bus system 1204.
  • the bus system 1204 may include a power bus, a control bus, a status signal bus, and the like in addition to the data bus.
  • various buses are labeled as bus system 1204 in the figure. For ease of representation, only the schematic drawing is shown in FIG.
  • Processor 1202 may be an integrated circuit chip with signal processing capabilities. In the implementation process, each step of the above method may be completed by an integrated logic circuit of hardware in the processor 1202 or an instruction in a form of software.
  • the processor 1202 described above may be a general purpose processor, a digital signal processor (DSP), an application specific integrated circuit (ASIC), a field programmable gate array (FPGA) or other programmable logic device, a discrete gate or transistor logic device, or discrete hardware. Component.
  • DSP digital signal processor
  • ASIC application specific integrated circuit
  • FPGA field programmable gate array
  • the methods, steps, and logical block diagrams disclosed in the embodiments of the present application can be implemented or executed.
  • the general purpose processor may be a microprocessor or the processor or any conventional processor or the like.
  • the steps of the method disclosed in the embodiments of the present application may be directly implemented by the hardware decoding processor, or may be performed by a combination of hardware and software modules in the decoding processor.
  • the software module can be located in a conventional storage medium such as random access memory, flash memory, read only memory, programmable read only memory or electrically erasable programmable memory, registers, and the like.
  • the storage medium is located in the memory 1203, and the processor 1202 reads the information in the memory 1203, and performs the method flow of the terminal side described in the above-mentioned first to fourth embodiments in combination with the hardware thereof.
  • FIG. 13 is a schematic structural diagram of another remote management platform provided by the present application.
  • the remote management platform 1300 includes: a communication interface 1301, a processor 1302, a memory 1303, and a bus system 1304;
  • the memory 1303 is configured to store a program.
  • the program can include program code, the program code including computer operating instructions.
  • the memory 1303 may be a random access memory (RAM) or a non-volatile memory, such as at least one disk storage. Only one memory is shown in the figure, of course, the memory can also be set to a plurality as needed. Memory 1303 can also be a memory in processor 1302.
  • the memory 1303 stores the following elements, executable modules or data structures, or a subset thereof, or an extended set thereof:
  • Operation instructions include various operation instructions for implementing various operations.
  • Operating system Includes a variety of system programs for implementing various basic services and handling hardware-based tasks.
  • the processor 1302 controls the operation of the remote management platform 1300, and the processor 1302 may also be referred to as a CPU (Central Processing Unit).
  • the components of the remote management platform 1300 are coupled together by a bus system 1304.
  • the bus system 1304 may include a power bus, a control bus, a status signal bus, and the like in addition to the data bus.
  • various buses are labeled as bus system 1304 in the figure. For ease of representation, only the schematic drawing is shown in FIG.
  • the method disclosed in the foregoing embodiment of the present application may be applied to the processor 1302 or implemented by the processor 1302.
  • the processor 1302 may be an integrated circuit chip with signal processing capabilities. In the implementation process, each step of the above method may be completed by an integrated logic circuit of hardware in the processor 1302 or an instruction in a form of software.
  • the processor 1302 described above may be a general purpose processor, a digital signal processor (DSP), an application specific integrated circuit (ASIC), a field programmable gate array (FPGA) or other programmable logic device, a discrete gate or transistor logic device, or discrete hardware. Component.
  • DSP digital signal processor
  • ASIC application specific integrated circuit
  • FPGA field programmable gate array
  • the methods, steps, and logical block diagrams disclosed in the embodiments of the present application can be implemented or executed.
  • the general purpose processor may be a microprocessor or the processor or any conventional processor or the like.
  • the steps of the method disclosed in the embodiments of the present application may be directly implemented by the hardware decoding processor, or may be performed by a combination of hardware and software modules in the decoding processor.
  • the software module can be located in a conventional storage medium such as random access memory, flash memory, read only memory, programmable read only memory or electrically erasable programmable memory, registers, and the like.
  • the storage medium is located in the memory 1303, and the processor 1302 reads the information in the memory 1303, and performs the method flow on the remote management platform side described in the above-mentioned first to fourth embodiments in combination with the hardware thereof.
  • the embodiment of the present application further provides a computer readable storage medium for storing computer software instructions required to execute the foregoing processor, which includes a program for executing the above-mentioned processor.
  • embodiments of the present application can be provided as a method, system, or computer program product.
  • the present application can take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment in combination of software and hardware.
  • the application can take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, optical storage, etc.) including computer usable program code.
  • the computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device.
  • the apparatus implements the functions specified in one or more blocks of a flow or a flow and/or block diagram of the flowchart.
  • These computer program instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing for execution on a computer or other programmable device.
  • the instructions provide steps for implementing the functions specified in one or more of the flow or in a block or blocks of a flow diagram.

Landscapes

  • Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

L'invention concerne un procédé et un dispositif de gestion de fichiers de configuration, le procédé comprenant les étapes suivantes : un terminal envoie un premier message à une plateforme de gestion à distance et reçoit un second message qui est envoyé par la plateforme de gestion à distance, le second message comprenant N commandes de gestion, et les N commandes de gestion comprenant une commande de téléchargement et une commande de gestion à distance, N étant un nombre entier supérieur à 1 ; le terminal gère un fichier de configuration selon les N commandes de gestion. Dans la présente invention, étant donné que les N commandes de gestion comprennent la commande de téléchargement et la commande de gestion à distance, le téléchargement et la gestion à distance d'un fichier de configuration peuvent être combinés, ce qui simplifie efficacement l'interaction du réseau et améliore l'expérience de l'utilisateur.
PCT/CN2017/079360 2017-04-01 2017-04-01 Procédé et dispositif de gestion de fichier de configuration Ceased WO2018176492A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/CN2017/079360 WO2018176492A1 (fr) 2017-04-01 2017-04-01 Procédé et dispositif de gestion de fichier de configuration
CN201780050348.3A CN109565666B (zh) 2017-04-01 2017-04-01 一种配置文件的管理方法及装置

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2017/079360 WO2018176492A1 (fr) 2017-04-01 2017-04-01 Procédé et dispositif de gestion de fichier de configuration

Publications (1)

Publication Number Publication Date
WO2018176492A1 true WO2018176492A1 (fr) 2018-10-04

Family

ID=63674552

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/079360 Ceased WO2018176492A1 (fr) 2017-04-01 2017-04-01 Procédé et dispositif de gestion de fichier de configuration

Country Status (2)

Country Link
CN (1) CN109565666B (fr)
WO (1) WO2018176492A1 (fr)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116782227B (zh) * 2023-07-05 2025-09-16 中国电信股份有限公司技术创新中心 远程配置方法、终端设备、系统及存储介质

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103533634A (zh) * 2013-10-25 2014-01-22 中国联合网络通信集团有限公司 激活配置文件的系统、eUICC及其激活配置文件的方法
CN104469737A (zh) * 2014-11-17 2015-03-25 中国联合网络通信集团有限公司 一种嵌入式通用集成电路卡及其用户签约信息激活方法
CN104883674A (zh) * 2014-02-28 2015-09-02 华为终端有限公司 一种Profile关联管理的方法及装置
US20150271662A1 (en) * 2014-03-21 2015-09-24 T-Mobile Usa, Inc. Polling by Universal Integrated Circuit Card for Remote Subscription
CN105516962A (zh) * 2015-12-03 2016-04-20 中国联合网络通信集团有限公司 基于eUICC的开户方法和系统

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105530107B (zh) * 2015-12-03 2018-10-16 中国联合网络通信集团有限公司 基于eUICC的批量开户方法和平台

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103533634A (zh) * 2013-10-25 2014-01-22 中国联合网络通信集团有限公司 激活配置文件的系统、eUICC及其激活配置文件的方法
CN104883674A (zh) * 2014-02-28 2015-09-02 华为终端有限公司 一种Profile关联管理的方法及装置
US20150271662A1 (en) * 2014-03-21 2015-09-24 T-Mobile Usa, Inc. Polling by Universal Integrated Circuit Card for Remote Subscription
CN104469737A (zh) * 2014-11-17 2015-03-25 中国联合网络通信集团有限公司 一种嵌入式通用集成电路卡及其用户签约信息激活方法
CN105516962A (zh) * 2015-12-03 2016-04-20 中国联合网络通信集团有限公司 基于eUICC的开户方法和系统

Also Published As

Publication number Publication date
CN109565666B (zh) 2020-12-15
CN109565666A (zh) 2019-04-02

Similar Documents

Publication Publication Date Title
CN110636492B (zh) 使用区块链切换移动服务提供商
CN110352605B (zh) 一种鉴权算法程序的添加方法、相关设备及系统
US10911939B2 (en) Embedded universal integrated circuit card profile management method and apparatus
US10356070B2 (en) Method for transferring profile and electronic device supporting the same
EP4304222B1 (fr) Procédé et dispositif de gestion à distance
CN111263352B (zh) 车载设备的ota升级方法、系统、存储介质及车载设备
CN101208971B (zh) 用于同时托管网络上的多个服务提供商的方法及设备
CN109716805B (zh) 一种签约数据集的安装方法、终端及服务器
JP7100153B2 (ja) サービスapi呼び出し方法および関連装置
WO2018129724A1 (fr) Procédé, dispositif et serveur de téléchargement de profil d'abonnement
CN111182527B (zh) Ota固件升级方法、装置、终端设备及其存储介质
CN111837374B (zh) 在capif核心功能实体上注册api提供者域功能实体的方法和装置
CN107852603A (zh) 终端认证的方法及设备
CN111224952A (zh) 用于定向流量的网络资源获取方法、装置及存储介质
WO2018129723A1 (fr) Procédé de gestion relatif à un ensemble de données d'abonnement, terminal et serveur
WO2018010480A1 (fr) Procédé de verrouillage de réseau pour une carte esim, terminal et serveur d'authentification de verrouillage de réseau
WO2014150737A2 (fr) Procédé et système pour permettre la fédération d'applications sans relation
US11290870B2 (en) Combined migration and remigration of a network subscription
CN109565666B (zh) 一种配置文件的管理方法及装置
WO2025007511A1 (fr) Procédé d'attribution de tranches de réseau, procédé et système de traitement de données, et dispositif électronique
CN117319992A (zh) 车辆软件升级方法、系统、装置、电子设备及存储介质
US11777742B2 (en) Network device authentication
CN110267253A (zh) eSIM管理平台、eSIM安装方法及装置
WO2013067856A1 (fr) Procédé et dispositif de mise en œuvre d'une application
WO2019033310A1 (fr) Procédé de traitement de données pour appel de fonction et terminal mobile

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17904242

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17904242

Country of ref document: EP

Kind code of ref document: A1