Security domain management method, apparatus, and system

US 10,270,811 B2
Filed: 08/13/2014
Issued: 04/23/2019
Est. Priority Date: 08/13/2014
Status: Active Grant

First Claim

Patent Images

1. A communications terminal, comprising:

a network interface, a processor, and a bus, wherein the network interface and the processor are interconnected by using the bus;

the network interface is configured to obtain a management request message comprising;

an issuer security domain profile identifier, anda configuration request message;

the processor is configured to manage a security subdomain in a mobile network operator profile corresponding to the issuer security domain profile identifier, wherein the security subdomain is used to store configuration information of a first service;

the network interface is configured to obtain the configuration request message when the first service is being newly subscribed to, wherein the configuration request message comprises the issuer security domain profile identifier and the configuration information of the first service, and the configuration information of the first service comprises application and data of the first service; and

the processor is configured to;

create the security subdomain in the mobile network operator profile corresponding to the issuer security domain profile identifier, and store the configuration information of the first service in the security subdomain,allocate an identifier to the security subdomain created by the processor, andmanage the security subdomain according to the identifier of the security subdomain.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides a security domain management method, apparatus, and system, which relate to the communications field, and can manage, according to a service status of a user-subscribed service, a security domain used for storing service configuration information. A specific solution is as follows: A communications terminal obtains a management request message sent by a server, where the management request message includes an issuer security domain profile identifier; and the communications terminal manages a security subdomain in a mobile network operator profile corresponding to the issuer security domain profile identifier, where the security subdomain is used to store configuration information of a first service. The present invention is used for security domain management.

Citations

17 Claims

1. A communications terminal, comprising:
- a network interface, a processor, and a bus, wherein the network interface and the processor are interconnected by using the bus;
  
  the network interface is configured to obtain a management request message comprising;
  
  an issuer security domain profile identifier, anda configuration request message;
  
  the processor is configured to manage a security subdomain in a mobile network operator profile corresponding to the issuer security domain profile identifier, wherein the security subdomain is used to store configuration information of a first service;
  
  the network interface is configured to obtain the configuration request message when the first service is being newly subscribed to, wherein the configuration request message comprises the issuer security domain profile identifier and the configuration information of the first service, and the configuration information of the first service comprises application and data of the first service; and
  
  the processor is configured to;
  
  create the security subdomain in the mobile network operator profile corresponding to the issuer security domain profile identifier, and store the configuration information of the first service in the security subdomain,allocate an identifier to the security subdomain created by the processor, andmanage the security subdomain according to the identifier of the security subdomain.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The communications terminal according to claim 1, wherein the network interface is further configured to send a configuration response message comprising the identifier that is of the security subdomain and allocated by the processor.
  - 3. The communications terminal according to claim 1, wherein:
    - the management request message comprises a deletion request message;
      
      the network interface is configured to obtain the deletion request message when the first service ends, wherein the deletion request message comprises the issuer security domain profile identifier and an identifier of the security subdomain; and
      
      the processor is configured to delete, according to the issuer security domain profile identifier and the identifier of the security subdomain, the security subdomain in the mobile network operator profile corresponding to the issuer security domain profile identifier.
  - 4. The communications terminal according to claim 3, wherein:
    - the processor is further configured to detect, according to the issuer security domain profile identifier and the identifier of the security subdomain that are comprised in the deletion request message obtained by the network interface, application and data in the security subdomain that need to be saved;
      
      the network interface is further configured to send a saving request message, wherein the saving request message comprises the application and the data that need to be saved and that are detected by the processor; and
      
      the processor is configured to;
      
      after the network interface sends the saving request message, delete, according to the issuer security domain profile identifier and the identifier of the security subdomain that are obtained by the network interface, the security subdomain in the mobile network operator profile corresponding to the issuer security domain profile identifier, and the application and the data in the security subdomain.
  - 5. The communications terminal according to claim 3, wherein the network interface is further configured to send a deletion response message after the processor deletes the security subdomain, wherein the deletion response message comprises security subdomain deletion success state information and the identifier of the security subdomain deleted by the processor.
  - 6. The communications terminal according to claim 1, wherein:
    - the network interface is further configured to;
      
      obtain an activation request message, andobtain a user instruction according to the activation request message;
      
      the processor is further configured to change a status of the mobile network operator profile to an active state when the user instruction obtained by the network interface is an activation instruction; and
      
      the network interface is further configured to send the activation response message, wherein the activation response message comprises the status that is of the mobile network operator profile and changed by the processor.

7. A server, comprising:
- a network interface, a processor, and a bus, wherein the network interface and the processor are interconnected by using the bus;
  
  the network interface is configured to;
  
  send a query request message to a subscription manager secure routing, wherein the query request message comprises an identifier of the subscription manager secure routing and an identifier of an embedded integrated circuit card, andobtain a query response message sent by the subscription manager secure routing, wherein the query response message comprises an issuer security domain profile identifier of a mobile network operator profile and a status of the mobile network operator profile;
  
  the processor is configured to check the status of the mobile network operator profile; and
  
  the network interface is further configured to;
  
  send a management request message when the status of the mobile network operator profile is an active state, to enable a communications terminal to manage a security subdomain corresponding to the management request message, wherein the management request message comprises a configuration request message, wherein the configuration request message comprises the issuer security domain profile identifier, and the security subdomain is configured to store configuration information of a first service, andsend the configuration request message when the first service is being newly subscribed to and the status of the mobile network operator profile is an active state, to enable the communications terminal to create the security subdomain according to the management request message, wherein the configuration request message comprises the issuer security domain profile identifier and the configuration information of the first service, and the configuration information of the first service comprises application information and data that are of the first service.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
- - 8. The server according to claim 7, wherein:
    - the network interface is further configured to obtain a configuration response message comprising an identifier of the security subdomain; and
      
      the processor is further configured to record the identifier of the security subdomain.
  - 9. The server according to claim 8, wherein the network interface is further configured to send a first update request message to the subscription manager secure routing after the processor records the identifier of the security subdomain in the mobile network operator profile corresponding to the issuer security domain profile identifier, wherein the first update request message comprises configuration information of the mobile network operator profile, to enable the subscription manager secure routing to update the configuration information of the mobile network operator profile according to the first update request message, wherein the configuration information of the mobile network operator profile comprises type, version, and security subdomain information of the mobile network operator profile.
  - 10. The server according to claim 7, wherein:
    - the management request message comprises a deletion request message;
      
      the network interface is further configured to;
      
      obtain an identifier of the security subdomain when the first service ends, andsend the deletion request message when the status of the mobile network operator profile is an active state, to enable the communications terminal to delete the security subdomain according to the management request message, wherein the deletion request message comprises the issuer security domain profile identifier and the identifier of the security subdomain.
  - 11. The server according to claim 10, wherein:
    - the network interface is further configured to obtain a saving request message comprising application and data that need to be saved;
      
      the server further comprises a memory, wherein the memory, the network interface, and the processor are interconnected by using the bus; and
      
      the memory is configured to save, according to the saving request message obtained by the network interface, the application and the data that need to be saved.
  - 12. The server according to claim 10, wherein:
    - the network interface is further configured to obtain a deletion response message comprising security subdomain deletion success state information and the identifier of the deleted security subdomain; and
      
      the processor is further configured to delete an identifier of a security subdomain in the mobile network operator profile according to the security subdomain deletion success state information and the identifier of the deleted security subdomain that are obtained by the network interface.
  - 13. The server according to claim 12, wherein the network interface is further configured to send a second update request message to the subscription manager secure routing after the processor deletes the identifier of the security subdomain in the mobile network operator profile, wherein the second update request message comprises configuration information of the mobile network operator profile in which the identifier of the security subdomain is deleted by the processor, to enable the subscription manager secure routing to update the configuration information of the mobile network operator profile according to the second update request message.
  - 14. The server according to claim 7, wherein:
    - the network interface is further configured to;
      
      send an activation request message when the status of the mobile network operator profile is an inactive state, andobtain an activation response message, wherein the activation response message comprises a status of the mobile network operator profile;
      
      the processor is further configured to check the status of the mobile network operator profile; and
      
      the network interface is further configured to send the management request message when the status of the mobile network operator profile is an active state.

15. A security domain management method, comprising:
- obtaining a management request message comprising an issuer security domain profile identifier and a configuration request message;
  
  managing a security subdomain in a mobile network operator profile corresponding to the issuer security domain profile identifier, wherein the security subdomain is configured to store configuration information of a first service;
  
  wherein obtaining the management request message comprises;
  
  obtaining the configuration request message when the first service is being newly subscribed to, wherein the configuration request message comprises the issuer security domain profile identifier of the mobile network operator profile and the configuration information of the first service, and the configuration information of the first service comprises application and data that are of the first service;
  
  wherein managing the security subdomain in the mobile network operator profile comprises;
  
  creating the security subdomain in the mobile network operator profile corresponding to the issuer security domain profile identifier, wherein the security subdomain is configured to store the configuration information of the first service;
  
  allocating an identifier to the security subdomain; and
  
  managing the security subdomain according to the identifier of the security subdomain.
- View Dependent Claims (16, 17)
- - 16. The method according to claim 15, wherein after allocating an identifier to the security subdomain, the security domain management method further comprises:
    - sending a configuration response message, wherein the configuration response message comprises the identifier of the security subdomain, to enable a server to manage the security subdomain according to the configuration response message.
  - 17. The method according to claim 15, wherein:
    - the management request message comprises a deletion request message;
      
      obtaining a management request message comprising an issuer security domain profile identifier comprises;
      
      obtaining the deletion request message when the first service ends, wherein the deletion request message comprises the issuer security domain profile identifier and an identifier of the security subdomain; and
      
      managing a security subdomain in a mobile network operator profile corresponding to the issuer security domain profile identifier, wherein the security subdomain is configured to store configuration information of the first service comprises;
      
      deleting, according to the issuer security domain profile identifier and the identifier of the security subdomain that are comprised in the deletion request message, the security subdomain in the mobile network operator profile corresponding to the issuer security domain profile identifier.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Original Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Inventors
Chang, Xinmiao, Li, Guoqing
Primary Examiner(s)
Schwartz, Darren B

Application Number

US15/503,317
Publication Number

US 20180054463A1
Time in Patent Office

1,714 Days
Field of Search
US Class Current
CPC Class Codes

H04L 41/046   comprising network manageme...

H04L 41/0806   for initial configuration o...

H04L 63/0428   wherein the data content is...

H04L 63/20   for managing network securi...

H04L 9/40   Network security protocols

H04W 12/02   Protecting privacy or anony...

H04W 12/35   Protecting application or s...

Security domain management method, apparatus, and system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Security domain management method, apparatus, and system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links