Method and device for switching subscription manager-secure routing device
First Claim
1. A method for switching a subscription manager-secure routing device, comprising:
- acquiring, by a second subscription manager-secure routing device (SM-SR) from a first SM-SR, a profile installer credential corresponding to an embedded universal integrated circuit card (eUICC);
transmitting, by the second SM-SR, the profile installer credential to a second subscription manager-data preparing device (SM-DP), and sending a provisioning profile (PP) generation request, wherein the PP generation request is used for instructing the second SM-DP to generate a second PP corresponding to the second SM-SR and for instructing the second SM-DP to encrypt the second PP by using the profile installer credential;
generating, by the second SM-SR and after receiving an encrypted second PP sent by the second SM-DP, a key pair comprising a first key and a second key;
sending, by the second SM-SR, a third request message to the first SM-SR, wherein the third request message comprises the encrypted second PP and the first key, and wherein the third request message is used for instructing the first SM-SR to send the encrypted second PP and the first key to the eUICC, so that the eUICC replaces an internally preset first SM-SR according to an SM-SR replacement message sent by the first SM-SR;
receiving, by the second SM-SR, an access request message sent by the eUICC, wherein the access request message is sent by the eUICC after the eUICC receives the encrypted second PP and the first key, deactivates or deletes a preset first PP corresponding to the first SM-SR, deletes a first profile management credential corresponding to the first SM-SR, and activates the second PP; and
encrypting, by the second SM-SR by using the second key, a second profile management credential corresponding to the second SM-SR, and sending an encrypted second profile management credential to the eUICC, so that the eUICC interacts with the second SM-SR after receiving the encrypted second profile management credential, so as to obtain an operational profile (OP profile) used for accessing a mobile network, and access the mobile network according to the OP profile.
3 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides a method and a device for switching a subscription manager-secure routing device. The method includes: acquiring, by a second SM-SR from a first SM-SR, a PIC corresponding to an eUICC; acquiring, by the second SM-SR from a second SM-DP, a second PP that is encrypted by using the PIC; generating, by the second SM-SR, a key pair including a public key and a private key; sending, by the second SM-SR, the second PP and the public key to the eUICC through the first SM-SR, so that the eUICC accesses the second SM-SR after deactivating a first PP and activating the second PP; and encrypting, by the second SM-SR, a second PMC by using the private key, and sending an encrypted second PMC to the eUICC, so that the eUICC accesses the mobile network through the second SM-SR.
27 Citations
34 Claims
-
1. A method for switching a subscription manager-secure routing device, comprising:
-
acquiring, by a second subscription manager-secure routing device (SM-SR) from a first SM-SR, a profile installer credential corresponding to an embedded universal integrated circuit card (eUICC); transmitting, by the second SM-SR, the profile installer credential to a second subscription manager-data preparing device (SM-DP), and sending a provisioning profile (PP) generation request, wherein the PP generation request is used for instructing the second SM-DP to generate a second PP corresponding to the second SM-SR and for instructing the second SM-DP to encrypt the second PP by using the profile installer credential; generating, by the second SM-SR and after receiving an encrypted second PP sent by the second SM-DP, a key pair comprising a first key and a second key; sending, by the second SM-SR, a third request message to the first SM-SR, wherein the third request message comprises the encrypted second PP and the first key, and wherein the third request message is used for instructing the first SM-SR to send the encrypted second PP and the first key to the eUICC, so that the eUICC replaces an internally preset first SM-SR according to an SM-SR replacement message sent by the first SM-SR; receiving, by the second SM-SR, an access request message sent by the eUICC, wherein the access request message is sent by the eUICC after the eUICC receives the encrypted second PP and the first key, deactivates or deletes a preset first PP corresponding to the first SM-SR, deletes a first profile management credential corresponding to the first SM-SR, and activates the second PP; and encrypting, by the second SM-SR by using the second key, a second profile management credential corresponding to the second SM-SR, and sending an encrypted second profile management credential to the eUICC, so that the eUICC interacts with the second SM-SR after receiving the encrypted second profile management credential, so as to obtain an operational profile (OP profile) used for accessing a mobile network, and access the mobile network according to the OP profile. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method for switching a subscription manager-secure routing device, comprising:
-
receiving, by an embedded universal integrated circuit card (eUICC), a subscription manager-secure routing device (SM-SR) replacement message sent by a first SM-SR, wherein the SM-SR replacement message comprises an encrypted second provisioning profile (PP), a first key, and replacement indication information, wherein the first key is a key in a key pair generated by a second SM-SR, wherein the encrypted second PP is a second provisioning profile that is acquired by the second SM-SR from a second subscription manager-data preparing device (SM-DP), wherein the encrypted second PP is encrypted by the second SM-DP by using a profile installer credential, and wherein the encrypted second PP is used for accessing the second SM-SR; decrypting, by the eUICC, the encrypted second PP by using an internally preset credential; performing one of deactivating or deleting a preset first PP corresponding to the first SM-SR; deleting a first profile management credential corresponding to the first SM-SR; and activating the second PP; sending an access request message to the second SM-SR, wherein the access request message is used for enabling the second SM-SR to send a second profile management credential corresponding to the second SM-SR; receiving, by the eUICC, the second profile management credential that is encrypted by the second SM-SR by using a second key in the key pair; decrypting an encrypted second profile management credential by using the first key; interacting with the second SM-SR, so as to obtain an operational profile (OP profile) used for accessing a mobile network; and accessing, by the eUICC, the mobile network according to the OP profile. - View Dependent Claims (15, 16, 17)
-
-
18. A method for switching a subscription manager-secure routing device, comprising:
-
sending a profile installer credential used for encrypting a profile, wherein the profile installer credential is sent by a first subscription manager-secure routing device (SM-SR) to a second SM-SR and after receiving trigger information from an embedded universal integrated circuit card (eUICC) and that is used for replacing an SM-SR pre-connected to the eUICC, wherein the trigger information comprises information about the second SM-SR; receiving, by the first SM-SR, an encrypted second provisioning profile (PP) and a first key in a key pair that are sent by the second SM-SR, wherein the encrypted second PP is a second PP that is acquired by the second SM-SR from a second subscription manager-data preparing device (SM-DP), wherein the encrypted second PP has been encrypted by the second SM-DP by using the profile installer credential, wherein the second PP is used for accessing the second SM-SR, and wherein the key pair comprises keys generated by the second SM-SR and is used for ensuring interaction security between the eUICC and the second SM-SR; and sending, by the first SM-SR, an SM-SR replacement message to the eUICC, wherein the SM-SR replacement message comprises the encrypted second PP, the first key in the key pair, and replacement indication information, so that the eUICC accesses the second SM-SR according to the SM-SR replacement message. - View Dependent Claims (19, 20, 21)
-
-
22. A method for switching a subscription manager-secure routing device (SM-SR), comprising:
-
receiving, by a mobile network corresponding to a second SM-SR, a first request message that is sent by a service provider (SP) after the SP activates an embedded universal integrated circuit card (eUICC), wherein the first request message comprises information about a first SM-SR, and at least one of an identity (eID) of the eUICC or an international mobile equipment identity (IMEI) of a terminal in which the eUICC is located; sending, by the mobile network, a second request message to the second SM-SR, wherein the second request message comprises the information about the first SM-SR, and information that the mobile network provides a service for the eUICC activated by the SP, and wherein the second request message further comprises at least one of the eID of the eUICC or the IMEI of the terminal in which the eUICC is located, so that the eUICC switches an internally preset first SM-SR to the second SM-SR using an encrypted second provisioning profile (PP) corresponding to the second SM-SR, and accesses the mobile network through the second SM-SR; receiving, by the mobile network, a profile generation request sent by a second subscription manager-data preparing device (SM-DP) and used for enabling the eUICC to connect to the mobile network, wherein the profile generation request comprises at least one of an integrated circuit card identity (ICCID) or the IMEI, wherein the ICCID is an ICCID that is converted from the eID by the second SM-DP and can be identified by the mobile network; sending, by the mobile network to the second SM-DP, an operational profile (OP profile) that is required by the eUICC to connect to the mobile network; and receiving, by the mobile network, a network access request that is sent by the eUICC according to the OP profile, and enabling the eUICC to access the mobile network according to the network access request.
-
-
23. A subscription manager-secure routing device, comprising:
-
a processor; and a non-transitory computer readable medium connected to the processor and having stored thereon instructions for causing the processor to; acquire, from a source subscription manager-secure routing device (SM-SR), a profile installer credential corresponding to an embedded universal integrated circuit card (eUICC), wherein the subscription manager-secure routing device is a target SM-SR; transmit the profile installer credential to a target subscription manager-data preparing device (SM-DP); send a provisioning profile (PP) generation request to the target SM-DP, wherein the PP generation request is used for instructing the target SM-DP to generate a target PP corresponding to the target SM-SR and for instructing the target SM-DP to encrypt the target PP by using the profile installer credential; generate a key pair comprising a first key and a second key after receiving the encrypted target PP; send a third request message to the source SM-SR, wherein the third request message comprises the encrypted target PP and the first key, and wherein the third request message is used for instructing the source SM-SR to send the encrypted target PP and the first key to the eUICC, so that the eUICC replaces an internally preset source SM-SR according to an SM-SR replacement message sent by the source SM-SR; and receive an access request message sent by the eUICC, wherein the access request message is sent by the eUICC after the eUICC receives the encrypted target PP and the first key, deactivates or deletes a preset source PP corresponding to the source SM-SR, deletes a first profile management credential corresponding to the source SM-SR, and activates the target PP; encrypt, by using the second key, a second profile management credential corresponding to the target SM-SR; and send an encrypted second profile management credential to the eUICC, so that the eUICC interacts with the target SM-SR after receiving the second profile management credential, so as to obtain an operational profile (OP profile) for accessing a mobile network, and access the mobile network according to the OP profile. - View Dependent Claims (24, 25, 26, 27, 28)
-
-
29. A subscription manager-secure routing device, comprising:
-
a processor; and a non-transitory computer readable medium connected to the processor and having stored thereon instructions for causing the processor to; send, after receiving trigger information from a target subscription manager-secure routing device (SM-SR) of an embedded universal integrated circuit card (eUICC), to the target SM-SR, a profile installer credential that is stored in a memory and used for encrypting a profile, wherein the trigger information comprises information about the target SM-SR; and receive an encrypted target provisioning profile (PP) and a first key in a key pair that are sent by the target SM-SR, wherein the encrypted target PP is a target PP that is acquired by the target SM-SR from a target subscription manager-data preparing device (SM-DP), encrypted by the target SM-DP by using the profile installer credential, and used for accessing the target SM-SR, and wherein the key pair comprises keys generated by the target SM-SR and used for ensuring interaction security between the eUICC and the target SM-SR; and send an SM-SR replacement message to the eUICC, wherein the SM-SR replacement message comprises the encrypted target PP, the first key in the key pair, and replacement indication information, so that the eUICC accesses the target SM-SR according to the SM-SR replacement message. - View Dependent Claims (30, 31)
-
-
32. A subscription manager-secure routing device, comprising:
-
a processor; and a non-transitory computer readable medium connected to the processor and having stored thereon instructions for causing the processor to; receive, from a mobile network, a first request message comprising information about a source subscription manager-secure routing device (SM-SR), information that the mobile network provides a service for an embedded universal integrated circuit card (eUICC) activated by a service provider (SP), and at least one of an identity (eID) of the eUICC or an international mobile equipment identity (IMEI) of a terminal in which the eUICC is located, wherein the subscription manager-secure routing device is a target SM-SR; generate a temporary key pair comprising a public key and a private key using an encrypted target provisioning profile (PP); send a second request message to the source SM-SR, wherein the second request message comprises the encrypted target PP and the public key, and wherein the second request message instructs the source SM-SR to send the encrypted target PP and the public key to the eUICC, so that the eUICC replaces an internally preset source SM-SR according to an SM-SR replacement message sent by the source SM-SR; and receive an access request message sent by the eUICC, wherein the access request message is sent by the eUICC after the eUICC receives the encrypted target PP and the public key, deactivates or deletes a preset source PP corresponding to the source SM-SR, deletes a first profile management credential corresponding to the source SM-SR, and activates the encrypted target PP; encrypt, by using the private key, a second profile management credential corresponding to the target SM-SR; and send an encrypted second profile management credential to the eUICC, so that the eUICC interacts with the target SM-SR after receiving the second profile management credential, so as to obtain an operational profile (OP profile) for accessing a mobile network, and access the mobile network according to the OP profile. - View Dependent Claims (33, 34)
-
Specification