Method and device for switching subscription manager-secure routing device

US 9,807,605 B2
Filed: 12/30/2014
Issued: 10/31/2017
Est. Priority Date: 10/15/2012
Status: Active Grant

First Claim

Patent Images

1. A method for switching a subscription manager-secure routing device, comprising:

acquiring, by a second subscription manager-secure routing device (SM-SR) from a first SM-SR, a profile installer credential corresponding to an embedded universal integrated circuit card (eUICC);

transmitting, by the second SM-SR, the profile installer credential to a second subscription manager-data preparing device (SM-DP), and sending a provisioning profile (PP) generation request, wherein the PP generation request is used for instructing the second SM-DP to generate a second PP corresponding to the second SM-SR and for instructing the second SM-DP to encrypt the second PP by using the profile installer credential;

generating, by the second SM-SR and after receiving an encrypted second PP sent by the second SM-DP, a key pair comprising a first key and a second key;

sending, by the second SM-SR, a third request message to the first SM-SR, wherein the third request message comprises the encrypted second PP and the first key, and wherein the third request message is used for instructing the first SM-SR to send the encrypted second PP and the first key to the eUICC, so that the eUICC replaces an internally preset first SM-SR according to an SM-SR replacement message sent by the first SM-SR;

receiving, by the second SM-SR, an access request message sent by the eUICC, wherein the access request message is sent by the eUICC after the eUICC receives the encrypted second PP and the first key, deactivates or deletes a preset first PP corresponding to the first SM-SR, deletes a first profile management credential corresponding to the first SM-SR, and activates the second PP; and

encrypting, by the second SM-SR by using the second key, a second profile management credential corresponding to the second SM-SR, and sending an encrypted second profile management credential to the eUICC, so that the eUICC interacts with the second SM-SR after receiving the encrypted second profile management credential, so as to obtain an operational profile (OP profile) used for accessing a mobile network, and access the mobile network according to the OP profile.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides a method and a device for switching a subscription manager-secure routing device. The method includes: acquiring, by a second SM-SR from a first SM-SR, a PIC corresponding to an eUICC; acquiring, by the second SM-SR from a second SM-DP, a second PP that is encrypted by using the PIC; generating, by the second SM-SR, a key pair including a public key and a private key; sending, by the second SM-SR, the second PP and the public key to the eUICC through the first SM-SR, so that the eUICC accesses the second SM-SR after deactivating a first PP and activating the second PP; and encrypting, by the second SM-SR, a second PMC by using the private key, and sending an encrypted second PMC to the eUICC, so that the eUICC accesses the mobile network through the second SM-SR.

27 Citations

View as Search Results

34 Claims

1. A method for switching a subscription manager-secure routing device, comprising:
- acquiring, by a second subscription manager-secure routing device (SM-SR) from a first SM-SR, a profile installer credential corresponding to an embedded universal integrated circuit card (eUICC);
  
  transmitting, by the second SM-SR, the profile installer credential to a second subscription manager-data preparing device (SM-DP), and sending a provisioning profile (PP) generation request, wherein the PP generation request is used for instructing the second SM-DP to generate a second PP corresponding to the second SM-SR and for instructing the second SM-DP to encrypt the second PP by using the profile installer credential;
  
  generating, by the second SM-SR and after receiving an encrypted second PP sent by the second SM-DP, a key pair comprising a first key and a second key;
  
  sending, by the second SM-SR, a third request message to the first SM-SR, wherein the third request message comprises the encrypted second PP and the first key, and wherein the third request message is used for instructing the first SM-SR to send the encrypted second PP and the first key to the eUICC, so that the eUICC replaces an internally preset first SM-SR according to an SM-SR replacement message sent by the first SM-SR;
  
  receiving, by the second SM-SR, an access request message sent by the eUICC, wherein the access request message is sent by the eUICC after the eUICC receives the encrypted second PP and the first key, deactivates or deletes a preset first PP corresponding to the first SM-SR, deletes a first profile management credential corresponding to the first SM-SR, and activates the second PP; and
  
  encrypting, by the second SM-SR by using the second key, a second profile management credential corresponding to the second SM-SR, and sending an encrypted second profile management credential to the eUICC, so that the eUICC interacts with the second SM-SR after receiving the encrypted second profile management credential, so as to obtain an operational profile (OP profile) used for accessing a mobile network, and access the mobile network according to the OP profile.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method according to claim 1, further comprising:
    - receiving, by the second SM-SR and before the acquiring the profile installer credential corresponding to the eUICC, a second request message sent by the mobile network, wherein the second request message comprises information about the first SM-SR, and information that the mobile network provides a service for the eUICC activated by a service provider (SP), and wherein the second request message further comprises at least one of an identity (eID) of the eUICC or an international mobile equipment identity (IMEI) of a terminal in which the eUICC is located;
      
      wherein the information about the first SM-SR, the eID, and the IMEI are information carried in a first request message that is sent by the SP after the SP activates the eUICC and received by the mobile network; and
      
      wherein the acquiring, by the second SM-SR from the first SM-SR, the profile installer credential corresponding to the eUICC comprises acquiring, by the second SM-SR from the first SM-SR, the profile installer credential corresponding to the eUICC, according to the information about the first SM-SR.
  - 3. The method according to claim 2, further comprising:
    - sending, by the second SM-SR to the first SM-SR, after the second SM-SR determines that the first SM-SR is a legal SM-SR and before the acquiring the profile installer credential corresponding to an eUICC, a first switching request used for replacing an SM-SR pre-connected to the eUICC; and
      
      wherein the first switching request comprises at least one of the eID or the IMEI so that the first SM-SR determines to replace the SM-SR pre-connected to the eUICC with the second SM-SR for the eUICC, or the first switching request comprises authentication information of the second SM-SR and one or more of the eID and the IMEI, so that the first SM-SR determines according to the authentication information of the second SM-SR that the second SM-SR is a legal SM-SR, and determines to replace the SM-SR pre-connected to the eUICC with the second SM-SR for the eUICC.
  - 4. The method according to claim 3, further comprising:
    - receiving, by the second SM-SR and before the step of acquiring a profile installer credential corresponding to an eUICC, a switching response that is sent by the first SM-SR according to the first switching request; and
      
      wherein the switching response comprises the profile installer credential.
  - 5. The method according to claim 4, wherein the switching response further comprises an eUICC credential used by the second SM-SR to authenticate the eUICC, and an SM-SR credential used by the eUICC to authenticate the second SM-SR.
  - 6. The method according to claim 4, further comprising:
    - determining, by the second SM-SR according to an eUICC credential and before the receiving the access request message sent by the eUICC, that the eUICC is a legal device.
  - 7. The method according to claim 4, wherein the encrypting the second profile management credential corresponding to the second SM-SR comprises encrypting, by the second SM-SR and by using the second key, the second profile management credential corresponding to the second SM-SR;
    - andwherein the sending the encrypted second profile management credential to the eUICC comprises sending the encrypted second profile management credential and an SM-SR credential to the eUICC, so that the eUICC interacts with the second SM-SR after determining according to the SM-SR credential that the second SM-SR is a legal SM-SR, so as to obtain an OP profile for accessing the mobile network, and access the mobile network according to the OP profile.
  - 8. The method according to claim 2, wherein the acquiring the profile installer credential corresponding to the eUICC comprises:
    - sending, by the second SM-SR, a first switching request to the first SM-SR, wherein the first switching request comprises information about the second SM-SR; and
      
      receiving a switching response that is sent by the first SM-SR according to the first switching request, wherein the switching response comprises the profile installer credential.
  - 9. The method according to claim 2, wherein the acquiring the profile installer credential corresponding to the eUICC comprises:
    - sending, by the second SM-SR, a first switching request to the first SM-SR, wherein the first switching request comprises information about the second SM-SR; and
      
      receiving a switching response that is sent by the first SM-SR according to the first switching request, wherein the switching response comprises the profile installer credential, an eUICC credential used by the second SM-SR to authenticate the eUICC, and an SM-SR credential used by the eUICC to authenticate the second SM-SR.
  - 10. The method according to claim 1, wherein the encrypting the second profile management credential corresponding to the second SM-SR comprises:
    - encrypting, by the second SM-SR, the second profile management credential by using the second key, and sending the encrypted second profile management credential to the eUICC;
      
      receiving, by the second SM-SR, an OP request that is sent by the eUICC after the eUICC receives the second profile management credential, wherein the OP request is used for enabling the second SM-SR to acquire the OP profile used for accessing the mobile network;
      
      sending, by the second SM-SR, an OP profile acquiring request to the second SM-DP according to the OP request, wherein the OP profile acquiring request is used for enabling the second SM-DP to interact with the mobile network, so as to obtain the OP profile; and
      
      receiving, by the second SM-SR, the OP profile that is sent by the second SM-DP and encrypted by using the profile installer credential, wherein the sending the encrypted second profile management credential to the eUICC comprises sending, by the second SM-SR, an encrypted OP profile to the eUICC, so that the eUICC accesses the mobile network according to the OP profile.
  - 11. The method according to claim 1, further comprising:
    - receiving, by the second SM-SR and before the step of acquiring the profile installer credential corresponding to the eUICC, a second switching request sent by the first SM-SR and used for replacing an SM-SR pre-connected to the eUICC, wherein the second switching request comprises authentication information of the first SM-SR, wherein the second switching request further comprises at least one of an identity (eID) of the eUICC or an international mobile equipment identity (IMEI) of a terminal in which the eUICC is located;
      
      sending, by the second SM-SR and in response to the second SM-SR determining that the first SM-SR is a legal SM-SR according to the authentication information of the first SM-SR, a query message to the second SM-DP, wherein the query message is used for instructing the second SM-DP to query the mobile network about whether the mobile network can provide a service for an eUICC corresponding to the eID or the IMEI, and the query message comprises the eID, the IMEI or the eID and the IMEI;
      
      receiving, by the second SM-SR and in response to the mobile network determining that the mobile network can provide the service for the eUICC, a query result returned by the second SM-DP, wherein the query result comprises information that the mobile network can provide the service for the eUICC; and
      
      sending, by the second SM-SR and after receiving the query result, a response to the second switching request to the first SM-SR, wherein the response comprises authentication information of the second SM-SR, and wherein the response further comprises the eID, the IMEI or both the eID and IMEI, so that the first SM-SR determines that the second SM-SR is a legal SM-SR according to the authentication information of the second SM-SR, and determines to replace the SM-SR pre-connected to the eUICC with the second SM-SR for the eUICC.
  - 12. The method according to claim 1, further comprising:
    - receiving, by the second SM-SR and before the step of acquiring a profile installer credential corresponding to an eUICC, a third switching request that is sent by an SP after the SP activates the eUICC and used for replacing an SM-SR pre-connected to the eUICC, wherein the third switching request comprises information about the first SM-SR, and wherein the third switching request further comprises an eID, an IMEI or the eID and the IMEI;
      
      sending, by the second SM-SR and after determining that the first SM-SR is a legal SM-SR, a query message to the second SM-DP, wherein the query message is used for instructing the second SM-DP to query the mobile network about whether the mobile network can provide a service for an eUICC corresponding to the eID or the IMEI, and the query message comprises the eID, IMEI or both the eID and the IMEI;
      
      receiving, by the second SM-SR and in response to the mobile network determining that the mobile network can provide the service for the eUICC, a query result returned by the second SM-DP, wherein the query result comprises information that the mobile network can provide the service for the eUICC; and
      
      sending, by the second SM-SR to the first SM-SR and after receiving the query result, a first switching request used for replacing the SM-SR pre-connected to the eUICC, wherein the first switching request comprises authentication information of the second SM-SR, and wherein the first switching request further comprises the eID, the IMEI or both the eID and the IMEI, so that the first SM-SR determines according to the authentication information of the second SM-SR that the second SM-SR is a legal SM-SR, and determines to replace the SM-SR pre-connected to the eUICC with the second SM-SR for the eUICC.
  - 13. The method according to claim 1, further comprising:
    - receiving, by the second SM-SR, a third switching request that is sent by an SP after the SP activates the eUICC and used for replacing an SM-SR pre-connected to the eUICC, wherein the third switching request comprises information about the first SM-SR, and wherein the third switching request further comprises at least one of an identity (eID) of the eUICC or an international mobile equipment identity (IMEI) of a terminal in which the eUICC is located;
      
      sending, by the second SM-SR and after determining that the first SM-SR is a legal SM-SR, a query message to the second SM-DP, wherein the query message is used for instructing the second SM-DP to query the mobile network about whether the mobile network can provide a service for an eUICC corresponding to the eID or the IMEI, and the query message comprises the eID, the IMEI, or both the eID and the IMEI;
      
      receiving, by the second SM-SR and when the mobile network determines that the mobile network can provide the service for the eUICC, a query result returned by the second SM-DP, wherein the query result comprises information that the mobile network can provide the service for the eUICC; and
      
      after receiving the query result, sending, by the second SM-SR to the first SM-SR, a first switching request used for replacing the SM-SR pre-connected to the eUICC, wherein the first switching request comprises the eID, the IMEI, or both the eID and the IMEI, so that the first SM-SR determines to replace the SM-SR pre-connected to the eUICC with the second SM-SR for the eUICC.

14. A method for switching a subscription manager-secure routing device, comprising:
- receiving, by an embedded universal integrated circuit card (eUICC), a subscription manager-secure routing device (SM-SR) replacement message sent by a first SM-SR, wherein the SM-SR replacement message comprises an encrypted second provisioning profile (PP), a first key, and replacement indication information, wherein the first key is a key in a key pair generated by a second SM-SR, wherein the encrypted second PP is a second provisioning profile that is acquired by the second SM-SR from a second subscription manager-data preparing device (SM-DP), wherein the encrypted second PP is encrypted by the second SM-DP by using a profile installer credential, and wherein the encrypted second PP is used for accessing the second SM-SR;
  
  decrypting, by the eUICC, the encrypted second PP by using an internally preset credential;
  
  performing one of deactivating or deleting a preset first PP corresponding to the first SM-SR;
  
  deleting a first profile management credential corresponding to the first SM-SR; and
  
  activating the second PP;
  
  sending an access request message to the second SM-SR, wherein the access request message is used for enabling the second SM-SR to send a second profile management credential corresponding to the second SM-SR;
  
  receiving, by the eUICC, the second profile management credential that is encrypted by the second SM-SR by using a second key in the key pair;
  
  decrypting an encrypted second profile management credential by using the first key;
  
  interacting with the second SM-SR, so as to obtain an operational profile (OP profile) used for accessing a mobile network; and
  
  accessing, by the eUICC, the mobile network according to the OP profile.
- View Dependent Claims (15, 16, 17)
- - 15. The method according to claim 14, wherein the receiving, by the eUICC, the second profile management credential that is encrypted by the second SM-SR by using a second key in the key pair comprises receiving, by the eUICC, the second profile management credential that is encrypted by the second SM-SR by using the second key in the key pair, and receiving an SM-SR credential sent by the second SM-SR and used by the eUICC to authenticate the second SM-SR;
    - andwherein the decrypting the encrypted second profile management credential by using the first key, and interacting with the second SM-SR comprises decrypting, by the eUICC and after determining according to the SM-SR credential that the second SM-SR is a legal SM-SR, the encrypted second profile management credential by using the first key, and interacting with the second SM-SR.
  - 16. The method according to claim 14, wherein the interacting with the second SM-SR comprises:
    - sending, by the eUICC, an OP request to the second SM-SR, wherein the OP request is used for enabling the second SM-SR to acquire the OP profile used for accessing the mobile network; and
      
      receiving, by the eUICC, the OP profile sent by the second SM-SR and used for accessing the mobile network, wherein the OP profile is a profile obtained by the second SM-SR from the mobile network through the second SM-DP.
  - 17. The method according to claim 14, further comprising:
    - sending an SM-SR change request to the first SM-SR, therein the sending is by the eUICC, after an internally preset first PP is activated, after information about the mobile network is obtained, and before the receiving the SM-SR replacement message sent by a first SM-SR, wherein the SM-SR change request comprises the information about the mobile network, and wherein the SM-SR change request further comprises an identity (eID) of the eUICC and/or an international mobile equipment identity (IMEI) of a terminal in which the eUICC is located, so that the first SM-SR interacts with the second SM-SR, so as to implement access of the eUICC to the second SM-SR, and implement access of the eUICC to the mobile network.

18. A method for switching a subscription manager-secure routing device, comprising:
- sending a profile installer credential used for encrypting a profile, wherein the profile installer credential is sent by a first subscription manager-secure routing device (SM-SR) to a second SM-SR and after receiving trigger information from an embedded universal integrated circuit card (eUICC) and that is used for replacing an SM-SR pre-connected to the eUICC, wherein the trigger information comprises information about the second SM-SR;
  
  receiving, by the first SM-SR, an encrypted second provisioning profile (PP) and a first key in a key pair that are sent by the second SM-SR, wherein the encrypted second PP is a second PP that is acquired by the second SM-SR from a second subscription manager-data preparing device (SM-DP), wherein the encrypted second PP has been encrypted by the second SM-DP by using the profile installer credential, wherein the second PP is used for accessing the second SM-SR, and wherein the key pair comprises keys generated by the second SM-SR and is used for ensuring interaction security between the eUICC and the second SM-SR; and
  
  sending, by the first SM-SR, an SM-SR replacement message to the eUICC, wherein the SM-SR replacement message comprises the encrypted second PP, the first key in the key pair, and replacement indication information, so that the eUICC accesses the second SM-SR according to the SM-SR replacement message.
- View Dependent Claims (19, 20, 21)
- - 19. The method according to claim 18, further comprising:
    - receiving, by the first SM-SR and before the sending the profile installer credential used for encrypting the profile, the trigger information used for replacing the SM-SR pre-connected to the eUICC, wherein the trigger information is one of a first switching request that is sent by the second SM-SR to the first SM-SR according to information about the first SM-SR or a second switching request sent by the eUICC to the first SM-SR according to obtained information about a mobile network.
  - 20. The method according to claim 18, further comprising:
    - determining, by the first SM-SR and before the sending the profile installer credential used for encrypting the profile, that the second SM-SR is a legal SM-SR.
  - 21. The method according to claim 18, further comprising:
    - sending, by the first SM-SR and before the sending the profile installer credential used for encrypting the profile, a profile installer credential acquiring request to a first SM-DP; and
      
      receiving a profile installer credential sent by the first SM-DP and corresponding to the eUICC, wherein the profile installer credential acquiring request comprises at least one of an identity (eID) of the eUICC or an international mobile equipment identity (IMEI) of a terminal in which the eUICC is located.

22. A method for switching a subscription manager-secure routing device (SM-SR), comprising:
- receiving, by a mobile network corresponding to a second SM-SR, a first request message that is sent by a service provider (SP) after the SP activates an embedded universal integrated circuit card (eUICC), wherein the first request message comprises information about a first SM-SR, and at least one of an identity (eID) of the eUICC or an international mobile equipment identity (IMEI) of a terminal in which the eUICC is located;
  
  sending, by the mobile network, a second request message to the second SM-SR, wherein the second request message comprises the information about the first SM-SR, and information that the mobile network provides a service for the eUICC activated by the SP, and wherein the second request message further comprises at least one of the eID of the eUICC or the IMEI of the terminal in which the eUICC is located, so that the eUICC switches an internally preset first SM-SR to the second SM-SR using an encrypted second provisioning profile (PP) corresponding to the second SM-SR, and accesses the mobile network through the second SM-SR;
  
  receiving, by the mobile network, a profile generation request sent by a second subscription manager-data preparing device (SM-DP) and used for enabling the eUICC to connect to the mobile network, wherein the profile generation request comprises at least one of an integrated circuit card identity (ICCID) or the IMEI, wherein the ICCID is an ICCID that is converted from the eID by the second SM-DP and can be identified by the mobile network;
  
  sending, by the mobile network to the second SM-DP, an operational profile (OP profile) that is required by the eUICC to connect to the mobile network; and
  
  receiving, by the mobile network, a network access request that is sent by the eUICC according to the OP profile, and enabling the eUICC to access the mobile network according to the network access request.

23. A subscription manager-secure routing device, comprising:
- a processor; and
  
  a non-transitory computer readable medium connected to the processor and having stored thereon instructions for causing the processor to;
  
  acquire, from a source subscription manager-secure routing device (SM-SR), a profile installer credential corresponding to an embedded universal integrated circuit card (eUICC), wherein the subscription manager-secure routing device is a target SM-SR;
  
  transmit the profile installer credential to a target subscription manager-data preparing device (SM-DP);
  
  send a provisioning profile (PP) generation request to the target SM-DP, wherein the PP generation request is used for instructing the target SM-DP to generate a target PP corresponding to the target SM-SR and for instructing the target SM-DP to encrypt the target PP by using the profile installer credential;
  
  generate a key pair comprising a first key and a second key after receiving the encrypted target PP;
  
  send a third request message to the source SM-SR, wherein the third request message comprises the encrypted target PP and the first key, and wherein the third request message is used for instructing the source SM-SR to send the encrypted target PP and the first key to the eUICC, so that the eUICC replaces an internally preset source SM-SR according to an SM-SR replacement message sent by the source SM-SR; and
  
  receive an access request message sent by the eUICC, wherein the access request message is sent by the eUICC after the eUICC receives the encrypted target PP and the first key, deactivates or deletes a preset source PP corresponding to the source SM-SR, deletes a first profile management credential corresponding to the source SM-SR, and activates the target PP;
  
  encrypt, by using the second key, a second profile management credential corresponding to the target SM-SR; and
  
  send an encrypted second profile management credential to the eUICC, so that the eUICC interacts with the target SM-SR after receiving the second profile management credential, so as to obtain an operational profile (OP profile) for accessing a mobile network, and access the mobile network according to the OP profile.
- View Dependent Claims (24, 25, 26, 27, 28)
- - 24. The device according to claim 23, wherein the non-transitory computer readable medium further has stored thereon instructions for causing the processor to:
    - receive a second request message sent by the mobile network, wherein the second request message comprises information about the source SM-SR, and information that the mobile network provides a service for an eUICC activated by a service provider (SP), and wherein the second request message further comprises at least one of an eID of the eUICC or an IMEI of a terminal in which the eUICC is located, wherein the information about the source SM-SR, the eID, and the IMEI are information carried in a first request message that is sent by the SP after the SP activates the eUICC and received by the mobile network.
  - 25. The device according to claim 24, wherein the non-transitory computer readable medium further has stored thereon instructions for causing the processor to:
    - determine that the source SM-SR is a legal SM-SR; and
      
      send, to the source SM-SR and after determining that the source SM-SR is a legal SM-SR, a first switching request used for replacing an SM-SR pre-connected to the eUICC, wherein the first switching request comprises authentication information of the target SM-SR, and wherein the first switching request further comprises the eID, the IMEI, or both the eID and the IMEI, so that the source SM-SR determines that the target SM-SR is a legal SM-SR according to the authentication information of the target SM-SR, and determines to replace the SM-SR pre-connected to the eUICC with the target SM-SR for the eUICC.
  - 26. The device according to claim 24, wherein the non-transitory computer readable medium further has stored thereon instructions for causing the processor to:
    - determine that the source SM-SR is a legal SM-SR; and
      
      send, to the source SM-SR, a first switching request used for replacing an SM-SR pre-connected to the eUICC, wherein the first switching request comprises the eID, the IMEI, or both the eID and the IMEI, so that the source SM-SR determines to replace the SM-SR pre-connected to the eUICC with the target SM-SR for the eUICC.
  - 27. The device according to claim 24, wherein the non-transitory computer readable medium further has stored thereon instructions for causing the processor to:
    - receive a second switching request sent by the source SM-SR and used for replacing an SM-SR pre-connected to the eUICC, wherein the second switching request comprises authentication information of the source SM-SR, and further comprises the eID, the IMEI, or both the eID and the IMEI;
      
      determine that the source SM-SR is a legal SM-SR according to the authentication information of the source SM-SR;
      
      send a query message to the target SM-DP after determining that the source SM-SR is a legal SM-SR, wherein the query message is used for instructing the target SM-DP to query the mobile network about whether the mobile network can provide a service for an eUICC corresponding to the eID or the IMEI, and wherein the query message comprises at least one of an eID or an IMEI;
      
      receive a query result returned by the target SM-DP in response to the mobile network determining that the mobile network can provide the service for the eUICC, wherein the query result comprises information that the mobile network can provide the service for the eUICC; and
      
      send a response to the second switching request to the source SM-SR after the receiving the query result, wherein the response comprises authentication information of the target SM-SR, and wherein the response further comprises the eID, the IMEI, or both the eID and the IMEI, so that the source SM-SR determines according to the authentication information of the target SM-SR that the target SM-SR is a legal SM-SR, and determines to replace the SM-SR pre-connected to the eUICC with the target SM-SR for the eUICC.
  - 28. The device according to claim 24, wherein the non-transitory computer readable medium further has stored thereon instructions for causing the processor to:
    - receive a third switching request that is sent by an SP after the SP activates the eUICC and that is used for replacing an SM-SR pre-connected to the eUICC, wherein the third switching request comprises information about the source SM-SR, and wherein the third switching request further comprises the eID, the IMEI, or both the eID and the IMEI;
      
      determine that the source SM-SR is a legal SM-SR;
      
      send a query message to the target SM-DP after determining that the source SM-SR is a legal SM-SR, wherein the query message is used for instructing the target SM-DP to query the mobile network about whether the mobile network can provide a service for an eUICC corresponding to the eID or the IMEI, and the query message comprises the eID, the IMEI, or both the eID and the IMEI;
      
      receive a query result returned by the target SM-DP in response to the mobile network determining that the mobile network can provide the service for the eUICC, wherein the query result comprises information that the mobile network can provide the service for the eUICC; and
      
      send, to the source SM-SR and after the receiving the query result, a first switching request used for replacing an SM-SR pre-connected to the eUICC, wherein the first switching request comprises authentication information of the target SM-SR, and wherein the first switching request further comprises the eID, the IMEI, or both the eID and the IMEI, so that the source SM-SR determines according to the authentication information of the target SM-SR that the target SM-SR is a legal SM-SR, and determines to replace the SM-SR pre-connected to the eUICC with the target SM-SR for the eUICC.

29. A subscription manager-secure routing device, comprising:
- a processor; and
  
  a non-transitory computer readable medium connected to the processor and having stored thereon instructions for causing the processor to;
  
  send, after receiving trigger information from a target subscription manager-secure routing device (SM-SR) of an embedded universal integrated circuit card (eUICC), to the target SM-SR, a profile installer credential that is stored in a memory and used for encrypting a profile, wherein the trigger information comprises information about the target SM-SR; and
  
  receive an encrypted target provisioning profile (PP) and a first key in a key pair that are sent by the target SM-SR, wherein the encrypted target PP is a target PP that is acquired by the target SM-SR from a target subscription manager-data preparing device (SM-DP), encrypted by the target SM-DP by using the profile installer credential, and used for accessing the target SM-SR, and wherein the key pair comprises keys generated by the target SM-SR and used for ensuring interaction security between the eUICC and the target SM-SR; and
  
  send an SM-SR replacement message to the eUICC, wherein the SM-SR replacement message comprises the encrypted target PP, the first key in the key pair, and replacement indication information, so that the eUICC accesses the target SM-SR according to the SM-SR replacement message.
- View Dependent Claims (30, 31)
- - 30. The device according to claim 29, wherein the non-transitory computer readable medium further has stored thereon instructions for causing the processor to determine that the target SM-SR is a legal SM-SR.
  - 31. The device according to claim 29, wherein the non-transitory computer readable medium further has stored thereon instructions for causing the processor to:
    - send a profile installer credential acquiring request to a source SM-DP, wherein the profile installer credential acquiring request comprises at least one of an eID of the eUICC or an IMEI of a terminal in which the eUICC is located; and
      
      receive a profile installer credential sent by the source SM-DP and corresponding to the eUICC.

32. A subscription manager-secure routing device, comprising:
- a processor; and
  
  a non-transitory computer readable medium connected to the processor and having stored thereon instructions for causing the processor to;
  
  receive, from a mobile network, a first request message comprising information about a source subscription manager-secure routing device (SM-SR), information that the mobile network provides a service for an embedded universal integrated circuit card (eUICC) activated by a service provider (SP), and at least one of an identity (eID) of the eUICC or an international mobile equipment identity (IMEI) of a terminal in which the eUICC is located, wherein the subscription manager-secure routing device is a target SM-SR;
  
  generate a temporary key pair comprising a public key and a private key using an encrypted target provisioning profile (PP);
  
  send a second request message to the source SM-SR, wherein the second request message comprises the encrypted target PP and the public key, and wherein the second request message instructs the source SM-SR to send the encrypted target PP and the public key to the eUICC, so that the eUICC replaces an internally preset source SM-SR according to an SM-SR replacement message sent by the source SM-SR; and
  
  receive an access request message sent by the eUICC, wherein the access request message is sent by the eUICC after the eUICC receives the encrypted target PP and the public key, deactivates or deletes a preset source PP corresponding to the source SM-SR, deletes a first profile management credential corresponding to the source SM-SR, and activates the encrypted target PP;
  
  encrypt, by using the private key, a second profile management credential corresponding to the target SM-SR; and
  
  send an encrypted second profile management credential to the eUICC, so that the eUICC interacts with the target SM-SR after receiving the second profile management credential, so as to obtain an operational profile (OP profile) for accessing a mobile network, and access the mobile network according to the OP profile.
- View Dependent Claims (33, 34)
- - 33. The device according to claim 32, wherein the non-transitory computer readable medium further has stored thereon instructions for causing the processor to:
    - acquire, from the source SM-SR, a profile installer credential corresponding to the eUICC;
      
      transmit the profile installer credential to a target subscription manager-data preparing device (SM-DP);
      
      send a PP generation request to the target SM-DP, wherein the PP generation request instructs the target SM-DP to generate a target PP corresponding to the target SM-SR and to encrypt the target PP by using the profile installer credential; and
      
      receive, from the target SM-DP, the encrypted target PP.
  - 34. The device according to claim 33, wherein the non-transitory computer readable medium further has stored thereon instructions for causing the processor to:
    - determine that the source SM-SR is a legal SM-SR according to authentication information of the source SM-SR; and
      
      send, to the source SM-SR and after determining that the source SM-SR is a legal SM-SR, a first switching request used for replacing an SM-SR pre-connected to the eUICC, wherein the first switching request comprises authentication information of the target SM-SR, and at least one of the eID or the IMEI, so that the source SM-SR determines that the target SM-SR is a legal SM-SR according to the authentication information of the target SM-SR, and determines to replace the SM-SR pre-connected to the eUICC with the target SM-SR for the eUICC.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Huawei Device Company Limited (Huawei Investment & Holding Co., Ltd.)
Original Assignee
Huawei Device Company Limited (Huawei Investment & Holding Co., Ltd.)
Inventors
Gao, Linyi, Jin, Hui
Primary Examiner(s)
Shaw, Brian

Application Number

US14/586,664
Publication Number

US 20150121495A1
Time in Patent Office

1,036 Days
Field of Search

455411, 380247, 713189, 726 27
US Class Current
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04W 12/02   Protecting privacy or anony...

H04W 12/04   Key management, e.g. using ...

H04W 12/35   Protecting application or s...

Method and device for switching subscription manager-secure routing device

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

27 Citations

34 Claims

Specification

Solutions

Use Cases

Quick Links

Method and device for switching subscription manager-secure routing device

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

27 Citations

34 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links