CN103747104A

Movatterモバイル変換

Info

Publication number: CN103747104A
Application number: CN201410036407.XA
Authority: CN
Inventors: 陈豪; 张尼; 张云勇; 宫雪; 姚海鹏
Original assignee: China United Network Communications Group Co Ltd
Current assignee: China United Network Communications Group Co Ltd
Priority date: 2014-01-24
Filing date: 2014-01-24
Publication date: 2014-04-23

Abstract

本发明提供了一种在物联网设备间迁移用户信息的方法和系统；方法包括：远程管理平台收到从第一设备迁移第一用户信息到第二设备的触发消息后，删除所述第一设备的嵌入式通用集成电路卡eUICC中的所述第一用户信息；删除成功后，所述远程管理平台重新加密所述第一用户信息，将重新加密后的所述第一用户信息下载到所述第二设备的eUICC中；所述远程管理平台将所述第一用户信息对应的eUICC更新为所述第二设备的eUICC。本发明能够实现用户信息在不同物联网设备的eUICC间的互操作。

The present invention provides a method and system for migrating user information between IoT devices; the method includes: after the remote management platform receives a trigger message for migrating the first user information from the first device to the second device, deletes the first The first user information in the embedded universal integrated circuit card eUICC of the device; after the deletion is successful, the remote management platform re-encrypts the first user information, and downloads the re-encrypted first user information to the the eUICC of the second device; the remote management platform updates the eUICC corresponding to the first user information to the eUICC of the second device. The present invention can realize the interoperability of user information between eUICCs of different Internet of Things devices.

Description

A kind of between internet of things equipment the method and system of migrated users information

Technical field

The present invention relates to network field, relate in particular to a kind of between internet of things equipment the method and system of migrated users information.

Background technology

Internet of things equipment refers to and uses the mobile network of operator, the equipment communicating with Internet of Things management platform.The SIM card that internet of things equipment is used need be integrated in internet of things equipment in the internet of things equipment production phase, was called as embedded UICC(Universal Integrated Circuit Card, Universal Integrated Circuit Card), be called for short eUICC.

EUICC is as the authentication instrument of internet of things equipment access carrier network, and carries the safety barrier of various application, data, become the key core technology of Internet of Things development.Remote management platform and eUICC set up escape way, based on this escape way remote management platform, generally by OTA(Over The Air, download in the air) mode realize the telemanagement (eUICC can not plug) to eUICC CAMEL-Subscription-Information.

Remote management platform, according to the defined file of cooperation operator, generates the eUICCprofile(user profile of each operator), with the form of encrypting, download on eUICC.The schematic diagram of eUICC telemanagement as shown in Figure 1, preset initial access information in eUICC card; EUICC manufacturer registers at remote management platform, for eUICC provides escape way; Operator provides profile defined file, and remote management platform generates profile, and with encrypted form and eUICC, completes alternately the management of profile.The profile of each operator comprises Ki(Keyidentifier, mobile phone identification key), IMSI(International Mobile Subscriber Identification Number, international mobile subscriber identity), ICCID(Integrate circuit card identity, integrated circuit card identification code), MSISDN(Mobile Station international ISDN number, the international comprehensive service digital net number of travelling carriage), policy information, charge information, business information etc.Due to the sensitive information that profile comprises user and operator, the content of profile can not extract from eUICC.

Profile has two states operation, activates (enable) and deexcitation (disable).The upper profile that may have multiple operators of eUICC, but a certain moment only have a profile in state of activation.After profile is downloaded to eUICC, operator sends activation instruction to remote management platform, by remote management platform, activates this profile.After completing activation, eUICC can equally be connected with common UICC the network of current operator.

Because the profile definition of each operator is not quite similar, and the eUICC that each card vendor produces also there are differences, and the Interoperability of profile between the eUICC of different internet of things equipments is the problem that must solve.The interoperability of profile between the eUICC of different internet of things equipments refers to, the profile of validated user can be used on different internet of things equipments, as long as this internet of things equipment has qualified eUICC, the eUICC that just user's profile can be downloaded to this internet of things equipment is upper, thus the service of using operator's management platform to provide by this internet of things equipment.。

If use pluggable UICC, be easy to realize user profile the interoperability between distinct device (UICC is extracted and is then installed to a new equipment from an equipment).But under eUICC environment, because eUICC can not plug and profile can not extract (security consideration) from eUICC, cannot solve the Interoperability of profile between the eUICC of different internet of things equipments.If this problem can not be resolved, profile can only be used on specific internet of things equipment, can not realize the interoperability between the internet of things equipment that possesses different hardware, software capability.

Summary of the invention

The technical problem to be solved in the present invention is how to realize the interoperability of profile between the eUICC of different internet of things equipments.

In order to address the above problem, the invention provides a kind of between internet of things equipment the method for migrated users information, comprising:

Remote management platform receives from the first equipment transportation first user information to the triggering message of the second equipment, deletes the described first user information in the universal embedded integrated circuit card eUICC of described the first equipment;

After deleting successfully, first user information described in described remote management platform re-encrypted, downloads to the described first user information after re-encrypted in the eUICC of described the second equipment;

Described remote management platform is updated to eUICC corresponding to described first user information the eUICC of described the second equipment.

Alternatively, described remote management platform is received from the first equipment transportation first user information and is also comprised to the step of the triggering message of the second equipment:

Operator Specific Service management platform receives first user mandate to the second equipment for the first user information from first this user of equipment transportation, and the hardware identifier of the eUICC of described the second equipment;

Described Operator Specific Service management platform locks the first user information in described the first equipment;

Described Operator Specific Service management platform sends the triggering message from the first equipment transportation first user information to the second equipment to described remote management platform, carries the hardware identifier of the mandate of described first user and the eUICC of described the second equipment in described triggering message.

Alternatively, described remote management platform is deleted after the described first user information in the eUICC of described the first equipment, also comprises before downloading to described in re-encrypted in the eUICC of described the second equipment after first user information:

Described remote management platform sends the aerial download state synchronization request message of described first user information to the aerial Download Server of operator, wherein comprise the current aerial download state of described first user information;

The up-to-date aerial download state that the aerial Download Server of described operator is stored on book server the current aerial download state of described first user information and described first user information compares, and according to comparative result, the more fresh content of described first user information is returned to described remote management platform;

Described remote management platform is according to the aerial download state of first user information described in described renewal content update.

Described remote management platform is inquired about the eUICC ability of described the second equipment, obtains the eUICC ability upper limit of described the second equipment;

Described remote management platform detects the match condition of described first user information and the eUICC ability upper limit of described the second equipment of obtaining, if coupling carries out downloading to after first user information described in described re-encrypted the step in the eUICC of described the second equipment; If do not mated, unmatched parameter in first user information is used as default, then carry out after first user information, downloading to described in described re-encrypted the step in the eUICC of described the second equipment.

Alternatively, described remote management platform also comprises after eUICC corresponding to described first user information being updated to the step of eUICC of described the second equipment:

Described remote management platform notifies described Operator Specific Service management platform device to move;

The renewal of the equipment that described Operator Specific Service management platform is used recorded described first user is described the second equipment.

The present invention also provide a kind of between internet of things equipment the system of migrated users information, comprising:

Remote management platform;

Described remote management platform comprises:

Removing module, for when receiving from the first equipment transportation first user information to the triggering message of the second equipment, deletes the described first user information in the universal embedded integrated circuit card eUICC of described the first equipment;

Encrypting module, for first user information described in re-encrypted after deleting successfully, downloads to the described first user information after re-encrypted in the eUICC of described the second equipment;

Logging modle, for being updated to eUICC corresponding to described first user information the eUICC of described the second equipment.

Alternatively, described system also comprises:

Operator Specific Service platform, for receiving first user mandate to the second equipment for the first user information from first this user of equipment transportation, and the hardware identifier of the eUICC of described the second equipment, lock the first user information in described the first equipment, to described remote management platform, send the triggering message from the first equipment transportation first user information to the second equipment, in described triggering message, carry the hardware identifier of the mandate of described first user and the eUICC of described the second equipment.

Alternatively, described system also comprises:

The aerial Download Server of operator;

Described remote management platform also comprises:

State synchronized module, for before first user information described in described encrypting module re-encrypted, to the aerial Download Server of described operator, send the aerial download state synchronization request message of described first user information, wherein comprise the current aerial download state of described first user information; And the aerial download state of first user information described in the renewal content update returning according to the aerial Download Server of described operator;

The aerial Download Server of described operator is for receiving after the aerial download state synchronization request of described first user information, the up-to-date aerial download state that the current aerial download state of described first user information and described first user information are stored on book server compares, and according to comparative result, the more fresh content of described first user information is returned to described remote management platform.

Alternatively, described remote management platform also comprises:

Interoperability detection module, for before first user information described in described encrypting module re-encrypted, inquires about the eUICC ability of described the second equipment, obtains the eUICC ability upper limit of described the second equipment; Detect the match condition of described first user information and the eUICC ability upper limit of described the second equipment of obtaining, if coupling indicates described encrypting module to carry out the operation of first user information described in described re-encrypted; If do not mated, unmatched parameter in described first user information is used as default, then indicate described encrypting module to carry out the operation of first user information described in described re-encrypted.

Alternatively, described remote management platform also comprises:

Notification module, for when eUICC corresponding to described first user information is updated to after the eUICC of described the second equipment, notifies described Operator Specific Service management platform device to move;

Described Operator Specific Service management platform is also described the second equipment for the renewal of the equipment that recorded described first user is used.

At least one embodiment of the present invention can realize the user profile (profile) of eUICC and move between the eUICC of different internet of things equipments, thereby it is upper that the profile that the eUICC remote management platform of operator is generated can download to any qualified eUICC, realized the profile interoperability on the eUICC of distinct device.

Accompanying drawing explanation

Fig. 1 is the schematic diagram of eUICC telemanagement;

Fig. 2 is the schematic flow sheet of the method for migrated users information between internet of things equipment of embodiment mono-;

Fig. 3 is the schematic flow sheet of example in embodiment mono-;

Fig. 4 is the schematic diagram of example in embodiment bis-.

Embodiment

Below in conjunction with drawings and Examples, technical scheme of the present invention is described in detail.

It should be noted that, if do not conflicted, each feature in the embodiment of the present invention and embodiment can mutually combine, all within protection scope of the present invention.In addition, although there is shown logical order in flow process, in some cases, can carry out shown or described step with the order being different from herein.

Embodiment mono-, a kind of between internet of things equipment the method for migrated users information, as shown in Figure 2, comprising:

S101, remote management platform receive from the first equipment transportation first user information to the triggering message of the second equipment, deletes the described first user information in the eUICC of described the first equipment;

S102, delete successfully after, first user information described in described remote management platform re-encrypted, downloads to the described first user information after re-encrypted in the eUICC of described the second equipment;

S103, described remote management platform are updated to eUICC corresponding to described first user information the eUICC of described the second equipment.

In an embodiment of the present embodiment, before described step S101, can also comprise:

In present embodiment, described step S103 comprises:

Described remote management platform is tied up the hardware identifier solution of the eUICC of described first user information and described the first equipment, then by the hardware identifier binding of the eUICC of described first user information and described the second equipment.

In an embodiment of the present embodiment, after step S101, before step S102, can also comprise:

Described remote management platform detects the match condition of described first user information and the eUICC ability upper limit of described the second equipment of obtaining, if coupling is carried out described step S102; If do not mated, unmatched parameter in first user information is used as default, then carry out described step S102.

In an embodiment of the present embodiment, after step S103, can also comprise:

Below with a concrete example explanation the present embodiment; In this example, the flow process of migrated users information as shown in Figure 2, comprisesstep 201～216.

201, user buys internet of things equipment (built-in eUICC card) from operator, and Operator Specific Service management platform is responsible for maintenance customer's facility information (being the record of the equipment that uses of each user), the legitimacy of authenticated user.By user, initiate migration, user a moves to the mandate of Operator Specific Service management platform from original equipment (device A) after the profile(of this user a referred to as a profile) to new equipment (equipment B), and the hardware identifier of the eUICC of equipment B is provided.

202, after Operator Specific Service management platform obtains the mandate of user a, a profile in device A can be locked to (that is: the relevant information that profile comprises is set to down state, for example, make IMSI/Ki in profile not network, business can not be used etc.).

203, Operator Specific Service management platform will be issued remote management platform to the triggering message of equipment B from device A migration the one profile, and the mandate that comprises user a in this triggering message also comprises the hardware identifier of the eUICC of equipment B.

204, remote management platform sends profile delete instruction to the eUICC of device A, deletes a described profile.

205, the eUICC of device A completes deletion action, replys remote management platform.

206, after remote management platform receives deletion the one profile success message that the eUICC of device A returns, to operator's OTA server, send OTA state synchronized request message, the hardware identifier of the eUICC that this OTA state synchronized request message comprises device A, the sign of a profile, the current OTA state of a profile.

207, the relatively up-to-date OTA state of a profile of the current OTA state of a profile and self maintained in OTA state synchronized request message of the OTA of operator server, by the OTA of a profile who obtains according to comparative result more fresh content be included in return messages, return to remote management platform.

208, remote management platform completes the OTA state synchronized of a profile according to the described more fresh content in return messages.

209, after completing OTA state synchronized, remote management platform sends capability query message to the eUICC of equipment B.

210, the eUICC of equipment B reports the eUICC ability upper limit of oneself, comprises hardware (as memory size) and software (as operation system information) ability.

211, remote management platform detects the match condition of a profile and eUICC ability, if detect that some parameter of profile do not mate with eUICC ability, (default value definite need operator and eUICC manufacturer is common determine in advance) uses as default these parameters.

212, remote management platform re-encrypted the one profile be downloaded to equipment B.

213, equipment B completes download, installation the activation of a profile, and Returning equipment has moved message to remote management platform.

214, remote management platform upgrades the binding relationship of a profile and eUICC hardware identifier, and a profile is made into bind with the eUICC hardware identifier of equipment B.

215, remote management platform has moved message to Operator Specific Service management platform Returning equipment.

216, Operator Specific Service management platform is upgraded user equipment information, and the equipment of the current use of recording user a is equipment B.

Embodiment bis-, a kind of between internet of things equipment the system of migrated users information, comprising:

Remote management platform;

Described remote management platform comprises:

Removing module, for when receiving from the first equipment transportation first user information to the triggering message of the second equipment, deletes the described first user information in the eUICC of described the first equipment;

In an embodiment of the present embodiment, described system can also comprise:

Operator Specific Service management platform, for receiving first user mandate to the second equipment for the first user information from first this user of equipment transportation, and the hardware identifier of the eUICC of described the second equipment, lock the first user information in described the first equipment, to described remote management platform, send the triggering message from the first equipment transportation first user information to the second equipment, in described triggering message, carry the hardware identifier of the mandate of described first user and the eUICC of described the second equipment.

In an embodiment of the present embodiment, described system can also comprise:

The aerial Download Server of operator;

Described remote management platform can also comprise:

In an embodiment of the present embodiment, described remote management platform can also comprise:

The renewal of the equipment that described Operator Specific Service management platform can also be used for recorded described first user to use is described the second equipment.

An object lesson of the present embodiment as shown in Figure 4, comprises Operator Specific Service management platform, remote management platform, the aerial Download Server of operator; Main interface comprises:

Interface 401: the escape way of setting up between remote management platform and Operator Specific Service management platform, the network side of being responsible for the CAMEL-Subscription-Information that definition, customer service management (service handling, open, charging etc.), the user's of user's profile profile comprises in this Operator Specific Service management platform is opened etc.;

Interface 402: the escape way of setting up between remote management platform and the OTA of operator server, after the profile that operator's OTA server is responsible for user activates on eUICC, the content of profile is upgraded to (as update strategy, upgrade the 3rd side's application file that profile comprises etc.).

Interface 403, interface 404: the escape way between device A and equipment B and remote management platform, eUICC in device A and equipment B has been registered on remote management platform, and remote management platform can carry out by escape way the telemanagement of profile to the eUICC in device A and B;

Interface 405: the interface between the OTA of operator server and equipment, the OTA of operator server can upgrade by this interface the content of user profile.

After remote management platform is preserved user profile(with encrypted form activates because profile downloads and installs that eUICC is upper, operator can upgrade the content of profile without remote management platform by the OTA of operator server, so the OTA state of profile that remote management platform is preserved may not be up-to-date), and safeguard the binding relationship of profile and eUICC hardware identifier.After receiving the triggering message of Operator Specific Service management platform, by the above profile of the relative users of eUICC of interface 403 sweep equipment A.Then the safe key re-encrypted profile relating to interface 404, preserves and is downloaded in the eUICC of equipment B.

Before profile being downloaded to the eUICC of equipment B at remote management platform by interface 404, remote management platform need to by with the OTA of operator server communication, the OTA state of simultaneous user's profile, and need to detect synchronously complete after user's profile and the ability upper limit of eUICC in equipment B (comprising hardware and software) whether mate (being whether profile can completely normally work at the eUICC of equipment B).If detect that some parameter of profile do not mate with eUICC ability, (default value definite need operator and eUICC manufacturer is common determine in advance) uses as default parameter.

In this example, described Operator Specific Service management platform can comprise:

Equipment transportation is accepted module: the request that the profile of accepted user moves between distinct device, authenticates and obtain user's mandate to user;

Locking module: the relevant information that the profile of relative users in used equipment is comprised locks;

Trigger module, sends the triggering message from the first equipment transportation first user information to the second equipment to described remote management platform, carries the hardware identifier of the mandate of described first user and the eUICC of described the second equipment in described triggering message.

Described remote management platform specifically can comprise:

State synchronized module: with the OTA of operator server interaction, the OTA state of simultaneous user profile.

Interoperability detection module: detect profile and whether can mate with the ability of eUICC.

Profile administration module: generation, encryption, storage, download, activation, deletion and the corresponding eUICC etc. of management profile.This module can further comprise described removing module, encrypting module, logging modle etc.

EUICC in equipment specifically can comprise

EUICC capability reporting module: report the ability upper limit of eUICC to remote management platform, comprise hardware (as memory size) and software capability (as operation system information);

OTA file update module: accept the instruction of the OTA of operator server, upgrade profile content;

Profile administration module: management profile download, installation, activation, deletion etc.

One of ordinary skill in the art will appreciate that all or part of step in said method can carry out instruction related hardware by program and complete, described program can be stored in computer-readable recording medium, as read-only memory, disk or CD etc.Alternatively, all or part of step of above-described embodiment also can realize with one or more integrated circuits.Correspondingly, the each module/unit in above-described embodiment can adopt the form of hardware to realize, and also can adopt the form of software function module to realize.The present invention is not restricted to the combination of the hardware and software of any particular form.

Certainly; the present invention also can have other various embodiments; in the situation that not deviating from spirit of the present invention and essence thereof; those of ordinary skill in the art are when making according to the present invention various corresponding changes and distortion, but these corresponding changes and distortion all should belong to the protection range of claim of the present invention.