WO2014012468A1 - Data configuration method, apparatus and system for universal integrated circuit card, computer program and storage medium - Google Patents

Data configuration method, apparatus and system for universal integrated circuit card, computer program and storage medium Download PDF

Info

Publication number
WO2014012468A1
WO2014012468A1 PCT/CN2013/079364 CN2013079364W WO2014012468A1 WO 2014012468 A1 WO2014012468 A1 WO 2014012468A1 CN 2013079364 W CN2013079364 W CN 2013079364W WO 2014012468 A1 WO2014012468 A1 WO 2014012468A1
Authority
WO
WIPO (PCT)
Prior art keywords
uicc
service
identifier
carrier device
key
Prior art date
Application number
PCT/CN2013/079364
Other languages
French (fr)
Chinese (zh)
Inventor
乐祖晖
罗红
Original Assignee
***通信集团公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ***通信集团公司 filed Critical ***通信集团公司
Publication of WO2014012468A1 publication Critical patent/WO2014012468A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/35Protecting application or service provisioning, e.g. securing SIM application provisioning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/70Services for machine-to-machine communication [M2M] or machine type communication [MTC]

Definitions

  • M2M machine-to-machine terminals
  • M2M generally refers to the communication of machine equipment with other devices or systems over a mobile communication network.
  • the smart card provided by the operator needs to be installed on the M2M terminal. Since the environment of the M2M terminal is different from that of the ordinary mobile phone terminal, it is necessary to use the M2M dedicated intelligence in the M2M terminal.
  • the M2M dedicated smart card generally refers to the upgraded smart card of the existing smart card based on the existing smart card to meet the needs of the M2M industry.
  • the M2M-dedicated smart card carries the code number resource provided by the operator, that is, the M2M terminal accesses the identity of the mobile communication network, and the M2M-dedicated smart card can also carry and handle different kinds of application scenarios and technologies provided by the operator.
  • the current M2M dedicated ffi smart cards are divided into the following two types: MP card and MS card.
  • MP card is the abbreviation of M2M Plug In card, which can be plugged-in SIM card. It can adapt to special environment and special card-based materials. It has high physical performance and can meet longer service life and harsher environment. Requirements.
  • the MS card is the abbreviation of M2M SMD (Surface Mount Device) card, which is a splicing SIM card, which fully has all the functions of the traditional SIM card, and adopts SMD patch.
  • M2M SMD Surface Mount Device
  • the packaging process allows the SIM card chip to be soldered directly to the M2M terminal module for tight, robust physical connections and reliable interface communication.
  • the carrier data in the existing MP card and the MS card is pre-configured by the operator, and the MP card and the MS card are in use. After that, the carrier data cannot be replaced, and the M2M terminal can only communicate with the predetermined operator, which limits the scope of use of the M2M terminal.
  • the main object of the present invention is to provide a data configuration method for three universal integrated circuit cards, which can dynamically configure carrier data of a universal integrated circuit card in an M2M terminal, and expand the use range of the M2M terminal.
  • Another object of the present invention is to provide a data configuration apparatus for four universal integrated circuit cards, which can dynamically configure carrier data of a general-purpose integrated circuit in an M2M terminal, and expand the use range of the M2M terminal.
  • Another object of the present invention is to provide a data configuration system for a universal integrated circuit card, which can dynamically configure carrier data of a universal integrated circuit card in an M2M terminal, and expand the range of the M2M terminal.
  • Another object of the present invention is to provide a storage medium, which can dynamically configure carrier data of an integrated circuit card in an M2M terminal, and expand the use range of the M2M terminal.
  • a data configuration method for a universal integrated circuit card includes: receiving a service provisioning request, where the service opening request carries a universal integrated circuit card UICC identifier and a first carrier device identifier;
  • a computer program for executing a data configuration method of the above-described universal integrated circuit card is a computer program for executing a data configuration method of the above-described universal integrated circuit card.
  • a storage medium for storing the above computer program is a storage medium for storing the above computer program.
  • a universal integrated circuit card management platform includes: a first receiving unit and a first sending unit; the first receiving unit is configured to receive a service opening request, where the service opening request carries a universal integrated circuit card UICC identifier and a first carrier device identifier, where the service provisioning request is sent to the first sending unit;
  • the first sending unit is configured to send a pre-stored UICC certificate corresponding to the UICC identifier to the first carrier device that is corresponding to the first carrier device identifier, where the UICC certificate carries the UICC Identification and UICC public key;
  • the first receiving unit is further configured to receive the encrypted first service key corresponding to the UICC identifier sent by the first carrier device, and send the encrypted first service key to the Said first transmitting unit;
  • the first sending unit is further configured to send the encrypted first service key to the
  • the UICC identifies the corresponding UICC.
  • a first carrier device comprising: a second receiving unit, a service key generating unit, a second sending unit, and a first service interaction unit;
  • the second receiving unit is configured to receive a UICC certificate sent by a universal integrated circuit card UICC management platform, where the UICC certificate carries a UICC identifier and a UICC public key, and sends the UICC certificate to the service key generating unit. ;
  • the service key generating unit is configured to: when the UICC certificate is verified to pass, generate a first service key corresponding to the UICC identifier according to a preset method, and use the UICC public key to use the first service
  • the key is encrypted, the first service key is sent to the first service interaction unit, and the encrypted first service key is sent to the second sending unit.
  • the second receiving unit is further configured to acquire, by the UICC, the first service key And then the sent service execution response is performed, where the service activation execution response carries the UICC identifier pre-stored by the UICC;
  • the first service interaction unit is configured to use the first service key and the UICC to perform a universal integrated circuit card, including: a third receiving unit, a decrypting unit, a third sending unit, and a second service interaction Unit
  • the third receiving unit is configured to receive the encrypted first service key sent by the universal integrated circuit card UICC management platform, and send the encrypted first service key to the decryption unit; Decrypting the encrypted first service key by using a pre-stored UICC private key corresponding to the UICC public key, acquiring the first service key, and transmitting the first service key to the second service An interaction unit, and sending a first sending instruction to the third sending unit, where the third sending unit is configured to send a service opening execution response to the first carrier device after receiving the first sending instruction, The service provisioning execution response carries pre-saved
  • the second service interaction unit is configured to perform service interaction with the first carrier device by using the first service key.
  • a household terminal comprising: a third storage unit and a universal integrated circuit card UICC;
  • the third storage unit is configured to store the UICC
  • the UICC is configured to receive the encrypted first service key sent by the UICC management platform, and decrypt the encrypted first service key by using a pre-stored UICC private key corresponding to the UICC public key. Transmitting a service opening response to the first carrier device, where the service opening execution response carries a pre-saved UICC identifier; using the first service key and the first carrier device Conduct business interactions.
  • a data configuration system for a universal integrated circuit card comprising: a universal integrated circuit card UICC management platform, a first carrier device, and a UICC;
  • the UICC management platform is configured to receive a service provisioning request, where the service provisioning request carries a UICC identifier and a first carrier device identifier, and sends the advance to the first carrier device corresponding to the first carrier device identifier.
  • the saved UICC certificate corresponding to the UICC identifier Receiving the encrypted first service key corresponding to the UICC identifier sent by the first carrier device, and sending the encrypted first service key to the UICC corresponding to the UICC identifier;
  • the first carrier device is configured to receive a UICC certificate sent by the UICC management platform, where the UICC certificate carries the UICC identifier and the UICC public key; when the UICC certificate is verified, according to The preset method generates a first service key corresponding to the UICC identifier, encrypts the first service key by using the UICC public key, and uses the UICC management platform to encrypt the first service key.
  • the UICC is configured to receive the encrypted first service key sent by the UICC management platform, and use the pre-stored UICC private key corresponding to the UICC public key to encrypt the encrypted first service key. Decrypting the key to obtain the first service key; sending a service activation execution response to the first carrier device, where the service activation execution response carries the UICC identifier saved in advance; using the first service The key performs business interaction with the first carrier device.
  • the UICC management platform obtains the encrypted first service key corresponding to the UICC identifier generated by the first carrier device according to the UICC identifier and the first carrier device identifier carried in the service provisioning request. After obtaining the encrypted first service key, the UICC decrypts the encrypted first service key by using the pre-stored UICC private key, and uses the decrypted first service key and the first carrier. The device performs business interaction.
  • the first carrier device identifier is carried by the UICC management platform according to the first carrier device identifier, and the first carrier device corresponding to the first carrier device identifier is opened according to the first carrier device identifier.
  • the universal integrated circuit proposed by the present invention The data configuration method, device and system of the card solve the technical problem that the M2M terminal can only communicate with the predetermined operator in the prior art, and expand the use range of the M2M terminal; Convenient and easy to popularize. Description
  • FIG. 1 is a flow chart of a first implementation of a universal integrated circuit card according to the present invention.
  • FIG. 2 is a flow chart showing the implementation of a method for generating a universal integrated circuit card certificate according to the present invention.
  • FIG. 3 is a flow chart showing the implementation of the first embodiment of the universal integrated circuit card according to the present invention.
  • FIG. 4 is a schematic diagram of a method for generating a transmission subkey according to the present invention.
  • FIG. 5 is a flow chart showing the implementation of the second embodiment of the universal integrated circuit card according to the present invention.
  • FIG. 6 is a flow chart showing a second implementation of the universal integrated circuit card according to the present invention.
  • FIG. 7 is a flow chart of a third implementation of the universal integrated circuit card according to the present invention.
  • FIG. 8 is a flow chart showing a fourth implementation of the universal integrated circuit card according to the present invention.
  • FIG. 9 is a flow chart of a first implementation of terminating a universal integrated circuit card according to the present invention.
  • FIG. 10 is a flowchart of an implementation of a first embodiment of terminating a universal integrated circuit card according to the present invention.
  • FIG. 1I is a flowchart of an implementation of a second embodiment of terminating a universal integrated circuit card according to the present invention.
  • FIG. 12 is a flow chart of a second implementation of terminating a universal integrated circuit card according to the present invention.
  • FIG. 13 is a flowchart of a third implementation of terminating a remote integrated circuit card according to the present invention.
  • FIG. 14 is a flow chart of a fourth implementation of terminating a universal integrated circuit card according to the present invention.
  • FIG. 15 is a flowchart of a first implementation of a universal integrated circuit card switching operator according to the present invention.
  • FIG. 16 is a flowchart of an implementation of a first embodiment of a universal integrated circuit card switching operator according to the present invention.
  • FIG. 17 is a flowchart of an implementation of a second embodiment of a universal integrated circuit card switching operator according to the present invention.
  • FIG. 18 is a second implementation flowchart of a universal integrated circuit card switching operator according to the present invention.
  • FIG. 19 is a flowchart showing the third implementation of the universal integrated circuit card switching operator of the present invention.
  • FIG. 20 is a flowchart of a fourth implementation of a universal integrated circuit card switching operator according to the present invention.
  • FIG. 21 is a schematic structural diagram of a general-purpose integrated circuit card management platform according to the present invention.
  • FIG. 22 is a schematic structural diagram of a first carrier device according to the present invention.
  • FIG. 23 is a schematic structural diagram of a universal integrated circuit card according to the present invention.
  • FIG. 24 is a schematic structural diagram of a user terminal according to the present invention.
  • FIG. 25 is a schematic structural diagram of a data configuration system of a universal integrated circuit card according to the present invention.
  • the data configuration scheme of the card can realize dynamic data configuration of the universal integrated circuit card in the M2M terminal, and expands the use range of the M2M terminal.
  • FIG. 1 is a flow chart of a first implementation of a universal integrated circuit card according to the present invention. As shown in Figure 1, the steps described below are included:
  • step! 01 The universal integrated circuit card UICC management platform receives the service opening request message, where the service opening request message carries the UICC identifier and the first carrier device identifier.
  • the Universal Integrated Circuit Card is a removable smart card that stores information such as user information, authentication keys, phone books, and short messages.
  • the UICC identifier may be a UICC ID, or may be other identifier information of the UICC.
  • the UICC management platform can receive the service provisioning request in the following two ways:
  • the first carrier device MN01 that the user applies for is received by the user, and the service request request carries the UICC identifier.
  • the first carrier device sends a service open request to the UICC management platform.
  • the service provisioning request carries the UICC identifier and the first carrier device identifier pre-stored by the first carrier device.
  • the user can obtain the UICC identifier corresponding to the UICC.
  • the user applies to the first carrier device to open the UICC, the user submits a service request request to the first carrier device, where the service request is requested. Carrying the UICC logo.
  • the UICC management platform directly receives the service provisioning request submitted by the user, where the service open request message carries the UICC identifier and the first carrier device identifier.
  • Step 102 The UICC management platform sends a pre-stored UICC certificate corresponding to the UICC identifier to the first carrier device corresponding to the first carrier device identifier, where the UICC certificate carries the UICC identifier and the UICC public key.
  • the UICC management platform queries whether the UICC corresponding to the UICC identifier is activated. If not activated, Bay ij sends a pre-saved UICC certificate corresponding to the UICC identifier to the first carrier device; if activated, the first sentence The business device sends an error message. Specifically, the UICC is activated, that is, the UICC has opened a service interaction with an operator device; the UICC is not activated, that is, the UICC does not open a service interaction with a carrier device, or The UICC has been terminated with the operator.
  • FIG. 2 is a flow chart showing the implementation of a method for generating a universal integrated circuit card certificate according to the present invention. As shown in Figure 2, the steps described below are included:
  • Step 201 After receiving the key request sent by the UICC vendor device, the UICC randomly generates a UICC public-private key pair, sends the UICC public key to the UICC vendor device, and saves the UICC private key.
  • Step 202 The UICC management platform receives the UICC card information sent by the UICC vendor device, where the UICC card information carries the UICC identifier and the UICC public key.
  • the UICC management platform uniformly manages the UICC identifier. Specifically, the UICC management platform may randomly generate two or more UICC identifiers, and allocate the two or more UICC identifiers to the UICC vendor device, where the UICC vendor device is After receiving the two or more UICC identifiers sent by the UICC management platform, the UICC is generated according to each of the two or more UICC identifiers.
  • Step 203 The UICC management platform sends the UICC card information to the certification center.
  • the UICC management platform After receiving the UICC card information sent by the UICC vendor, the UICC management platform sends the UICC card information to the authentication center.
  • Step 204 When the authentication center passes the authentication of the UICC card information, the UICC certificate is returned to the UICC management platform, where the UICC certificate carries the UICC identifier and the UICC public key.
  • the authentication center After receiving the UICC card information sent by the UICC management platform, the authentication center authenticates the UICC card information according to the authentication method in the prior art.
  • the UICC management platform returns a UICC certificate
  • the UICC certificate carries the UICC identifier and the UICC public key.
  • Step 205 The UICC management platform saves the UICC certificate corresponding to the UICC identifier.
  • the UICC management platform proceeds to step 103: when the first carrier device verifies the UICC certificate, according to a preset method
  • the first service key corresponding to the UICC identifier is encrypted, and the first service key is encrypted by using the UICC public key, and the encrypted first service key is sent to the UICC corresponding to the UICC identifier by using the UICC management platform.
  • the first carrier device verifies the received UICC certificate, and when the first carrier device verifies the UICC certificate, according to The key generation method in the prior art generates a first service key corresponding to the UICC identifier, encrypts the first service key by using the UICC public key, and the first carrier device sends the encrypted first service key to the first service key.
  • the UICC management platform forwards the received encrypted first service key to the UICC corresponding to the UICC identifier.
  • Step 104 The UICC decrypts the encrypted first service key by using a pre-stored UICC private key corresponding to the UICC public key to obtain the first service key.
  • the UICC decrypts the encrypted first service key by using the pre-stored UICC private key to obtain the first service key.
  • Step 105 The first carrier device obtains a service opening execution response sent by the UICC after acquiring the first service key, where the service opening execution response carries a UICC identifier pre-saved by the UICC.
  • the UICC Before the step of obtaining the first service key, the UICC returns a service opening response response to the UICC management platform, where the service opening execution response carries the UICC identifier pre-stored by the UICC, and the UICC management platform receives the UICC management platform. After the service sent by the UICC is activated, the UICC corresponding to the UICC identifier is marked as activated, and the service activation execution response is sent to the first carrier device.
  • Step 106 The first carrier device and the UICC use the first service key for service interaction.
  • the UICC management platform is based on the first carrier device identifier, because the first carrier device identifier is carried in the service provisioning request sent by the user.
  • FIG. 3 is a flow chart showing the implementation of the first embodiment of the universal integrated circuit card according to the present invention. As shown in Figure 3, the steps described below are included:
  • Step 301 The first carrier device MN01 receives a service request request submitted by the user, where the service request request carries a UICC ID.
  • Step 302 The MN01 sends a service opening request to the UICC management platform, where the service opening request carries the UICC ID and the first carrier device identifier.
  • Step 303 The UICC management platform queries whether the UICC corresponding to the UICC ID is activated. If not, the process proceeds to step 304. Otherwise, step 305 is performed.
  • Step 304 The UICC management platform sends the pre-saved UICC certificate corresponding to the UICC ID to the MN01, and step 306 is performed.
  • Step 305 The UICC management platform sends an error message to the MNOi to end the opening process of the universal integrated circuit card.
  • Step 306 When the MN01 verifies the UICC certificate, the first service key AUCICkey1 corresponding to the UICC ID is generated according to a preset method, and the AUCICkey1 is encrypted by using the UICC public key PubUICCkey to obtain the encrypted first service key.
  • Step 307 The MN01 sends the encrypted first service key [AUICCkeyl]PubUICCkey to the UICC management platform.
  • Step 308 The UICC management platform forwards the encrypted first service key [AUICCkey I JPubUiCCkey to the UICC corresponding to the UICC ID.
  • the UICC management platform may send the encrypted first service key [AUICCkeyl]PubUICCkey to the UICC corresponding to the UICC identifier using a wired network or a wireless network.
  • the data interaction between the UICC management platform and the UICC can be encrypted and authenticated by transmitting the subkey TUICCkey.
  • the UICC management platform forwards the encrypted first service key [AUICCkeyi] PubUICCkey to the UICC corresponding to the UICC identifier
  • the UICC management platform may use the transmission subkey TUICCkey to encrypt [AUICCkey 1 JPubUiCCkey, UICC in After receiving the [AUICCkey l]PubUICCkey encrypted by the UICC management platform using TUICCKEY, the encrypted [AUICCkey i]PubUiCCkey is decrypted using TUICCkey to obtain [AUICCkey l]PubUICCkey.
  • FIG. 4 is a schematic diagram of a method for generating a transmission subkey according to the present invention.
  • the UICC management platform and the UICC vendor device are respectively connected to the encryption machine 1 and the encryption machine 2, and the transmission root key TRootkey, the UICC management platform and the UICC vendor device are respectively pre-stored in the encryption machine 1 and the encryption machine 2, respectively. All can be based on 11[(:: 10 obtains the transmission subkey 111 ⁇ 0« ⁇ .
  • the UICC management platform sends the UICC ID to the encryption machine 1, and the encryption machine 1 uses the pre-saved transmission root key TRootkey to the UICC ID.
  • Encryption is obtained with 1) 1 ((10 corresponds to the transmission subkey 1!11 ( 03 ⁇ 4 , and returns TUICCkey to the UICC management platform.
  • the UICC vendor device sends the UICC ID to the encryption machine 2, the encryption machine 2
  • the UICC ID is encrypted using the pre-saved transport root key TRooikey, the transport subkey TUICCkey corresponding to the UICC ID is obtained, and the TUICCkey is returned to the UICC vendor device.
  • Step 309 The UICC decrypts the encrypted first service key [AUICCkeyI]Pi*UICCkey by using a pre-stored UICC private key PriUICCkey corresponding to the UICC public key PubUICCkey to obtain a first service key AUICCkey1.
  • the UICC can decrypt the encrypted first service key [AUICCkeyi]PubUICCkey according to the decryption method in the prior art to obtain the first service key AUICCkey1.
  • Step 3i The UICC returns a service activation response to the UICC management platform after obtaining the AUICCkey1, and the service activation execution response carries the UICC ID pre-saved by the UICC.
  • Step 311 The UICC management platform marks the UICC corresponding to the UICC ID as activated.
  • Step 312 The UICC management platform sends a service open execution response to the MNOi.
  • Step 3I 3 MNOi and UICC enable the ffi first service key AUICCkey1 to perform business interaction.
  • FIG. 5 is a flow chart showing the implementation of the second embodiment of the universal integrated circuit card according to the present invention. As shown in Figure 5, the steps described below are included:
  • Step 501 The UICC management platform receives a service provisioning request submitted by the user, where the service opening request carries a UICC ID and a first carrier device identifier.
  • Step 502 The UICC management platform queries whether the UICC corresponding to the UICC ID is activated. If not, the process proceeds to step 503. Otherwise, step 504 is performed.
  • Step 503 The UICC management platform sends a pre-stored UICC certificate corresponding to the UICC ID to the MNOi corresponding to the first carrier device identifier, where the UICC certificate carries the UICC ID and the UICC public key, and step 505 is performed.
  • Step 504 The UICC management platform sends an error prompt message to the user, and ends the opening process of the universal integrated circuit card.
  • Step 505 When the MN01 verifies the UICC certificate, the first service key AUCICkey1 corresponding to the UICC ID is generated according to a preset method, and the AUTCCkeyi is encrypted by using the UICC public key PubUICCkey to obtain the encrypted first service key [AUICCkey 1]PubUICCkey.
  • Step 506 The MN01 sends the encrypted first service key [AUICCk:eyl]PubUICCkey to the UICC management platform.
  • Step 507 The UICC management platform forwards the encrypted first service key [AUICCkey I ]PubUICCkey to the UICC corresponding to the UICC ID.
  • Step 508 The UICC decrypts the encrypted first service key [AUICCkeylJPubUICCkey by using the pre-stored UICC private key PriUICCkey corresponding to the UICC public key PubUICCkey to obtain the first service key AUICCkeyl.
  • Step 509 After obtaining the AUCICkey1, the UICC returns a service activation execution response to the UICC management platform, where the service activation execution response carries the UICC IDo saved in advance by the UICC.
  • Step 5ih The UICC management platform sends a service activation execution response to the MN01.
  • Step 5I2 The MNOi and the UICC perform the service interaction of the ffi first service key AUCCkey1.
  • the UICC management platform obtains the UICC identifier generated by the first carrier device and the UICC identifier according to the UICC identifier and the first carrier device identifier carried in the service provisioning request.
  • the UICC decrypts the encrypted first service key using the pre-stored UICC private key after obtaining the encrypted first service key, and obtains the decrypted first service key.
  • the first service key interacts with the first carrier device.
  • the first carrier device identifier is carried by the UICC management platform, and the UICC management platform opens the first carrier device corresponding to the first carrier device identifier for the universal integrated circuit card according to the first carrier device identifier.
  • Inter-service interaction so operators can flexibly configure the operator data in the universal integrated circuit card flexibly, without the M2M terminal need to be customized according to the operator in the production process, so the universal integrated circuit card proposed by the present invention Data configuration method, device and system, solving the prior art M2M terminal can only be scheduled
  • the technical problems of the operator's communication have expanded the scope of use of the M2M terminal.
  • FIG. 6 is a flow chart showing a second implementation of the universal integrated circuit card according to the present invention. As shown in Figure 6, the steps described below are included:
  • Step 601 Receive a service provisioning request, where the service provisioning request carries a universal integrated circuit card UICC identifier and a first carrier device identifier.
  • the UICC management platform receives the service activation request message, where the service activation request message carries the UICC identifier and the first carrier device identifier.
  • the UICC management platform can receive the service provisioning request in the following two manners: In the first mode, the first carrier device MN01 that the user applies for is received by the user, and the service request request carries the UICC identifier.
  • the first carrier device sends a service provisioning request to the UICC management platform, where the service provisioning request carries the UICC identifier and the first carrier device identifier pre-stored by the first carrier device.
  • the user can obtain the UICC identifier corresponding to the UICC.
  • the user applies to the first carrier device to open the UICC, the user submits a service request request to the first carrier device, where the service request is requested. Carrying the UICC logo.
  • the UICC management platform directly receives the service provisioning request submitted by the user, where the service opening request message carries the UICC identifier and the first carrier device identifier.
  • Step 602 Send a pre-stored UICC certificate corresponding to the UICC identifier to the first carrier device corresponding to the first carrier device identifier, where the UICC certificate carries the UICC identifier and the UICC public key.
  • the UICC management platform sends a pre-stored UICC certificate corresponding to the UICC identifier to the first carrier device corresponding to the first carrier device identifier, where the UICC certificate carries the UICC identifier and the UICC public key.
  • the UICC management platform may query whether the UICC corresponding to the UICC identifier is activated. If not activated, the pre-saved UICC certificate corresponding to the UICC identifier is sent to the first carrier device; if activated, the error message is sent to the first carrier device.
  • Step 603 Receive an encrypted first corresponding to the UICC identifier sent by the first carrier device.
  • the service key, and the encrypted first service key is sent to the UICC corresponding to the UICC identifier.
  • the UICC management platform receives the encrypted first service key corresponding to the UICC identifier sent by the first carrier device, and sends the encrypted first service key to the UICC corresponding to the UICC identifier.
  • FIG. 7 is a flow chart of a third implementation of the universal integrated circuit card according to the present invention. As shown in Figure 7, the steps described below are included:
  • Step 701 Receive a UICC certificate sent by the UICC management platform, where the UICC certificate carries a UICC identifier and a UICC public key.
  • the first carrier device receives the UICC certificate sent by the UICC management platform, where the UICC certificate carries the UICC identifier and the UICC public key.
  • the first carrier device may receive a user submitting a service request request, where the service request request carries a UICC identifier; and the first carrier device sends a service activation request to the UICC management platform.
  • the service open request carries the UICC identifier and the first carrier device identifier pre-stored by the first carrier device.
  • Step 702 When the UICC certificate is verified, the first service key corresponding to the UICC identifier is generated according to a preset method, and the first service key is encrypted by using the UICC public key, and the encrypted first is obtained by the UICC management platform. A service key is sent to the UICC corresponding to the UICC identity.
  • the first carrier device verifies the received UICC certificate, and when the first carrier device verifies the UICC certificate, according to The key generation method in the prior art generates a first service key corresponding to the UICC identifier, encrypts the first service key by using the UICC public key, and the first carrier device sends the encrypted first service key to the first service key.
  • the UICC management platform forwards the received encrypted first service key to the UICC corresponding to the UICC identifier.
  • Step 703 Acquire a service provisioning execution response sent by the UICC after acquiring the first service key, where the service opening execution response carries a UICC identifier pre-saved by the UICC.
  • the first carrier device obtains a service activation execution response sent by the UICC after acquiring the first service key, where the service activation execution response carries a UICC identifier pre-stored by the UICC.
  • Step 704 Let the first service key interact with the UICC.
  • the first carrier device performs service interaction using the first service key and the UICC.
  • FIG. 8 is a flow chart showing a fourth implementation of the universal integrated circuit card according to the present invention. As shown in Figure 8, the steps described below are included:
  • Step 801 Receive an encrypted first service key sent by the UICC management platform.
  • Step 802 Decrypt the encrypted first service key by using a pre-stored UICC private key corresponding to the UICC public key to obtain the first service key.
  • the UICC decrypts the encrypted first service key by using the pre-stored UICC private key to obtain the first service key.
  • Step 803 Perform a service activation response sent to the first carrier device, where the service activation response carries a pre-saved UICC identifier.
  • the UICC After obtaining the first service key, the UICC returns a service opening execution response to the UICC management platform, where the service opening execution response carries the UICC identifier pre-stored by the UICC, and the UICC management platform receives the UICC.
  • the UICC corresponding to the UICC identifier is marked as activated, and the service activation execution response is sent to the first carrier device.
  • Step 804 Perform service interaction with the first carrier device by using the first service key.
  • FIG. 9 The flow chart of the first implementation of terminating the universal integrated circuit card of the present invention. As shown in Figure 9, the following steps are included:
  • Step 90h The UICC management platform receives the service termination request sent by the first carrier device, where the service termination request carries the UICC identifier and the first packet authentication code generated by the first carrier device according to the first service key.
  • the UICC management platform queries whether the UICC corresponding to the UICC identifier is activated, and if activated, sends a service termination request to the UICC identifier. Corresponding UICC, otherwise, send to the first carrier device Error message.
  • the UICC management platform may further receive a service cancellation request submitted by the user before receiving the service termination request sent by the first carrier device, where the service cancellation request carries a UICC identifier, and the UICC management platform query corresponds to the UICC identifier. Whether the UICC is activated, if activated, forwards the service cancellation request to the first carrier device, otherwise, sends an error message to the user.
  • Step 902 The UICC management platform sends a service termination request to the UICC corresponding to the UICC identifier.
  • the UICC management platform sends a service termination request to the UICC corresponding to the UICC identifier.
  • Step 903 When the UICC checks the first packet authentication code by ⁇ , the service interaction with the first carrier device is terminated.
  • the UICC may perform the verification on the received first message authentication code according to the verification method of the message authentication code in the prior art, and terminate when the UICC checks the first message authentication code. Perform business interaction with the first carrier device.
  • Step 904 The first carrier device obtains a service termination execution response sent by the UICC after terminating the service interaction with the first carrier device, where the service termination execution response carries the UICC identifier.
  • the service termination execution response is sent to the UICC management platform, and the service termination execution response carries the UICC identifier.
  • the UICC management platform marks the UICC corresponding to the UICC identifier as being inactive, and sends a service termination execution response to the first carrier device.
  • steps 901 to 904 it is possible to terminate the service interaction between the universal integrated circuit card and the first carrier device.
  • the following is a detailed description of the termination process of the universal integrated circuit card in combination with two specific embodiments:
  • FIG. 10 is a flowchart of an implementation of a first embodiment of terminating a universal integrated circuit card according to the present invention. As shown in Figure 10, the steps described below are included:
  • Step 1001 The MNOi receives a service cancellation request submitted by the user, where the service cancellation request is Carry a UICC ID.
  • Step 1002 The MNO1 generates a first message authentication code corresponding to the UICC ID according to the first service key, and sends a service termination request to the UICC management platform, where the service termination request carries the UICC ID and the first message authentication code.
  • the MN01 may perform the first message authentication code corresponding to the UICC ID generated according to the first service key according to the method for generating the message authentication code in the prior art.
  • step! 003 The UICC management platform queries whether the UICC corresponding to the UICC ID is activated. If not, the process proceeds to step 1004. Otherwise, step 1005 is performed.
  • Step 1004 The UICC management platform returns an error message to the MN01, and ends the process of terminating the universal integrated circuit card.
  • Step 1005 The UICC management platform sends a service termination request to the UICC corresponding to the UICC ID.
  • Step 1006 When the UICC passes the first message authentication code check, the service interaction with the MN01 is terminated.
  • Step 1007 The UICC sends a service termination execution response to the UICC management platform after terminating the service interaction with the MNOi, where the service termination execution response carries the UICC ID.
  • Step 1008 The UICC management platform marks the UICC corresponding to the UICC ID as being inactive.
  • Step 1009 The UICC management platform sends a service termination execution response to the MN01.
  • FIG. 11 is a flow chart showing the implementation of a second embodiment of terminating a universal integrated circuit card according to the present invention. As shown in Figure 11, the steps described below are included:
  • Step 1101 The UICC management platform receives a service cancellation request submitted by a user, where the service cancellation request carries a UICC ID.
  • Step 1102 The UICC management platform queries whether the UICC corresponding to the UICC ID is activated. If not, the process proceeds to step 1103. Otherwise, step 1104 is performed.
  • Step 1103 UICC Management Platform ⁇ The user returns an error message and ends the process of terminating the general integrated circuit card.
  • Step 1104 The UICC management platform forwards the service cancellation request to the MN01.
  • Step 1105 M 01 sends a service termination request to the UICC management platform according to the first packet authentication code corresponding to the UICC ID generated by the first service key, where the service termination request carries UICC ID and first message authentication code.
  • Step 1106 The UICC management platform sends a service termination request to the UICC corresponding to the UICC ID.
  • Step 1107 When the UICC passes the first message authentication code check, the service interaction with the MN01 is terminated.
  • Step 1108 The UICC sends a service termination execution response to the UICC management platform after terminating the service interaction with the MNI01, where the service termination execution response carries the UICC ID.
  • Step 1109 The UICC management platform marks the UICC corresponding to the UICC ID as being inactive.
  • Step 1110 The UICC management platform sends a service termination execution response to the MN01.
  • the UICC management platform terminates the universal integrated circuit card and the first carrier device identifier according to the UICC identifier and the first carrier device identifier carried in the service termination request. Business interaction between the first carrier devices.
  • FIG. 12 is a flow chart of a second implementation of terminating a universal integrated circuit card according to the present invention. As shown in Figure 12, the steps described below are included:
  • Step 120 Receive a service termination request sent by the first carrier device, where the service termination request carries a UICC identifier and a first packet authentication code generated by the first carrier device according to the first service key.
  • the UICC management platform receives the service termination request sent by the first carrier device, where the service termination request carries the UICC identifier and the first message generated by the first carrier device according to the first service key. code.
  • the UICC management platform queries whether the UICC corresponding to the UICC identifier is activated, and if activated, sends a service termination request to the UICC identifier.
  • the corresponding UICC otherwise, sends an error message to the first carrier device.
  • the UICC management platform may further receive a service cancellation request submitted by the user before receiving the service termination request sent by the first carrier device, where the service cancellation request carries a UICC identifier, and the UICC management platform queries the UICC identifier corresponding to the UICC identifier. Whether the UICC is activated, if it has been activated, the first carrier device of the Bay forwards the service cancellation request, otherwise, sends an error message to the ffi household. step! 202: Send a service termination request to a UICC corresponding to the UICC identifier.
  • the UICC management platform sends a service termination request to the UICC corresponding to the UICC identifier.
  • the UICC management platform receives the service termination execution response sent by the UICC after terminating the service interaction with the first carrier device, where the service termination execution response carries the UICC identifier, and the UICC management platform receives the service sent by the UICC. After terminating the execution response, the UICC corresponding to the UICC identity is marked as not activated, and the service termination execution response is sent to the first operational device.
  • FIG. 13 is a flowchart of a third implementation of terminating a universal integrated circuit card according to the present invention. As shown! 3, including the steps described below:
  • Step 1301 Send a service termination request to the UICC management platform, where the service termination request carries a UICC identifier and a first packet authentication code generated according to the first service key.
  • the first carrier device sends a service termination request to the UICC management platform, where the service termination request carries the UICC identifier and the first packet authentication code generated by the first carrier device according to the first service key.
  • Step 1302 Acquire a service termination execution response sent by the UICC, where the service termination execution response carries a UICC identifier.
  • the first carrier device obtains a service termination execution response sent by the UICC after terminating the service interaction with the first carrier device, where the service termination execution response carries
  • FIG. 14 is a flow chart of a fourth implementation of terminating a universal integrated circuit card according to the present invention. As shown in Figure 14, the steps described below are included:
  • Step 1401 Receive a service termination request sent by the UICC management platform, where the service termination request carries a UICC identifier and a first packet authentication code generated by the first carrier device according to the first service key.
  • the UICC receives the service termination request sent by the UICC management platform, where the service termination request carries the UICC identifier and the first packet authentication code generated by the first carrier device according to the first service key.
  • Step 1402 When the first message authentication code is verified, the device is terminated with the first carrier device. Line business interaction.
  • the UICC may perform the verification of the received first message authentication code according to the verification method of the message authentication code in the prior art, and when the UICC checks the first message authentication code through the date, Terminate the business interaction with the first carrier device.
  • Step 1403 Send a service termination execution response to the first carrier device, where the service termination execution response carries a UICC identifier.
  • the service termination execution response is sent to the UICC management platform, where the service termination execution response carries the UICC identifier.
  • the UICC management platform marks the UICC corresponding to the UICC identifier as being inactive, and sends a service termination execution response to the first carrier device.
  • the implementation process of the universal integrated circuit card switching operator may also be included.
  • 15 is a flow chart of the first implementation of the integrated circuit card switching operator of the present invention. As shown in Figure 15, the steps described below are included:
  • Step 1501 The UICC management platform receives the operator handover request, where the operator handover request carries the UICC identifier and the second carrier device identifier.
  • the UICC management platform can receive the operator handover in the following two manners.
  • the second carrier device MN02 that the user applies for handover receives the operator handover request submitted by the user, and the operator handover application is performed.
  • the second carrier device carries a service switching request to the UICC management platform, where the service switching request carries the UICC identifier and the second carrier device identifier pre-stored by the second carrier device.
  • the UICC management platform directly receives the operator handover request submitted by the user, where the operator handover request carries the UICC identifier and the second carrier device identifier.
  • Step 1502 When the first carrier device allows the UICC to switch to the operator device corresponding to the UICC identifier, the UICC management platform sends a UICC certificate to the second carrier device corresponding to the second carrier device identifier, where the UICC certificate carries There is a UICC identity and a UICC public key.
  • the UICC management platform queries the UICC identifier according to the UICC identifier.
  • the UICC management platform forwards the carrier switching request to the first carrier device to which the UICC corresponding to the UICC identifier belongs, and the first carrier device returns the operator switching response to the UICC management platform, UICC management.
  • the platform After receiving the operator handover response of the UICC handover operator corresponding to the UICC identifier sent by the first carrier device, the platform sends a UICC certificate to the second carrier device corresponding to the second carrier device identifier, where the UICC is sent.
  • the certificate carries the UICC identifier and the UICC public key.
  • Step 1503 When the second carrier device verifies the UICC certificate, the second service key corresponding to the UICC identifier is generated according to the preset method, and the second service key is encrypted by using the UICC public key, and the UICC identifier is matched. The encrypted second service key is sent to the UICC management platform
  • the second carrier device verifies the received UICC certificate, and when the second carrier device verifies the UICC certificate, according to
  • the key generation method in the prior art generates a second service key corresponding to the UICC identifier, encrypts the second service key by using the UICC public key, and the second carrier device encrypts the second corresponding to the UICC identifier.
  • the business key is sent to the UICC management platform.
  • Step 1504 The UICC management platform sends the encrypted second service key corresponding to the UICC identifier to the first carrier device, and receives the UICC identifier generated by the first carrier device according to the encrypted second service key.
  • the second message authentication code The second message authentication code.
  • the UICC management platform After receiving the encrypted second service key corresponding to the UICC identifier sent by the second carrier device, the UICC management platform sends the encrypted second service key to the first operation.
  • the first device device generates and is generated according to the encrypted second service key.
  • the second packet authentication code corresponding to the UICC identifier is sent to the UICC management platform.
  • Step 1505 The UICC management platform encrypts the second service key and the second message authentication code.
  • Step 1506 When the UICC checks the second message identification code, the second encrypted second pair is used. The service key is decrypted to obtain the second service key.
  • Step 1507 The second carrier device acquires an operator handover execution response sent by the UICC after acquiring the second service key, where the operator handover execution response carries the UICC identifier.
  • step! 508 The second carrier device interacts with the UICC using the second service key.
  • FIG. 16 is a flowchart of an implementation of a first embodiment of a universal integrated circuit card switching operator according to the present invention. As shown in Figure 16, the steps described below are included:
  • step! 601 The second carrier device MN02 receives the operator handover request submitted by the user, where the operator handover request carries the UICC ID.
  • Step 1602 The MN02 forwards the operator handover request to the UICC management platform, where the operator handover request carries the UICC ID and the second operator identifier.
  • Step 1603 The UICC management platform queries the operator device identifier currently belonging to the UICC corresponding to the UICC ID.
  • Step 1604 The UICC management platform forwards the operator switching request to the operator equipment MNOi to which the UICC corresponding to the UICC ID belongs.
  • Step 1605 The MNOI returns a carrier handover response to the UICC management platform.
  • the operator switching response may carry the information that the MNOi allows the UICC corresponding to the UICC identifier to switch the carrier device, and may also carry the information that the MNOI does not allow the UICC corresponding to the UICC identifier to switch the carrier device.
  • Step 1606 When the MNOI allows the UICC corresponding to the UICC ID to switch the carrier device, the UICC management platform sends the pre-stored UICC certificate corresponding to the UICC ID to the MN02, where the UICC certificate carries the UICC ID and the UICC public key PubUICCkey. .
  • Step 1607 When the MN02 verifies the UICC certificate, the second service key AUICCkey2 corresponding to the UICC ID is generated according to a preset method, and the AUICCkey2 is encrypted by using the PubUICCkey.
  • Step 1608 The MN02 sends an encrypted first step 1609 corresponding to the UICC ID to the UICC management platform: The UICC management platform sends the [AUICCkey2]PubUICCkey to the MN01.
  • Step 1610 The MN01 generates a second message authentication code according to [AUICCkey2] PubUICCkey.
  • Step 1611: M 01 sends the second message authentication code to the UICC management platform.
  • Step 1614 After obtaining the AUICCkey2, the UICC returns an operator handover execution response to the UICC management platform, where the operator handover execution response carries the UICC ID.
  • Step 1615 The UICC management platform modifies the current carrier device of the UICC to M 02.
  • Step 1616 The UICC management platform returns an operator handover execution response to the MN01.
  • Step 1617 The UICC management platform returns a carrier handover execution response to the MN02.
  • Step 1618 The MN02 interacts with the UICC using the second service key AUICCkey2.
  • FIG. 17 is a flowchart of an implementation of a second embodiment of a universal integrated circuit card switching operator according to the present invention. As shown in FIG. 17, the steps described below are included;
  • Step 1701 The UICC management platform receives the operator handover request submitted by the user, where the operator handover request carries the UICC ID and the second carrier device identifier.
  • Step ⁇ 02 The UICC management platform queries the operator device identifier currently belonging to the UICC corresponding to the UICC ID.
  • Step 1703 The UICC management platform forwards the operator switching request to the operator equipment MNOi to which the UICC corresponding to the UICC ID belongs.
  • Step ⁇ 04 MN01 returns the operator handover response to the UICC management platform.
  • Step 1705 When the MNOi allows the UICC corresponding to the UICC identifier to switch to the operator device, the UICC management platform sends the pre-stored UICC certificate corresponding to the UICC ID to the MN02, where the UICC certificate carries the UICC ID and the UICC public key PubUICCkey.
  • Step 1706 When the MN02 verifies the UICC certificate, the second service key AUICCkey2 corresponding to the UICC ID is generated according to a preset method, and the AUICCkey2 is encrypted by using the PubUICCkey.
  • Step 1707 The MN02 sends the encrypted second service key [AUICCkey2] PubUICCkey corresponding to the UICC ID to the UICC management platform.
  • Step 1708 The UICC management platform sends [AUICCkey2] PubUICCkey to MNO1.
  • Step 1709 MNO1 generates a second message authentication code according to [AUICCkey2] PubUICCkey.
  • step! 710 The MNO1 sends the second packet authentication code to the UICC management platform.
  • Step 1711 The UICC management platform sends a step 1712 to the UICC corresponding to the UICC ID: when the UICC checks the second message authentication code through the date, decrypts [AUICCkey2]PubUICCk:ey using the UICC private key PriUICCkey to obtain the second.
  • Step 1713 After obtaining the AUICCkey2, the UICC returns an operator handover execution response to the UICC management platform, where the operator handover execution response carries the UICC ID.
  • Step 1714 The UICC management platform modifies the current carrier device of the UICC to MN02.
  • the UICC management platform returns an operator handover execution response to the MNO1.
  • Step 1716 The UICC management platform returns a carrier handover execution response to the MN02.
  • Step 1717 The MN02 and the UICC use the second service key AUICCkey2 for service interaction.
  • FIG. 18 is a second implementation flowchart of a universal integrated circuit card switching operator according to the present invention. As shown in FIG. 18, the method includes the following steps: Step 1801: Receive an operator handover request, where the operator handover request carries a UICC identifier and a second carrier device identifier.
  • the UICC management platform receives the operator handover request, where the operator handover request carries the UICC identifier and the second carrier device identifier.
  • the UICC management platform can receive the operator handover request in the following two manners: In the first mode, the second carrier device MN02 that the user applies for handover receives the operator handover request submitted by the user, and the operator switches the application.
  • the second carrier device carries a service switching request to the UICC management platform, where the service switching request carries the UICC identifier and the second carrier device identifier pre-stored by the second carrier device.
  • the UICC management platform directly receives the operator handover request submitted by the user, where the operator handover request carries the UICC identifier and the second carrier device identifier.
  • Step 1802 When the first carrier device allows UICC switching operation corresponding to the UICC identifier The UICC certificate is sent to the second carrier device corresponding to the second carrier device identifier, where the UICC certificate carries the UICC identifier and the UICC public key.
  • the UICC management platform sends a UICC certificate to the second carrier device corresponding to the second carrier device identifier, where the UICC certificate is generated. It carries the UICC logo and the UICC public key.
  • Step 1803 Receive an encrypted second service key corresponding to the UICC identifier sent by the second carrier device, and send the encrypted second service key corresponding to the UICC identifier to the first carrier. device.
  • the UICC management platform receives the encrypted second service key corresponding to the UICC identifier sent by the second carrier device, and sends the encrypted second service key to the first carrier device.
  • the first carrier device generates a second packet authentication code corresponding to the UICC identifier according to the encrypted second service key, and sends the second packet authentication code to the UICC management platform.
  • Step 1804 Receive a second packet authentication code corresponding to the UICC identifier generated by the first carrier device according to the encrypted second service key.
  • the UICC management platform receives the second packet authentication code corresponding to the UICC identifier generated by the first carrier device according to the encrypted second service key.
  • Step 1805 Send the encrypted second service key and the second message authentication code to the UICC corresponding to the UICC identifier.
  • the UICC management platform sends the encrypted second service key and the second message authentication code to the UICC corresponding to the UICC identifier.
  • FIG. 19 is a flowchart showing the third implementation of the universal integrated circuit card switching operator of the present invention. As shown in Figure 19, the steps described below are included:
  • Step 1901 Receive an encrypted second service key corresponding to the UICC identifier sent by the UICC management platform.
  • the first carrier device receives the encrypted second service key corresponding to the UICC identifier sent by the UICC management platform.
  • Step 1902 The UICC management platform sends a second packet authentication code corresponding to the UICC identifier generated according to the encrypted second service key.
  • the first carrier device sends the encrypted second according to the UICC management platform.
  • FIG. 20 is a flowchart of a fourth implementation of a universal integrated circuit card switching operator according to the present invention. As shown in Figure 20, the steps described below are included:
  • Step 2001 Receive the encrypted second service key and the second message authentication code sent by the UICC management platform.
  • the UICC receives the encrypted second service key and the second message authentication code sent by the UICC management platform.
  • Step 2002 When the second message authentication code is verified, the encrypted second service key is decrypted by using the UICC private key to obtain the second service key.
  • the encrypted second service key is decrypted by using the UICC private key to obtain the second service key.
  • Step 2003 Send a carrier handover execution response to the second carrier device, where the operator switching execution response carries the UICC identifier.
  • the UICC sends an operator handover execution response to the second carrier device, where the operator handover execution response carries the UICC identifier.
  • Step 2004 Perform a service interaction with the second carrier device by using the second service key.
  • the UICC uses the second service key to perform service interaction with the second carrier device.
  • the UICC management platform obtains the encrypted information corresponding to the UICC identifier generated by the first carrier device according to the UICC identifier and the first carrier device identifier carried in the service provisioning request.
  • the first service key, the UICC decrypts the encrypted first service key using the pre-stored UICC private key after acquiring the encrypted first service key, and uses the decrypted first service key.
  • the UICC management platform opens the first carrier corresponding to the first carrier device identifier according to the first carrier device identifier according to the first carrier device identifier.
  • the data configuration method of the circuit card solves the technical problem that the M2M terminal can only communicate with a predetermined operator in the prior art, and expands the use range of the M2M terminal; in addition, the method of the present invention is convenient to implement, and Popularization.
  • FIG. 21 is a schematic structural diagram of a general-purpose integrated circuit card management platform according to the present invention. As shown in FIG. 21, the method includes: a first receiving unit 2101 and a first sending unit 2102;
  • the first receiving unit 2101 is configured to receive a service provisioning request, where the service provisioning request carries a universal integrated circuit card UICC identifier and a first carrier device identifier, and sends the service provisioning request to the first sending Unit 2102;
  • the first sending unit 2102 is configured to send, to the first carrier device corresponding to the first carrier device identifier, a pre-stored UICC certificate corresponding to the UICC identifier, where the UICC certificate carries the UICC identity and UICC public key;
  • the first receiving unit 2101 is further configured to receive the encrypted first service key corresponding to the UICC identifier sent by the first carrier device, and send the encrypted first service key to The first sending unit 2102.
  • the first sending unit 2102 further sends the encrypted first service key to the UICC corresponding to the UICC identifier.
  • the first receiving unit 2101 is specifically configured to receive the service provisioning request sent by the first carrier device, where the service opening request carries the UICC identifier and the first carrier device The first carrier device identifier saved in advance;
  • the service opening request carries the UICC identifier and the first carrier device identifier.
  • the universal integrated circuit card management platform further includes: a query unit 2103;
  • the query unit 2103 is configured to query whether the UICC corresponding to the UICC identifier is activated, and if not activated, send the UICC certificate to the first carrier device, otherwise, to the first carrier. The device sends an error message.
  • the universal integrated circuit card management platform further includes: a marking unit 2104;
  • the first receiving unit 2101 is further configured to receive a service activation execution response that is sent by the UICC after acquiring the first service key, where the service activation response carries the UICC identifier, and the service is The opening execution response is sent to the marking unit 2104 and the first sending unit 2102;
  • the marking unit 2104 is configured to mark the UICC corresponding to the UICC identifier as having been Activate
  • the first sending unit 2102 is further configured to send the service provisioning execution response to the first carrier device.
  • the universal integrated circuit card management platform further includes: a first storage unit 2105; the first receiving unit 210! is further configured to receive UICC card information sent by the UICC vendor device, where the UICC card information is carried The UICC identifier and the UICC public key, and the UICC card information is sent to the first sending unit 2102 ;
  • the first sending unit 2102 is further configured to send the UICC card information to the authentication center.
  • the first receiving unit 210! is further configured to: when the authentication center authenticates the UICC card information, Receiving the UICC certificate returned by the authentication center, the UICC certificate carrying the UICC identifier and the UICC public key, and sending the UICC certificate to the first storage unit 2105;
  • the first storage unit 2105 is configured to save the UICC certificate corresponding to the UICC identifier.
  • the first receiving unit 2101 is further configured to receive a service termination request sent by the first carrier device, where the service termination request carries the UICC identifier and is compared with the first carrier device according to the The first message authentication code generated by the first service key, the service termination request is sent to the first sending unit 2102;
  • the first sending unit 2102 is further configured to send the service termination request to a UICC corresponding to the UICC identifier.
  • the query unit 2103 is further configured to query whether a UICC corresponding to the UICC identifier is activated, and if activated, send the service termination request to a UICC corresponding to the UICC identifier, otherwise, Sending an error message to the first-operator device.
  • the first receiving unit 2101 is further configured to receive a service cancellation request submitted by the user, where the service cancellation request carries the UICC identifier, and the service cancellation request is sent to the query unit 2103. ;
  • the query unit 2103 is further configured to query whether the UICC corresponding to the UICC identifier is activated, and if activated, forward the service cancellation request to the first carrier device, otherwise, send the service cancellation request to the user Error message.
  • the first receiving unit 2101 is further configured to receive the service termination execution response sent by the UICC after terminating a service interaction with the first carrier device, where the service termination execution response carries The UICC identifier, the service termination execution response is sent to the marking unit 2104 and the first sending unit 2102;
  • the marking unit 2104 is further configured to mark the UICC corresponding to the UICC identifier as not being the first sending unit 2102, and to send the service termination execution response to the first carrier device.
  • the first receiving unit 2101 is further configured to receive a carrier switching request, where the operator switching request carries the UICC identifier and the second carrier device identifier, and sends the operator switching request to The first sending unit 2102;
  • the first sending unit 2102 is further configured to: when the first carrier device allows the UICC corresponding to the UICC identifier to switch the carrier device, to the second carrier corresponding to the second carrier device identifier
  • the device sends the UICC certificate, where the UICC certificate carries the UICC identifier and the UICC public key;
  • the first receiving unit 2101 is further configured to receive the encrypted second service key corresponding to the UICC identifier sent by the second carrier device, and send the encrypted second service key to The first sending unit 2102;
  • the first sending unit 2102 is further configured to send the encrypted second service key to the first carrier device;
  • the first receiving unit 2101 is further configured to receive a second packet authentication code corresponding to the UICC identifier generated by the first carrier device according to the encrypted second service key, The second message authentication code is sent to the first sending unit 2102;
  • the first sending unit 2102 is further configured to send the encrypted second service key and the second message authentication code to a UICC corresponding to the UICC identifier.
  • the first receiving unit 2101 is specifically configured to receive the operator switching request sent by the second carrier device, where the operator switching request carries the UICC identifier and the second Carrier equipment identification;
  • the carrier switching request carries With the UICC identifier and the second carrier device identifier.
  • FIG. 22 is a schematic structural diagram of a first carrier device according to the present invention. As shown in FIG. 22, the method includes: a second receiving unit 2201, a service key generating unit 2202, a second sending unit 2203, and a first service interaction unit 2204;
  • the second receiving unit 220! is configured to receive a UICC certificate sent by a universal integrated circuit card UICC management platform, where the UICC certificate carries a UICC identifier and a UICC public key, and sends the UICC certificate to the service key.
  • the service key generating unit 2202 is configured to: when the first carrier device verifies the UICC certificate, generate a first service key corresponding to the UICC identifier according to a preset method, and use the UICC public key. Encrypting the first service key, sending the first service key to the first service interaction unit 2204, and transmitting the encrypted first service key to the second sending unit 2.203;
  • the second sending unit 2203 is configured to send the encrypted first service key to the UICC corresponding to the UICC identifier
  • the second receiving unit 2201 is further configured to acquire a service activation execution response that is sent by the UICC after acquiring the first service key, where the service provisioning execution response carries the foregoing pre-save of the UICC UICC logo;
  • the first service interaction unit 2204 is configured to perform service interaction using the first service key and the UICC.
  • the second receiving unit 2201 is further configured to receive a service request request submitted by the user, where the service request request carries the UICC identifier, and the service request request is sent to the second sending Unit 2203;
  • the second sending unit 2203 is further configured to send the service provisioning request to the UICC management platform, where the service opening request carries the UICC identifier and the first pre-stored by the first carrier device A carrier device identifier.
  • the second sending unit 2203 is further configured to send a service termination request to the UICC management platform, where the service termination request carries the UICC identifier and the first carrier device according to the a first message authentication code generated by a service key;
  • the second receiving unit 2201 is further configured to acquire, by the UICC, the termination and the first operation.
  • the service termination response is sent after the service device performs the service interaction, and the service termination execution response carries the UICC identifier.
  • the second receiving unit 2201 is further configured to receive the encrypted second service key that is sent by the UICC management platform and that is corresponding to the UICC identifier;
  • the second sending unit 2203 is further configured to send, to the UICC management platform, a second packet authentication code corresponding to the UICC identifier generated according to the encrypted second service key.
  • FIG. 23 is a schematic structural diagram of a universal integrated circuit card according to the present invention. As shown in FIG. 23, the method includes: a third receiving unit 2301, a decrypting unit 2302, a third sending unit 2303, and a second service interaction unit 2304;
  • the third receiving unit 2301 is configured to receive the encrypted first service key sent by the universal integrated circuit card UICC management platform, and send the encrypted first service key to the decryption unit 2.302;
  • the decrypting unit 2302 is configured to decrypt the encrypted first service key by using a pre-stored UICC private key corresponding to the UICC public key, to obtain a first service key, and to use the first service key. Sending to the second service interaction unit 2304, and sending a first sending instruction to the third sending unit 2303;
  • the sending unit 2303 is configured to: after receiving the first sending instruction, send a service opening execution response to the first carrier device, where the service opening execution response carries a pre-stored UICC identifier;
  • the second service interaction unit 2304 is configured to perform service interaction with the first operator device by using the first service key.
  • the universal integrated circuit card further includes: a public-private key pair generating unit 2305 and a second storage unit 2306;
  • the third receiving unit 2301 is further configured to receive a key request sent by the UICC vendor device, and send the key request to the public and private key pair generating unit 2305;
  • the public-private key pair generating unit 2305 is configured to randomly generate a UICC public-private key pair, send the UICC public key to the third sending unit 2303, and send the UICC private key to the second storage unit 2306;
  • the third sending unit 2303 is further configured to send the UICC public key to the UICC.
  • the second storage unit 2306 is configured to save the UICC private key.
  • the universal integrated circuit card further includes: a service termination unit 2307;
  • the third receiving unit 2301 is further configured to receive a service termination request sent by the UICC management platform, where the service termination request carries the UICC identifier and the first carrier device is configured according to the first service The first message authentication code generated by the key, the service termination request is sent to the service termination unit 2307 and the third sending unit 2303;
  • the service termination unit 2307 is configured to terminate service interaction with the first carrier device when the first message authentication code is verified, and send a second sending to the third sending unit 2303.
  • the sending unit 2303 is further configured to: after receiving the second sending instruction, send a service termination execution response to the first operator equipment, where the service termination execution response carries the UICC identifier.
  • the receiving unit 2301 further receives the encrypted second service key and the second message authentication code corresponding to the UICC identifier sent by the UICC management platform, and the encrypted The second service key is sent to the decryption unit 2302;
  • the decrypting unit 2302 is further configured to: when the second packet authentication code passes, pass the UICC private key to decrypt the encrypted second service key, to obtain the first a second service key, the second service key is sent to the second service interaction unit 2304, and a third sending instruction is sent to the third sending unit 2303;
  • the second sending unit 2303 is further configured to: after receiving the third sending instruction, send an operator handover execution response to the second carrier device, where the operator switching execution response carries the UICC Identification
  • the second service interaction unit 2304 is configured to perform service interaction with the second operator device by using the second service key.
  • FIG. 24 is a schematic structural diagram of a user terminal according to the present invention. As shown in FIG. 24, the method includes: a third storage unit 2401 and a universal integrated circuit card UICC2402;
  • the third storage unit 2401, ⁇ stores the UICC 2402;
  • the UICC 2402 is configured to receive an encrypted first service key sent by the UICC management platform. Decrypting the encrypted first service key by using a pre-stored UICC private key corresponding to the uicc public key to obtain a first service key; sending a service activation execution response to the first carrier device, where the service is activated The execution response carries a pre-saved UICC identifier; the first service key is used to perform service interaction with the first carrier device.
  • the UICC management platform acquires the encrypted first one corresponding to the UICC identifier generated by the first carrier device according to the UICC identifier and the first carrier device identifier carried in the service provisioning request.
  • a service key after obtaining the encrypted first service key, the UICC decrypts the encrypted first service key by using a pre-stored UICC private key, and uses the first service key obtained after decryption.
  • the first carrier device performs business interaction.
  • the UICC management platform opens the first carrier device corresponding to the first carrier device identifier for the universal integrated circuit card according to the first carrier device identifier, because the first carrier device identifier is carried in the service provisioning request sent by the user.
  • the data configuration device solves the technical problem that the M2M terminal can only communicate with the predetermined operator in the prior art, and expands the scope of the M2M terminal; in addition, the method of the present invention is convenient to implement and convenient to popularize. .
  • FIG. 25 is a schematic structural diagram of a data configuration system of a universal integrated circuit card according to the present invention. As shown in FIG. 25, the system includes: a universal integrated circuit card UICC management platform 2501, a first carrier device 2502, and a UICC2503;
  • the UICC management platform 2501 is configured to receive a service provisioning request, where the service opening request includes a UICC identifier and a first carrier device identifier, and the first carrier device corresponding to the first carrier device identifier is
  • the 2502 sends a pre-stored UICC certificate corresponding to the UICC identifier, where the UICC certificate carries the UICC identifier and a UICC public key corresponding to the UICC identifier; and receives the message sent by the first carrier device 2502.
  • the UICC identifies the corresponding encrypted first service key, and sends the encrypted first service key to the first carrier device 2502 of the UICC for receiving the UICC management platform 2501.
  • the UICC certificate carrying the UICC identifier and the UICC public key
  • the first service key corresponding to the UICC identifier is generated according to a preset method, and the first service key is encrypted by using the UICC public key, and the UICC management platform 2501 is used by the UICC management platform 2501.
  • the encrypted first service key is sent to the UICC 2503 corresponding to the UICC identifier; and the service activation execution response sent by the UICC 2503 after the first service key is obtained, where the service activation response is carried
  • the UICC identifier saved in advance by the UICC; performing service interaction with the UICC 2503 by using the first service key;
  • the UICC 2503 is configured to receive the encrypted first service key sent by the UICC management platform 2501, and use the pre-stored UICC private key corresponding to the UICC public key to pair the encrypted first service key. Decrypting, obtaining the first service key; sending a service provisioning execution response to the first carrier device 2502, where the service provisioning execution response carries a pre-saved UICC identifier; using the first service key Performing business interaction with the first carrier device 2502.
  • the UICC management platform obtains the encrypted first one corresponding to the UICC identifier generated by the first carrier device according to the UICC identifier carried in the service provisioning request and the first carrier device identifier. a service key, the UICC decrypts the encrypted first service key using the pre-stored UICC private key after obtaining the encrypted first service key, so that the first service key obtained after decryption Perform business interaction with the first carrier device.
  • the UICC management platform opens the first carrier device corresponding to the first carrier device identifier for the universal integrated circuit card according to the first carrier device identifier, because the first carrier device identifier is carried in the service provisioning request sent by the user.
  • the data configuration system solves the technical problem that the M2M terminal can only communicate with the predetermined operator in the prior art, and expands the scope of the M2M terminal; in addition, the method of the present invention is convenient to implement and convenient to popularize. .

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Telephonic Communication Services (AREA)
  • Telephone Function (AREA)

Abstract

Disclosed are a data configuration method, apparatus and system for a universal integrated circuit card, a computer program and a storage medium. The method comprises: receiving a service open request, a UICC identification and a first operator device identification being carried in the service open request; sending a pre-stored UICC certificate corresponding to the UICC identification to a first operator device corresponding to the first operator device identification, the UICC identification and a UICC public key being carried in the UICC certificate; and receiving an encrypted first service encryption key corresponding to the UICC identification sent from the first operator device, and sending the encrypted first service encryption key to a UICC corresponding to the UICC identification. Compared with the prior art, the data configuration method, apparatus and system for a universal integrated circuit card, the computer program and the storage medium proposed in the present invention can dynamically configure operator data in a universal integrated circuit card in an M2M terminal, thus expanding the usage range of M2M terminals.

Description

本申请要求在 2012 年 7 月 17 日提交中国专利局、 申请号为 2012102470483, 发明名称为 "通用集成电路卡的数据配置方法、 装置及系 统" 的中国专利申请的优先权, 其全部内容通过引用结合在本申请中。  This application claims priority to Chinese Patent Application No. 2012102470483, entitled "Data Configuration Method, Apparatus and System for Universal IC Cards", filed on July 17, 2012, the entire contents of which are hereby incorporated by reference. Combined in this application.
Figure imgf000003_0001
Figure imgf000003_0001
随着物联网业务的迅速发展, M2M (机器对机器)终端的应用遍及电力、 交通、 工业控制、 医疗以及公共事业管理等多个行业。 M2M通常是指机器设 备通过移动通信网络与其他设备或***的通信。 为了能够接入到移动通信网 络, M2M终端上需要安装运营商提供的智能卡, 由于 M2M终端的应 ^环境 与普通手机终端有较大的不同,因此需要在 M2M终端中使用 M2M专用智能 With the rapid development of the Internet of Things business, M2M (machine-to-machine) terminals are used in many industries such as power, transportation, industrial control, medical, and public utility management. M2M generally refers to the communication of machine equipment with other devices or systems over a mobile communication network. In order to be able to access the mobile communication network, the smart card provided by the operator needs to be installed on the M2M terminal. Since the environment of the M2M terminal is different from that of the ordinary mobile phone terminal, it is necessary to use the M2M dedicated intelligence in the M2M terminal.
M2M专用智能卡一般指在现有智能卡的基础上,通过对现有智能卡的软 硬件以及相关支撑平台进行升级后的智能卡,以满足 M2M行业的需求。 M2M 专用智能卡承载着运营商提供的码号资源, 即 M2M终端接入移动通信网络 的身份标识, 同时 M2M专用智能卡还可以承载和处理运营商提供的各种增 根据应用场景和技术实现的不同, 目前的 M2M专 ffi智能卡分为如下两 种: MP卡和 MS卡。 The M2M dedicated smart card generally refers to the upgraded smart card of the existing smart card based on the existing smart card to meet the needs of the M2M industry. The M2M-dedicated smart card carries the code number resource provided by the operator, that is, the M2M terminal accesses the identity of the mobile communication network, and the M2M-dedicated smart card can also carry and handle different kinds of application scenarios and technologies provided by the operator. The current M2M dedicated ffi smart cards are divided into the following two types: MP card and MS card.
MP卡是 M2M Plug In卡的简称, 即可插拔式 SIM卡, 采 ffi能够适应特 殊环境要求的特殊芯片和特殊的卡基材料, 物理性能较高, 可以满足更长使 用寿命和更恶劣环境的要求。  MP card is the abbreviation of M2M Plug In card, which can be plugged-in SIM card. It can adapt to special environment and special card-based materials. It has high physical performance and can meet longer service life and harsher environment. Requirements.
MS卡是 M2M SMD ( Surface Mount Device, 表面组装设备) 卡的简称, 即悍接式 SIM卡, 它完全具备传统 SIM卡的全部功能, 同时采用 SMD贴片 封装工艺使得 SIM卡芯片可以直接焊接在 M2M终端模组上, 以实现紧密牢 固的物理连接和可靠的接口通信。 The MS card is the abbreviation of M2M SMD (Surface Mount Device) card, which is a splicing SIM card, which fully has all the functions of the traditional SIM card, and adopts SMD patch. The packaging process allows the SIM card chip to be soldered directly to the M2M terminal module for tight, robust physical connections and reliable interface communication.
在实现本发明的过程中, 发明人发现现有技术中至少存在如下问题: 现有的 MP卡和 MS卡中的运营商数据是通过运营商进行预先配置的, 并且 MP卡和 MS卡在使用之后无法更换运营商数据,导致 M2M终端只能和 预定的运营商进行通信, 限制了 M2M终端的使用范围。  In the process of implementing the present invention, the inventors have found that at least the following problems exist in the prior art: The carrier data in the existing MP card and the MS card is pre-configured by the operator, and the MP card and the MS card are in use. After that, the carrier data cannot be replaced, and the M2M terminal can only communicate with the predetermined operator, which limits the scope of use of the M2M terminal.
有鉴于此, 本发明的主要目的在于提供三种通用集成电路卡的数据配置 方法, 能够实现对 M2M 终端中的通用集成电路卡的运营商数据进行动态配 置, 扩大了 M2M终端的使用范围。 In view of this, the main object of the present invention is to provide a data configuration method for three universal integrated circuit cards, which can dynamically configure carrier data of a universal integrated circuit card in an M2M terminal, and expand the use range of the M2M terminal.
本发明的另一目的在于提供四种通用集成电路卡的数据配置装置, 能够 实现对 M2M 终端中的通用集成电路的运营商数据进行动态配置, 扩大了 M2M终端的使用范围。  Another object of the present invention is to provide a data configuration apparatus for four universal integrated circuit cards, which can dynamically configure carrier data of a general-purpose integrated circuit in an M2M terminal, and expand the use range of the M2M terminal.
本发明的又一目的在于提供一种通用集成电路卡的数据配置***, 能够 实现对 M2M 终端中的通用集成电路卡的运营商数据进行动态配置, 扩大了 M2M终端的使 ^范围。  Another object of the present invention is to provide a data configuration system for a universal integrated circuit card, which can dynamically configure carrier data of a universal integrated circuit card in an M2M terminal, and expand the range of the M2M terminal.
本发明的又一目的在于提供一种计算机程序, 能够实现对 M2M 终端中 的通 ^集成电路卡的运营商数据进行动态配置, 扩大了 M2M终端的使用范 围。  It is still another object of the present invention to provide a computer program capable of dynamically configuring operator data of an integrated circuit card in an M2M terminal and expanding the range of use of the M2M terminal.
本发明的又一目的在于提供一种存储介质, 够实现对 M2M 终端中的通 ^集成电路卡的运营商数据进行动态配置, 扩大了 M2M终端的使用范围。  Another object of the present invention is to provide a storage medium, which can dynamically configure carrier data of an integrated circuit card in an M2M terminal, and expand the use range of the M2M terminal.
为达到上述目的, 本发明的技术方案是这样实现的:  In order to achieve the above object, the technical solution of the present invention is achieved as follows:
一种通用集成电路卡的数据配置方法, 所述方法包括 - 接收业务开通请求, 所述业务开通请求中携带有通用集成电路卡 UICC 标识和第一运营商设备标识;  A data configuration method for a universal integrated circuit card, the method includes: receiving a service provisioning request, where the service opening request carries a universal integrated circuit card UICC identifier and a first carrier device identifier;
向与所述第一运营商设备标识对应的第一运营商设备发送预先保存的与 所述 UICC标识对应的 UICC证 ,所述 UICC证书中携带有所述 UICC标识 和 UICC公钥; 接收所述第一运营商设备发送的与所述 UICC标识对应的加密后的第一 业务密钥, 并将所述加密后的第一业务密钥发送给与所述 UICC标识对应的 UICC。 Sending, to the first carrier device corresponding to the first carrier device identifier, a pre-stored UICC certificate corresponding to the UICC identifier, where the UICC certificate carries the UICC identifier and the UICC public key; Receiving the encrypted first service key corresponding to the UICC identifier sent by the first carrier device, and sending the encrypted first service key to the UICC corresponding to the UICC identifier.
一种计算机程序, 用于执行上述通用集成电路卡的数据配置方法。  A computer program for executing a data configuration method of the above-described universal integrated circuit card.
一种存储介质, 用于存储上述计算机程序。  A storage medium for storing the above computer program.
一种通用集成电路卡管理平台, 包括: 第一接收单元和第一发送单元; 所述第一接收单元, 用于接收业务开通请求, 所述业务开通请求中携带 有通用集成电路卡 UICC标识和第一运营商设备标识, 将所述业务开通请求 发送给所述第一发送单元;  A universal integrated circuit card management platform includes: a first receiving unit and a first sending unit; the first receiving unit is configured to receive a service opening request, where the service opening request carries a universal integrated circuit card UICC identifier and a first carrier device identifier, where the service provisioning request is sent to the first sending unit;
所述第一发送单元, 用于向与所述第一运营商设备标识对应的第一运营 商设备发送预先保存的与所述 UICC标识对应的 UICC证书,所述 UICC证书 中携带有所述 UICC标识和 UICC公钥;  The first sending unit is configured to send a pre-stored UICC certificate corresponding to the UICC identifier to the first carrier device that is corresponding to the first carrier device identifier, where the UICC certificate carries the UICC Identification and UICC public key;
所述第一接收单元,还用于接收所述第一运营商设备发送的与所述 UICC 标识对应的加密后的第一业务密钥, 将所述加密后的第一业务密钥发送给所 述第一发送单元;  The first receiving unit is further configured to receive the encrypted first service key corresponding to the UICC identifier sent by the first carrier device, and send the encrypted first service key to the Said first transmitting unit;
所述第一发送单元, 还用于将所述加密后的第一业务密钥发送给与所述 The first sending unit is further configured to send the encrypted first service key to the
UICC标识对应的 UICC。 The UICC identifies the corresponding UICC.
一种第一运营商设备, 包括: 第二接收单元、 业务密钥生成单元、 第二 发送单元和第一业务交互单元;  A first carrier device, comprising: a second receiving unit, a service key generating unit, a second sending unit, and a first service interaction unit;
所述第二接收单元, 用于接收通用集成电路卡 UICC 管理平台发送的 UICC证书,所述 UICC证书中携带有 UICC标识和 UICC公钥,将所述 UICC 证书发送给所述业务密钥生成单元;  The second receiving unit is configured to receive a UICC certificate sent by a universal integrated circuit card UICC management platform, where the UICC certificate carries a UICC identifier and a UICC public key, and sends the UICC certificate to the service key generating unit. ;
所述业务密钥生成单元, 用于当对所述 UICC证书验证通过时, 根据预 设方法生成与所述 UICC标识对应的第一业务密钥, 使用所述 UICC公钥对 所述第一业务密钥进行加密,将所述第一业务密钥发送给第一业务交互单元, 将加密后的第一业务密钥发送给所述第二发送单元;  The service key generating unit is configured to: when the UICC certificate is verified to pass, generate a first service key corresponding to the UICC identifier according to a preset method, and use the UICC public key to use the first service The key is encrypted, the first service key is sent to the first service interaction unit, and the encrypted first service key is sent to the second sending unit.
所述第二发送 m元, ^于将加密后的第一业务密钥发送给与所述 uicc 标识对应的 UICC;  Transmitting the encrypted first service key to the UICC corresponding to the uicc identifier;
所述第二接收单元, 还用于获取所述 UICC在获取到所述第一业务密钥 之后发送的业务开通执行响应, 所述业务开通执行响应中携带有所述 UICC 预先保存的所述 UICC标识; The second receiving unit is further configured to acquire, by the UICC, the first service key And then the sent service execution response is performed, where the service activation execution response carries the UICC identifier pre-stored by the UICC;
所述第一业务交互单元, 用于使用所述第一业务密钥和所述 UICC迸行 一种通用集成电路卡, 包括: 第三接收单元、 解密单元、 第三发送单元 和第二业务交互单元;  The first service interaction unit is configured to use the first service key and the UICC to perform a universal integrated circuit card, including: a third receiving unit, a decrypting unit, a third sending unit, and a second service interaction Unit
所述第三接收单元, 用于接收通用集成电路卡 UICC 管理平台发送的加 密后的第一业务密钥, 将所述加密后的第一业务密钥发送给所述解密单元; 所述解密单元,用于使用预先保存的与 UICC公钥对应的 UICC私钥对所 述加密后的第一业务密钥进行解密, 获取第一业务密钥, 将所述第一业务密 钥发送给第二业务交互单元,并向所述第三发送单元发送一个第一发送指令; 所述第三发送单元, 用于在接收到所述第一发送指令之后, 向第一运营 商设备发送业务开通执行响应, 所述业务开通执行响应中携带有预先保存的 The third receiving unit is configured to receive the encrypted first service key sent by the universal integrated circuit card UICC management platform, and send the encrypted first service key to the decryption unit; Decrypting the encrypted first service key by using a pre-stored UICC private key corresponding to the UICC public key, acquiring the first service key, and transmitting the first service key to the second service An interaction unit, and sending a first sending instruction to the third sending unit, where the third sending unit is configured to send a service opening execution response to the first carrier device after receiving the first sending instruction, The service provisioning execution response carries pre-saved
UICC标识; UICC logo;
所述第二业务交互单元, 用于使用所述第一业务密钥和所述第一运营商 设备进行业务交互。  The second service interaction unit is configured to perform service interaction with the first carrier device by using the first service key.
一种 ^户终端, 包括: 第三存储单元和通用集成电路卡 UICC;  A household terminal, comprising: a third storage unit and a universal integrated circuit card UICC;
所述第三存储单元, 用于存储所述 UICC;  The third storage unit is configured to store the UICC;
所述 UICC, 用于接收 UICC管理平台发送的加密后的第一业务密钥; 使 ^预先保存的与 UICC公钥对应的 UICC私钥对所述加密后的第一业务密钥 进行解密, 获取第一业务密钥; 向第一运营商设备发送业务开遥执行响应, 所述业务开通执行响应中携带有预先保存的 UICC标识; 使用所述第一业务 密钥和所述第一运营商设备进行业务交互。  The UICC is configured to receive the encrypted first service key sent by the UICC management platform, and decrypt the encrypted first service key by using a pre-stored UICC private key corresponding to the UICC public key. Transmitting a service opening response to the first carrier device, where the service opening execution response carries a pre-saved UICC identifier; using the first service key and the first carrier device Conduct business interactions.
一种通用集成电路卡的数据配置***, 包括: 通用集成电路卡 UICC 管 理平台、 第一运营商设备和 UICC;  A data configuration system for a universal integrated circuit card, comprising: a universal integrated circuit card UICC management platform, a first carrier device, and a UICC;
所述 UICC管理平台, 用于接收业务开通请求, 所述业务开通请求中携 带有 UICC标识和第一运营商设备标识, 向与所述第一运营商设备标识对应 的第一运营商设备发送预先保存的与所述 UICC标识对应的 UICC证书, 所 接收所述第一运营商设备发送的与所述 UICC标识对应的加密后的第一业务 密钥,并将所述加密后的第一业务密钥发送给与所述 UICC标识对应的 UICC; The UICC management platform is configured to receive a service provisioning request, where the service provisioning request carries a UICC identifier and a first carrier device identifier, and sends the advance to the first carrier device corresponding to the first carrier device identifier. The saved UICC certificate corresponding to the UICC identifier, Receiving the encrypted first service key corresponding to the UICC identifier sent by the first carrier device, and sending the encrypted first service key to the UICC corresponding to the UICC identifier;
所述第一运营商设备, 用于接收所述 UICC管理平台发送的 UICC证书, 所述 UICC证书中携带有所述 UICC标识和所述 UICC公钥; 当对所述 UICC 证书验证通过时, 根据预设方法生成与所述 UICC标识对应的第一业务密钥, 使用所述 UICC公钥对所述第一业务密钥进行加密, 并通过所述 UICC管理 平台将加密后的第一业务密钥发送给与所述 UICC标识对应的 UICC;获取所 述 UICC在获取到所述第一业务密钥之后发送的业务开通执行响应, 所述业 务开通执行响应中携带有所述 UICC预先保存的所述 UICC标识; 使用所述 第一业务密钥和所述 UICC进行业务交互;  The first carrier device is configured to receive a UICC certificate sent by the UICC management platform, where the UICC certificate carries the UICC identifier and the UICC public key; when the UICC certificate is verified, according to The preset method generates a first service key corresponding to the UICC identifier, encrypts the first service key by using the UICC public key, and uses the UICC management platform to encrypt the first service key. Sending to the UICC corresponding to the UICC identifier; acquiring a service provisioning execution response sent by the UICC after acquiring the first service key, where the service provisioning execution response carries the pre-stored by the UICC a UICC identifier; performing service interaction using the first service key and the UICC;
所述 UICC,用于接收所述 UICC管理平台发送的所述加密后的第一业务 密钥; 使用预先保存的与所述 UICC公钥对应的 UICC私钥对所述加密后的 第一业务密钥进行解密, 获取所述第一业务密钥; 向所述第一运营商设备发 送业务开通执行响应,所述业务开通执行响应中携带有预先保存的所述 UICC 标识; 使用所述第一业务密钥和所述第一运营商设备进行业务交互。  The UICC is configured to receive the encrypted first service key sent by the UICC management platform, and use the pre-stored UICC private key corresponding to the UICC public key to encrypt the encrypted first service key. Decrypting the key to obtain the first service key; sending a service activation execution response to the first carrier device, where the service activation execution response carries the UICC identifier saved in advance; using the first service The key performs business interaction with the first carrier device.
可见, 采用本发明的技术方案, UICC管理平台根据业务开通请求中携带 的 UICC 标识和第一运营商设备标识, 获取第一运营商设备生成的与 UICC 标识对应的加密后的第一业务密钥, UICC在获取到所述加密后的第一业务密 钥之后使用预先保存的 UICC私钥对加密后的第一业务密钥进行解密, 使用 解密后得到的第一业务密钥与第一运营商设备进行业务交互。 由于用户发送 的业务开通请求中携带有第一运营商设备标识, UICC管理平台根据所述第一 运营商设备标识为通 ^集成电路卡开通与第一运营商设备标识对应的第一运 营商设备之间的业务交互, 因此运营商能够灵活地对通用集成电路卡中的运 营商数据进行动态配置, 无需 M2M终端在生产过程中需要根据运营商迸行 定制开发, 因此本发明提出的通用集成电路卡的数据配置方法、装置及***, 解决了现有技术中 M2M终端只能和预定的运营商进行通信的技术问题, 扩 大了 M2M终端的使用范围; 另外, 本发明所述方法实现起来筒 m方便, 便 于普及。 说明 It can be seen that, by using the technical solution of the present invention, the UICC management platform obtains the encrypted first service key corresponding to the UICC identifier generated by the first carrier device according to the UICC identifier and the first carrier device identifier carried in the service provisioning request. After obtaining the encrypted first service key, the UICC decrypts the encrypted first service key by using the pre-stored UICC private key, and uses the decrypted first service key and the first carrier. The device performs business interaction. The first carrier device identifier is carried by the UICC management platform according to the first carrier device identifier, and the first carrier device corresponding to the first carrier device identifier is opened according to the first carrier device identifier. The business interaction between the operators, so that the operator can flexibly configure the operator data in the universal integrated circuit card, and the M2M terminal does not need to be customized according to the operator in the production process. Therefore, the universal integrated circuit proposed by the present invention The data configuration method, device and system of the card solve the technical problem that the M2M terminal can only communicate with the predetermined operator in the prior art, and expand the use range of the M2M terminal; Convenient and easy to popularize. Description
图 1为本发明开通通用集成电路卡的第一实现流程图。 FIG. 1 is a flow chart of a first implementation of a universal integrated circuit card according to the present invention.
图 2为本发明通用集成电路卡证书的生成方法的实现流程图。 2 is a flow chart showing the implementation of a method for generating a universal integrated circuit card certificate according to the present invention.
图 3为本发明开通通用集成电路卡的第一实施例的实现流程图。 FIG. 3 is a flow chart showing the implementation of the first embodiment of the universal integrated circuit card according to the present invention.
图 4为本发明传输子密钥的生成方法示意图。 FIG. 4 is a schematic diagram of a method for generating a transmission subkey according to the present invention.
图 5为本发明开通通用集成电路卡的第二实施例的实现流程图。 FIG. 5 is a flow chart showing the implementation of the second embodiment of the universal integrated circuit card according to the present invention.
图 6为本发明开通通用集成电路卡的第二实现流程图。 FIG. 6 is a flow chart showing a second implementation of the universal integrated circuit card according to the present invention.
图 7为本发明开通通用集成电路卡的第三实现流程图。 FIG. 7 is a flow chart of a third implementation of the universal integrated circuit card according to the present invention.
图 8为本发明开通通用集成电路卡的第四实现流程图。 FIG. 8 is a flow chart showing a fourth implementation of the universal integrated circuit card according to the present invention.
图 9为本发明终止通用集成电路卡的第一实现流程图。 FIG. 9 is a flow chart of a first implementation of terminating a universal integrated circuit card according to the present invention.
图 10为本发明终止通用集成电路卡的第一实施例的实现流程图。 FIG. 10 is a flowchart of an implementation of a first embodiment of terminating a universal integrated circuit card according to the present invention.
图 I I为本发明终止通用集成电路卡的第二实施例的实现流程图。 FIG. 1I is a flowchart of an implementation of a second embodiment of terminating a universal integrated circuit card according to the present invention.
图 12为本发明终止通用集成电路卡的第二实现流程图。 FIG. 12 is a flow chart of a second implementation of terminating a universal integrated circuit card according to the present invention.
图 13为本发明终止遥用集成电路卡的第三实现流程图。 FIG. 13 is a flowchart of a third implementation of terminating a remote integrated circuit card according to the present invention.
图 14为本发明终止通用集成电路卡的第四实现流程图。 14 is a flow chart of a fourth implementation of terminating a universal integrated circuit card according to the present invention.
图 15为本发明通用集成电路卡切换运营商的第一实现流程图。 FIG. 15 is a flowchart of a first implementation of a universal integrated circuit card switching operator according to the present invention.
图 16为本发明通用集成电路卡切换运营商的第一实施例的实现流程图。 图 17为本发明通用集成电路卡切换运营商的第二实施例的实现流程图。 图 18为本发明通用集成电路卡切换运营商的第二实现流程图。 FIG. 16 is a flowchart of an implementation of a first embodiment of a universal integrated circuit card switching operator according to the present invention. FIG. 17 is a flowchart of an implementation of a second embodiment of a universal integrated circuit card switching operator according to the present invention. FIG. 18 is a second implementation flowchart of a universal integrated circuit card switching operator according to the present invention.
图 19为本发明通用集成电路卡切换运营商的第≡实现流程图。 FIG. 19 is a flowchart showing the third implementation of the universal integrated circuit card switching operator of the present invention.
图 20为本发明通用集成电路卡切换运营商的第四实现流程图。 FIG. 20 is a flowchart of a fourth implementation of a universal integrated circuit card switching operator according to the present invention.
图 21为本发明通用集成电路卡管理平台的结构示意图。 FIG. 21 is a schematic structural diagram of a general-purpose integrated circuit card management platform according to the present invention.
图 22为本发明第一运营商设备的结构示意图。 FIG. 22 is a schematic structural diagram of a first carrier device according to the present invention.
图 23为本发明通用集成电路卡的结构示意图。 FIG. 23 is a schematic structural diagram of a universal integrated circuit card according to the present invention.
图 24为本发明用户终端的结构示意图。 FIG. 24 is a schematic structural diagram of a user terminal according to the present invention.
图 25为本发明通用集成电路卡的数据配置***结构示意图。 FIG. 25 is a schematic structural diagram of a data configuration system of a universal integrated circuit card according to the present invention.
针对现有技术中存在的问题, 本发明中提出一种改进后的通用集成电路 卡的数据配置方案, 能够实现对 M2M终端中的通用集成电路卡进行动态数 据配置, 扩大了 M2M终端的使用范围。 In view of the problems existing in the prior art, an improved general-purpose integrated circuit is proposed in the present invention. The data configuration scheme of the card can realize dynamic data configuration of the universal integrated circuit card in the M2M terminal, and expands the use range of the M2M terminal.
为使本发明的技术方案更加清楚、 明白, 以下参照附图并举实施例, 对 本发明所述方案作进一步地详细说明。  In order to make the technical solutions of the present invention clearer and clearer, the embodiments of the present invention will be further described in detail below with reference to the accompanying drawings.
图 1为本发明开通通用集成电路卡的第一实现流程图。 如图 1所示, 包 括如下所述的步骤:  FIG. 1 is a flow chart of a first implementation of a universal integrated circuit card according to the present invention. As shown in Figure 1, the steps described below are included:
步骤! 01 : 通用集成电路卡 UICC管理平台接收业务开通请求消息, 所述 业务开通请求消息中携带有 UICC标识和第一运营商设备标识。  step! 01: The universal integrated circuit card UICC management platform receives the service opening request message, where the service opening request message carries the UICC identifier and the first carrier device identifier.
通用集成电路卡 (Universal Integrated Circuit Card, UICC) 是一种可移 动的智能卡, 它用于存储用户信息、 鉴权密钥、 电话簿和短消息等信息。  The Universal Integrated Circuit Card (UICC) is a removable smart card that stores information such as user information, authentication keys, phone books, and short messages.
在本发明的具体实施例中, 所述 UICC标识可以是 UICC ID, 也可以是 UICC的其他标识信息。 在本步骤中, UICC管理平台可以采用如下两种方式 接收业务开通请求:  In a specific embodiment of the present invention, the UICC identifier may be a UICC ID, or may be other identifier information of the UICC. In this step, the UICC management platform can receive the service provisioning request in the following two ways:
第一种方式, 用户申请归属的第一运营商设备 MN01接收用户提交业务 申请请求, 所述业务申请请求中携带有 UICC标识; 第一运营商设备向 UICC 管理平台发送业务开遥请求, 所述业务开通请求中携带有 UICC标识和第一 运营商设备预先保存的第一运营商设备标识。  In the first mode, the first carrier device MN01 that the user applies for is received by the user, and the service request request carries the UICC identifier. The first carrier device sends a service open request to the UICC management platform. The service provisioning request carries the UICC identifier and the first carrier device identifier pre-stored by the first carrier device.
例如, 用户在购买 UICC时, 即可获得与所述 UICC对应的 UICC标识, 当用户向第一运营商设备申请开通 UICC时, 向第一运营商设备提交业务申 请请求, 所述业务申请请求中携带有所述 UICC标识。  For example, when the user purchases the UICC, the user can obtain the UICC identifier corresponding to the UICC. When the user applies to the first carrier device to open the UICC, the user submits a service request request to the first carrier device, where the service request is requested. Carrying the UICC logo.
第二种方式, UICC管理平台直接接收用户提交的业务开通请求, 所述业 务开遥请求消息中携带有 UICC标识和第一运营商设备标识。  In the second mode, the UICC management platform directly receives the service provisioning request submitted by the user, where the service open request message carries the UICC identifier and the first carrier device identifier.
歩骤 102: UICC管理平台向与第一运营商设备标识对应的第一运营商设 备发送预先保存的与 UICC标识对应的 UICC证书,所述 UICC证 中携带有 UICC标识和 UICC公钥。  Step 102: The UICC management platform sends a pre-stored UICC certificate corresponding to the UICC identifier to the first carrier device corresponding to the first carrier device identifier, where the UICC certificate carries the UICC identifier and the UICC public key.
较佳地, 在本发明的具体实施例中, 在 UICC管理平台向第一运营商设 备发送预先保存的与 UICC标识对应的 UICC证书之前, UICC管理平台查询 与 UICC标识对应的 UICC是否被激活, 若未被激活, 贝 ij向第一运营商设备 发送预先保存的与 UICC标识对应的 UICC证书; 若已被激活, 贝^句第一运 营商设备发送错误提示信息。 具体地, 所述 UICC被激活是指所述 UICC 已 经开通了与运营商设备之间的业务交互;所述 UICC未被激活是指所述 UICC 没有开通与运营商设备之间的业务交互, 或者所述 UICC 已经终止与运营商 在本步骤之前, UICC管理平台需要预先保存与 UICC标识对应的 UICC 证书。 图 2为本发明通用集成电路卡证书的生成方法的实现流程图。 如图 2 所示, 包括如下所述的步骤: Preferably, in a specific embodiment of the present invention, before the UICC management platform sends the pre-saved UICC certificate corresponding to the UICC identifier to the first carrier device, the UICC management platform queries whether the UICC corresponding to the UICC identifier is activated. If not activated, Bay ij sends a pre-saved UICC certificate corresponding to the UICC identifier to the first carrier device; if activated, the first sentence The business device sends an error message. Specifically, the UICC is activated, that is, the UICC has opened a service interaction with an operator device; the UICC is not activated, that is, the UICC does not open a service interaction with a carrier device, or The UICC has been terminated with the operator. Before this step, the UICC management platform needs to pre-save the UICC certificate corresponding to the UICC identifier. 2 is a flow chart showing the implementation of a method for generating a universal integrated circuit card certificate according to the present invention. As shown in Figure 2, the steps described below are included:
步骤 201: UICC在接收到 UICC厂商设备发送的密钥请求之后, 随机生 成 UICC公私钥对, 将 UICC公钥发送给 UICC厂商设备, 保存 UICC私钥。  Step 201: After receiving the key request sent by the UICC vendor device, the UICC randomly generates a UICC public-private key pair, sends the UICC public key to the UICC vendor device, and saves the UICC private key.
步骤 202: UICC管理平台接收 UICC厂商设备发送的 UICC卡片信息, 所述 UICC卡片信息中携带有 UICC标识和 UICC公钥。  Step 202: The UICC management platform receives the UICC card information sent by the UICC vendor device, where the UICC card information carries the UICC identifier and the UICC public key.
在本发明的具体实施例中, UICC管理平台统一管理 UICC标识,具体地, UICC管理平台可以随机生成两个以上 UICC标识,将所述两个以上 UICC标 识分配给 UICC厂商设备, UICC厂商设备在接收到 UICC管理平台发送的两 个以上 UICC标识之后,根据所述两个以上 UICC标识中的每个 UICC标识生 成 UICC。  In a specific embodiment of the present invention, the UICC management platform uniformly manages the UICC identifier. Specifically, the UICC management platform may randomly generate two or more UICC identifiers, and allocate the two or more UICC identifiers to the UICC vendor device, where the UICC vendor device is After receiving the two or more UICC identifiers sent by the UICC management platform, the UICC is generated according to each of the two or more UICC identifiers.
歩骤 203: UICC管理平台将 UICC卡片信息发送给认证中心。  Step 203: The UICC management platform sends the UICC card information to the certification center.
在本歩骤中, UICC管理平台在接收到 UICC厂商发送的 UICC 卡片信息 之后, 将 UICC卡片信息发送给认证中心。  In this step, after receiving the UICC card information sent by the UICC vendor, the UICC management platform sends the UICC card information to the authentication center.
步骤 204: 当认证中心对 UICC卡片信息认证通过时, 向 UICC管理平台 返回 UICC证书, 所述 UICC证书中携带有 UICC标识和 UICC公钥。  Step 204: When the authentication center passes the authentication of the UICC card information, the UICC certificate is returned to the UICC management platform, where the UICC certificate carries the UICC identifier and the UICC public key.
在本歩骤中,认证中心在接收到 UICC管理平台发送的 UICC卡片信息之 后, 按照现有技术中的认证方法对所述 UICC卡片信息进行认证, 当认证中 心对 UICC卡片信息认证通过时, 向 UICC管理平台返回 UICC证书, 所述 In this step, after receiving the UICC card information sent by the UICC management platform, the authentication center authenticates the UICC card information according to the authentication method in the prior art. When the authentication center authenticates the UICC card information, The UICC management platform returns a UICC certificate,
UICC证书中携带有 UICC标识和 UICC公钥。 The UICC certificate carries the UICC identifier and the UICC public key.
步骤 205: UICC管理平台保存与 UICC标识对应的 UICC证书。  Step 205: The UICC management platform saves the UICC certificate corresponding to the UICC identifier.
在本步骤中, UICC管理平台在接收到认证中心返回的 UICC证书之后, 歩骤 103: 当第一运营商设备对 UICC证书验证通过时, 根据预设方法生 成与 UICC标识对应的第一业务密钥, 使用 UICC公钥对第一业务密钥进行 加密, 并通过 UICC管理平台将加密后的第一业务密钥发送给与 UICC标识 对应的 UICC。 In this step, after receiving the UICC certificate returned by the authentication center, the UICC management platform proceeds to step 103: when the first carrier device verifies the UICC certificate, according to a preset method The first service key corresponding to the UICC identifier is encrypted, and the first service key is encrypted by using the UICC public key, and the encrypted first service key is sent to the UICC corresponding to the UICC identifier by using the UICC management platform.
在本步骤中, 第一运营商设备在接收到 UICC 管理平台发送的与 UICC 标识对应的 UICC证书之后, 对接收到的 UICC证书进行验证, 当第一运营 商设备对 UICC 证书验证通过时, 根据现有技术中的密钥生成方法生成与 UICC标识对应的第一业务密钥, 使用 UICC公钥对第一业务密钥进行加密, 第一运营商设备将加密后的第一业务密钥发送给 UICC管理平台, UICC管理 平台将接收到的加密后的第一业务密钥转发给与 UICC标识对应的 UICC。  In this step, after receiving the UICC certificate corresponding to the UICC identifier sent by the UICC management platform, the first carrier device verifies the received UICC certificate, and when the first carrier device verifies the UICC certificate, according to The key generation method in the prior art generates a first service key corresponding to the UICC identifier, encrypts the first service key by using the UICC public key, and the first carrier device sends the encrypted first service key to the first service key. The UICC management platform forwards the received encrypted first service key to the UICC corresponding to the UICC identifier.
步骤 104: UICC使用预先保存的与 UICC公钥对应的 UICC私钥对加密 后的第一业务密钥进行解密, 获取第一业务密钥。  Step 104: The UICC decrypts the encrypted first service key by using a pre-stored UICC private key corresponding to the UICC public key to obtain the first service key.
在本歩骤中, UICC在接收到 UICC管理平台发送的加密后的第一业务密 钥之后, 使用预先保存的 UICC私钥对加密后的第一业务密钥进行解密, 获 取第一业务密钥。  In this step, after receiving the encrypted first service key sent by the UICC management platform, the UICC decrypts the encrypted first service key by using the pre-stored UICC private key to obtain the first service key. .
歩骤 105:第一运营商设备获取 UICC在获取到所述第一业务密钥之后发 送的业务开通执行响应, 所述业务开遥执行响应中携带有 UICC预先保存的 UICC标识。  Step 105: The first carrier device obtains a service opening execution response sent by the UICC after acquiring the first service key, where the service opening execution response carries a UICC identifier pre-saved by the UICC.
在本歩骤之前, UICC在获取到第一业务密钥之后, 向 UICC管理平台返 回业务开遥执行响应, 所述业务开通执行响应中携带有 UICC 预先保存的 UICC标识, UICC管理平台在接收到 UICC发送的业务开通执行响应之后, 将与 UICC标识对应的 UICC标记为已被激活, 并将业务开通执行响应发送 给第一运营商设备。  Before the step of obtaining the first service key, the UICC returns a service opening response response to the UICC management platform, where the service opening execution response carries the UICC identifier pre-stored by the UICC, and the UICC management platform receives the UICC management platform. After the service sent by the UICC is activated, the UICC corresponding to the UICC identifier is marked as activated, and the service activation execution response is sent to the first carrier device.
歩骤 106: 第一运营商设备和 UICC使用第一业务密钥进行业务交互。 通过上述对步骤 101〜106的描述可知, 由于用户发送的业务开通请求中 携带有第一运营商设备标识, UICC管理平台根据该第一运营商设备标识为通 Step 106: The first carrier device and the UICC use the first service key for service interaction. According to the foregoing description of the steps 101 to 106, the UICC management platform is based on the first carrier device identifier, because the first carrier device identifier is carried in the service provisioning request sent by the user.
^集成电路卡开通与第一运营商设备标识对应的第一运营商设备之间的业务 交互, 因此运营商能够灵活地对通用集成电路卡中的运营商数据进行动态配 置, 无需 M2M终端在生产过程中需要根据运营商进行定制开发。 下面结合 出两个具体的实施例对通用集成电路卡的开通流程进行详细描述: 图 3 为本发明开通通用集成电路卡的第一实施例的实现流程图。 如图 3 所示, 包括如下所述的步骤: ^ The integrated circuit card opens a service interaction between the first carrier device corresponding to the first carrier device identifier, so the operator can flexibly configure the operator data in the universal integrated circuit card dynamically, without the M2M terminal being produced. The process needs to be customized according to the operator. The following describes the opening process of the universal integrated circuit card in detail by combining two specific embodiments: FIG. 3 is a flow chart showing the implementation of the first embodiment of the universal integrated circuit card according to the present invention. As shown in Figure 3, the steps described below are included:
步骤 301 : 第一运营商设备 MN01接收用户提交的业务申请请求, 所述 业务申请请求中携带有 UICC ID。  Step 301: The first carrier device MN01 receives a service request request submitted by the user, where the service request request carries a UICC ID.
步骤 302: MN01向 UICC管理平台发送业务开通请求,所述业务开通请 求中携带有 UICC ID和第一运营商设备标识。  Step 302: The MN01 sends a service opening request to the UICC management platform, where the service opening request carries the UICC ID and the first carrier device identifier.
步骤 303: UICC管理平台查询与 UICC ID对应的 UICC是否被激活, 若 未被激活, 执行步骤 304, 否则, 执行步骤 305。  Step 303: The UICC management platform queries whether the UICC corresponding to the UICC ID is activated. If not, the process proceeds to step 304. Otherwise, step 305 is performed.
步骤 304: UICC管理平台向 MN01发送预先保存的与 UICC ID对应的 UICC证书, 执行步骤 306。  Step 304: The UICC management platform sends the pre-saved UICC certificate corresponding to the UICC ID to the MN01, and step 306 is performed.
歩骤 305: UICC管理平台向 MNOi发送错误提示信息, 结束通用集成电 路卡的开通流程。  Step 305: The UICC management platform sends an error message to the MNOi to end the opening process of the universal integrated circuit card.
歩骤 306:当 MN01对 UICC证书验证遥过时,根据预设方法生成与 UICC ID 对应的第一业务密钥 AUICCkeyl , 使用 UICC 公钥 PubUICCkey 对 AUICCkeyl 进 行 加 密 , 获 得 加 密 后 的 第 一 业 务 密 钥 [AUICCkey I JPubUiCCkey。  Step 306: When the MN01 verifies the UICC certificate, the first service key AUCICkey1 corresponding to the UICC ID is generated according to a preset method, and the AUCICkey1 is encrypted by using the UICC public key PubUICCkey to obtain the encrypted first service key. AUICCkey I JPubUiCCkey.
歩骤 307: MN01将加密后的第一业务密钥 [AUICCkeyl]PubUICCkey发 送给 UICC管理平台。  Step 307: The MN01 sends the encrypted first service key [AUICCkeyl]PubUICCkey to the UICC management platform.
歩骤 308 : UICC 管 理平 台 将加 密 后 的 第一业 务密 钥 [AUICCkey I JPubUiCCkey转发给与 UICC ID对应的 UICC。 Step 308 : The UICC management platform forwards the encrypted first service key [AUICCkey I JPubUiCCkey to the UICC corresponding to the UICC ID.
在本步骤中, UICC管理平台可以使用有线网络或无线网络将加密后的第 一业务密钥 [AUICCkeyl ]PubUICCkey发送给与 UICC标识对应的 UICC。  In this step, the UICC management platform may send the encrypted first service key [AUICCkeyl]PubUICCkey to the UICC corresponding to the UICC identifier using a wired network or a wireless network.
较佳地, 在本发明的具体实施例中, UICC管理平台与 UICC之间的数据 交互可以通过传输子密钥 TUICCkey进行加密和鉴权。例如, UICC管理平台 在将加密后的第一业务密钥 [AUICCkeyi]PubUICCkey转发给与 UICC标识对 应的 UICC 时, UICC 管理平台可以使用传输子密钥 TUICCkey 对 [AUICCkey 1 JPubUiCCkey迸行加密, UICC 在接收到 UICC 管理平台使用 TUICCkey加密后的 [AUICCkey l]PubUICCkey后, 使用 TUICCkey对加密后 的 [AUICCkey i]PubUiCCkey进行解密, 获得 [AUICCkey l]PubUICCkey。 图 4为本发明传输子密钥的生成方法示意图。如图 4所示, UICC管理平 台和 UICC厂商设备分别与加密机 1和加密机 2相连接, 在加密机 1和加密 机 2中分别预先保存传输根密钥 TRootkey, UICC管理平台和 UICC厂商设 备均可以根据 11[(:( 10获取传输子密钥111^0«^。具体地, UICC管理平台 将 UICC ID发送给加密机 1, 加密机 1使用预先保存的传输根密钥 TRootkey 对 UICC ID进行加密, 获得与 1)1( ( 10对应的传输子密钥1!11( 0¾ , 并将 TUICCkey返回给 UICC管理平台。 同样地, UICC厂商设备将 UICC ID发送 给加密机 2,加密机 2使用预先保存的传输根密钥 TRooikey对 UICC ID进行 加密, 获得与 UICC ID对应的传输子密钥 TUICCkey, 并将 TUICCkey返回 给 UICC厂商设备。 Preferably, in a specific embodiment of the present invention, the data interaction between the UICC management platform and the UICC can be encrypted and authenticated by transmitting the subkey TUICCkey. For example, when the UICC management platform forwards the encrypted first service key [AUICCkeyi] PubUICCkey to the UICC corresponding to the UICC identifier, the UICC management platform may use the transmission subkey TUICCkey to encrypt [AUICCkey 1 JPubUiCCkey, UICC in After receiving the [AUICCkey l]PubUICCkey encrypted by the UICC management platform using TUICCKEY, the encrypted [AUICCkey i]PubUiCCkey is decrypted using TUICCkey to obtain [AUICCkey l]PubUICCkey. FIG. 4 is a schematic diagram of a method for generating a transmission subkey according to the present invention. As shown in FIG. 4, the UICC management platform and the UICC vendor device are respectively connected to the encryption machine 1 and the encryption machine 2, and the transmission root key TRootkey, the UICC management platform and the UICC vendor device are respectively pre-stored in the encryption machine 1 and the encryption machine 2, respectively. All can be based on 11[(:: 10 obtains the transmission subkey 111^0«^. Specifically, the UICC management platform sends the UICC ID to the encryption machine 1, and the encryption machine 1 uses the pre-saved transmission root key TRootkey to the UICC ID. Encryption is obtained with 1) 1 ((10 corresponds to the transmission subkey 1!11 ( 03⁄4 , and returns TUICCkey to the UICC management platform. Similarly, the UICC vendor device sends the UICC ID to the encryption machine 2, the encryption machine 2 The UICC ID is encrypted using the pre-saved transport root key TRooikey, the transport subkey TUICCkey corresponding to the UICC ID is obtained, and the TUICCkey is returned to the UICC vendor device.
歩骤 309: UICC使用预先保存的与 UICC公钥 PubUICCkey对应的 UICC 私钥 PriUICCkey对加密后的第一业务密钥 [AUICCkeyI ]Pi*UICCkey进行解 密, 得到第一业务密钥 AUICCkeyl。  Step 309: The UICC decrypts the encrypted first service key [AUICCkeyI]Pi*UICCkey by using a pre-stored UICC private key PriUICCkey corresponding to the UICC public key PubUICCkey to obtain a first service key AUICCkey1.
在本歩骤中, UICC可以按照现有技术中的解密方法对加密后的第一业务 密钥 [AUICCkeyi]PubUICCkey进行解密, 获得第一业务密钥 AUICCkeyl。  In this step, the UICC can decrypt the encrypted first service key [AUICCkeyi]PubUICCkey according to the decryption method in the prior art to obtain the first service key AUICCkey1.
步骤 3i( UICC在获取到 AUICCkeyl之后向 UICC管理平台返回业务 开通执行响应, 所述业务开通执行响应中携带有 UICC预先保存的 UICC ID。  Step 3i (The UICC returns a service activation response to the UICC management platform after obtaining the AUICCkey1, and the service activation execution response carries the UICC ID pre-saved by the UICC.
步骤 311 : UICC管理平台将与 UICC ID对应的 UICC标记为已被激活。 歩骤 312: UICC管理平台将业务开遥执行响应发送给 MNOi。  Step 311: The UICC management platform marks the UICC corresponding to the UICC ID as activated. Step 312: The UICC management platform sends a service open execution response to the MNOi.
步骤 3I 3: MNOi和 UICC使 ffi第一业务密钥 AUICCkeyl进行业务交互。 图 5为本发明开通通用集成电路卡的第二实施例的实现流程图。 如图 5 所示, 包括如下所述的步骤:  Step 3I 3: MNOi and UICC enable the ffi first service key AUICCkey1 to perform business interaction. FIG. 5 is a flow chart showing the implementation of the second embodiment of the universal integrated circuit card according to the present invention. As shown in Figure 5, the steps described below are included:
歩骤 501 : UICC管理平台接收用户提交的业务开通请求, 所述业务开通 请求中携带有 UICC ID和第一运营商设备标识。  Step 501: The UICC management platform receives a service provisioning request submitted by the user, where the service opening request carries a UICC ID and a first carrier device identifier.
歩骤 502: UICC管理平台查询与 UICC ID对应的 UICC是否被激活, 若 未被激活, 执行步骤 503, 否则, 执行步骤 504。  Step 502: The UICC management platform queries whether the UICC corresponding to the UICC ID is activated. If not, the process proceeds to step 503. Otherwise, step 504 is performed.
歩骤 503: UICC管理平台向与第一运营商设备标识对应的 MNOi发送预 先保存的与 UICC ID对应的 UICC证书, 所述 UICC证书中携带有 UICC ID 和 UICC公钥, 执行步骤 505。 步骤 504: UICC管理平台向用户发送错误提示信息, 结束通用集成电路 卡的开通流程。 Step 503: The UICC management platform sends a pre-stored UICC certificate corresponding to the UICC ID to the MNOi corresponding to the first carrier device identifier, where the UICC certificate carries the UICC ID and the UICC public key, and step 505 is performed. Step 504: The UICC management platform sends an error prompt message to the user, and ends the opening process of the universal integrated circuit card.
步骤 505:当 MN01对 UICC证书验证通过时,根据预设方法生成与 UICC ID 对应的第一业务密钥 AUICCkeyl , 使用 UICC 公钥 PubUICCkey 对 AUTCCkeyi 进 行 加 密 , 获 得 加 密 后 的 第 一 业 务 密 钥 [AUICCkey 1 ]PubUICCkey。  Step 505: When the MN01 verifies the UICC certificate, the first service key AUCICkey1 corresponding to the UICC ID is generated according to a preset method, and the AUTCCkeyi is encrypted by using the UICC public key PubUICCkey to obtain the encrypted first service key [AUICCkey 1]PubUICCkey.
步骤 506: MN01将加密后的第一业务密钥 [AUICCk:eyl]PubUICCkey发 送给 UICC管理平台。  Step 506: The MN01 sends the encrypted first service key [AUICCk:eyl]PubUICCkey to the UICC management platform.
步骤 507 : UICC 管理平 台 将加 密 后 的 第一业务密 钥 [AUICCkey I ]PubUICCkey转发给与 UICC ID对应的 UICC。  Step 507: The UICC management platform forwards the encrypted first service key [AUICCkey I ]PubUICCkey to the UICC corresponding to the UICC ID.
歩骤 508: UICC使用预先保存的与 UICC公钥 PubUICCkey对应的 UICC 私钥 PriUICCkey对加密后的第一业务密钥 [AUICCkeylJPubUICCkey进行解 密, 得到第一业务密钥 AUICCkeyl。  Step 508: The UICC decrypts the encrypted first service key [AUICCkeylJPubUICCkey by using the pre-stored UICC private key PriUICCkey corresponding to the UICC public key PubUICCkey to obtain the first service key AUICCkeyl.
步骤 509; UICC在获取到 AUICCkeyl之后向 UICC管理平台返回业务 开通执行响应, 所述业务开通执行响应中携带有 UICC预先保存的 UICC IDo 步骤 510: UICC管理平台将与 UICC ID对应的 UICC标记为已被激活。 歩骤 5ih UICC管理平台将业务开通执行响应发送给 MN01。  Step 509: After obtaining the AUCICkey1, the UICC returns a service activation execution response to the UICC management platform, where the service activation execution response carries the UICC IDo saved in advance by the UICC. Step 510: The UICC management platform marks the UICC corresponding to the UICC ID as Activated. Step 5ih The UICC management platform sends a service activation execution response to the MN01.
步骤 5I2: MNOi和 UICC使 ffi第一业务密钥 AUICCkeyl进行业务交互。 遥过上述对两个开通通用集成电路卡的实施例的描述可知, UICC管理平 台根据业务开通请求中携带的 UICC标识和第一运营商设备标识, 获取第一 运营商设备生成的与 UICC标识对应的加密后的第一业务密钥, UICC在获取 到所述加密后的第一业务密钥之后使用预先保存的 UICC私钥对加密后的第 一业务密钥迸行解密, 使用解密后得到的第一业务密钥与第一运营商设备迸 行业务交互。 由于用户发送的业务开通请求中携带有第一运营商设备标识, UICC 管理平台根据所述第一运营商设备标识为通用集成电路卡开通与第一 运营商设备标识对应的第一运营商设备之间的业务交互, 因此运营商能够灵 活地对通用集成电路卡中的运营商数据迸行动态配置, 无需 M2M终端在生 产过程中需要根据运营商进行定制开发, 因此本发明提出的通用集成电路卡 的数据配置方法、 设备及***, 解决了现有技术中 M2M终端只能和预定的 运营商进行通信的技术问题, 扩大了 M2M终端的使用范围。 Step 5I2: The MNOi and the UICC perform the service interaction of the ffi first service key AUCCkey1. The UICC management platform obtains the UICC identifier generated by the first carrier device and the UICC identifier according to the UICC identifier and the first carrier device identifier carried in the service provisioning request. After the encrypted first service key, the UICC decrypts the encrypted first service key using the pre-stored UICC private key after obtaining the encrypted first service key, and obtains the decrypted first service key. The first service key interacts with the first carrier device. The first carrier device identifier is carried by the UICC management platform, and the UICC management platform opens the first carrier device corresponding to the first carrier device identifier for the universal integrated circuit card according to the first carrier device identifier. Inter-service interaction, so operators can flexibly configure the operator data in the universal integrated circuit card flexibly, without the M2M terminal need to be customized according to the operator in the production process, so the universal integrated circuit card proposed by the present invention Data configuration method, device and system, solving the prior art M2M terminal can only be scheduled The technical problems of the operator's communication have expanded the scope of use of the M2M terminal.
图 6为本发明开通通用集成电路卡的第二实现流程图。 如图 6所示, 包 括如下所述的步骤:  FIG. 6 is a flow chart showing a second implementation of the universal integrated circuit card according to the present invention. As shown in Figure 6, the steps described below are included:
步骤 601 : 接收业务开通请求, 所述业务开通请求中携带有通用集成电 路卡 UICC标识和第一运营商设备标识。  Step 601: Receive a service provisioning request, where the service provisioning request carries a universal integrated circuit card UICC identifier and a first carrier device identifier.
在本步骤中, UICC管理平台接收业务开通请求消息,所述业务开通请求 消息中携带有 UICC标识和第一运营商设备标识。  In this step, the UICC management platform receives the service activation request message, where the service activation request message carries the UICC identifier and the first carrier device identifier.
进一步的, UICC管理平台可以采用如下两种方式接收业务开通请求: 第一种方式, 用户申请归属的第一运营商设备 MN01接收用户提交业务 申请请求, 所述业务申请请求中携带有 UICC标识; 第一运营商设备向 UICC 管理平台发送业务开通请求, 所述业务开通请求中携带有 UICC标识和第一 运营商设备预先保存的第一运营商设备标识。  Further, the UICC management platform can receive the service provisioning request in the following two manners: In the first mode, the first carrier device MN01 that the user applies for is received by the user, and the service request request carries the UICC identifier. The first carrier device sends a service provisioning request to the UICC management platform, where the service provisioning request carries the UICC identifier and the first carrier device identifier pre-stored by the first carrier device.
例如, 用户在购买 UICC时, 即可获得与所述 UICC对应的 UICC标识, 当用户向第一运营商设备申请开通 UICC时, 向第一运营商设备提交业务申 请请求, 所述业务申请请求中携带有所述 UICC标识。  For example, when the user purchases the UICC, the user can obtain the UICC identifier corresponding to the UICC. When the user applies to the first carrier device to open the UICC, the user submits a service request request to the first carrier device, where the service request is requested. Carrying the UICC logo.
第二种方式, UICC管理平台直接接收用户提交的业务开通请求,所述业 务开通请求消息中携带有 UICC标识和第一运营商设备标识。  In the second mode, the UICC management platform directly receives the service provisioning request submitted by the user, where the service opening request message carries the UICC identifier and the first carrier device identifier.
歩骤 602; 向与第一运营商设备标识对应的第一运营商设备发送预先保 存的与 UICC标识对应的 UICC证书,所述 UICC证书中携带有 UICC标识和 UICC公钥。  Step 602: Send a pre-stored UICC certificate corresponding to the UICC identifier to the first carrier device corresponding to the first carrier device identifier, where the UICC certificate carries the UICC identifier and the UICC public key.
在本歩骤中, UICC管理平台向与第一运营商设备标识对应的第一运营商 设备发送预先保存的与 UICC标识对应的 UICC证书,所述 UICC证书中携带 有 UICC标识和 UICC公钥。  In this step, the UICC management platform sends a pre-stored UICC certificate corresponding to the UICC identifier to the first carrier device corresponding to the first carrier device identifier, where the UICC certificate carries the UICC identifier and the UICC public key.
较佳地, 在本发明的具体实施例中, 在 UICC管理平台向第一运营商设 备发送预先保存的与 UICC标识对应的 UICC证书之前, UICC管理平台可以 查询与 UICC标识对应的 UICC是否被激活, 若未被激活, 则向第一运营商 设备发送预先保存的与 UICC标识对应的 UICC证书; 若已被激活, 则向第 一运营商设备发送错误提示信息。  Preferably, in a specific embodiment of the present invention, before the UICC management platform sends the pre-stored UICC certificate corresponding to the UICC identifier to the first carrier device, the UICC management platform may query whether the UICC corresponding to the UICC identifier is activated. If not activated, the pre-saved UICC certificate corresponding to the UICC identifier is sent to the first carrier device; if activated, the error message is sent to the first carrier device.
步骤 603:接收第一运营商设备发送的与 UICC标识对应的加密后的第一 业务密钥, 并将加密后的第一业务密钥发送给与 UICC标识对应的 UICC。 在本步骤中, UICC管理平台接收第一运营商设备发送的与 UICC标识对 应的加密后的第一业务密钥, 并将加密后的第一业务密钥发送给与 UICC标 识对应的 UICC。 Step 603: Receive an encrypted first corresponding to the UICC identifier sent by the first carrier device. The service key, and the encrypted first service key is sent to the UICC corresponding to the UICC identifier. In this step, the UICC management platform receives the encrypted first service key corresponding to the UICC identifier sent by the first carrier device, and sends the encrypted first service key to the UICC corresponding to the UICC identifier.
图 7为本发明开通通用集成电路卡的第三实现流程图。 如图 7所示, 包 括如下所述的步骤:  FIG. 7 is a flow chart of a third implementation of the universal integrated circuit card according to the present invention. As shown in Figure 7, the steps described below are included:
步骤 701 : 接收 UICC管理平台发送的 UICC证书, 所述 UICC证书中携 带有 UICC标识和 UICC公钥。  Step 701: Receive a UICC certificate sent by the UICC management platform, where the UICC certificate carries a UICC identifier and a UICC public key.
在本步骤中, 第一运营商设备接收 UICC管理平台发送的 UICC证书, 所述 UICC证书中携带有 UICC标识和 UICC公钥。  In this step, the first carrier device receives the UICC certificate sent by the UICC management platform, where the UICC certificate carries the UICC identifier and the UICC public key.
较佳的, 在本发明的具体实施例中, 第一运营商设备可以接收用户提交 业务申请请求, 所述业务申请请求中携带有 UICC标识; 第一运营商设备向 UICC管理平台发送业务开通请求,所述业务开遥请求中携带有 UICC标识和 第一运营商设备预先保存的第一运营商设备标识。  Preferably, in a specific embodiment of the present invention, the first carrier device may receive a user submitting a service request request, where the service request request carries a UICC identifier; and the first carrier device sends a service activation request to the UICC management platform. The service open request carries the UICC identifier and the first carrier device identifier pre-stored by the first carrier device.
步骤 702: 当对 UICC证书验证通过时, 根据预设方法生成与 UICC标识 对应的第一业务密钥,使用 UICC公钥对第一业务密钥进行加密,并通过 UICC 管理平台将加密后的第一业务密钥发送给与 UICC标识对应的 UICC。  Step 702: When the UICC certificate is verified, the first service key corresponding to the UICC identifier is generated according to a preset method, and the first service key is encrypted by using the UICC public key, and the encrypted first is obtained by the UICC management platform. A service key is sent to the UICC corresponding to the UICC identity.
在本步骤中, 第一运营商设备在接收到 UICC 管理平台发送的与 UICC 标识对应的 UICC证书之后, 对接收到的 UICC证书进行验证, 当第一运营 商设备对 UICC 证书验证通过时, 根据现有技术中的密钥生成方法生成与 UICC标识对应的第一业务密钥, 使用 UICC公钥对第一业务密钥进行加密, 第一运营商设备将加密后的第一业务密钥发送给 UICC管理平台, UICC管理 平台将接收到的加密后的第一业务密钥转发给与 UICC标识对应的 UICC。  In this step, after receiving the UICC certificate corresponding to the UICC identifier sent by the UICC management platform, the first carrier device verifies the received UICC certificate, and when the first carrier device verifies the UICC certificate, according to The key generation method in the prior art generates a first service key corresponding to the UICC identifier, encrypts the first service key by using the UICC public key, and the first carrier device sends the encrypted first service key to the first service key. The UICC management platform forwards the received encrypted first service key to the UICC corresponding to the UICC identifier.
歩骤 703:获取 UICC在获取到所述第一业务密钥之后发送的业务开通执 行响应, 所述业务开通执行响应中携带有 UICC预先保存的 UICC标识。  Step 703: Acquire a service provisioning execution response sent by the UICC after acquiring the first service key, where the service opening execution response carries a UICC identifier pre-saved by the UICC.
在本步骤中, 第一运营商设备获取 UICC在获取到所述第一业务密钥之 后发送的业务开通执行响应, 所述业务开通执行响应中携带有 UICC预先保 存的 UICC标识。  In this step, the first carrier device obtains a service activation execution response sent by the UICC after acquiring the first service key, where the service activation execution response carries a UICC identifier pre-stored by the UICC.
步骤 704: 使 ^第一业务密钥和 UICC迸行业务交互。 在本步骤中, 第一运营商设备使用第一业务密钥和 UICC进行业务交互。 图 8为本发明开通通用集成电路卡的第四实现流程图。 如图 8所示, 包 括如下所述的步骤: Step 704: Let the first service key interact with the UICC. In this step, the first carrier device performs service interaction using the first service key and the UICC. FIG. 8 is a flow chart showing a fourth implementation of the universal integrated circuit card according to the present invention. As shown in Figure 8, the steps described below are included:
步骤 801 : 接收 UICC管理平台发送的加密后的第一业务密钥。  Step 801: Receive an encrypted first service key sent by the UICC management platform.
在本步骤中, UICC接收 UICC管理平台发送的加密后的第一业务密钥。 步骤 802:使用预先保存的与 UICC公钥对应的 UICC私钥对加密后的第 一业务密钥进行解密, 获取第一业务密钥。  In this step, the UICC receives the encrypted first service key sent by the UICC management platform. Step 802: Decrypt the encrypted first service key by using a pre-stored UICC private key corresponding to the UICC public key to obtain the first service key.
在本步骤中, UICC在接收到 UICC管理平台发送的加密后的第一业务密 钥之后, 使用预先保存的 UICC私钥对加密后的第一业务密钥进行解密, 获 取第一业务密钥。  In this step, after receiving the encrypted first service key sent by the UICC management platform, the UICC decrypts the encrypted first service key by using the pre-stored UICC private key to obtain the first service key.
步骤 803 : 向第一运营商设备发送的业务开通执行响应, 所述业务开通 执行响应中携带有预先保存的 UICC标识。  Step 803: Perform a service activation response sent to the first carrier device, where the service activation response carries a pre-saved UICC identifier.
在本歩骤中, UICC在获取到第一业务密钥之后, 向 UICC管理平台返回 业务开通执行响应,所述业务开通执行响应中携带有 UICC预先保存的 UICC 标识, UICC 管理平台在接收到 UICC 发送的业务开遥执行响应之后, 将与 UICC标识对应的 UICC标记为已被激活,并将业务开通执行响应发送给第一 运营商设备。  In this step, after obtaining the first service key, the UICC returns a service opening execution response to the UICC management platform, where the service opening execution response carries the UICC identifier pre-stored by the UICC, and the UICC management platform receives the UICC. After the sent service performs the response, the UICC corresponding to the UICC identifier is marked as activated, and the service activation execution response is sent to the first carrier device.
歩骤 804; 使用第一业务密钥和第一运营商设备进行业务交互。  Step 804: Perform service interaction with the first carrier device by using the first service key.
在本歩骤中, UICC使用第一业务密钥和第一运营商设备进行业务交互。 进一歩的, 在本发明的具体实施例中, 在第一运营商设备和 UICC使用 所述第一业务密钥迸行业务交互之后, 还可以包括终止遥用集成电路卡的实 现流程, 图 9为本发明终止通用集成电路卡的第一实现流程图。如图 9所示, 包括如下所述的歩骤:  In this step, the UICC uses the first service key to perform business interaction with the first carrier device. Further, in a specific embodiment of the present invention, after the first carrier device and the UICC use the first service key to perform a service interaction, the implementation process of terminating the remote integrated circuit card may also be included, FIG. 9 The flow chart of the first implementation of terminating the universal integrated circuit card of the present invention. As shown in Figure 9, the following steps are included:
步骤 90h UICC管理平台接收第一运营商设备发送的业务终止请求, 所 述业务终止请求中携带有 UICC标识和第一运营商设备根据第一业务密钥生 成的第一报文鉴别码。  Step 90h: The UICC management platform receives the service termination request sent by the first carrier device, where the service termination request carries the UICC identifier and the first packet authentication code generated by the first carrier device according to the first service key.
较佳地, UICC管理平台在接收到第一运营商设备发送的业务终止请求之 后, 查询与 UICC标识对应的 UICC是否被激活, 若己被激活, 则将业务终 止请求发送给与所述 UICC标识对应的 UICC, 否则, 向第一运营商设备发送 错误提示信息。 Preferably, after receiving the service termination request sent by the first carrier device, the UICC management platform queries whether the UICC corresponding to the UICC identifier is activated, and if activated, sends a service termination request to the UICC identifier. Corresponding UICC, otherwise, send to the first carrier device Error message.
此外, UICC管理平台还可以在接收到第一运营商设备发送的业务终止请 求之前, 接收用户提交的业务取消请求, 所述业务取消请求中携带有 UICC 标识, UICC管理平台査询与 UICC标识对应的 UICC是否被激活, 若已被激 活, 则向第一运营商设备转发业务取消请求, 否则, 向用户发送错误提示信 息。  In addition, the UICC management platform may further receive a service cancellation request submitted by the user before receiving the service termination request sent by the first carrier device, where the service cancellation request carries a UICC identifier, and the UICC management platform query corresponds to the UICC identifier. Whether the UICC is activated, if activated, forwards the service cancellation request to the first carrier device, otherwise, sends an error message to the user.
步骤 902: UICC 管理平台将业务终止请求发送给与 UICC 标识对应的 UICC。  Step 902: The UICC management platform sends a service termination request to the UICC corresponding to the UICC identifier.
在本步骤中, 当与 UICC标识对应的 UICC已被激活时, UICC管理平台 将业务终止请求发送给与 UICC标识对应的 UICC。  In this step, when the UICC corresponding to the UICC identifier has been activated, the UICC management platform sends a service termination request to the UICC corresponding to the UICC identifier.
歩骤 903: 当 UICC对第一报文鉴别码校验通过^, 终止与第一运营商设 备进行业务交互。  Step 903: When the UICC checks the first packet authentication code by ^, the service interaction with the first carrier device is terminated.
在本步骤中, UICC可以按照现有技术中的报文鉴别码的校验方法对接收 到的第一报文鉴别码进行校验, 当 UICC对第一报文鉴别码校验通过时, 终 止与第一运营商设备进行业务交互。  In this step, the UICC may perform the verification on the received first message authentication code according to the verification method of the message authentication code in the prior art, and terminate when the UICC checks the first message authentication code. Perform business interaction with the first carrier device.
步骤 904:第一运营商设备获取 UICC在终止与第一运营商设备进行业务 交互之后发送的业务终止执行响应, 所述业务终止执行响应中携带有 UICC 标识。  Step 904: The first carrier device obtains a service termination execution response sent by the UICC after terminating the service interaction with the first carrier device, where the service termination execution response carries the UICC identifier.
较佳地, 在本步骤中, 当 UICC终止与第一运营商设备进行业务交互之 后, 向 UICC管理平台发送业务终止执行响应, 所述业务终止执行响应中携 带有 UICC标识。 UICC管理平台在接收到 UICC发送的业务终止执行响应之 后, 将与 UICC标识对应的 UICC标记为未被激活, 并将业务终止执行响应 发送给第一运营商设备。  Preferably, in this step, after the UICC terminates the service interaction with the first carrier device, the service termination execution response is sent to the UICC management platform, and the service termination execution response carries the UICC identifier. After receiving the service termination response sent by the UICC, the UICC management platform marks the UICC corresponding to the UICC identifier as being inactive, and sends a service termination execution response to the first carrier device.
通过上述对步骤 901〜904的描述可知, 能够实现终止通用集成电路卡与 第一运营商设备之间的业务交互。 下面结合出两个具体的实施例对通用集成 电路卡的终止流程迸行详细描述:  As can be seen from the above description of steps 901 to 904, it is possible to terminate the service interaction between the universal integrated circuit card and the first carrier device. The following is a detailed description of the termination process of the universal integrated circuit card in combination with two specific embodiments:
图 10为本发明终止通用集成电路卡的第一实施例的实现流程图。如图 10 所示, 包括如下所述的步骤:  FIG. 10 is a flowchart of an implementation of a first embodiment of terminating a universal integrated circuit card according to the present invention. As shown in Figure 10, the steps described below are included:
歩骤 1001 : MNOi接收用户提交的业务取消请求, 所述业务取消请求中 携带有 UICC ID。 Step 1001: The MNOi receives a service cancellation request submitted by the user, where the service cancellation request is Carry a UICC ID.
步骤 1002: MNOl根据第一业务密钥生成与 UICC ID对应的第一报文鉴 别码,向 UICC管理平台发送业务终止请求,所述业务终止请求中携带有 UICC ID和第一报文鉴别码。  Step 1002: The MNO1 generates a first message authentication code corresponding to the UICC ID according to the first service key, and sends a service termination request to the UICC management platform, where the service termination request carries the UICC ID and the first message authentication code.
在本步骤中, MN01 可以按照现有技术中的报文鉴别码的生成方法, 根 据第一业务密钥生成的与 UICC ID对应的第一报文鉴别码。  In this step, the MN01 may perform the first message authentication code corresponding to the UICC ID generated according to the first service key according to the method for generating the message authentication code in the prior art.
步骤!003: UICC管理平台查询与 UICC ID对应的 UICC是否被激活, 若未被激活, 执行步骤 1004, 否则, 执行步骤 1005。  step! 003: The UICC management platform queries whether the UICC corresponding to the UICC ID is activated. If not, the process proceeds to step 1004. Otherwise, step 1005 is performed.
步骤 1004: UICC管理平台向 MN01返回错误提示信息, 结束终止通用 集成电路卡的流程。  Step 1004: The UICC management platform returns an error message to the MN01, and ends the process of terminating the universal integrated circuit card.
歩骤 1005: UICC 管理平台将业务终止请求发送给与 UICC ID对应的 UICC。  Step 1005: The UICC management platform sends a service termination request to the UICC corresponding to the UICC ID.
歩骤 1006: 当 UICC对第一报文鉴别码校验通过时, 终止与 MN01进行 业务交互。  Step 1006: When the UICC passes the first message authentication code check, the service interaction with the MN01 is terminated.
歩骤 1007: UICC在终止与 MNOi进行业务交互之后向 UICC管理平台 发送业务终止执行响应, 所述业务终止执行响应中携带有 UICC ID。  Step 1007: The UICC sends a service termination execution response to the UICC management platform after terminating the service interaction with the MNOi, where the service termination execution response carries the UICC ID.
歩骤 1008: UICC管理平台将与 UICC ID对应的 UICC标记为未被激活。 步骤 1009: UICC管理平台将业务终止执行响应发送给 MN01。  Step 1008: The UICC management platform marks the UICC corresponding to the UICC ID as being inactive. Step 1009: The UICC management platform sends a service termination execution response to the MN01.
图 11为本发明终止通用集成电路卡的第二实施例的实现流程图。如图 11 所示, 包括如下所述的步骤:  11 is a flow chart showing the implementation of a second embodiment of terminating a universal integrated circuit card according to the present invention. As shown in Figure 11, the steps described below are included:
歩骤 1101 : UICC 管理平台接收用户提交的业务取消请求, 所述业务取 消请求中携带有 UICC ID。  Step 1101: The UICC management platform receives a service cancellation request submitted by a user, where the service cancellation request carries a UICC ID.
歩骤 1102: UICC管理平台查询与 UICC ID对应的 UICC是否被激活, 若未被激活, 执行歩骤 1103 , 否则, 执行步骤 1104。  Step 1102: The UICC management platform queries whether the UICC corresponding to the UICC ID is activated. If not, the process proceeds to step 1103. Otherwise, step 1104 is performed.
歩骤 1103: UICC 管理平台 ^用户返回错误提示信息, 结束终止通用集 成电路卡的流程。  Step 1103: UICC Management Platform ^ The user returns an error message and ends the process of terminating the general integrated circuit card.
歩骤 1104: UICC管理平台将业务取消请求转发给 MN01。  Step 1104: The UICC management platform forwards the service cancellation request to the MN01.
步骤 1105: M 01根据第一业务密钥生成的与 UICC ID对应的第一报文 鉴别码, 向 UICC管理平台发送业务终止请求, 所述业务终止请求中携带有 UICC ID和第一报文鉴别码。 Step 1105: M 01 sends a service termination request to the UICC management platform according to the first packet authentication code corresponding to the UICC ID generated by the first service key, where the service termination request carries UICC ID and first message authentication code.
步骤 1106: UICC 管理平台将业务终止请求发送给与 UICC ID 对应的 UICC。  Step 1106: The UICC management platform sends a service termination request to the UICC corresponding to the UICC ID.
步骤 1107: 当 UICC对第一报文鉴别码校验通过时, 终止与 MN01进行 业务交互。  Step 1107: When the UICC passes the first message authentication code check, the service interaction with the MN01 is terminated.
步骤 1108: UICC在终止与 MNI01迸行业务交互之后向 UICC管理平台 发送业务终止执行响应, 所述业务终止执行响应中携带有 UICC ID。  Step 1108: The UICC sends a service termination execution response to the UICC management platform after terminating the service interaction with the MNI01, where the service termination execution response carries the UICC ID.
步骤 1109: UICC管理平台将与 UICC ID对应的 UICC标记为未被激活。 步骤 1110: UICC管理平台将业务终止执行响应发送给 MN01。  Step 1109: The UICC management platform marks the UICC corresponding to the UICC ID as being inactive. Step 1110: The UICC management platform sends a service termination execution response to the MN01.
通过上述对两个终止通用集成电路卡的实施例的描述可知, UICC管理平 台根据业务终止请求中携带的 UICC标识和第一运营商设备标识, 终止通用 集成电路卡与第一运营商设备标识对应的第一运营商设备之间的业务交互。  According to the foregoing description of the two embodiments of the terminating universal integrated circuit card, the UICC management platform terminates the universal integrated circuit card and the first carrier device identifier according to the UICC identifier and the first carrier device identifier carried in the service termination request. Business interaction between the first carrier devices.
图 12为本发明终止通用集成电路卡的第二实现流程图。 如图 12所示, 包括如下所述的步骤:  FIG. 12 is a flow chart of a second implementation of terminating a universal integrated circuit card according to the present invention. As shown in Figure 12, the steps described below are included:
歩骤 120 接收第一运营商设备发送的业务终止请求, 所述业务终止请 求中携带有 UICC标识和第一运营商设备根据第一业务密钥生成的第一报文 鉴别码。  Step 120: Receive a service termination request sent by the first carrier device, where the service termination request carries a UICC identifier and a first packet authentication code generated by the first carrier device according to the first service key.
在本歩骤中, UICC管理平台接收第一运营商设备发送的业务终止请求, 所述业务终止请求中携带有 UICC标识和第一运营商设备根据第一业务密钥 生成的第一报文鉴别码。  In this step, the UICC management platform receives the service termination request sent by the first carrier device, where the service termination request carries the UICC identifier and the first message generated by the first carrier device according to the first service key. code.
较佳地, UICC管理平台在接收到第一运营商设备发送的业务终止请求之 后, 查询与 UICC标识对应的 UICC是否被激活, 若已被激活, 则将业务终 止请求发送给与所述 UICC标识对应的 UICC, 否则, 向第一运营商设备发送 错误提示信息。  Preferably, after receiving the service termination request sent by the first carrier device, the UICC management platform queries whether the UICC corresponding to the UICC identifier is activated, and if activated, sends a service termination request to the UICC identifier. The corresponding UICC, otherwise, sends an error message to the first carrier device.
此外, UICC管理平台还可以在接收到第一运营商设备发送的业务终止请 求之前, 接收用户提交的业务取消请求, 所述业务取消请求中携带有 UICC 标识, UICC管理平台查询与 UICC标识对应的 UICC是否被激活, 若已被激 活, 贝 第一运营商设备转发业务取消请求, 否则, 向 ffi户发送错误提示信 息。 步骤!202: 将业务终止请求发送给与 UICC标识对应的 UICC。 In addition, the UICC management platform may further receive a service cancellation request submitted by the user before receiving the service termination request sent by the first carrier device, where the service cancellation request carries a UICC identifier, and the UICC management platform queries the UICC identifier corresponding to the UICC identifier. Whether the UICC is activated, if it has been activated, the first carrier device of the Bay forwards the service cancellation request, otherwise, sends an error message to the ffi household. step! 202: Send a service termination request to a UICC corresponding to the UICC identifier.
在本步骤中, UICC管理平台将业务终止请求发送给与 UICC标识对应的 UICC。  In this step, the UICC management platform sends a service termination request to the UICC corresponding to the UICC identifier.
进一步的, UICC管理平台接收 UICC在终止与第一运营商设备迸行业务 交互之后发送的业务终止执行响应, 所述业务终止执行响应中携带有 UICC 标识, UICC 管理平台在接收到 UICC发送的业务终止执行响应之后, 将与 UICC标识对应的 UICC标记为未被激活,并将业务终止执行响应发送给第一 运营 Ι¾设备。  Further, the UICC management platform receives the service termination execution response sent by the UICC after terminating the service interaction with the first carrier device, where the service termination execution response carries the UICC identifier, and the UICC management platform receives the service sent by the UICC. After terminating the execution response, the UICC corresponding to the UICC identity is marked as not activated, and the service termination execution response is sent to the first operational device.
图 13为本发明终止通用集成电路卡的第三实现流程图。 如图!3所示, 包括如下所述的步骤:  FIG. 13 is a flowchart of a third implementation of terminating a universal integrated circuit card according to the present invention. As shown! 3, including the steps described below:
歩骤 1301 : 向 UICC管理平台发送业务终止请求, 所述业务终止请求中 携带有 UICC标识和根据第一业务密钥生成的第一报文鉴别码。  Step 1301: Send a service termination request to the UICC management platform, where the service termination request carries a UICC identifier and a first packet authentication code generated according to the first service key.
在本步骤中, 第一运营商设备向 UICC管理平台发送业务终止请求, 所 述业务终止请求中携带有 UICC标识和第一运营商设备根据第一业务密钥生 成的第一报文鉴别码。  In this step, the first carrier device sends a service termination request to the UICC management platform, where the service termination request carries the UICC identifier and the first packet authentication code generated by the first carrier device according to the first service key.
步骤 1302: 获取 UICC发送的业务终止执行响应, 所述业务终止执行响 应中携带有 UICC标识。  Step 1302: Acquire a service termination execution response sent by the UICC, where the service termination execution response carries a UICC identifier.
在本歩骤中, 第一运营商设备获取 UICC在终止与第一运营商设备进行 业务交互之后发送的业务终止执行响应, 所述业务终止执行响应中携带有 In this step, the first carrier device obtains a service termination execution response sent by the UICC after terminating the service interaction with the first carrier device, where the service termination execution response carries
UICC标识。 UICC logo.
图 14为本发明终止通用集成电路卡的第四实现流程图。 如图 14所示, 包括如下所述的步骤:  14 is a flow chart of a fourth implementation of terminating a universal integrated circuit card according to the present invention. As shown in Figure 14, the steps described below are included:
歩骤 1401 : 接收 UICC管理平台发送的业务终止请求, 所述业务终止请 求中携带有 UICC标识和第一运营商设备根据第一业务密钥生成的第一报文 鉴别码。  Step 1401: Receive a service termination request sent by the UICC management platform, where the service termination request carries a UICC identifier and a first packet authentication code generated by the first carrier device according to the first service key.
在本歩骤中, UICC接收 UICC管理平台发送的业务终止请求, 所述业务 终止请求中携带有 UICC标识和第一运营商设备根据第一业务密钥生成的第 一报文鉴别码。  In this step, the UICC receives the service termination request sent by the UICC management platform, where the service termination request carries the UICC identifier and the first packet authentication code generated by the first carrier device according to the first service key.
歩骤 1402: 当对第一报文鉴别码校验通过时, 终止与第一运营商设备进 行业务交互。 Step 1402: When the first message authentication code is verified, the device is terminated with the first carrier device. Line business interaction.
在本步骤中, UICC可以按照现有技术中的报文鉴别码的校验方法对接收 到的第一报文鉴别码进行校验, 当 UICC对第一报文鉴别码校验通过日寸, 终 止与第一运营商设备进行业务交互。  In this step, the UICC may perform the verification of the received first message authentication code according to the verification method of the message authentication code in the prior art, and when the UICC checks the first message authentication code through the date, Terminate the business interaction with the first carrier device.
步骤 1403: 向第一运营商设备发送业务终止执行响应, 所述业务终止执 行响应中携带有 UICC标识。  Step 1403: Send a service termination execution response to the first carrier device, where the service termination execution response carries a UICC identifier.
在本步骤中,当 UICC终止与第一运营商设备进行业务交互之后,向 UICC 管理平台发送业务终止执行响应, 所述业务终止执行响应中携带有 UICC标 识。 UICC管理平台在接收到 UICC发送的业务终止执行响应之后,将与 UICC 标识对应的 UICC标记为未被激活, 并将业务终止执行响应发送给第一运营 商设备。  In this step, after the UICC terminates the service interaction with the first carrier device, the service termination execution response is sent to the UICC management platform, where the service termination execution response carries the UICC identifier. After receiving the service termination execution response sent by the UICC, the UICC management platform marks the UICC corresponding to the UICC identifier as being inactive, and sends a service termination execution response to the first carrier device.
进一歩的, 在本发明的具体实施例中, 在第一运营商设备和 UICC使用 所述第一业务密钥迸行业务交互之后, 还可以包括通用集成电路卡切换运营 商的实现流程, 图 15 为本发明通 ^集成电路卡切换运营商的第一实现流程 图。 如图 15所示, 包括如下所述的步骤:  Further, in a specific embodiment of the present invention, after the first carrier device and the UICC use the first service key to perform a service interaction, the implementation process of the universal integrated circuit card switching operator may also be included. 15 is a flow chart of the first implementation of the integrated circuit card switching operator of the present invention. As shown in Figure 15, the steps described below are included:
步骤 1501 : UICC管理平台接收运营商切换请求, 所述运营商切换请求 中携带有 UICC标识和第二运营商设备标识。  Step 1501: The UICC management platform receives the operator handover request, where the operator handover request carries the UICC identifier and the second carrier device identifier.
在本步骤中, UICC 管理平台可以采用如下两种方式接收运营商切换请 第一种方式, 用户申请切换至的第二运营商设备 MN02接收用户提交的 运营商切换申请, 所述运营商切换申请中携带有 UICC标识; 第二运营商设 备向 UICC 管理平台发送业务切换请求, 所述业务切换请求中携带有 UICC 标识和第二运营商设备预先保存的第二运营商设备标识。  In this step, the UICC management platform can receive the operator handover in the following two manners. The second carrier device MN02 that the user applies for handover receives the operator handover request submitted by the user, and the operator handover application is performed. The second carrier device carries a service switching request to the UICC management platform, where the service switching request carries the UICC identifier and the second carrier device identifier pre-stored by the second carrier device.
第二种方式, UICC管理平台直接接收用户提交的运营商切换请求, 所述 运营商切换请求中携带有 UICC标识和第二运营商设备标识。  In the second mode, the UICC management platform directly receives the operator handover request submitted by the user, where the operator handover request carries the UICC identifier and the second carrier device identifier.
步骤 1502: 当第一运营商设备允许与 UICC标识对应的 UICC切换运营 商设备时, UICC管理平台向与第二运营商设备标识对应的第二运营商设备发 送 UICC证书, 所述 UICC证书中携带有 UICC标识和 UICC公钥。  Step 1502: When the first carrier device allows the UICC to switch to the operator device corresponding to the UICC identifier, the UICC management platform sends a UICC certificate to the second carrier device corresponding to the second carrier device identifier, where the UICC certificate carries There is a UICC identity and a UICC public key.
在本步骤中, UICC管理平台根据 UICC标识, 查询与 UICC标识对应的 UICC 当前归属的运营商设备标识, UICC 管理平台向与 UICC 标识对应的 UICC 当前归属的第一运营商设备转发运营商切换申请, 第一运营商设备向 UICC管理平台返回运营商切换响应, UICC管理平台在接收到第一运营商设 备发送的允许与 UICC标识对应的 UICC切换运营商的运营商切换响应之后, 向与第二运营商设备标识对应的第二运营商设备发送 UICC证书,所述 UICC 证书中携带有 UICC标识和 UICC公钥。 In this step, the UICC management platform queries the UICC identifier according to the UICC identifier. The UICC management platform forwards the carrier switching request to the first carrier device to which the UICC corresponding to the UICC identifier belongs, and the first carrier device returns the operator switching response to the UICC management platform, UICC management. After receiving the operator handover response of the UICC handover operator corresponding to the UICC identifier sent by the first carrier device, the platform sends a UICC certificate to the second carrier device corresponding to the second carrier device identifier, where the UICC is sent. The certificate carries the UICC identifier and the UICC public key.
步骤 1503: 当第二运营商设备对 UICC证书验证通过时, 根据预设方法 生成与 UICC标识对应的第二业务密钥, 使用 UICC公钥对第二业务密钥进 行加密, 将与 UICC标识对应的加密后的第二业务密钥发送给 UICC管理平 台  Step 1503: When the second carrier device verifies the UICC certificate, the second service key corresponding to the UICC identifier is generated according to the preset method, and the second service key is encrypted by using the UICC public key, and the UICC identifier is matched. The encrypted second service key is sent to the UICC management platform
在本步骤中, 第二运营商设备在接收到 UICC 管理平台发送的与 UICC 标识对应的 UICC证书之后, 对接收到的 UICC证书进行验证, 当第二运营 商设备对 UICC 证书验证通过时, 根据现有技术中的密钥生成方法生成与 UICC标识对应的第二业务密钥, 使用 UICC公钥对第二业务密钥进行加密, 第二运营商设备将与 UICC 标识对应的加密后的第二业务密钥发送给 UICC 管理平台。  In this step, after receiving the UICC certificate corresponding to the UICC identifier sent by the UICC management platform, the second carrier device verifies the received UICC certificate, and when the second carrier device verifies the UICC certificate, according to The key generation method in the prior art generates a second service key corresponding to the UICC identifier, encrypts the second service key by using the UICC public key, and the second carrier device encrypts the second corresponding to the UICC identifier. The business key is sent to the UICC management platform.
歩骤 1504: UICC管理平台将与 UICC标识对应的加密后的第二业务密钥 发送给第一运营商设备, 接收第一运营商设备根据加密后的第二业务密钥生 成的与 UICC标识对应的第二报文鉴别码。  Step 1504: The UICC management platform sends the encrypted second service key corresponding to the UICC identifier to the first carrier device, and receives the UICC identifier generated by the first carrier device according to the encrypted second service key. The second message authentication code.
在本歩骤中, UICC管理平台在接收到第二运营商设备发送的与 UICC标 识对应的加密后的第二业务密钥之后, 将所述加密后的第二业务密钥发送给 第一运营商设备, 第一运营商设备根据所述加密后的第二业务密钥生成与 In this step, after receiving the encrypted second service key corresponding to the UICC identifier sent by the second carrier device, the UICC management platform sends the encrypted second service key to the first operation. The first device device generates and is generated according to the encrypted second service key.
UICC标识对应的第二报文鉴别码,将第二报文鉴别码发送给 UICC管理平台。 The second packet authentication code corresponding to the UICC identifier is sent to the UICC management platform.
步骤 1505: UICC 管理平台将加密后的第二业务密钥和第二报文鉴别码 步骤 1506: 当 UICC对第二报文蓥别码校验通过时, 使用 UICC私钥对 加密后的第二业务密钥迸行解密, 获取第二业务密钥。  Step 1505: The UICC management platform encrypts the second service key and the second message authentication code. Step 1506: When the UICC checks the second message identification code, the second encrypted second pair is used. The service key is decrypted to obtain the second service key.
步骤 1507: 第二运营商设备获取 UICC在获取到第二业务密钥之后发送 的运营商切换执行响应, 所述运营商切换执行响应中携带有 UICC标识。 步骤!508: 第二运营商设备与 UICC使用第二业务密钥进行业务交互。 通过上述对步骤 1501〜1508的描述可知, 能够实现通用集成电路卡从第 一运营商设备切换到第二运营商设备。 下面结合出两个具体的实施例对通用 集成电路卡切换运营商的流程进行详细描述: Step 1507: The second carrier device acquires an operator handover execution response sent by the UICC after acquiring the second service key, where the operator handover execution response carries the UICC identifier. step! 508: The second carrier device interacts with the UICC using the second service key. As can be seen from the above description of steps 1501 to 1508, it is possible to switch from the first carrier device to the second carrier device. The following describes the flow of the general-purpose integrated circuit card switching operator in detail by combining two specific embodiments:
图 16为本发明通用集成电路卡切换运营商的第一实施例的实现流程图。 如图 16所示, 包括如下所述的步骤:  FIG. 16 is a flowchart of an implementation of a first embodiment of a universal integrated circuit card switching operator according to the present invention. As shown in Figure 16, the steps described below are included:
步骤!601 : 第二运营商设备 MN02接收用户提交的运营商切换申请, 所 述运营商切换申请中携带有 UICC ID。  step! 601: The second carrier device MN02 receives the operator handover request submitted by the user, where the operator handover request carries the UICC ID.
步骤 1602: MN02向 UICC管理平台转发运营商切换请求, 所述运营商 切换申请中携带有 UICC ID和第二运营商标识。  Step 1602: The MN02 forwards the operator handover request to the UICC management platform, where the operator handover request carries the UICC ID and the second operator identifier.
歩骤 1603: UICC管理平台查询与 UICC ID对应的 UICC当前归属的运 营商设备标识。  Step 1603: The UICC management platform queries the operator device identifier currently belonging to the UICC corresponding to the UICC ID.
歩骤 1604: UICC管理平台向与 UICC ID对应的 UICC当前归属的运营 商设备 MNOi转发运营商切换申请。  Step 1604: The UICC management platform forwards the operator switching request to the operator equipment MNOi to which the UICC corresponding to the UICC ID belongs.
歩骤 1605: MNOI向 UICC管理平台返回运营商切换响应。  Step 1605: The MNOI returns a carrier handover response to the UICC management platform.
在本歩骤中, 所述运营商切换响应中可以携带 MNOi允许与 UICC标识 对应的 UICC切换运营商设备的信息, 也可以携带 MNOI不允许与 UICC标 识对应的 UICC切换运营商设备的信息。  In this step, the operator switching response may carry the information that the MNOi allows the UICC corresponding to the UICC identifier to switch the carrier device, and may also carry the information that the MNOI does not allow the UICC corresponding to the UICC identifier to switch the carrier device.
歩骤 1606: 当 MNOI允许与 UICC ID对应的 UICC切换运营商设备寸, UICC管理平台向 MN02发送预先保存的与 UICC ID对应的 UICC 证书, 所 述 UICC证书中携带有 UICC ID和 UICC公钥 PubUICCkey。  Step 1606: When the MNOI allows the UICC corresponding to the UICC ID to switch the carrier device, the UICC management platform sends the pre-stored UICC certificate corresponding to the UICC ID to the MN02, where the UICC certificate carries the UICC ID and the UICC public key PubUICCkey. .
步骤 1607: 当 MN02对 UICC证书验证通过时, 根据预设方法生成与 UICC ID 对应的第二业务密钥 AUICCkey2, 并使用 PubUICCkey 对 AUICCkey2进行加密。  Step 1607: When the MN02 verifies the UICC certificate, the second service key AUICCkey2 corresponding to the UICC ID is generated according to a preset method, and the AUICCkey2 is encrypted by using the PubUICCkey.
歩骤 1608: MN02向 UICC管理平台发送与 UICC ID对应的加密后的第 歩骤 1609: UICC管理平台将 [AUICCkey2]PubUICCkey发送给 MN01。 步骤 1610: MN01根据 [AUICCkey2]PubUICCkey生成第二报文鉴别码。 歩骤 1611 : M 01将第二报文鉴别码发送给 UICC管理平台。 步骤 1612 : UICC 管理平台向与 UICC ID 对应的 UICC 发送 步骤 1613: 当 UICC 对第二报文鉴别码校验通过时, 使用 UICC 私钥 PriUICCkey 对 [AUICCkey2]PubUICCkey 进行解密, 获得第二业务密钥 AUICCkey2。 Step 1608: The MN02 sends an encrypted first step 1609 corresponding to the UICC ID to the UICC management platform: The UICC management platform sends the [AUICCkey2]PubUICCkey to the MN01. Step 1610: The MN01 generates a second message authentication code according to [AUICCkey2] PubUICCkey. Step 1611: M 01 sends the second message authentication code to the UICC management platform. Step 1612: The UICC management platform sends a step 1613 to the UICC corresponding to the UICC ID: When the UICC checks the second message authentication code, the UICC private key PriUICCkey is used to decrypt [AUICCkey2]PubUICCkey to obtain the second service key. AUICCkey2.
步骤 1614: UICC在获取到 AUICCkey2之后向 UICC管理平台返回运营 商切换执行响应, 所述运营商切换执行响应中携带有 UICC ID。  Step 1614: After obtaining the AUICCkey2, the UICC returns an operator handover execution response to the UICC management platform, where the operator handover execution response carries the UICC ID.
步骤 1615 : UICC 管理平台将该 UICC 当前归属的运营商设备修改为 M 02。  Step 1615: The UICC management platform modifies the current carrier device of the UICC to M 02.
步骤 1616: UICC管理平台向 MN01返回运营商切换执行响应; 歩骤 1617: UICC管理平台向 MN02返回运营商切换执行响应。  Step 1616: The UICC management platform returns an operator handover execution response to the MN01. Step 1617: The UICC management platform returns a carrier handover execution response to the MN02.
步骤 1618: MN02与 UICC使用第二业务密钥 AUICCkey2进行业务交互。 图 17为本发明通用集成电路卡切换运营商的第二实施例的实现流程图。 如图 17所示, 包括如下所述的步骤;  Step 1618: The MN02 interacts with the UICC using the second service key AUICCkey2. FIG. 17 is a flowchart of an implementation of a second embodiment of a universal integrated circuit card switching operator according to the present invention. As shown in FIG. 17, the steps described below are included;
歩骤 1701 ; UICC 管理平台接收用户提交的运营商切换请求, 所述运营 商切换请求中携带有 UICC ID和第二运营商设备标识。  Step 1701: The UICC management platform receives the operator handover request submitted by the user, where the operator handover request carries the UICC ID and the second carrier device identifier.
歩骤 Π02: UICC管理平台查询与 UICC ID对应的 UICC当前归属的运 营商设备标识。  Step Π02: The UICC management platform queries the operator device identifier currently belonging to the UICC corresponding to the UICC ID.
歩骤 1703: UICC管理平台向与 UICC ID对应的 UICC当前归属的运营 商设备 MNOi转发所述运营商切换申请。  Step 1703: The UICC management platform forwards the operator switching request to the operator equipment MNOi to which the UICC corresponding to the UICC ID belongs.
歩骤 Π04: MN01向 UICC管理平台返回运营商切换响应。  Step Π04: MN01 returns the operator handover response to the UICC management platform.
步骤 1705;当 MNOi允许与 UICC标识对应的 UICC切换运营商设备时, UICC管理平台向 MN02发送预先保存的与 UICC ID对应的 UICC 证书, 所 述 UICC证书中携带有 UICC ID和 UICC公钥 PubUICCkey。  Step 1705: When the MNOi allows the UICC corresponding to the UICC identifier to switch to the operator device, the UICC management platform sends the pre-stored UICC certificate corresponding to the UICC ID to the MN02, where the UICC certificate carries the UICC ID and the UICC public key PubUICCkey.
歩骤 1706: 当 MN02对 UICC证书验证通过时, 根据预设方法生成与 UICC ID 对应的第二业务密钥 AUICCkey2 , 并使用 PubUICCkey 对 AUICCkey2进行加密。  Step 1706: When the MN02 verifies the UICC certificate, the second service key AUICCkey2 corresponding to the UICC ID is generated according to a preset method, and the AUICCkey2 is encrypted by using the PubUICCkey.
步骤 1707: MN02向 UICC管理平台发送与 UICC ID对应的加密后的第 二业务密钥 [AUICCkey2]PubUICCkey。 步骤 1708: UICC管理平台将 [AUICCkey2]PubUICCkey发送给 MNOl。 步骤 1709: MNOl根据 [AUICCkey2]PubUICCkey生成第二报文鉴别码。 步骤!710: MNOl将第二报文鉴别码发送给 UICC管理平台。 Step 1707: The MN02 sends the encrypted second service key [AUICCkey2] PubUICCkey corresponding to the UICC ID to the UICC management platform. Step 1708: The UICC management platform sends [AUICCkey2] PubUICCkey to MNO1. Step 1709: MNO1 generates a second message authentication code according to [AUICCkey2] PubUICCkey. step! 710: The MNO1 sends the second packet authentication code to the UICC management platform.
步骤 1711 : UICC 管理平台向与 UICC ID 对应的 UICC 发送 步骤 1712: 当 UICC 对第二报文鉴别码校验通过日寸, 使用 UICC 私钥 PriUICCkey 对 [AUICCkey2]PubUICCk:ey 进行解密, 获得第二业务密钥 AUICCkey2o  Step 1711: The UICC management platform sends a step 1712 to the UICC corresponding to the UICC ID: when the UICC checks the second message authentication code through the date, decrypts [AUICCkey2]PubUICCk:ey using the UICC private key PriUICCkey to obtain the second. Business key AUCCkey2o
步骤 1713: UICC在获取到 AUICCkey2之后向 UICC管理平台返回运营 商切换执行响应, 所述运营商切换执行响应中携带有 UICC ID。  Step 1713: After obtaining the AUICCkey2, the UICC returns an operator handover execution response to the UICC management platform, where the operator handover execution response carries the UICC ID.
歩骤 1714: UICC 管理平台将该 UICC 当前归属的运营商设备修改为 MN02。  Step 1714: The UICC management platform modifies the current carrier device of the UICC to MN02.
歩骤 UICC管理平台向 MNOl返回运营商切换执行响应; 步骤 1716: UICC管理平台向 MN02返回运营商切换执行响应。  The UICC management platform returns an operator handover execution response to the MNO1. Step 1716: The UICC management platform returns a carrier handover execution response to the MN02.
歩骤 1717; MN02与 UICC使用第二业务密钥 AUICCkey2进行业务交互。 图 18为本发明通用集成电路卡切换运营商的第二实现流程图。 如图 18 所示, 包括如下所述的步骤- 步骤 1801 : 接收运营商切换请求, 所述运营商切换请求中携带有 UICC 标识和第二运营商设备标识。  Step 1717: The MN02 and the UICC use the second service key AUICCkey2 for service interaction. FIG. 18 is a second implementation flowchart of a universal integrated circuit card switching operator according to the present invention. As shown in FIG. 18, the method includes the following steps: Step 1801: Receive an operator handover request, where the operator handover request carries a UICC identifier and a second carrier device identifier.
在本歩骤中, UICC管理平台接收运营商切换请求, 所述运营商切换请求 中携带有 UICC标识和第二运营商设备标识。  In this step, the UICC management platform receives the operator handover request, where the operator handover request carries the UICC identifier and the second carrier device identifier.
进一歩的, UICC管理平台可以采用如下两种方式接收运营商切换请求: 第一种方式, 用户申请切换至的第二运营商设备 MN02接收用户提交的 运营商切换申请, 所述运营商切换申请中携带有 UICC标识; 第二运营商设 备向 UICC 管理平台发送业务切换请求, 所述业务切换请求中携带有 UICC 标识和第二运营商设备预先保存的第二运营商设备标识。  Further, the UICC management platform can receive the operator handover request in the following two manners: In the first mode, the second carrier device MN02 that the user applies for handover receives the operator handover request submitted by the user, and the operator switches the application. The second carrier device carries a service switching request to the UICC management platform, where the service switching request carries the UICC identifier and the second carrier device identifier pre-stored by the second carrier device.
第二种方式, UICC管理平台直接接收用户提交的运营商切换请求, 所述 运营商切换请求中携带有 UICC标识和第二运营商设备标识。  In the second mode, the UICC management platform directly receives the operator handover request submitted by the user, where the operator handover request carries the UICC identifier and the second carrier device identifier.
歩骤 1802: 当第一运营商设备允许与 UICC标识对应的 UICC切换运营 商设备时, 向与第二运营商设备标识对应的第二运营商设备发送 UICC证书, 所述 UICC证书中携带有 UICC标识和 UICC公钥。 Step 1802: When the first carrier device allows UICC switching operation corresponding to the UICC identifier The UICC certificate is sent to the second carrier device corresponding to the second carrier device identifier, where the UICC certificate carries the UICC identifier and the UICC public key.
在本步骤中,当第一运营商设备允许与 UICC标识对应的 UICC切换运营 商设备时, UICC管理平台向与第二运营商设备标识对应的第二运营商设备发 送 UICC证书, 所述 UICC证书中携带有 UICC标识和 UICC公钥。  In this step, when the first carrier device allows the UICC corresponding to the UICC identifier to switch the carrier device, the UICC management platform sends a UICC certificate to the second carrier device corresponding to the second carrier device identifier, where the UICC certificate is generated. It carries the UICC logo and the UICC public key.
步骤 1803: 接收第二运营商设备发送的与 UICC标识对应的加密后的第 二业务密钥, 并将与所述 UICC标识对应的加密后的第二业务密钥发送给所 述第一运营商设备。  Step 1803: Receive an encrypted second service key corresponding to the UICC identifier sent by the second carrier device, and send the encrypted second service key corresponding to the UICC identifier to the first carrier. device.
在本步骤中, UICC管理平台接收第二运营商设备发送的与 UICC标识对 应的加密后的第二业务密钥, 并将加密后的第二业务密钥发送给第一运营商 设备。 第一运营商设备根据加密后的第二业务密钥生成与 UICC标识对应的 第二报文鉴别码, 将第二报文鉴别码发送给 UICC管理平台。  In this step, the UICC management platform receives the encrypted second service key corresponding to the UICC identifier sent by the second carrier device, and sends the encrypted second service key to the first carrier device. The first carrier device generates a second packet authentication code corresponding to the UICC identifier according to the encrypted second service key, and sends the second packet authentication code to the UICC management platform.
歩骤 1804; 接收第一运营商设备根据加密后的第二业务密钥生成的与 UICC标识对应的第二报文鉴别码。  Step 1804: Receive a second packet authentication code corresponding to the UICC identifier generated by the first carrier device according to the encrypted second service key.
在本步骤中, UICC管理平台接收第一运营商设备根据加密后的第二业务 密钥生成的与 UICC标识对应的第二报文鉴别码。  In this step, the UICC management platform receives the second packet authentication code corresponding to the UICC identifier generated by the first carrier device according to the encrypted second service key.
歩骤 1805; 将加密后的第二业务密钥和第二报文鉴别码发送给与 UICC 标识对应的 UICC。  Step 1805: Send the encrypted second service key and the second message authentication code to the UICC corresponding to the UICC identifier.
在本步骤中, UICC管理平台将加密后的第二业务密钥和第二报文鉴别码 发送给与 UICC标识对应的 UICC。  In this step, the UICC management platform sends the encrypted second service key and the second message authentication code to the UICC corresponding to the UICC identifier.
图 19为本发明通用集成电路卡切换运营商的第≡实现流程图。 如图 19 所示, 包括如下所述的步骤:  FIG. 19 is a flowchart showing the third implementation of the universal integrated circuit card switching operator of the present invention. As shown in Figure 19, the steps described below are included:
歩骤 1901 ; 接收 UICC管理平台发送的与 UICC标识对应的加密后的第 二业务密钥。  Step 1901: Receive an encrypted second service key corresponding to the UICC identifier sent by the UICC management platform.
在本步骤中,第一运营商设备接收 UICC管理平台发送的与 UICC标识对 应的加密后的第二业务密钥。  In this step, the first carrier device receives the encrypted second service key corresponding to the UICC identifier sent by the UICC management platform.
歩骤 1902: UICC管理平台发送根据加密后的第二业务密钥生成的与 UICC标识对应的第二报文鉴别码。  Step 1902: The UICC management platform sends a second packet authentication code corresponding to the UICC identifier generated according to the encrypted second service key.
在本步骤中, 第一运营商设备向 UICC管理平台发送根据加密后的第二 业务密钥生成的与 UICC标识对应的第二报文鉴别码。 In this step, the first carrier device sends the encrypted second according to the UICC management platform. The second message authentication code corresponding to the UICC identifier generated by the service key.
图 20为本发明通用集成电路卡切换运营商的第四实现流程图。 如图 20 所示, 包括如下所述的步骤:  FIG. 20 is a flowchart of a fourth implementation of a universal integrated circuit card switching operator according to the present invention. As shown in Figure 20, the steps described below are included:
步骤 2001 : 接收 UICC管理平台发送的加密后的第二业务密钥和第二报 文鉴别码。  Step 2001: Receive the encrypted second service key and the second message authentication code sent by the UICC management platform.
在本步骤中, UICC接收 UICC管理平台发送的加密后的第二业务密钥和 第二报文鉴别码。  In this step, the UICC receives the encrypted second service key and the second message authentication code sent by the UICC management platform.
步骤 2002: 当对第二报文鉴别码校验通过时, 使用 UICC私钥对加密后 的第二业务密钥进行解密, 获取第二业务密钥。  Step 2002: When the second message authentication code is verified, the encrypted second service key is decrypted by using the UICC private key to obtain the second service key.
在本步骤中, 当 UICC当对第二报文鉴别码校验通过时,使用 UICC私钥 对加密后的第二业务密钥进行解密, 获取第二业务密钥。  In this step, when the UICC passes the verification of the second message authentication code, the encrypted second service key is decrypted by using the UICC private key to obtain the second service key.
步骤 2003: 向第二运营商设备发送运营商切换执行响应, 所述运营商切 换执行响应中携带有 UICC标识。  Step 2003: Send a carrier handover execution response to the second carrier device, where the operator switching execution response carries the UICC identifier.
在本歩骤中, UICC在获取到第二业务密钥之后, 向第二运营商设备发送 运营商切换执行响应, 所述运营商切换执行响应中携带有 UICC标识。  In this step, after obtaining the second service key, the UICC sends an operator handover execution response to the second carrier device, where the operator handover execution response carries the UICC identifier.
步骤 2004: 使用第二业务密钥和第二运营商设备进行业务交互。  Step 2004: Perform a service interaction with the second carrier device by using the second service key.
在本步骤中, UICC使用第二业务密钥和第二运营商设备进行业务交互。 本发明提出的通 ^集成电路卡的数据配置方法, UICC管理平台根据业务 开通请求中携带的 UICC标识和第一运营商设备标识, 获取第一运营商设备 生成的与 UICC标识对应的加密后的第一业务密钥, UICC在获取到所述加密 后的第一业务密钥之后使用预先保存的 UICC私钥对加密后的第一业务密钥 进行解密,使用解密后得到的第一业务密钥与第一运营商设备进行业务交互。 由于 ^户发送的业务开通请求中携带有第一运营商设备标识, UICC管理平台 根据所述第一运营商设备标识为通 ^集成电路卡开通与第一运营商设备标识 对应的第一运营商设备之间的业务交互, 因此运营商能够灵活地对通用集成 电路卡中的运营商数据进行动态配置, 无需 M2M终端在生产过程中需要根 据运营商进行定制开发,因此本发明提出的通 ^集成电路卡的数据配置方法, 解决了现有技术中 M2M终端只能和预定的运营商进行通信的技术问题, 扩 大了 M2M终端的使用范围; 另外, 本发明所述方法实现起来筒孳方便, 便 于普及。 In this step, the UICC uses the second service key to perform service interaction with the second carrier device. According to the data configuration method of the integrated circuit card of the present invention, the UICC management platform obtains the encrypted information corresponding to the UICC identifier generated by the first carrier device according to the UICC identifier and the first carrier device identifier carried in the service provisioning request. The first service key, the UICC decrypts the encrypted first service key using the pre-stored UICC private key after acquiring the encrypted first service key, and uses the decrypted first service key. Perform business interaction with the first carrier device. The UICC management platform opens the first carrier corresponding to the first carrier device identifier according to the first carrier device identifier according to the first carrier device identifier. The service interaction between the devices, so that the operator can flexibly configure the carrier data in the universal integrated circuit card flexibly, and the M2M terminal does not need to be customized according to the operator in the production process, so the integration proposed by the present invention The data configuration method of the circuit card solves the technical problem that the M2M terminal can only communicate with a predetermined operator in the prior art, and expands the use range of the M2M terminal; in addition, the method of the present invention is convenient to implement, and Popularization.
图 21为本发明通用集成电路卡管理平台的结构示意图。 如图 21所示, 包括: 第一接收单元 2101和第一发送单元 2102;  FIG. 21 is a schematic structural diagram of a general-purpose integrated circuit card management platform according to the present invention. As shown in FIG. 21, the method includes: a first receiving unit 2101 and a first sending unit 2102;
所述第一接收单元 2101, 用于接收业务开通请求, 所述业务开通请求中 携带有通用集成电路卡 UICC标识和第一运营商设备标识, 将所述业务开通 请求发送给所述第一发送单元 2102;  The first receiving unit 2101 is configured to receive a service provisioning request, where the service provisioning request carries a universal integrated circuit card UICC identifier and a first carrier device identifier, and sends the service provisioning request to the first sending Unit 2102;
所述第一发送单元 2102, 用于向与所述第一运营商设备标识对应的第一 运营商设备发送预先保存的与所述 UICC标识对应的 UICC证书,所述 UICC 证书中携带有所述 UICC标识和 UICC公钥;  The first sending unit 2102 is configured to send, to the first carrier device corresponding to the first carrier device identifier, a pre-stored UICC certificate corresponding to the UICC identifier, where the UICC certificate carries the UICC identity and UICC public key;
所述第一接收单元 2101, 还用于接收所述第一运营商设备发送的与所述 UICC标识对应的加密后的第一业务密钥,将所述加密后的第一业务密钥发送 给所述第一发送单元 2102。  The first receiving unit 2101 is further configured to receive the encrypted first service key corresponding to the UICC identifier sent by the first carrier device, and send the encrypted first service key to The first sending unit 2102.
所述第一发送单元 2102, 还 ^于将所述加密后的第一业务密钥发送给与 所述 UICC标识对应的 UICC。  The first sending unit 2102 further sends the encrypted first service key to the UICC corresponding to the UICC identifier.
进一步的, 所述第一接收单元 2101 , 具体用于接收所述第一运营商设备 发送的所述业务开通请求, 所述业务开通请求中携带有所述 UICC标识和所 述第一运营商设备预先保存的所述第一运营商设备标识;  Further, the first receiving unit 2101 is specifically configured to receive the service provisioning request sent by the first carrier device, where the service opening request carries the UICC identifier and the first carrier device The first carrier device identifier saved in advance;
或者, 接收用户发送的业务开遥请求, 所述业务开通请求中携带有所述 UICC标识和所述第一运营商设备标识。  Or receiving a service opening request sent by the user, where the service opening request carries the UICC identifier and the first carrier device identifier.
进一歩的, 所述通用集成电路卡管理平台还包括; 查询单元 2103;  Further, the universal integrated circuit card management platform further includes: a query unit 2103;
所述查询单元 2103, 用于查询与所述 UICC标识对应的 UICC是否被激 活, 若未被激活, 则向所述第一运营商设备发送所述 UICC证书, 否则, 向 所述第一运营商设备发送错误提示信息。  The query unit 2103 is configured to query whether the UICC corresponding to the UICC identifier is activated, and if not activated, send the UICC certificate to the first carrier device, otherwise, to the first carrier. The device sends an error message.
进一歩的, 所述通用集成电路卡管理平台还包括: 标记单元 2104;  Further, the universal integrated circuit card management platform further includes: a marking unit 2104;
所述第一接收单元 2101, 还用于接收所述 UICC在获取到所述第一业务 密钥之后发送的业务开通执行响应, 所述业务开通响应中携带有所述 UICC 标识,将所述业务开通执行响应发送给所述标记单元 2104和所述第一发送单 元 2102;  The first receiving unit 2101 is further configured to receive a service activation execution response that is sent by the UICC after acquiring the first service key, where the service activation response carries the UICC identifier, and the service is The opening execution response is sent to the marking unit 2104 and the first sending unit 2102;
所述标记单元 2104, 用于将与所述 UICC标识对应的 UICC标记为已被 激活; The marking unit 2104 is configured to mark the UICC corresponding to the UICC identifier as having been Activate
所述第一发送单元 2102, 还用于将所述业务开通执行响应发送给所述第 一运营商设备。  The first sending unit 2102 is further configured to send the service provisioning execution response to the first carrier device.
进一步的, 所述通用集成电路卡管理平台还包括: 第一存储单元 2105; 所述第一接收单元 210!, 还用于接收 UICC厂商设备发送的 UICC卡片 信息,所述 UICC卡片信息中携带有所述 UICC标识和所述 UICC公钥,将所 述 UICC卡片信息发送给所述第一发送单元 2102; Further, the universal integrated circuit card management platform further includes: a first storage unit 2105; the first receiving unit 210! is further configured to receive UICC card information sent by the UICC vendor device, where the UICC card information is carried The UICC identifier and the UICC public key, and the UICC card information is sent to the first sending unit 2102 ;
所述第一发送单元 2102,还用于将所述 UICC卡.片信息发送给认证中心; 所述第一接收单元 210!, 还用于当所述认证中心对所述 UICC卡片信息 认证通过时, 接收所述认证中心返回的所述 UICC证书, 所述 UICC证书中 携带有所述 UICC标识和所述 UICC公钥,将所述 UICC证书发送给所述第一 存储单元 2105;  The first sending unit 2102 is further configured to send the UICC card information to the authentication center. The first receiving unit 210! is further configured to: when the authentication center authenticates the UICC card information, Receiving the UICC certificate returned by the authentication center, the UICC certificate carrying the UICC identifier and the UICC public key, and sending the UICC certificate to the first storage unit 2105;
所述第一存储单元 2105, 用于保存与所述 UICC标识对应的所述 UICC 证书。  The first storage unit 2105 is configured to save the UICC certificate corresponding to the UICC identifier.
进一步的, 所述第一接收单元 2101 , 还用于接收所述第一运营商设备发 送的业务终止请求, 所述业务终止请求中携带有所述 UICC标识和与所述第 一运营商设备根据所述第一业务密钥生成的第一报文鉴别码, 将所述业务终 止请求发送给所述第一发送单元 2102;  Further, the first receiving unit 2101 is further configured to receive a service termination request sent by the first carrier device, where the service termination request carries the UICC identifier and is compared with the first carrier device according to the The first message authentication code generated by the first service key, the service termination request is sent to the first sending unit 2102;
所述第一发送单元 2102,还用于将所述业务终止请求发送给与所述 UICC 标识对应的 UICC。  The first sending unit 2102 is further configured to send the service termination request to a UICC corresponding to the UICC identifier.
进一步的,所述查询单元 2103,还用于查询与所述 UICC标识对应的 UICC 是否被激活, 若已被激活, 则将所述业务终止请求发送给与所述 UICC标识 对应的 UICC, 否则, 向所述第- -运营商设备发送错误提示信息。  Further, the query unit 2103 is further configured to query whether a UICC corresponding to the UICC identifier is activated, and if activated, send the service termination request to a UICC corresponding to the UICC identifier, otherwise, Sending an error message to the first-operator device.
进一歩的, 所述第一接收单元 2101, 还用于接收 ^户提交的业务取消请 求, 所述业务取消请求中携带有所述 UICC标识, 将所述业务取消请求发送 给所述查询单元 2103;  Further, the first receiving unit 2101 is further configured to receive a service cancellation request submitted by the user, where the service cancellation request carries the UICC identifier, and the service cancellation request is sent to the query unit 2103. ;
所述查询单元 2103 , 还用于查询与所述 UICC标识对应的 UICC是否被 激活, 若已被激活, 则向所述第一运营商设备转发所述业务取消请求, 否则, 向所述用户发送错误提示信息。 进一步的, 所述第一接收单元 2101, 还用于接收所述 UICC在终止与所 述第一运营商设备进行业务交互之后发送的所述业务终止执行响应, 所述业 务终止执行响应中携带有所述 UICC标识, 将所述业务终止执行响应发送给 所述标记单元 2104和所述第一发送单元 2102; The query unit 2103 is further configured to query whether the UICC corresponding to the UICC identifier is activated, and if activated, forward the service cancellation request to the first carrier device, otherwise, send the service cancellation request to the user Error message. Further, the first receiving unit 2101 is further configured to receive the service termination execution response sent by the UICC after terminating a service interaction with the first carrier device, where the service termination execution response carries The UICC identifier, the service termination execution response is sent to the marking unit 2104 and the first sending unit 2102;
所述标记单元 2104, 还用于将与所述 UICC标识对应的 UICC标记为未 所述第一发送单元 2102, 还用于将所述业务终止执行响应发送给所述第 一运营商设备。  The marking unit 2104 is further configured to mark the UICC corresponding to the UICC identifier as not being the first sending unit 2102, and to send the service termination execution response to the first carrier device.
进一步的, 所述第一接收单元 2101, 还用于接收运营商切换请求, 所述 运营商切换请求中携带有所述 UICC标识和第二运营商设备标识, 将所述运 营商切换请求发送给所述第一发送单元 2102;  Further, the first receiving unit 2101 is further configured to receive a carrier switching request, where the operator switching request carries the UICC identifier and the second carrier device identifier, and sends the operator switching request to The first sending unit 2102;
所述第一发送单元 2102,还用于当所述第一运营商设备允许与所述 UICC 标识对应的 UICC切换运营商设备时, 向与所述第二运营商设备标识对应的 第二运营商设备发送所述 UICC证书, 所述 UICC证书中携带有所述 UICC 标识和所述 UICC公钥;  The first sending unit 2102 is further configured to: when the first carrier device allows the UICC corresponding to the UICC identifier to switch the carrier device, to the second carrier corresponding to the second carrier device identifier The device sends the UICC certificate, where the UICC certificate carries the UICC identifier and the UICC public key;
所述第一接收单元 2101 , 还用于接收所述第二运营商设备发送的与所述 UICC标识对应的加密后的第二业务密钥,将所述加密后的第二业务密钥发送 给所述第一发送单元 2102;  The first receiving unit 2101 is further configured to receive the encrypted second service key corresponding to the UICC identifier sent by the second carrier device, and send the encrypted second service key to The first sending unit 2102;
所述第一发送单元 2102, 还 ^于将所述加密后的第二业务密钥发送给所 述第一运营商设备;  The first sending unit 2102 is further configured to send the encrypted second service key to the first carrier device;
所述第一接收单元 2101, 还 ^于接收所述第一运营商设备根据所述加密 后的第二业务密钥生成的与所述 UICC标识对应的第二报文鉴别码, 将所述 第二报文鉴别码发送给所述第一发送单元 2102;  The first receiving unit 2101 is further configured to receive a second packet authentication code corresponding to the UICC identifier generated by the first carrier device according to the encrypted second service key, The second message authentication code is sent to the first sending unit 2102;
所述第一发送单元 2102, 还用于将所述加密后的第二业务密钥和所述第 二报文鉴别码发送给与所述 UICC标识对应的 UICC。  The first sending unit 2102 is further configured to send the encrypted second service key and the second message authentication code to a UICC corresponding to the UICC identifier.
进一歩的, 所述第一接收单元 2101, 具体用于接收所述第二运营商设备 发送的所述运营商切换请求, 所述运营商切换请求中携带有所述 UICC标识 和所述第二运营商设备标识;  Further, the first receiving unit 2101 is specifically configured to receive the operator switching request sent by the second carrier device, where the operator switching request carries the UICC identifier and the second Carrier equipment identification;
或者, 接收用户提交的所述运营商切换请求, 所述运营商切换请求中携 带有所述 UICC标识和所述第二运营商设备标识。 Or receiving the operator handover request submitted by the user, where the carrier switching request carries With the UICC identifier and the second carrier device identifier.
图 22为本发明第一运营商设备的结构示意图。 如图 22所示, 包括: 第 二接收单元 2201、 业务密钥生成单元 2202、 第二发送单元 2203和第一业务 交互单元 2204;  FIG. 22 is a schematic structural diagram of a first carrier device according to the present invention. As shown in FIG. 22, the method includes: a second receiving unit 2201, a service key generating unit 2202, a second sending unit 2203, and a first service interaction unit 2204;
所述第二接收单元 220!, 用于接收通用集成电路卡 UICC管理平台发送 的 UICC证书, 所述 UICC证书中携带有 UICC标识和 UICC公钥, 将所述 UICC证书发送给所述业务密钥生成单元 2202;  The second receiving unit 220! is configured to receive a UICC certificate sent by a universal integrated circuit card UICC management platform, where the UICC certificate carries a UICC identifier and a UICC public key, and sends the UICC certificate to the service key. Generating unit 2202;
所述业务密钥生成单元 2202, 用于当第一运营商设备对所述 UICC证书 验证通过时, 根据预设方法生成与所述 UICC标识对应的第一业务密钥, 使 用所述 UICC公钥对所述第一业务密钥进行加密, 将所述第一业务密钥发送 给第一业务交互单元 2204, 将加密后的第一业务密钥发送给所述第二发送单 元 2.203;  The service key generating unit 2202 is configured to: when the first carrier device verifies the UICC certificate, generate a first service key corresponding to the UICC identifier according to a preset method, and use the UICC public key. Encrypting the first service key, sending the first service key to the first service interaction unit 2204, and transmitting the encrypted first service key to the second sending unit 2.203;
所述第二发送单元 2203 , 用于将加密后的第一业务密钥发送给与所述 UICC标识对应的 UICC;  The second sending unit 2203 is configured to send the encrypted first service key to the UICC corresponding to the UICC identifier;
所述第二接收单元 2201 , 还用于获取所述 UICC在获取到所述第一业务 密钥之后发送的业务开通执行响应, 所述业务开通执行响应中携带有所述 UICC预先保存的所述 UICC标识;  The second receiving unit 2201 is further configured to acquire a service activation execution response that is sent by the UICC after acquiring the first service key, where the service provisioning execution response carries the foregoing pre-save of the UICC UICC logo;
所述第一业务交互单元 2204, 用于使用所述第一业务密钥和所述 UICC 进行业务交互。  The first service interaction unit 2204 is configured to perform service interaction using the first service key and the UICC.
进一歩的, 所述第二接收单元 2201, 还用于接收 ^户提交的业务申请请 求, 所述业务申请请求中携带有所述 UICC标识, 将所述业务申请请求发送 给所述第二发送单元 2203 ;  Further, the second receiving unit 2201 is further configured to receive a service request request submitted by the user, where the service request request carries the UICC identifier, and the service request request is sent to the second sending Unit 2203;
所述第二发送单元 2203, 还用于向所述 UICC管理平台发送所述业务开 通请求, 所述业务开通请求中携带有所述 UICC标识和所述第一运营商设备 预先保存的所述第一运营商设备标识。  The second sending unit 2203 is further configured to send the service provisioning request to the UICC management platform, where the service opening request carries the UICC identifier and the first pre-stored by the first carrier device A carrier device identifier.
进一歩的, 所述第二发送单元 2203, 还 ^于向所述 UICC管理平台发送 业务终止请求, 所述业务终止请求中携带有所述 UICC标识和所述第一运营 商设备根据所述第一业务密钥生成的第一报文鉴别码;  Further, the second sending unit 2203 is further configured to send a service termination request to the UICC management platform, where the service termination request carries the UICC identifier and the first carrier device according to the a first message authentication code generated by a service key;
所述第二接收单元 2201, 还用于获取所述 UICC在终止与所述第一运营 商设备进行业务交互之后发送的业务终止执行响应, 所述业务终止执行响应 中携带有所述 UICC标识。 The second receiving unit 2201 is further configured to acquire, by the UICC, the termination and the first operation. The service termination response is sent after the service device performs the service interaction, and the service termination execution response carries the UICC identifier.
进一步的, 所述第二接收单元 2201, 还用于接收所述 UICC管理平台发 送的与所述 UICC标识对应的加密后的第二业务密钥;  Further, the second receiving unit 2201 is further configured to receive the encrypted second service key that is sent by the UICC management platform and that is corresponding to the UICC identifier;
所述第二发送单元 2203, 还用于向所述 UICC管理平台发送根据所述加 密后的第二业务密钥生成的与所述 UICC标识对应的第二报文鉴别码。  The second sending unit 2203 is further configured to send, to the UICC management platform, a second packet authentication code corresponding to the UICC identifier generated according to the encrypted second service key.
图 23为本发明通用集成电路卡的结构示意图。 如图 23所示, 包括: 第 三接收单元 2301、 解密单元 2302、 第三发送单元 2303和第二业务交互单元 2304;  FIG. 23 is a schematic structural diagram of a universal integrated circuit card according to the present invention. As shown in FIG. 23, the method includes: a third receiving unit 2301, a decrypting unit 2302, a third sending unit 2303, and a second service interaction unit 2304;
所述第三接收单元 2301, 用于接收通用集成电路卡 UICC管理平台发送 的加密后的第一业务密钥, 将所述加密后的第一业务密钥发送给所述解密单 元 2.302;  The third receiving unit 2301 is configured to receive the encrypted first service key sent by the universal integrated circuit card UICC management platform, and send the encrypted first service key to the decryption unit 2.302;
所述解密单元 2302, 用于使用预先保存的与 UICC公钥对应的 UICC私 钥对所述加密后的第一业务密钥进行解密, 获取第一业务密钥, 将所述第一 业务密钥发送给第二业务交互单元 2304, 并向所述第三发送单元 2303发送 一个第一发送指令;  The decrypting unit 2302 is configured to decrypt the encrypted first service key by using a pre-stored UICC private key corresponding to the UICC public key, to obtain a first service key, and to use the first service key. Sending to the second service interaction unit 2304, and sending a first sending instruction to the third sending unit 2303;
所述第 发送单元 2303, 用于在接收到所述第一发送指令之后, 向第一 运营商设备发送业务开通执行响应, 所述业务开通执行响应中携带有预先保 存的 UICC标识;  The sending unit 2303 is configured to: after receiving the first sending instruction, send a service opening execution response to the first carrier device, where the service opening execution response carries a pre-stored UICC identifier;
所述第二业务交互单元 2304, 用于使用所述第一业务密钥和所述第一运 营商设备进行业务交互。  The second service interaction unit 2304 is configured to perform service interaction with the first operator device by using the first service key.
进一歩的, 所述通用集成电路卡还包括: 公私钥对生成单元 2305和第二 存储单元 2306;  Further, the universal integrated circuit card further includes: a public-private key pair generating unit 2305 and a second storage unit 2306;
所述第三接收单元 2301 , 还用于接收 UICC厂商设备发送的密钥请求, 将所述密钥请求发送给所述公私钥对生成单元 2305;  The third receiving unit 2301 is further configured to receive a key request sent by the UICC vendor device, and send the key request to the public and private key pair generating unit 2305;
所述公私钥对生成单元 2305,用于随机生成 UICC公私钥对,将所述 UICC 公钥发送给第三发送单元 2303, 将所述 UICC私钥发送给所述第二存储单元 2306;  The public-private key pair generating unit 2305 is configured to randomly generate a UICC public-private key pair, send the UICC public key to the third sending unit 2303, and send the UICC private key to the second storage unit 2306;
所述第三发送单元 2303, 还用于将所述 UICC公钥发送给所述 UICC Γ |¾|设备-; The third sending unit 2303 is further configured to send the UICC public key to the UICC. |3⁄4|Device-;
所述第二存储单元 2306, 用于保存所述 UICC私钥。  The second storage unit 2306 is configured to save the UICC private key.
进一步的, 通用集成电路卡还包括: 业务终止单元 2307;  Further, the universal integrated circuit card further includes: a service termination unit 2307;
所述第三接收单元 2301, 还用于接收所述 UICC管理平台发送的业务终 止请求, 所述业务终止请求中携带有所述 UICC标识和所述第一运营商设备 根据所述第一业务密钥生成的第一报文鉴别码, 将所述业务终止请求发送给 所述业务终止单元 2307和所述第三发送单元 2303;  The third receiving unit 2301 is further configured to receive a service termination request sent by the UICC management platform, where the service termination request carries the UICC identifier and the first carrier device is configured according to the first service The first message authentication code generated by the key, the service termination request is sent to the service termination unit 2307 and the third sending unit 2303;
所述业务终止单元 2307, 用于当对所述第一报文鉴别码校验通过时, 终 止与所述第一运营商设备进行业务交互, 向所述第三发送单元 2303发送一个 第二发送指令;  The service termination unit 2307 is configured to terminate service interaction with the first carrier device when the first message authentication code is verified, and send a second sending to the third sending unit 2303. Instruction
所述第 发送单元 2303, 还 ^于在接收到所述第二发送指令之后, 向第 一运营商设备发送业务终止执行响应, 所述业务终止执行响应中携带有所述 UICC标识。  The sending unit 2303 is further configured to: after receiving the second sending instruction, send a service termination execution response to the first operator equipment, where the service termination execution response carries the UICC identifier.
进一歩的, 所述第 接收单元 2301, 还 ^于接收所述 UICC管理平台发 送的与所述 UICC标识对应的加密后的第二业务密钥和第二报文鉴别码, 将 所述加密后的第二业务密钥发送给所述解密单元 2302;  Further, the receiving unit 2301 further receives the encrypted second service key and the second message authentication code corresponding to the UICC identifier sent by the UICC management platform, and the encrypted The second service key is sent to the decryption unit 2302;
所述解密单元 2302, 还用于当对所述第二报文鉴别码校验通过时, 使 ^ 所述 UICC私钥对所述加密后的第二业务密钥迸行解密, 获取所述第二业务 密钥, 将所述第二业务密钥发送给所述第二业务交互单元 2304, 并向所述第 三发送单元 2303发送一个第三发送指令;  The decrypting unit 2302 is further configured to: when the second packet authentication code passes, pass the UICC private key to decrypt the encrypted second service key, to obtain the first a second service key, the second service key is sent to the second service interaction unit 2304, and a third sending instruction is sent to the third sending unit 2303;
所述第 ΞΞ发送单元 2303, 还 ^于在接收到所述第三发送指令之后, 向所 述第二运营商设备发送运营商切换执行响应, 所述运营商切换执行响应中携 带有所述 UICC标识;  The second sending unit 2303 is further configured to: after receiving the third sending instruction, send an operator handover execution response to the second carrier device, where the operator switching execution response carries the UICC Identification
所述第二业务交互单元 2304, 用于使用所述第二业务密钥和所述第二运 营商设备进行业务交互。  The second service interaction unit 2304 is configured to perform service interaction with the second operator device by using the second service key.
图 24为本发明用户终端的结构示意图。 如图 24所示, 包括: 第三存储 单元 2401和通用集成电路卡 UICC2402;  FIG. 24 is a schematic structural diagram of a user terminal according to the present invention. As shown in FIG. 24, the method includes: a third storage unit 2401 and a universal integrated circuit card UICC2402;
所述第三存储单元 2401, ^于存储所述 UICC2402;  The third storage unit 2401, ^ stores the UICC 2402;
所述 UICC2402,用于接收 UICC管理平台发送的加密后的第一业务密钥; 使用预先保存的与 uicc公钥对应的 UICC私钥对所述加密后的第一业务密 钥进行解密, 获取第一业务密钥; 向第一运营商设备发送业务开通执行响应, 所述业务开通执行响应中携带有预先保存的 UICC标识; 使用所述第一业务 密钥和所述第一运营商设备进行业务交互。 The UICC 2402 is configured to receive an encrypted first service key sent by the UICC management platform. Decrypting the encrypted first service key by using a pre-stored UICC private key corresponding to the uicc public key to obtain a first service key; sending a service activation execution response to the first carrier device, where the service is activated The execution response carries a pre-saved UICC identifier; the first service key is used to perform service interaction with the first carrier device.
本发明提出的通用集成电路卡的数据配置装置, UICC管理平台根据业务 开通请求中携带的 UICC标识和第一运营商设备标识, 获取第一运营商设备 生成的与 UICC标识对应的加密后的第一业务密钥, UICC在获取到所述加密 后的第一业务密钥之后使用预先保存的 UICC私钥对加密后的第一业务密钥 进行解密,使用解密后得到的第一业务密钥与第一运营商设备进行业务交互。 由于用户发送的业务开通请求中携带有第一运营商设备标识, UICC管理平台 根据所述第一运营商设备标识为通用集成电路卡开通与第一运营商设备标识 对应的第一运营商设备之间的业务交互, 因此运营商能够灵活地对通用集成 电路卡中的运营商数据进行动态配置, 无需 M2M 终端在生产过程中需要根 据运营商迸行定制开发,因此本发明提出的通用集成电路卡的数据配置装置, 解决了现有技术中 M2M 终端只能和预定的运营商进行通信的技术问题, 扩 大了 M2M终端的使 ^范围; 另外, 本发明所述方法实现起来筒单方便, 便 于普及。  The data configuration device of the universal integrated circuit card provided by the present invention, the UICC management platform acquires the encrypted first one corresponding to the UICC identifier generated by the first carrier device according to the UICC identifier and the first carrier device identifier carried in the service provisioning request. a service key, after obtaining the encrypted first service key, the UICC decrypts the encrypted first service key by using a pre-stored UICC private key, and uses the first service key obtained after decryption. The first carrier device performs business interaction. The UICC management platform opens the first carrier device corresponding to the first carrier device identifier for the universal integrated circuit card according to the first carrier device identifier, because the first carrier device identifier is carried in the service provisioning request sent by the user. Inter-service interaction, so operators can flexibly configure the operator data in the universal integrated circuit card flexibly, without the M2M terminal need to be customized according to the operator in the production process, so the universal integrated circuit card proposed by the present invention The data configuration device solves the technical problem that the M2M terminal can only communicate with the predetermined operator in the prior art, and expands the scope of the M2M terminal; in addition, the method of the present invention is convenient to implement and convenient to popularize. .
图 25为本发明通用集成电路卡的数据配置***结构示意图。 如图 25所 示, 包括: 通用集成电路卡 UICC管理平台 2501、 第一运营商设备 2502和 UICC2503 ;  FIG. 25 is a schematic structural diagram of a data configuration system of a universal integrated circuit card according to the present invention. As shown in FIG. 25, the system includes: a universal integrated circuit card UICC management platform 2501, a first carrier device 2502, and a UICC2503;
所述 UICC管理平台 2501 , ^于接收业务开通请求, 所述业务开遥请求 中携带有 UICC标识和第一运营商设备标识, 向与所述第一运营商设备标识 对应的第一运营商设备 2502发送预先保存的与所述 UICC标识对应的 UICC 证书, 所述 UICC证书中携带有所述 UICC标识和与所述 UICC标识对应的 UICC公钥; 接收所述第一运营商设备 2502发送的与所述 UICC标识对应的 加密后的第一业务密钥,并将所述加密后的第一业务密钥发送给与所述 UICC 所述第一运营商设备 2502, 用于接收 UICC管理平台 2501发送的 UICC 证书,所述 UICC证书中携带有所述 UICC标识和所述 UICC公钥; 当对所述 UICC证书验证通过时,根据预设方法生成与所述 UICC标识对应的第一业务 密钥, 使用所述 UICC公钥对所述第一业务密钥进行加密, 并通过所述 UICC 管理平台 2501 将加密后的第一业务密钥发送给与所述 UICC 标识对应的 UICC2503; 获取所述 UICC2503在获取到所述第一业务密钥之后发送的业务 开通执行响应, 所述业务开通执行响应中携带有所述 UICC预先保存的所述 UICC标识; 使用所述第一业务密钥和所述 UICC2503进行业务交互; The UICC management platform 2501 is configured to receive a service provisioning request, where the service opening request includes a UICC identifier and a first carrier device identifier, and the first carrier device corresponding to the first carrier device identifier is The 2502 sends a pre-stored UICC certificate corresponding to the UICC identifier, where the UICC certificate carries the UICC identifier and a UICC public key corresponding to the UICC identifier; and receives the message sent by the first carrier device 2502. The UICC identifies the corresponding encrypted first service key, and sends the encrypted first service key to the first carrier device 2502 of the UICC for receiving the UICC management platform 2501. a UICC certificate, the UICC certificate carrying the UICC identifier and the UICC public key; When the UICC certificate is verified, the first service key corresponding to the UICC identifier is generated according to a preset method, and the first service key is encrypted by using the UICC public key, and the UICC management platform 2501 is used by the UICC management platform 2501. The encrypted first service key is sent to the UICC 2503 corresponding to the UICC identifier; and the service activation execution response sent by the UICC 2503 after the first service key is obtained, where the service activation response is carried The UICC identifier saved in advance by the UICC; performing service interaction with the UICC 2503 by using the first service key;
所述 UICC2503 , 用于接收 UICC管理平台 2501发送的所述加密后的第 一业务密钥; 使用预先保存的与所述 UICC公钥对应的 UICC私钥对所述加 密后的第一业务密钥进行解密, 获取所述第一业务密钥; 向所述第一运营商 设备 2502发送业务开通执行响应,所述业务开通执行响应中携带有预先保存 的 UICC标识; 使用所述第一业务密钥和所述第一运营商设备 2502进行业务 交互。  The UICC 2503 is configured to receive the encrypted first service key sent by the UICC management platform 2501, and use the pre-stored UICC private key corresponding to the UICC public key to pair the encrypted first service key. Decrypting, obtaining the first service key; sending a service provisioning execution response to the first carrier device 2502, where the service provisioning execution response carries a pre-saved UICC identifier; using the first service key Performing business interaction with the first carrier device 2502.
本发明提出的通用集成电路卡的数据配置***, UICC管理平台根据业务 开通请求中携带的 UICC标识和第一运营商设备标识, 获取第一运营商设备 生成的与 UICC标识对应的加密后的第一业务密钥, UICC在获取到所述加密 后的第一业务密钥之后使用预先保存的 UICC私钥对加密后的第一业务密钥 进行解密,使 ^解密后得到的第一业务密钥与第一运营商设备进行业务交互。 由于用户发送的业务开通请求中携带有第一运营商设备标识, UICC管理平台 根据所述第一运营商设备标识为通用集成电路卡开通与第一运营商设备标识 对应的第一运营商设备之间的业务交互, 因此运营商能够灵活地对通用集成 电路卡中的运营商数据进行动态配置, 无需 M2M 终端在生产过程中需要根 据运营商迸行定制开发,因此本发明提出的通用集成电路卡的数据配置***, 解决了现有技术中 M2M 终端只能和预定的运营商进行通信的技术问题, 扩 大了 M2M终端的使 ^范围; 另外, 本发明所述方法实现起来筒单方便, 便 于普及。  The data configuration system of the universal integrated circuit card according to the present invention, the UICC management platform obtains the encrypted first one corresponding to the UICC identifier generated by the first carrier device according to the UICC identifier carried in the service provisioning request and the first carrier device identifier. a service key, the UICC decrypts the encrypted first service key using the pre-stored UICC private key after obtaining the encrypted first service key, so that the first service key obtained after decryption Perform business interaction with the first carrier device. The UICC management platform opens the first carrier device corresponding to the first carrier device identifier for the universal integrated circuit card according to the first carrier device identifier, because the first carrier device identifier is carried in the service provisioning request sent by the user. Inter-service interaction, so operators can flexibly configure the operator data in the universal integrated circuit card flexibly, without the M2M terminal need to be customized according to the operator in the production process, so the universal integrated circuit card proposed by the present invention The data configuration system solves the technical problem that the M2M terminal can only communicate with the predetermined operator in the prior art, and expands the scope of the M2M terminal; in addition, the method of the present invention is convenient to implement and convenient to popularize. .
图 12和 13所示装置实施例的具体工作流程请参照图 i所示方法实施例 中的相应说明, 不再赘述。  For the specific working process of the device embodiment shown in FIG. 12 and FIG. 13, please refer to the corresponding description in the method embodiment shown in FIG.
以上所述仅为本发明的较佳实施例而己, 并不用以限制本发明, 凡在本 发明的精神和原则之内, 所做的任何修改、 等同替换、 改进等, 均应包含在 The above description is only for the preferred embodiment of the present invention, and is not intended to limit the present invention. Any modifications, equivalent substitutions, improvements, etc., which are included in the spirit and principles of the present invention, should be included in

Claims

1、 一种通用集成电路卡的数据配置方法, 其特征在于, 包括: 接收业务开通请求, 所述业务开通请求中携带有通用集成电路卡 UICC 标识和第一运营商设备标识;  A data configuration method for a universal integrated circuit card, comprising: receiving a service provisioning request, wherein the service opening request carries a universal integrated circuit card UICC identifier and a first carrier device identifier;
向与所述第一运营商设备标识对应的第一运营商设备发送预先保存的与 所述 UICC标识对应的 UICC证书,所述 UICC证书中携带有所述 UICC标识 和 UICC公钥;  Sending, to the first carrier device corresponding to the first carrier device identifier, a pre-stored UICC certificate corresponding to the UICC identifier, where the UICC certificate carries the UICC identifier and the UICC public key;
接收所述第一运营商设备发送的与所述 UICC标识对应的加密后的第一 务密钥, 并将所述加密后的第一业务密钥发送给与所述 UICC标识对应的 UICC。  Receiving the encrypted first transaction key corresponding to the UICC identifier sent by the first carrier device, and sending the encrypted first service key to the UICC corresponding to the UICC identifier.
2、 根据权利要求 1所述的方法, 其特征在于, 所述接收业务开通请求, 包括:  2. The method according to claim 1, wherein the receiving a service provisioning request comprises:
接收所述第一运营商设备发送的所述业务开通请求, 所述业务开通请求 中携带有所述 UICC标识和所述第一运营商设备预先保存的所述第一运营商 设备标识;  Receiving the service provisioning request sent by the first carrier device, where the service opening request carries the UICC identifier and the first carrier device identifier pre-stored by the first carrier device;
或者, 接收用户发送的所述业务开通请求, 所述 务开通请求中携带有 所述 UICC标识和所述第一运营商设备标识。  Or, receiving the service provisioning request sent by the user, where the service opening request carries the UICC identifier and the first carrier device identifier.
3、 根据权利要求 1所述的方法, 其特征在于, 在所述向与所述第一运营 商设备标识对应的第一运营商设备发送预先保存的与所述 UICC标识对应的 UICC证书之前, 还包括:  The method according to claim 1, wherein before the sending, by the first carrier device corresponding to the first carrier device identifier, a pre-stored UICC certificate corresponding to the UICC identifier, Also includes:
查询与所述 UICC标识对应的 UICC是否被激活,若未被激活,则向所述 第一运营商设备发送所述 UICC证书, 否则, 向所述第- -运营商设备发送错 误提示信息。  Query whether the UICC corresponding to the UICC identifier is activated, and if not activated, send the UICC certificate to the first carrier device, otherwise, send the error prompt information to the first-operator device.
4、 根据权利要求 1所述的方法, 其特征在于, 在所述将所述加密后的第 一业务密钥发送给与所述 UICC标识对应的 UICC之后, 还包括:  The method according to claim 1, wherein after the sending the encrypted first service key to the UICC corresponding to the UICC identifier, the method further includes:
接收所述 UICC在获取到第一业务密钥之后发送的业务开通执行响应, 所述业务开通执行响应中携带有所述 UICC标识;  Receiving, by the UICC, a service provisioning execution response sent after the first service key is obtained, where the service opening execution response carries the UICC identifier;
将与所述 UICC标识对应的 UICC标记为已被激活; 将所述业务开通执行响应发送给所述第一运营商设备。 Marking the UICC corresponding to the UICC identifier as activated; Sending the service provisioning execution response to the first carrier device.
5、 根据权利要求 1所述的方法, 其特征在于, 在所述接收业务开通请求 之前, 还包括:  The method according to claim 1, wherein before the receiving the service provisioning request, the method further includes:
接收 UICC Γ商设备发送的 UICC卡片信息,所述 UICC卡片信息中携带 有所述 UICC标识和 UICC公钥;  Receiving, by the UICC, the UICC card information sent by the UICC card information, where the UICC card information carries the UICC identifier and the UICC public key;
将所述 UICC卡片信息发送给认证中心;  Sending the UICC card information to the certification center;
当所述认证中心对所述 UICC卡片信息认证通过时, 接收所述认证中心 返回的所述 UICC证书,所述 UICC证书中携带有所述 UICC标识和所述 UICC 公钥;  Receiving, by the authentication center, the UICC certificate returned by the authentication center, where the UICC certificate carries the UICC identifier and the UICC public key;
保存与所述 UICC标识对应的所述 UICC证书。  And saving the UICC certificate corresponding to the UICC identifier.
6、 根据权利要求 1所述的方法, 其特征在于, 在所述将所述加密后的第 一业务密钥发送给与所述 UICC标识对应的 UICC之后, 还包括:  The method according to claim 1, wherein after the sending the encrypted first service key to the UICC corresponding to the UICC identifier, the method further includes:
接收所述第一运营商设备发送的业务终止请求, 所述业务终止请求中携 带有所述 UICC标识和所述第一运营商设备根据所述第一业务密钥生成的第 一报文鉴别码;  Receiving a service termination request sent by the first carrier device, where the service termination request carries the UICC identifier and a first packet authentication code generated by the first carrier device according to the first service key ;
将所述业务终止请求发送给与所述 UICC标识对应的 UIC (。  Sending the service termination request to the UIC corresponding to the UICC identifier.
7、 根据权利要求 6所述的方法, 其特征在于, 在所述将所述 务终止请 求发送给与所述 UICC标识对应的 UICC之前, 还包括:  The method according to claim 6, wherein before the sending the service termination request to the UICC corresponding to the UICC identifier, the method further includes:
查询与所述 UICC标识对应的 UICC是否被激活,若已被激活, 则将所述 务终止请求发送给与所述 UICC标识对应的 UICC, 否贝 向所述第一运营 商设备发送错误提示信息。  Querying whether the UICC corresponding to the UICC identifier is activated, and if activated, sending the service termination request to the UICC corresponding to the UICC identifier, and sending an error prompt message to the first carrier device .
8、 根据权利要求 6所述的方法, 其特征在于, 在所述接收所述第一运营 商设备发送的业务终止请求之前, 还包括:  The method according to claim 6, wherein before the receiving the service termination request sent by the first carrier device, the method further includes:
接收用户提交的业务取消请求, 所述业务取消请求中携带有所述 UICC 标识;  Receiving a service cancellation request submitted by the user, where the service cancellation request carries the UICC identifier;
查询与所述 UICC标识对应的 UICC是否被激活,若己被激活,则向所述 第一运营商设备转发所述业务取消请求, 否则, 向所述用户发送错误提示信 息。  Querying whether the UICC corresponding to the UICC identifier is activated, and if activated, forwarding the service cancellation request to the first carrier device, otherwise, sending an error prompt message to the user.
9、 根据权利要求 6所述的方法, 其特征在于, 在所述将所述 务终止请 求发送给与所述 UICC标识对应的 UICC之后, 还包括: 9. The method according to claim 6, wherein in the termination of the service After the request is sent to the UICC corresponding to the UICC identifier, the method further includes:
接收所述 UICC在终止与所述第一运营商设备迸行业务交互之后发送的 所述业务终止执行响应, 所述业务终止执行响应中携带有所述 UICC标识; 将与所述 UICC标识对应的 UICC标记为未被激活;  And receiving, by the UICC, the service termination execution response that is sent after the service interaction with the first carrier device is terminated, where the service termination execution response carries the UICC identifier; and the UICC identifier is corresponding to the UICC identifier. UICC is marked as not activated;
将所述业务终止执行响应发送给所述第一运营商设备。  Sending the service termination execution response to the first carrier device.
10、 根据权利要求 1所述的方法, 其特征在于, 在所述将所述加密后的 第一 务密钥发送给与所述 UICC标识对应的 UICC之后, 还包括:  The method according to claim 1, wherein after the sending the encrypted first transaction key to the UICC corresponding to the UICC identifier, the method further includes:
接收运营商切换请求, 所述运营商切换请求中携带有所述 UICC标识和 第二运营商设备标识;  Receiving a carrier switching request, where the operator switching request carries the UICC identifier and the second carrier device identifier;
当所述第一运营商设备允许与所述 UICC标识对应的 UICC切换运营商设 备时, 向与所述第二运营商设备标识对应的第二运营商设备发送所述 UICC 证书, 所述 UICC证书中携带有所述 UICC标识和所述 UICC公钥;  When the first carrier device allows the UICC corresponding to the UICC identifier to switch the operator device, the UICC certificate is sent to the second carrier device corresponding to the second carrier device identifier, where the UICC certificate is Carrying the UICC identifier and the UICC public key;
接收所述第二运营商设备发送的与所述 UICC标识对应的加密后的第二 务密钥, 并将与所述 UICC标识对应的加密后的第二业务密钥发送给所述 第一运营商设备;  Receiving, by the second carrier device, the encrypted second service key corresponding to the UICC identifier, and sending the encrypted second service key corresponding to the UICC identifier to the first operation Business equipment
接收所述第一运营商设备根据所述加密后的第二业务密钥生成的与所述 Receiving, by the first carrier device, the generated according to the encrypted second service key
UICC标识对应的第二报文鉴别码; a second message authentication code corresponding to the UICC identifier;
将所述加密后的第二业务密钥和所述第二报文鉴别码发送给与所述 Sending the encrypted second service key and the second message authentication code to the
UICC标识对应的 UICC。 The UICC identifies the corresponding UICC.
I I、 根据权利要求 10所述的方法, 其特征在于, 所述接收运营商切换请 求, 包括:  I I. The method according to claim 10, wherein the receiving operator switching request comprises:
接收所述第二运营商设备发送的所述运营商切换请求, 所述运营商切换 请求中携带有所述 UICC标识和所述第二运营商设备标识;  Receiving, by the second carrier device, the operator handover request, where the operator handover request carries the UICC identifier and the second carrier device identifier;
或者, 接收用户提交的所述运营商切换请求, 所述运营商切换请求中携 带有所述 UICC标识和所述第二运营商设备标识。  Or, the operator switching request submitted by the user is received, where the operator switching request carries the UICC identifier and the second carrier device identifier.
12、 一种通用集成电路卡管理平台, 其特征在于, 包括: 第一接收单元 和第一发送单元;  A general-purpose integrated circuit card management platform, comprising: a first receiving unit and a first transmitting unit;
所述第一接收单元, 用于接收业务开通请求, 所述业务开通请求中携带 有通 ^集成电路卡 UICC标识和第一运营商设备标识, 将所述业务开通请求 发送给所述第一发送单元; The first receiving unit is configured to receive a service provisioning request, where the service provisioning request carries an integrated circuit card UICC identifier and a first carrier device identifier, and the service opening request is Sending to the first sending unit;
所述第一发送单元, 用于向与所述第一运营商设备标识对应的第一运营 商设备发送预先保存的与所述 UICC标识对应的 UICC证书,所述 UICC证书 中携带有所述 UICC标识和 UICC公钥;  The first sending unit is configured to send a pre-stored UICC certificate corresponding to the UICC identifier to the first carrier device that is corresponding to the first carrier device identifier, where the UICC certificate carries the UICC Identification and UICC public key;
所述第一接收单元,还用于接收所述第一运营商设备发送的与所述 UICC 标识对应的加密后的第一业务密钥, 将所述加密后的第一业务密钥发送给所 述第一发送单元;  The first receiving unit is further configured to receive the encrypted first service key corresponding to the UICC identifier sent by the first carrier device, and send the encrypted first service key to the Said first transmitting unit;
所述第一发送单元, 还用于将所述加密后的第一业务密钥发送给与所述 The first sending unit is further configured to send the encrypted first service key to the
UICC标识对应的 UICC。 The UICC identifies the corresponding UICC.
13、 根据权利要求 12所述的通用集成电路卡管理平台, 其特征在于, 所 述第一接收单元, 具体用于接收所述第一运营商设备发送的所述业务开通请 求, 所述业务开通请求中携带有所述 UICC标识和所述第一运营商设备预先 保存的所述第一运营商设备标识;  The universal integrated circuit card management platform according to claim 12, wherein the first receiving unit is configured to receive the service provisioning request sent by the first carrier device, and the service is activated. The request carries the UICC identifier and the first carrier device identifier that is saved in advance by the first carrier device;
或者, 接收用户发送的所述业务开通请求, 所述业务开遥请求中携带有 所述 UICC标识和所述第一运营商设备标识。  Or, the service opening request sent by the user is received, where the service opening request includes the UICC identifier and the first carrier device identifier.
14、 根据权利要求 12所述的通用集成电路卡管理平台, 其特征在于, 还 包括: 查询单元;  The universal integrated circuit card management platform according to claim 12, further comprising: a query unit;
所述查询单元,用于查询与所述 UICC标识对应的 UICC是否被激活,若 未被激活, 则向所述第一运营商设备发送所述 UICC证书, 否则, 向所述第 一运营商设备发送错误提示信息。  The query unit is configured to query whether the UICC corresponding to the UICC identifier is activated, and if not activated, send the UICC certificate to the first carrier device, otherwise, to the first carrier device Send an error message.
15, 根据权利要求 12所述的通用集成电路卡管理平台, 其特征在于, 还 包括: 标记单元;  The universal integrated circuit card management platform according to claim 12, further comprising: a marking unit;
所述第一接收单元, 还用于接收所述 UICC在获取到第一业务密钥之后 发送的业务开通执行响应, 所述 务开通响应中携带有所述 UICC标识, 将 所述 务开通执行响应发送给所述标记单元和所述第一发送单元;  The first receiving unit is further configured to receive a service activation execution response sent by the UICC after acquiring the first service key, where the service opening response carries the UICC identifier, and the service is opened to perform a response. Sending to the marking unit and the first sending unit;
所述标记单元, ffi于将与所述 UICC标识对应的 UICC标记为己被激活; 所述第一发送单元, 还 ^于将所述业务开通执行响应发送给所述第一运 营商设备。  The marking unit ff marks the UICC corresponding to the UICC identifier as being activated; the first sending unit further sends the service provisioning execution response to the first operator device.
16, 根据权利要求 12所述的通用集成电路卡管理平台, 其特征在于, 还 包括: 第一存储单元; 16. The universal integrated circuit card management platform according to claim 12, further comprising The method includes: a first storage unit;
所述第一接收单元, 还用于接收 UICC厂商设备发送的 UICC卡片信息, 所述 UICC卡片信息中携带有所述 UICC标识和所述 UICC公钥,将所述 UICC 卡片信息发送给所述第一发送单元;  The first receiving unit is further configured to receive UICC card information sent by a UICC vendor device, where the UICC card information carries the UICC identifier and the UICC public key, and sends the UICC card information to the first a transmitting unit;
所述第一发送单元, 还用于将所述 UICC卡片信息发送给认证中心; 所述第一接收单元, 还用于当所述认证中心对所述 UICC卡片信息认证 遥过时, 接收所述认证中心返回的所述 UICC证书, 所述 UICC证书中携带 有所述 UICC标识和所述 UICC公钥,将所述 UICC证书发送给所述第一存储 单元;  The first sending unit is further configured to send the UICC card information to the authentication center, where the first receiving unit is further configured to receive the authentication when the authentication center authenticates the UICC card information The UICC certificate returned by the center, where the UICC certificate carries the UICC identifier and the UICC public key, and sends the UICC certificate to the first storage unit;
所述第一存储单元, 用于保存与所述 UICC标识对应的所述 UICC证书。  The first storage unit is configured to save the UICC certificate corresponding to the UICC identifier.
17、 根据权利要求 12所述的通用集成电路卡管理平台, 其特征在于, 所 述第一接收单元, 还 ^于接收所述第一运营商设备发送的业务终止请求, 所 述业务终止请求中携带有所述 UICC标识和与所述第一运营商设备根据所述 第一业务密钥生成的第一报文鉴别码, 将所述业务终止请求发送给所述第一 发送单元;  The universal integrated circuit card management platform according to claim 12, wherein the first receiving unit is further configured to receive a service termination request sent by the first carrier device, in the service termination request Transmitting the service termination request to the first sending unit, carrying the UICC identifier and the first packet authentication code generated by the first carrier device according to the first service key;
所述第一发送单元, 还用于将所述业务终止请求发送给与所述 UICC标 识对应的 UICC。  The first sending unit is further configured to send the service termination request to a UICC corresponding to the UICC identifier.
18、 根据权利要求 17所述的通用集成电路卡管理平台, 其特征在于, 所 述查询单元, 还用于查询与所述 UICC标识对应的 UICC是否被激活, 若已 被激活,则将所述业务终止请求发送给与所述 UICC标识对应的 UICC,否贝 ij, 向所述第一运营商设备发送错误提示信息。  The universal integrated circuit card management platform according to claim 17, wherein the query unit is further configured to query whether a UICC corresponding to the UICC identifier is activated, and if activated, The service termination request is sent to the UICC corresponding to the UICC identifier, and the error message is sent to the first carrier device.
19、 根据权利要求 17所述的通用集成电路卡管理平台, 其特征在于, 所 述第一接收单元, 还用于接收用户提交的业务取消请求, 所述业务取消请求 中携带有所述 UICC标识, 将所述业务取消请求发送给所述查询单元;  The universal integrated circuit card management platform according to claim 17, wherein the first receiving unit is further configured to receive a service cancellation request submitted by a user, where the service cancellation request carries the UICC identifier. Sending the service cancellation request to the query unit;
所述查询单元, 还用于查询与所述 UICC标识对应的 UICC是否被激活, 若已被激活, 则向所述第一运营商设备转发所述 务取消请求, 否则, 向所 述用户发送错误提示信息。  The query unit is further configured to query whether the UICC corresponding to the UICC identifier is activated, and if activated, forward the request cancellation request to the first carrier device, otherwise, send an error to the user. Prompt message.
20、 根据权利要求 17所述的通用集成电路卡管理平台, 其特征在于, 所 述第一接收单元, 还 ^于接收所述 UICC在终止与所述第一运营商设备进行 业务交互之后发送的业务终止执行响应, 所述业务终止执行响应中携带有所 述 UICC标识, 将所述业务终止执行响应发送给所述标记单元和所述第一发 送单元; The universal integrated circuit card management platform according to claim 17, wherein the first receiving unit further receives the UICC and terminates with the first carrier device. The service termination execution response sent after the service interaction, the service termination execution response carrying the UICC identifier, and the service termination execution response is sent to the marking unit and the first sending unit;
所述标记单元,还用于将与所述 UICC标识对应的 UICC标记为未被激活; 所述第一发送单元, 还用于将所述业务终止执行响应发送给所述第一运 营商设备。  The marking unit is further configured to mark the UICC corresponding to the UICC identifier as being inactive; the first sending unit is further configured to send the service termination execution response to the first operator device.
21、 根据权利要求 12所述的通用集成电路卡管理平台, 其特征在于, 所 述第一接收单元, 还 ^于接收运营商切换请求, 所述运营商切换请求中携带 有所述 UICC标识和第二运营商设备标识, 将所述运营商切换请求发送给所 述第一发送单元;  The universal integrated circuit card management platform according to claim 12, wherein the first receiving unit further receives an operator switching request, and the operator switching request carries the UICC identifier and a second carrier device identifier, where the operator handover request is sent to the first sending unit;
所述第一发送单元, 还用于当所述第一运营商设备允许与所述 UICC标 识对应的 UICC切换运营商设备^, 向与所述第二运营商设备标识对应的第 二运营商设备发送所述 UICC证书,所述 UICC证书中携带有所述 UICC标识 和所述 UICC公钥;  The first sending unit is further configured to: when the first carrier device allows the UICC to switch to the operator device corresponding to the UICC identifier, to the second carrier device corresponding to the second carrier device identifier Sending the UICC certificate, where the UICC certificate carries the UICC identifier and the UICC public key;
所述第一接收单元,还用于接收所述第二运营商设备发送的与所述 UICC 标识对应的加密后的第二业务密钥, 将所述加密后的第二业务密钥发送给所 述第一发送单元;  The first receiving unit is further configured to receive the encrypted second service key corresponding to the UICC identifier sent by the second carrier device, and send the encrypted second service key to the Said first transmitting unit;
所述第一发送单元, 还用于将所述加密后的第二业务密钥发送给所述第 一运营商设备;  The first sending unit is further configured to send the encrypted second service key to the first carrier device;
所述第一接收单元, 还用于接收所述第一运营商设备根据所述加密后的 第二 务密钥生成的与所述 UICC标识对应的第二报文鉴别码, 将所述第二 报文鉴别码发送给所述第一发送单元;  The first receiving unit is further configured to receive a second packet authentication code corresponding to the UICC identifier generated by the first carrier device according to the encrypted second service key, and the second Sending a message authentication code to the first sending unit;
所述第一发送单元, 还 ^于将所述加密后的第二 务密钥和所述第二报 文鉴别码发送给与所述 UICC标识对应的 UICC。  The first sending unit further sends the encrypted second service key and the second message authentication code to a UICC corresponding to the UICC identifier.
22、 根据权利要求 21所述的通用集成电路卡管理平台, 其特征在于, 所 述第一接收单元, 具体用于接收所述第二运营商设备发送的所述运营商切换 请求, 所述运营商切换请求中携带有所述 UICC标识和所述第二运营商设备 标识;  The universal integrated circuit card management platform according to claim 21, wherein the first receiving unit is configured to receive the operator switching request sent by the second carrier device, where the operation The merchant switching request carries the UICC identifier and the second carrier device identifier;
或者, 接收用户提交的所述运营商切换请求, 所述运营商切换请求中携 带有所述 UICC标识和所述第二运营商设备标识。 Or receiving the operator handover request submitted by the user, where the carrier switching request carries With the UICC identifier and the second carrier device identifier.
23、 一种第一运营商设备, 其特征在于, 包括: 第二接收单元、 业务密 钥生成单元、 第二发送单元和第一业务交互单元;  A first carrier device, comprising: a second receiving unit, a service key generating unit, a second sending unit, and a first service interaction unit;
所述第二接收单元, 用于接收通用集成电路卡 UICC 管理平台发送的 UICC证书,所述 UICC证书中携带有 UICC标识和 UICC公钥,将所述 UICC 证书发送给所述 务密钥生成单元;  The second receiving unit is configured to receive a UICC certificate sent by a universal integrated circuit card UICC management platform, where the UICC certificate carries a UICC identifier and a UICC public key, and sends the UICC certificate to the service key generating unit. ;
所述 务密钥生成单元, 用于当对所述 UICC证书验证遥过时, 根据预 设方法生成与所述 UICC标识对应的第一业务密钥, 使用所述 UICC公钥对 所述第一业务密钥进行加密,将所述第一业务密钥发送给第一业务交互单元, 将加密后的第一 务密钥发送给所述第二发送单元;  The service key generating unit is configured to generate a first service key corresponding to the UICC identifier according to a preset method, and use the UICC public key to use the first service when the UICC certificate is verified to be remote The key is encrypted, and the first service key is sent to the first service interaction unit, and the encrypted first service key is sent to the second sending unit.
所述第二发送单元, ^于将所述加密后的第一业务密钥发送给与所述 Transmitting, by the second sending unit, the encrypted first service key to the
UICC标识对应的 UICC; UICC corresponding to the UICC;
所述第二接收单元, 还用于获取所述 UICC在获取到所述第一业务密钥 之后发送的业务开通执行响应, 所述业务开通执行响应中携带有所述 UICC 预先保存的所述 UICC标识;  The second receiving unit is further configured to obtain a service activation execution response that is sent by the UICC after the first service key is obtained, where the service activation execution response carries the UICC pre-stored by the UICC Identification
所述第一业务交互单元, 用于使 ^所述第一业务密钥和所述 UICC进行 业务交互。  The first service interaction unit is configured to: perform the service interaction between the first service key and the UICC.
24、 根据权利要求 23所述的第一运营商设备, 其特征在于, 所述第二接 收单元, 还用于接收用户提交的业务申请请求, 所述业务申请请求中携带有 所述 UICC标识, 将所述业务申请请求发送给所述第二发送单元;  The first carrier device according to claim 23, wherein the second receiving unit is further configured to receive a service request request submitted by a user, where the service request request carries the UICC identifier, Sending the service request request to the second sending unit;
所述第二发送单元, 还用于向所述 UICC管理平台发送所述 务开通请 求, 所述业务开通请求中携带有所述 UICC标识和所述第一运营商设备预先 保存的所述第一运营商设备标识。  The second sending unit is further configured to send the service opening request to the UICC management platform, where the service opening request carries the UICC identifier and the first saved in advance by the first carrier device Carrier equipment identification.
25、 根据权利要求 23所述的第一运营商设备, 其特征在于, 所述第二发 送单元, 还用于向所述 UICC管理平台发送业务终止请求, 所述 务终止请 求中携带有所述 UICC标识和根据所述第一业务密钥生成的第一报文鉴别码; 所述第二接收单元, 还用于获取所述 UICC发送的业务终止执行响应, 所述业务终止执行响应中携带有所述 UICC标识。  The first carrier device according to claim 23, wherein the second sending unit is further configured to send a service termination request to the UICC management platform, where the service termination request carries the And the second receiving unit is further configured to obtain a service termination execution response sent by the UICC, where the service termination execution response is carried by the UICC identifier and the first packet authentication code generated according to the first service key. The UICC identifier.
26、 根据权利要求 23所述的第一运营商设备, 其特征在于, 所述第二接 收单元, 还用于接收所述 UICC管理平台发送的与所述 UICC标识对应的加 密后的第二业务密钥; The first carrier device according to claim 23, wherein the second connection The receiving unit is further configured to receive the encrypted second service key corresponding to the UICC identifier sent by the UICC management platform;
所述第二发送单元, 还用于向所述 UICC管理平台发送根据所述加密后 的第二业务密钥生成的与所述 UICC标识对应的第二报文鉴别码。  The second sending unit is further configured to send, to the UICC management platform, a second packet authentication code that is generated according to the encrypted second service key and that corresponds to the UICC identifier.
27、 一种通用集成电路卡, 其特征在于, 包括: 第三接收单元、 解密单 元、 第 发送单元和第二业务交互单元;  27. A universal integrated circuit card, comprising: a third receiving unit, a decrypting unit, a first transmitting unit, and a second service interaction unit;
所述第≡接收单元, ^于接收通用集成电路卡 UICC管理平台发送的加 密后的第一业务密钥, 将所述加密后的第一业务密钥发送给所述解密单元; 所述解密单元,用于使用预先保存的与 UICC公钥对应的 UICC私钥对所 述加密后的第一业务密钥进行解密, 获取第一业务密钥, 将所述第一 务密 钥发送给所述第二业务交互单元, 并向所述第三发送单元发送一个第一发送 指令;  Receiving, by the second receiving unit, the encrypted first service key sent by the universal integrated circuit card UICC management platform, and sending the encrypted first service key to the decrypting unit; Decrypting the encrypted first service key by using a pre-stored UICC private key corresponding to the UICC public key, acquiring the first service key, and sending the first service key to the first a service interaction unit, and sending a first sending instruction to the third sending unit;
所述第三发送单元, 用于在接收到所述第一发送指令之后, 向第一运营 商设备发送业务开通执行响应, 所述业务开通执行响应中携带有预先保存的 The third sending unit is configured to: after receiving the first sending instruction, send a service opening execution response to the first carrier device, where the service opening execution response carries a pre-save
UICC标识; UICC logo;
所述第二业务交互单元, 用于使 ^所述第一业务密钥和所述第一运营商 设备进行业务交互。  The second service interaction unit is configured to enable the first service key to perform service interaction with the first carrier device.
28、 根据权利要求 27所述的通 ^集成电路卡, 其特征在于, 还包括: 公 私钥对生成单元和第二存储单元;  The integrated circuit card according to claim 27, further comprising: a public key pair generating unit and a second storing unit;
所述第≡接收单元, 还用于接收 UICC厂商设备发送的密钥请求, 将所 述密钥请求发送给所述公私钥对生成单元;  The third receiving unit is further configured to receive a key request sent by the UICC vendor device, and send the key request to the public-private key pair generating unit;
所述公私钥对生成单元, 随机生成 UICC公私钥对,将所述 UICC公钥发 送给第≡发送单元, 将所述 UICC私钥发送给所述第二存储单元;  The public-private key pair generating unit randomly generates a UICC public-private key pair, and sends the UICC public key to the second sending unit, and sends the UICC private key to the second storage unit;
所述第≡发送单元,还用于将所述 UICC公钥发送给所述 UICC厂商设备; 所述第二存储单元, ^于保存所述 UICC私钥。  The second sending unit is further configured to send the UICC public key to the UICC vendor device, where the second storage unit saves the UICC private key.
29、 根据权利要求 27所述的通 ^集成电路卡, 其特征在于, 还包括: 业 务终止单元;  29. The integrated circuit card of claim 27, further comprising: a service termination unit;
所述第≡接收单元, 还用于接收所述 UICC管理平台发送的业务终止请 求, 所述业务终止请求中携带有所述 UICC标识和所述第一运营商设备根据 所述第一业务密钥生成的第一报文鉴别码, 将所述业务终止请求发送给所述 业务终止单元和所述第三发送单元; The first receiving unit is further configured to receive a service termination request sent by the UICC management platform, where the service termination request carries the UICC identifier and the first carrier device according to the Transmitting, by the first service key, a first packet authentication code, the service termination request to the service termination unit and the third sending unit;
所述业务终止单元, 用于当对所述第一报文鉴别码校验通过时, 终止与 所述第一运营商设备进行业务交互, 向所述第三发送单元发送一个第二发送 指令;  The service termination unit is configured to terminate service interaction with the first carrier device when the first message authentication code passes, and send a second sending instruction to the third sending unit.
所述第三发送单元, 还用于在接收到所述第二发送指令之后, 向所述第 一运营商设备发送业务终止执行响应, 所述业务终止执行响应中携带有所述 The third sending unit is further configured to: after receiving the second sending instruction, send a service termination execution response to the first carrier device, where the service termination execution response carries the
UICC标识。 UICC logo.
30、 根据权利要求 27所述的通用集成电路卡, 其特征在于, 所述第≡接 收单元, 还用于接收所述 UICC管理平台发送的加密后的第二业务密钥和第 二报文鉴别码, 将所述加密后的第二 务密钥发送给所述解密单元;  The universal integrated circuit card according to claim 27, wherein the second receiving unit is further configured to receive the encrypted second service key and the second message identifier sent by the UICC management platform. a code, sending the encrypted second service key to the decryption unit;
所述解密单元, 还用于当对所述第二报文鉴别码校验通过时, 使 ^所述 UICC私钥对所述加密后的第二业务密钥进行解密, 获取所述第二业务密钥, 将所述第二业务密钥发送给所述第二业务交互单元, 并向所述第≡发送单元 发送一个第≡发送指令;  The decrypting unit is further configured to: when the second message authentication code is verified, the UICC private key decrypts the encrypted second service key to obtain the second service Sending, by the key, the second service key to the second service interaction unit, and sending a third transmission instruction to the second transmission unit;
所述第三发送单元, 还用于在接收到所述第三发送指令之后, 向所述第 二运营商设备发送运营商切换执行响应, 所述运营商切换执行响应中携带有 所述 UICC标识;  The third sending unit is further configured to: after receiving the third sending instruction, send an operator handover execution response to the second operator equipment, where the operator handover execution response carries the UICC identifier ;
所述第二业务交互单元, 用于使用所述第二业务密钥和所述第二运营商 设备进行业务交互。  The second service interaction unit is configured to perform service interaction with the second service device by using the second service key.
31、 一种用户终端, 其特征在于, 包括: 第 ΞΞ存储单元和通用集成电路 卡 UICC;  31. A user terminal, comprising: a first memory unit and a universal integrated circuit card UICC;
所述第≡存储单元, ^于存储所述 UICC;  The third storage unit, ^ is stored in the UICC;
所述 UICC, 用于接收 UICC管理平台发送的加密后的第一业务密钥; 使 用预先保存的与 UICC公钥对应的 UICC私钥对所述加密后的第一业务密钥 进行解密, 获取第一 务密钥; 向第一运营商设备发送 务开通执行响应, 所述 务开通执行响应中携带有预先保存的 UICC标识; 使用所述第一业务 密钥和所述第一运营商设备进行 务交互。  The UICC is configured to receive the encrypted first service key sent by the UICC management platform, and decrypt the encrypted first service key by using a pre-stored UICC private key corresponding to the UICC public key, to obtain the first Sending a service execution response to the first carrier device, the service opening response carrying the pre-stored UICC identifier; using the first service key and the first carrier device Interaction.
32、 一种通用集成电路卡的数据配置***, 其特征在于, 包括: 遥用集 成电路卡 UICC管理平台、 第一运营商设备和 UICC; 32. A data configuration system for a universal integrated circuit card, comprising: a remote use set Forming a circuit card UICC management platform, a first carrier device and a UICC;
所述 UICC管理平台, 用于接收业务开通请求, 所述业务开通请求中携 带有 UICC标识和第一运营商设备标识, 向与所述第一运营商设备标识对应 的第一运营商设备发送预先保存的与所述 UICC标识对应的 UICC证书, 所 述 UICC证书中携带有所述 UICC标识和与所述 UICC标识对应的 UICC公钥; 接收所述第一运营商设备发送的与所述 UICC标识对应的加密后的第一业务 密钥,并将所述加密后的第一业务密钥发送给与所述 UICC标识对应的 UICC; 所述第一运营商设备, 用于接收所述 UICC管理平台发送的 UICC证书, 所述 UICC证书中携带有所述 UICC标识和所述 UICC公钥; 当对所述 UICC 证书验证通过时, 根据预设方法生成与所述 UICC标识对应的第一业务密钥, 使用所述 UICC公钥对所述第一业务密钥进行加密, 并通过所述 UICC管理 平台将加密后的第一业务密钥发送给与所述 UICC标识对应的 UICC;获取所 述 UICC在获取到所述第一业务密钥之后发送的 务开通执行响应, 所述业 务开遥执行响应中携带有所述 UICC预先保存的所述 UICC标识; 使用所述 第一 务密钥和所述 UICC迸行业务交互;  The UICC management platform is configured to receive a service provisioning request, where the service provisioning request carries a UICC identifier and a first carrier device identifier, and sends the advance to the first carrier device corresponding to the first carrier device identifier. And the saved UICC certificate corresponding to the UICC identifier, where the UICC certificate carries the UICC identifier and a UICC public key corresponding to the UICC identifier; and receives the UICC identifier sent by the first carrier device And corresponding to the encrypted first service key, and the encrypted first service key is sent to the UICC corresponding to the UICC identifier; the first carrier device is configured to receive the UICC management platform a UICC certificate, the UICC certificate carrying the UICC identifier and the UICC public key; when the UICC certificate is verified, generating a first service key corresponding to the UICC identifier according to a preset method Encrypting the first service key by using the UICC public key, and sending the encrypted first service key to the UICC by using the UICC management platform a UICC that is sent by the UICC after the first service key is acquired, and the UICC identifier that is pre-stored by the UICC is carried in the service open remote execution response; Determining the first transaction key and the UICC performing business interaction;
所述 UICC,用于接收所述 UICC管理平台发送的所述加密后的第一业务 密钥; 使用预先保存的与所述 UICC公钥对应的 UICC私钥对所述加密后的 第一业务密钥进行解密, 获取所述第一业务密钥; 向所述第一运营商设备发 送业务开通执行响应,所述业务开通执行响应中携带有预先保存的所述 UICC 标识; 使用所述第一业务密钥和所述第一运营商设备进行业务交互。  The UICC is configured to receive the encrypted first service key sent by the UICC management platform, and use the pre-stored UICC private key corresponding to the UICC public key to encrypt the encrypted first service key. Decrypting the key to obtain the first service key; sending a service activation execution response to the first carrier device, where the service activation execution response carries the UICC identifier saved in advance; using the first service The key performs business interaction with the first carrier device.
33、 一种计算机程序, 其特征在于, ^于执行如权利要求 1- 11所述的通 33. A computer program, characterized by: performing the pass according to claims 1-11
^集成电路卡的数据配置方法。 ^ Data configuration method for integrated circuit cards.
34、 一种存储介质, 其特征在于, 用于存储如权利要求 33所述的计算机 程序。  A storage medium, characterized by storing the computer program according to claim 33.
PCT/CN2013/079364 2012-07-17 2013-07-15 Data configuration method, apparatus and system for universal integrated circuit card, computer program and storage medium WO2014012468A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201210247048.3A CN103546886B (en) 2012-07-17 2012-07-17 The data configuration method of Universal Integrated Circuit Card, Apparatus and system
CN201210247048.3 2012-07-17

Publications (1)

Publication Number Publication Date
WO2014012468A1 true WO2014012468A1 (en) 2014-01-23

Family

ID=49948277

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2013/079364 WO2014012468A1 (en) 2012-07-17 2013-07-15 Data configuration method, apparatus and system for universal integrated circuit card, computer program and storage medium

Country Status (2)

Country Link
CN (1) CN103546886B (en)
WO (1) WO2014012468A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113795039A (en) * 2021-09-23 2021-12-14 中交信通网络科技有限公司 Operator network switching method, device, equipment and computer readable storage medium

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102250685B1 (en) 2014-07-01 2021-05-12 삼성전자 주식회사 METHOD AND APPARATUS FOR PROFILE DOWNLOAD FOR eUICC
KR102160597B1 (en) * 2014-07-17 2020-09-28 삼성전자 주식회사 Method and apparatus for provisioning profile of embedded universal integrated circuit card
ES2743576T3 (en) 2015-04-13 2020-02-19 Samsung Electronics Co Ltd Procedure and apparatus for managing a profile of a terminal in a wireless communication system
KR20160124648A (en) * 2015-04-20 2016-10-28 삼성전자주식회사 Method and apparatus for downloading and installing a profile
US10003974B2 (en) * 2015-06-19 2018-06-19 Apple Inc. Electronic subscriber identity module management under multiple certificate authorities
CN108112011A (en) * 2016-11-24 2018-06-01 中国电信股份有限公司 The methods, devices and systems of the universal embedded integrated circuit card of remote management
CN110121859B (en) * 2017-08-28 2021-01-15 华为技术有限公司 Information verification method and related equipment
CN113852957A (en) * 2020-06-09 2021-12-28 ***通信有限公司研究院 Security server, SP server, terminal, security authorization method and system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101005359A (en) * 2006-01-18 2007-07-25 华为技术有限公司 Method and device for realizing safety communication between terminal devices
US20090209232A1 (en) * 2007-10-05 2009-08-20 Interdigital Technology Corporation Techniques for secure channelization between uicc and a terminal
CN101765105A (en) * 2009-12-17 2010-06-30 北京握奇数据***有限公司 Method for realizing communication encryption as well as system and mobile terminal therefor
CN102209317A (en) * 2010-03-29 2011-10-05 中兴通讯股份有限公司 Signing data provision method and system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102056149B (en) * 2009-11-09 2015-01-28 中兴通讯股份有限公司 Machine to machine device and processing method thereof

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101005359A (en) * 2006-01-18 2007-07-25 华为技术有限公司 Method and device for realizing safety communication between terminal devices
US20090209232A1 (en) * 2007-10-05 2009-08-20 Interdigital Technology Corporation Techniques for secure channelization between uicc and a terminal
CN101765105A (en) * 2009-12-17 2010-06-30 北京握奇数据***有限公司 Method for realizing communication encryption as well as system and mobile terminal therefor
CN102209317A (en) * 2010-03-29 2011-10-05 中兴通讯股份有限公司 Signing data provision method and system

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113795039A (en) * 2021-09-23 2021-12-14 中交信通网络科技有限公司 Operator network switching method, device, equipment and computer readable storage medium
CN113795039B (en) * 2021-09-23 2023-11-24 中交信通网络科技有限公司 Operator network switching method, device, equipment and computer readable storage medium

Also Published As

Publication number Publication date
CN103546886B (en) 2016-09-07
CN103546886A (en) 2014-01-29

Similar Documents

Publication Publication Date Title
WO2014012468A1 (en) Data configuration method, apparatus and system for universal integrated circuit card, computer program and storage medium
CN111052777B (en) Method and apparatus for supporting inter-device profile transfer in a wireless communication system
US9621540B2 (en) Secure provisioning of computing devices for enterprise connectivity
JP6185152B2 (en) Method of accessing services, device and system for accessing
US20190116046A1 (en) Privacy preserving tag
CN107006049A (en) A kind of smart machine and its set up the method for equipment room bluetooth connection, device
CN108762791A (en) Firmware upgrade method and device
CN105376059A (en) Method and system for performing application signature based on electronic key
EP4068834A1 (en) Initial security configuration method, security module, and terminal
WO2020057314A1 (en) Method, device and system for issuing esim certificate online
TW201719476A (en) Method and device for authorization between devices
KR20200028786A (en) Apparatus and methods for ssp device and server to negociate digital certificates
CN101527714A (en) Method, device and system for accreditation
CN104507130A (en) SIM (Subscriber Identity Module) card and system supporting mobile communication network switching
CN104507072B (en) A kind of method of communication network switching
CN113613227B (en) Data transmission method and device of Bluetooth equipment, storage medium and electronic device
WO2015186072A1 (en) Encryption and decryption of data between a communications device and smart card with near field communication function
CN114499990A (en) Vehicle control method, device, equipment and storage medium
WO2013160441A1 (en) Method, server and system for accessing a service
CN109756451B (en) Information interaction method and device
CN105554759A (en) Authentication method and authentication system
KR101709276B1 (en) Endpoint Security Server Management System
KR20190117302A (en) APPRATUS AND METHOD FOR NEGOTIATING eUICC VERSION
US11076282B2 (en) Telecommunications apparatus with a radio-linked smart card
CN110636491A (en) Service-oriented trusted execution module and communication method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13819835

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13819835

Country of ref document: EP

Kind code of ref document: A1