(19)
(11)EP 3 340 668 A1

(12)EUROPEAN PATENT APPLICATION
published in accordance with Art. 153(4) EPC

(43)Date of publication:
27.06.2018 Bulletin 2018/26

(21)Application number: 15903411.5

(22)Date of filing:  11.09.2015
(51)International Patent Classification (IPC): 
H04W 8/20(2009.01)
H04W 12/08(2009.01)
(86)International application number:
PCT/CN2015/089475
(87)International publication number:
WO 2017/041306 (16.03.2017 Gazette  2017/11)
(84)Designated Contracting States:
AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR
Designated Extension States:
BA ME
Designated Validation States:
MA

(71)Applicant: Huawei Technologies Co., Ltd.
Longgang District Shenzhen, Guangdong 518129 (CN)

(72)Inventors:
  • FAN, Shunan
    Shenzhen, Guangdong 518129 (CN)
  • LONG, Shuiping
    Shenzhen, Guangdong 518129 (CN)
  • GAO, Linyi
    Shenzhen, Guangdong 518129 (CN)
  • YU, Xiaobo
    Shenzhen, Guangdong 518129 (CN)

(74)Representative: Gill Jennings & Every LLP 
The Broadgate Tower 20 Primrose Street
London EC2A 2ES
London EC2A 2ES (GB)

  


(54)PROFILE PROCESSING METHOD, PROFILE PROCESSING APPARATUS, USER TERMINAL AND EUICC


(57) Embodiments of the present invention disclose a profile processing method, a profile processing apparatus, a user terminal, and an eUICC. The method includes: generating, by an LPA of UE1, a profile request according to information about an eUICC of UE2, and sending the profile request; receiving, by the LPA, a profile request response, where the profile request response includes at least a profile of the eUICC; and forwarding, by the LPA, the profile to the eUICC. The embodiments of the present invention are conducive to profile processing efficiency enhancement of an eUICC and user experience improvement.




Description

TECHNICAL FIELD



[0001] The present invention relates to the field of wireless communications technologies, and specifically, to a profile processing method, a profile processing apparatus, a user terminal, and an eUICC.

BACKGROUND



[0002] An embedded universal integrated circuit card (embedded UICC, eUICC) may also be referred to as an embedded SIM (embedded SIM, eSIM) card, and is a new security element that is defined in the industry and can be used by multiple communications operators to remotely manage subscribers. At present, a local profile assistant (Local Profile Assistant, LPA) module is provided in a user terminal UE in an architecture defined in a mainstream standard. The LPA module is configured to: discover subscription manager-secure routing (Subscription Manager-Secure Routing, SM-SR), download and manage a profile profile, and provide a user interface UI interface to an end user, for the end user to manage (activate, disable, and delete) a profile in an eUICC.

[0003] At present, one user terminal UE has one eUICC. For UE that does not have an LPA module or a network access capability, display and selection of operator information, and profile download, profile management, or the like of a corresponding eUICC can be implemented only by using a device other than the user terminal UE, such as a computer, or in an operator service center, or in an online service center. This causes complex operation processes.

SUMMARY



[0004] Embodiments of the present invention provide a profile processing method, a profile processing apparatus, a user terminal, and an eUICC, to enhance profile processing efficiency of an eUICC and improve user experience.

[0005] A first aspect of the embodiments of the present invention provides a profile profile processing method, including:

generating, by a local profile assistant LPA of a first terminal UE1, a profile request according to information about an embedded universal integrated circuit card eUICC of a second terminal UE2, and sending the profile request;

receiving, by the LPA, a profile request response, where the profile request response includes at least a profile of the eUICC; and

forwarding, by the LPA, the profile to the eUICC.



[0006] In a first possible implementation of the first aspect of the embodiments of the present invention, the sending, by an LPA, the profile request includes:
sending, by the LPA, the profile request to a profile server.

[0007] With reference to the first aspect of the embodiments of the present invention or the first possible implementation of the first aspect, in a second possible implementation of the first aspect of the embodiments of the present invention, after the sending, by an LPA, the profile request and before the receiving, by the LPA, a profile request response, the method further includes:

receiving, by the LPA, a key negotiation request sent by the profile server;

forwarding, by the LPA, the key negotiation request to the eUICC if the LPA determines, according to information carried in the key negotiation request, that a target receiver of the key negotiation request is the eUICC; and

receiving, by the LPA, a key negotiation response sent by the eUICC, and forwarding the key negotiation response to the profile server.



[0008] With reference to the first aspect of the embodiments of the present invention or the first or the second possible implementation of the first aspect, in a third possible implementation of the first aspect of the embodiments of the present invention, before the generating, by an LPA, a profile request according to information about an eUICC of UE2, the method further includes:

obtaining, by the LPA, the information about the eUICC; or

obtaining, by the LPA, the information about the eUICC, and

displaying, by the LPA, the obtained information about the eUICC and operator information.



[0009] With reference to the third possible implementation of the first aspect of the embodiments of the present invention, in a fourth possible implementation of the first aspect of the embodiments of the present invention, before the obtaining, by the LPA, the information about the eUICC, the method further includes:
establishing, by the LPA, a secure channel between the LPA and the eUICC, where the secure channel is used to obtain the information about the eUICC.

[0010] With reference to the first aspect of the embodiments of the present invention or the first, the second, or the third possible implementation of the first aspect, in a fifth possible implementation of the first aspect of the embodiments of the present invention, before the receiving, by the LPA, a profile request response, the method further includes:
establishing, by the LPA, a secure channel between the LPA and the eUICC, where the secure channel is used to transmit the profile.

[0011] With reference to the fourth or the fifth possible implementation of the first aspect of the embodiments of the present invention, in a sixth possible implementation of the first aspect of the embodiments of the present invention, the method further includes:
if the LPA detects that the secure channel is disabled, re-establishing, by the LPA, a secure channel between the LPA and the eUICC.

[0012] With reference to any one of the fourth to the sixth possible implementations of the first aspect of the embodiments of the present invention, in a seventh possible implementation of the first aspect of the embodiments of the present invention, the establishing, by the LPA, a secure channel between the LPA and the eUICC includes:

broadcasting, by the LPA, a service search request, establishing a local connection between the LPA and the UE2 or between the LPA and the eUICC, and establishing the secure channel between the LPA and the eUICC based on the local connection; or

receiving, by the LPA, a broadcast service search request, establishing a local connection between the LPA and the UE2 or between the LPA and the eUICC, and establishing the secure channel between the LPA and the eUICC based on the local connection; or

receiving, by the LPA, a broadcast service search request carrying an eUICC service indicator, completing device discovery between the LPA and the eUICC according to the service indicator, establishing a local connection between the LPA and the UE2 or between the LPA and the eUICC, and establishing the secure channel between the LPA and the eUICC based on the local connection.



[0013] With reference to any one of the first aspect of the embodiments of the present invention, or the first to the seventh possible implementations of the first aspect, in an eighth possible implementation of the first aspect of the embodiments of the present invention, the information about the eUICC includes at least one of the following: a device identity of the UE2 UE2-ID, capability information of the UE2, a card identity of the eUICC EID, or an eUICC information set EIS of the eUICC.

[0014] With reference to any one of the first aspect of the embodiments of the present invention, or the first to the eighth possible implementations of the first aspect, in a ninth possible implementation of the first aspect of the embodiments of the present invention, the profile request includes at least one of the following: a device identity of the UE1 UE1-ID, the device identity of the UE2 UE2-ID, the capability information of the UE2, the card identity of the eUICC EID, or the eUICC information set EIS of the eUICC.

[0015] With reference to the ninth possible implementation of the first aspect of the embodiments of the present invention, in a tenth possible implementation of the first aspect of the embodiments of the present invention, the profile matches the capability information of the UE2.

[0016] With reference to any one of the first aspect of the embodiments of the present invention, or the first to the tenth possible implementations of the first aspect, in an eleventh possible implementation of the first aspect of the embodiments of the present invention, the forwarding, by the LPA, the profile to the eUICC includes:

extracting, by the LPA, the profile from the received profile request response, and forwarding the extracted profile to the eUICC; or

forwarding, by the LPA to the eUICC, the profile request response carrying the profile.



[0017] With reference to any one of the first aspect of the embodiments of the present invention, or the first to the eleventh possible implementations of the first aspect, in a twelfth possible implementation of the first aspect of the embodiments of the present invention, after the forwarding, by the LPA, the profile to the eUICC, the method further includes:

sending, by the LPA to the eUICC, a profile activation request used to activate the profile;

sending, by the LPA to the eUICC, a profile disabling request used to disable the profile; or

sending, by the LPA to the eUICC, a profile delete request used to delete the profile.



[0018] With reference to any one of the first aspect of the embodiments of the present invention, or the first to the twelfth possible implementations of the first aspect, in a thirteenth possible implementation of the first aspect of the embodiments of the present invention, the generating, by an LPA, a profile request according to information about an eUICC of UE2 includes:
generating, by the LPA, the profile request according to the information about the eUICC if the LPA detects an operator network selection instruction, where an operator network provides a network service to the eUICC.

[0019] It can be learned that in the embodiments of the present invention, an LPA first generates a profile request according to information about an eUICC of a second terminal UE2, and sends the profile request to a profile server. Then, the LPA receives a profile request response sent by the profile server, where the profile request response includes a profile profile, encrypted by the profile server, of the eUICC. Finally, the LPA forwards the profile to the eUICC. The LPA belongs to a first terminal UE1, and the eUICC is disposed in the UE2. Therefore, it can be learned that by establishing a local connection between the LPA of the UE1 and the eUICC of the UE2, the LPA can conveniently and quickly manage the eUICC of the UE2, and directly download the profile for the eUICC of the UE2. This is conducive to profile processing efficiency enhancement of the eUICC and user experience improvement.

[0020] A second aspect of the embodiments of the present invention provides a profile processing profile method, including:

receiving, by an embedded universal integrated circuit card eUICC of a second terminal UE2, a key negotiation request forwarded by a local profile assistant LPA of a first terminal UE1;

sending, by the eUICC, a key negotiation response to the LPA; and

receiving, by the eUICC, a profile that is encrypted according to the key negotiation response and that is forwarded by the LPA.



[0021] In a first possible implementation of the second aspect of the embodiments of the present invention, before the receiving, by an eUICC, a key negotiation request forwarded by an LPA, the method further includes:
sending, by the eUICC, information about the eUICC to the LPA.

[0022] With reference to the first possible implementation of the second aspect of the embodiments of the present invention, in a second possible implementation of the second aspect of the embodiments of the present invention, before the sending, by the eUICC, information about the eUICC to the LPA, the method further includes:
establishing, by the eUICC, a secure channel between the LPA and the eUICC, where the secure channel is used to send the information about the eUICC.

[0023] With reference to the second aspect of the embodiments of the present invention or the first possible implementation of the second aspect of the embodiments of the present invention, in a third possible implementation of the second aspect of the embodiments of the present invention, before the receiving, by the eUICC, a profile that is encrypted according to the key negotiation response and that is forwarded by the LPA, the method further includes:
establishing, by the eUICC, a secure channel between the LPA and the eUICC, where the secure channel is used to forward the profile.

[0024] With reference to the second or the third possible implementation of the second aspect of the embodiments of the present invention, in a fourth possible implementation of the second aspect of the embodiments of the present invention, after the establishing, by the eUICC, a secure channel between the LPA and the eUICC, the method further includes:
disabling, by the eUICC, the secure channel if the eUICC detects that establishment duration of the secure channel is greater than or equal to a preset threshold.

[0025] With reference to the fourth possible implementation of the second aspect of the embodiments of the present invention, in a fifth possible implementation of the second aspect of the embodiments of the present invention, before the receiving, by the eUICC, a profile that is encrypted according to the key negotiation response and that is forwarded by the LPA, the method further includes:
if the eUICC detects that the secure channel is disabled, re-establishing, by the eUICC, the secure channel.

[0026] With reference to the second, the third, or the fifth possible implementation of the second aspect of the embodiments of the present invention, in a sixth possible implementation of the second aspect of the embodiments of the present invention, the establishing, by the eUICC, the secure channel includes:

receiving, by the eUICC, a broadcast service search request, establishing a local connection between the eUICC and the UE1 or between the eUICC and the LPA, and establishing the secure channel between the LPA and the eUICC based on the local connection; or

broadcasting, by the eUICC, a service search request, establishing a local connection between the eUICC and the UE1 or between the eUICC and the LPA, and establishing the secure channel between the LPA and the eUICC based on the local connection; or

broadcasting, by the eUICC, a service search request carrying an eUICC service indicator, establishing a local connection between the eUICC and the UE1 or between the eUICC and the LPA, and establishing the secure channel between the LPA and the eUICC based on the local connection, where the service indicator is used to complete device discovery between the LPA and the eUICC.



[0027] With reference to any one of the second aspect of the embodiments of the present invention, or the first to the sixth possible implementations of the second aspect of the embodiments of the present invention, in a seventh possible implementation of the second aspect of the embodiments of the present invention, the information about the eUICC includes at least one of the following: a device identity of the UE2 UE2-ID, capability information of the UE2, a card identity of the eUICC EID, or an eUICC information set EIS of the eUICC.

[0028] With reference to the seventh possible implementation of the second aspect of the embodiments of the present invention, in an eighth possible implementation of the second aspect of the embodiments of the present invention, the profile matches the capability information of the UE2.

[0029] It can be learned that in the embodiments of the present invention, an eUICC of UE2 first receives a key negotiation request, the eUICC then sends a key negotiation response to an LPA, and finally, the eUICC receives a profile that is encrypted according to the key negotiation response and that is forwarded by the LPA. The LPA is disposed in a first terminal UE1. Therefore, the eUICC of the UE2 can establish a local connection between the LPA of the UE1 and the eUICC of the UE2, to further implement key negotiation between a profile server and the eUICC and download of the profile of the eUICC together with the LPA of the UE1. This is conducive to profile processing efficiency enhancement of the eUICC and user experience improvement.

[0030] A third aspect of the embodiments of the present invention provides a profile profile processing apparatus, disposed in a first terminal UE1, where the apparatus includes:

a generation unit, configured to generate a profile request according to information about an embedded universal integrated circuit card eUICC of a second terminal UE2;

a sending unit, configured to send the profile request generated by the generation unit; and

a receiving unit, configured to receive a profile request response, where the profile request response includes at least a profile of the eUICC, where

the sending unit is further configured to forward the profile to the eUICC.



[0031] In a first possible implementation of the third aspect of the embodiments of the present invention, a specific manner of sending, by the sending unit, the profile request generated by the generation unit includes:
sending, by the sending unit, the profile request generated by the generation unit to a profile server.

[0032] With reference to the first possible implementation of the third aspect of the embodiments of the present invention, in a second possible implementation of the third aspect of the embodiments of the present invention,
the receiving unit is further configured to: after the sending unit sends the profile request and before the receiving unit receives the profile request response, receive a key negotiation request sent by the profile server;
the sending unit is further configured to forward the key negotiation request to the eUICC when the profile processing apparatus determines, according to information carried in the key negotiation request, that a target receiver of the key negotiation request is the eUICC;
the receiving unit is further configured to receive a key negotiation response sent by the eUICC; and
the sending unit is further configured to forward the key negotiation response to the profile server.

[0033] With reference to the third aspect of the embodiments of the present invention or the first or the second possible implementation of the third aspect, in a third possible implementation of the third aspect of the embodiments of the present invention, the profile processing apparatus further includes:

an obtaining unit, configured to obtain the information about the eUICC; or

an obtaining unit, configured to obtain the information about the eUICC, and

a display unit, configured to display the obtained information about the eUICC and operator information.



[0034] With reference to the third possible implementation of the third aspect of the embodiments of the present invention, in a fourth possible implementation of the third aspect of the embodiments of the present invention, the profile processing apparatus further includes:
a channel establishment unit, configured to establish a secure channel between the profile processing apparatus and the eUICC before the obtaining unit obtains the information about the eUICC, where the secure channel is used to obtain the information about the eUICC.

[0035] With reference to the third aspect of the embodiments of the present invention or the first, the second, or the third possible implementation of the third aspect of the embodiments of the present invention, in a fifth possible implementation of the third aspect of the embodiments of the present invention, the channel establishment unit is further configured to establish a secure channel between the profile processing apparatus and the eUICC before the receiving unit receives the profile request response, where the secure channel is used to transmit the profile.

[0036] With reference to the fourth or the fifth possible implementation of the third aspect of the embodiments of the present invention, in a sixth possible implementation of the third aspect of the embodiments of the present invention, the channel establishment unit is further configured to: if the profile processing apparatus detects that the secure channel is disabled, re-establish a secure channel between the profile processing apparatus and the eUICC.

[0037] With reference to any one of the fourth to the sixth possible implementations of the third aspect of the embodiments of the present invention, in a seventh possible implementation of the third aspect of the embodiments of the present invention, the channel establishment unit is specifically configured to:

broadcast a service search request, establish a local connection between the LPA and the UE2 or between the LPA and the eUICC, and establish the secure channel between the profile processing apparatus and the eUICC based on the local connection; or

receive a broadcast service search request, establish a local connection between the LPA and the UE2 or between the LPA and the eUICC, and establish the secure channel between the profile processing apparatus and the eUICC based on the local connection; or

receive a broadcast service search request carrying an eUICC service indicator, complete device discovery between the profile processing apparatus and the eUICC according to the service indicator, establish a local connection between the LPA and the UE2 or between the LPA and the eUICC, and establish the secure channel between the profile processing apparatus and the eUICC based on the local connection.



[0038] With reference to any one of the third aspect of the embodiments of the present invention, or the first to the seventh possible implementations of the third aspect of the embodiments of the present invention, in an eighth possible implementation of the third aspect of the embodiments of the present invention, the information about the eUICC includes at least one of the following: a device identity of the UE2 UE2-ID, capability information of the UE2, a card identity of the eUICC EID, or an eUICC information set EIS of the eUICC.

[0039] With reference to any one of the third aspect of the embodiments of the present invention, or the first to the eighth possible implementations of the third aspect of the embodiments of the present invention, in a ninth possible implementation of the third aspect of the embodiments of the present invention, the profile request includes at least one of the following: a device identity of the UE1 UE1-ID, the device identity of the UE2 UE2-ID, the capability information of the UE2, the card identity of the eUICC EID, or the eUICC information set EIS of the eUICC.

[0040] With reference to the ninth possible implementation of the third aspect of the embodiments of the present invention, in a tenth possible implementation of the third aspect of the embodiments of the present invention, the profile matches the capability information of the UE2.

[0041] With reference to any one of the third aspect of the embodiments of the present invention, or the first to the tenth possible implementations of the third aspect of the embodiments of the present invention, in an eleventh possible implementation of the third aspect of the embodiments of the present invention, a specific manner of forwarding, by the sending unit, the profile to the eUICC includes:

extracting the profile from the received profile request response, and forwarding the extracted profile to the eUICC; or

forwarding, to the eUICC, the profile request response carrying the profile.



[0042] With reference to any one of the third aspect of the embodiments of the present invention, or the first to the eleventh possible implementations of the third aspect of the embodiments of the present invention, in a twelfth possible implementation of the third aspect of the embodiments of the present invention, after forwarding the profile to the eUICC, the sending unit is further configured to:

send, to the eUICC, a profile activation request used to activate the profile;

send, to the eUICC, a profile disabling request used to disable the profile; or

send, to the eUICC, a profile delete request used to delete the profile.



[0043] With reference to any one of the third aspect of the embodiments of the present invention, or the first to the twelfth possible implementations of the third aspect of the embodiments of the present invention, in a thirteenth possible implementation of the third aspect of the embodiments of the present invention, the generation unit is specifically configured to:
generate the profile request according to the information about the eUICC when the profile processing apparatus detects an operator network selection instruction, where an operator network provides a network service to the eUICC.

[0044] It can be learned from above that in the embodiments of the present invention, a profile processing apparatus of a first terminal UE1 first generates a profile request according to information about an eUICC of a second terminal UE2, and sends the profile request. Then, an LPA receives a profile request response, and the profile request response includes a profile profile, encrypted by a profile server, of the eUICC. Finally, the LPA forwards the profile to the eUICC. The LPA belongs to the first terminal UE1, and the eUICC is disposed in the UE2. Therefore, it can be learned that by establishing a local connection between the LPA of the UE1 and the eUICC of the UE2, the LPA can conveniently and quickly manage the eUICC of the UE2, and directly download the profile for the eUICC of the UE2. This is conducive to profile processing efficiency enhancement of the eUICC and user experience improvement.

[0045] A fourth aspect of the embodiments of the present invention provides an eUICC, disposed in a second terminal UE2, where the eUICC includes:

a receiving unit, configured to receive a key negotiation request forwarded by a local profile assistant LPA of a first terminal UE1; and

a sending unit, configured to send a key negotiation response to the LPA, where

the receiving unit is further configured to receive a profile that is encrypted according to the key negotiation response and that is forwarded by the LPA.



[0046] In a first possible implementation of the fourth aspect of the embodiments of the present invention, the sending unit is further configured to send information about the eUICC to the LPA before the receiving unit receives the key negotiation request forwarded by the LPA.

[0047] With reference to the first possible implementation of the fourth aspect of the embodiments of the present invention, in a second possible implementation of the fourth aspect of the embodiments of the present invention, the eUICC further includes:
a channel establishment unit, configured to establish a secure channel between the LPA and the eUICC before the sending unit sends the information about the eUICC to the LPA, where the secure channel is used to send the information about the eUICC.

[0048] With reference to the fourth aspect of the embodiments of the present invention or the first possible implementation of the fourth aspect of the embodiments of the present invention, in a third possible implementation of the fourth aspect of the embodiments of the present invention, the channel establishment unit is further configured to establish a secure channel between the LPA and the eUICC before the receiving unit receives the profile that is encrypted according to the key negotiation response and that is forwarded by the LPA, where the secure channel is used to forward the profile.

[0049] With reference to the second or the third possible implementation of the fourth aspect of the embodiments of the present invention, in a fourth possible implementation of the fourth aspect of the embodiments of the present invention, the eUICC further includes:
a channel disabling unit, configured to: after the channel establishment unit establishes the secure channel between the LPA and the eUICC, disable the secure channel if the eUICC detects that establishment duration of the secure channel is greater than or equal to a preset threshold.

[0050] With reference to the fourth possible implementation of the fourth aspect of the embodiments of the present invention, in a fifth possible implementation of the fourth aspect of the embodiments of the present invention, the channel establishment unit is further configured to: before the receiving unit receives the profile that is encrypted according to the key negotiation response and that is forwarded by the LPA and if the eUICC detects that the secure channel is disabled, re-establish the secure channel.

[0051] With reference to the second, the third, or the fifth possible implementation of the fourth aspect of the embodiments of the present invention, in a sixth possible implementation of the fourth aspect of the embodiments of the present invention, the channel establishment unit is specifically configured to:

receive a broadcast service search request, establish a local connection between the eUICC and the UE1 or between the eUICC and the LPA, and establish the secure channel between the LPA and the eUICC based on the local connection; or

broadcast a service search request, establish a local connection between the eUICC and the UE1 or between the eUICC and the LPA, and establish the secure channel between the LPA and the eUICC based on the local connection; or

broadcast a service search request carrying an eUICC service indicator, establish a local connection between the eUICC and the UE1 or between the eUICC and the LPA, and establish the secure channel between the LPA and the eUICC based on the local connection, where the service indicator is used to complete device discovery between the LPA and the eUICC.



[0052] With reference to any one of the fourth aspect of the embodiments of the present invention, or the first to the sixth possible implementations of the fourth aspect of the embodiments of the present invention, in a seventh possible implementation of the fourth aspect of the embodiments of the present invention, the information about the eUICC includes at least one of the following: a device identity of the UE2 UE2-ID, capability information of the UE2, a card identity of the eUICC EID, or an eUICC information set EIS of the eUICC.

[0053] With reference to the seventh possible implementation of the fourth aspect of the embodiments of the present invention, in an eighth possible implementation of the fourth aspect of the embodiments of the present invention, the profile matches the capability information of the UE2.

[0054] It can be learned from above that in the embodiments of the present invention, an eUICC of UE2 first receives a key negotiation request forwarded by a local profile assistant LPA of a first terminal UE1, the eUICC then sends a key negotiation response to the LPA, and finally, the eUICC receives a profile that is encrypted according to the key negotiation response and that is forwarded by the LPA. The LPA is disposed in the first terminal UE1. Therefore, the eUICC of the UE2 can implement key negotiation between a profile server and the eUICC and download of the profile of the eUICC by using the LPA of the UE1. This is conducive to profile processing efficiency enhancement of the eUICC and user experience improvement.

[0055] A fifth aspect of the embodiments of the present invention provides a user terminal UE, including a local profile assistant LPA, where the UE includes:
a processor and a memory, where the LPA uses the processor to execute the following steps:

generating a profile profile request according to information about an embedded universal integrated circuit card eUICC of a second terminal UE2;

sending the profile request;

receiving a profile request response, where the profile request response includes at least a profile of the eUICC; and

forwarding the profile to the eUICC.



[0056] In a first possible implementation of the embodiments of the present invention fifth aspect, when the LPA uses the processor to send the profile request, the processor is specifically configured to send the profile request to a profile server.

[0057] With reference to the first possible implementation of the fifth aspect of the embodiments of the present invention, in a second possible implementation of the fifth aspect of the embodiments of the present invention, after sending the profile request and before receiving the profile request response, the processor is configured to:

receive a key negotiation request sent by the profile server;

forward the key negotiation request to the eUICC if determining, according to information carried in the key negotiation request, that a target receiver of the key negotiation request is the eUICC; and

receive a key negotiation response sent by the eUICC, and forward the key negotiation response to the profile server.



[0058] With reference to the fifth aspect of the embodiments of the present invention or the first or the second possible implementation of the fifth aspect, in a third possible implementation of the fifth aspect of the embodiments of the present invention, before generating the profile request according to the information about the eUICC of the UE2, the processor is configured to:

obtain the information about the eUICC; or

obtain the information about the eUICC, and

display the obtained information about the eUICC and operator information.



[0059] With reference to the third possible implementation of the fifth aspect of the embodiments of the present invention, in a fourth possible implementation of the fifth aspect of the embodiments of the present invention, before obtaining the information about the eUICC, the processor is configured to:
establish a secure channel between the LPA and the eUICC, where the secure channel is used to obtain the information about the eUICC.

[0060] With reference to the third possible implementation of the fifth aspect of the embodiments of the present invention, in a fifth possible implementation of the fifth aspect of the embodiments of the present invention, before receiving the profile request response, the processor is configured to:
establish a secure channel between the LPA and the eUICC, where the secure channel is used to transmit the profile.

[0061] With reference to the fourth or the fifth possible implementation of the fifth aspect of the embodiments of the present invention, in a sixth possible implementation of the fifth aspect of the embodiments of the present invention, the processor is configured to: when detecting that the secure channel is disabled, re-establish a secure channel between the LPA and the eUICC.

[0062] With reference to the fourth or the sixth possible implementation of the fifth aspect of the embodiments of the present invention, in a seventh possible implementation of the fifth aspect of the embodiments of the present invention, when establishing the secure channel between the LPA and the eUICC, the processor is specifically configured to:

broadcast a service search request, establish a local connection between the LPA and the UE2 or between the LPA and the eUICC, and establish the secure channel between the LPA and the eUICC based on the local connection; or

receive a broadcast service search request, establish a local connection between the LPA and the UE2 or between the LPA and the eUICC, and establish the secure channel between the LPA and the eUICC based on the local connection; or

receive a broadcast service search request carrying an eUICC service indicator, complete device discovery between the LPA and the eUICC according to the service indicator, establish a local connection between the LPA and the UE2 or between the LPA and the eUICC, and establish the secure channel between the LPA and the eUICC based on the local connection.



[0063] With reference to the fifth aspect of the embodiments of the present invention or the first or the seventh possible implementation of the fifth aspect of the embodiments of the present invention, in an eighth possible implementation of the fifth aspect of the embodiments of the present invention, the processor is configured to obtain the information about the eUICC, where the information about the eUICC includes at least one of the following: a device identity of the UE2 UE2-ID, capability information of the UE2, a card identity of the eUICC EID, or an eUICC information set EIS of the eUICC.

[0064] With reference to any one of the fifth aspect of the embodiments of the present invention, or the first to the eighth possible implementations of the fifth aspect of the embodiments of the present invention, in a ninth possible implementation of the fifth aspect of the embodiments of the present invention, the processor is configured to send the profile request, where the profile request includes at least one of the following: a device identity of the UE1 UE1-ID, the device identity of the UE2 UE2-ID, the capability information of the UE2, the card identity of the eUICC EID, or the eUICC information set EIS of the eUICC.

[0065] With reference to the ninth possible implementation of the fifth aspect of the embodiments of the present invention, in a tenth possible implementation of the fifth aspect of the embodiments of the present invention, the profile matches the capability information of the UE2.

[0066] With reference to any one of the fifth aspect of the embodiments of the present invention, or the first to the tenth possible implementations of the fifth aspect of the embodiments of the present invention, in an eleventh possible implementation of the fifth aspect of the embodiments of the present invention, the forwarding the profile to the eUICC includes:

extracting the profile from the received profile request response, and forwarding the extracted profile to the eUICC; or

forwarding, to the eUICC, the profile request response carrying the profile.



[0067] With reference to any one of the fifth aspect of the embodiments of the present invention, or the first to the eleventh possible implementations of the fifth aspect of the embodiments of the present invention, in a twelfth possible implementation of the fifth aspect of the embodiments of the present invention,
after forwarding the profile to the eUICC, the processor
sends, to the eUICC, a profile activation request used to activate the profile;
sends, to the eUICC, a profile disabling request used to disable the profile; or
sends, to the eUICC, a profile delete request used to delete the profile.

[0068] With reference to any one of the fifth aspect of the embodiments of the present invention, or the first to the twelfth possible implementations of the fifth aspect of the embodiments of the present invention, in a thirteenth possible implementation of the fifth aspect of the embodiments of the present invention, the generating a profile request according to information about an eUICC of UE2 includes:
generating the profile request according to the information about the eUICC if an operator network selection instruction is detected, where an operator network provides a network service to the eUICC.

[0069] It can be learned from above that in the embodiments of the present invention, an LPA first generates a profile request according to information about an eUICC of a second terminal UE2, and sends the profile request. Then, the LPA receives a profile request response, and the profile request response includes at least a profile of the eUICC. Finally, the LPA forwards the profile to the eUICC. The LPA belongs to a first terminal UE1, and the eUICC is disposed in the UE2. Therefore, it can be learned that the LPA can conveniently and quickly manage the eUICC of the UE2, and directly download the profile for the eUICC of the UE2. This is conducive to profile processing efficiency enhancement of the eUICC and user experience improvement.

[0070] A sixth aspect of the embodiments of the present invention provides an embedded universal integrated circuit card eUICC, disposed in a second terminal UE2, where the eUICC includes:
a processor and a memory, where the processor invokes code or an instruction in the memory to execute the following steps:

receiving a key negotiation request forwarded by a local profile assistant LPA of a first terminal UE1;

sending a key negotiation response to the LPA; and

receiving a profile that is encrypted according to the key negotiation response and that is forwarded by the LPA.



[0071] In a first possible implementation of the sixth aspect of the embodiments of the present invention, before receiving the key negotiation request forwarded by the LPA, the processor sends information about the eUICC to the LPA.

[0072] With reference to the first possible implementation of the sixth aspect of the embodiments of the present invention, in a second possible implementation of the sixth aspect of the embodiments of the present invention, before sending the information about the eUICC to the LPA, the processor establishes a secure channel between the LPA and the eUICC, where the secure channel is used to send the information about the eUICC.

[0073] With reference to the sixth aspect of the embodiments of the present invention or the first possible implementation of the sixth aspect of the embodiments of the present invention, in a third possible implementation of the sixth aspect of the embodiments of the present invention, before receiving the profile that is encrypted according to the key negotiation response and that is forwarded by the LPA, the processor establishes a secure channel between the LPA and the eUICC, where the secure channel is used to forward the profile.

[0074] With reference to the first or the second possible implementation of the sixth aspect of the embodiments of the present invention, in a fourth possible implementation of the sixth aspect of the embodiments of the present invention, after establishing the secure channel between the LPA and the eUICC, the processor
disables the secure channel if detecting that establishment duration of the secure channel is greater than or equal to a preset threshold.

[0075] With reference to the fourth possible implementation of the sixth aspect of the embodiments of the present invention, in a fifth possible implementation of the sixth aspect of the embodiments of the present invention, before receiving the profile that is encrypted according to the key negotiation response and that is forwarded by the LPA and if detecting that the secure channel is disabled, the processor
re-establishes the secure channel.

[0076] With reference to any one of the third to the fifth possible implementations of the sixth aspect of the embodiments of the present invention, in a sixth possible implementation of the sixth aspect of the embodiments of the present invention, the establishing the secure channel includes:

receiving a broadcast service search request, establishing a local connection between the eUICC and the UE1 or between the eUICC and the LPA, and establishing the secure channel between the LPA and the eUICC based on the local connection; or

broadcasting a service search request, establishing a local connection between the eUICC and the UE1 or between the eUICC and the LPA, and establishing the secure channel between the LPA and the eUICC based on the local connection; or

broadcasting a service search request carrying an eUICC service indicator, establishing a local connection between the eUICC and the UE1 or between the eUICC and the LPA, and establishing the secure channel between the LPA and the eUICC based on the local connection, where the service indicator is used to complete device discovery between the LPA and the eUICC.



[0077] With reference to any one of the sixth aspect of the embodiments of the present invention, or the first to the sixth possible implementations of the sixth aspect of the embodiments of the present invention, in a seventh possible implementation of the sixth aspect of the embodiments of the present invention, the information about the eUICC includes at least one of the following: a device identity of the UE2 UE2-ID, capability information of the UE2, a card identity of the eUICC EID, or an eUICC information set EIS of the eUICC.

[0078] With reference to the seventh possible implementation of the sixth aspect of the embodiments of the present invention, in an eighth possible implementation of the sixth aspect of the embodiments of the present invention, the profile matches the capability information of the UE2.

[0079] It can be learned from above that in the embodiments of the present invention, an eUICC of UE2 first receives a key negotiation request forwarded by an LPA of a second terminal UE2, the eUICC then sends a key negotiation response to the LPA, and finally, the eUICC receives a profile forwarded by the LPA. The LPA is disposed in a first terminal UE1. Therefore, the eUICC of the UE2 can implement key negotiation between a profile server and the eUICC and download of the profile of the eUICC by using the LPA of the UE1. This is conducive to profile processing efficiency enhancement of the eUICC and user experience improvement.

[0080] A seventh aspect of the embodiments of the present invention provides a profile processing system, including the user terminal according to any one of claims 45 to 57 and the eUICC according to any one of claims 36 to 44 or claims 58 to 66.

[0081] In the embodiments of the present invention, an LPA first generates a profile request according to information about an eUICC of a second terminal UE2, and sends the profile request to a profile server. Then, the LPA receives a profile request response sent by the profile server, and the profile request response includes a profile profile, encrypted by the profile server, of the eUICC. Finally, the LPA forwards the profile to the eUICC. The LPA belongs to a first terminal UE1, and the eUICC is disposed in the UE2. Therefore, it can be learned that by establishing a local connection between the LPA of the UE1 and the eUICC of the UE2, the LPA can conveniently and quickly manage the eUICC of the UE2, and directly download the profile for the eUICC of the UE2. This is conducive to profile processing efficiency enhancement of the eUICC and user experience improvement.

BRIEF DESCRIPTION OF DRAWINGS



[0082] To describe the technical solutions in the embodiments of the present invention more clearly, the following briefly describes the accompanying drawings required for describing the embodiments and the prior art. Apparently, the accompanying drawings in the following description show merely some embodiments of the present invention, and a person of ordinary skill in the art may still derive other drawings from these accompanying drawings without creative efforts.

FIG. 1 is a schematic diagram of a network architecture of a profile processing system according to an embodiment of the present invention;

FIG. 2 is a schematic flowchart of a profile processing method according to an embodiment of the present invention;

FIG. 3 is a schematic flowchart of a profile processing method according to another embodiment of the present invention;

FIG. 4 is a schematic flowchart of a profile processing method according to still another embodiment of the present invention;

FIG. 5 is a schematic flowchart of a profile processing method according to still another embodiment of the present invention;

FIG. 6 shows a profile processing apparatus according to an embodiment of the present invention;

FIG. 7 shows an eUICC according to an embodiment of the present invention;

FIG. 8 shows a user terminal according to an embodiment of the present invention;

FIG. 9 shows another eUICC according to an embodiment of the present invention; and

FIG. 10 shows a profile processing system according to an embodiment of the present invention.


DESCRIPTION OF EMBODIMENTS



[0083] The following clearly and completely describes the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Apparently, the described embodiments are merely some but not all of the embodiments of the present invention. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present invention without creative efforts shall fall within the protection scope of the present invention.

[0084] The embodiments of the present invention provide a profile processing method, a profile processing apparatus, a user terminal, and an eUICC, to enhance profile processing efficiency of an eUICC and improve user experience.

[0085] For ease of understanding the embodiments of the present invention, a network architecture in the embodiments of the present invention is first described below. Referring to FIG. 1, FIG. 1 is a schematic diagram of a network architecture according to an embodiment of the present invention. As shown in FIG. 1, the network architecture in this embodiment of the present invention may include a profile server, a user terminal UE1, a user terminal UE2, a local profile assistant LPA disposed in the UE1, and at least one eUICC disposed in the UE2. The eUICC may be welded onto the UE2 at delivery of the UE, or may be installed in the UE2 in a pluggable manner. The LPA is configured to: discover subscription manager-secure routing (Subscription Manager-Secure Routing, SM-SR), download and manage a profile profle, and provide a user interface UI interface (such as a management interface of an eUICC) to a user, for the user to manage a profile in the eUICC (such as profile activation, disabling, and deletion). The profile server may include, for example, at least one of an operator network server (Mobile Network Operator MNO), a subscription manager-data preparation (Subscription Manager-Data Preparation, SM-DP) server, a subscription manager-security routing (Subscription Manager-Security Route, SM-SR) server, or a subscription manager-discovery service (Subscription Manager-Discovery Service, SM-DP) server. The profile server may generate a profile profile that is required for the eUICC to access a corresponding operator network server, and send the profile to the eUICC, to facilitate installation of the profile by the eUICC. The profile of the eUICC may be immediately generated when the profile is requested, or may be pre-stored. When a profile is requested, the profile server may allocate a pre-stored profile to the eUICC that performs requesting. The UE1 and the UE2 may include, for example, various types of electronic devices, such as a mobile phone, a tablet computer, a personal digital assistant (Personal Digital Assistant, PDA), a television, an in-vehicle device, a machine-to-machine device (Machine to Machine, M2M), a mobile Internet device (Mobile Internet Device, MID), and a smart wearable device (such as a smartwatch and a smart band). For example, a user may manage eUICCs in two terminals by using the LPA. The two terminals may be multiple terminals of a same user, or two terminals of different users. When the two terminals do not belong to a same user, the LPA in the UE1 needs to obtain management rights of the UE2 to manage the eUICC of the UE2.

[0086] In the network architecture shown in FIG. 1, an LPA first generates a profile request according to information about an eUICC of a second terminal UE2, and sends the profile request to a profile server. Then, the LPA receives a profile request response sent by the profile server, and the profile request response includes a profile profile, encrypted by the profile server, of the eUICC. Finally, the LPA forwards the profile to the eUICC. The LPA belongs to a first terminal UE1, and the eUICC is disposed in the UE2. Therefore, it can be learned that by establishing a local connection between the LPA of the UE1 and the eUICC of the UE2, the LPA can conveniently and quickly manage the eUICC of the UE2, including direct download of the profile for the eUICC of the UE2. This is conducive to profile processing efficiency enhancement of the eUICC and user experience improvement.

[0087] The foregoing describes the network architecture in the embodiments of the present invention. The following further describes a method according to the embodiments of the present invention. Referring to FIG. 2, FIG. 2 is a schematic flowchart of a profile processing method according to an embodiment of the present invention. The method described in FIG. 2 is described from a perspective of an LPA. As shown in FIG. 2, the method may include the following steps.

[0088] S201. A local profile assistant LPA of a first terminal UE1 generates a profile request according to information about an embedded universal integrated circuit card eUICC of a second terminal UE2, and sends the profile request.

[0089] In this embodiment of the present invention, the profile request includes at least one of the following: a device identity of the UE1 UE1-ID, capability information of the UE2, a device identity of the UE2 UE2-ID, an EID of the eUICC (eUICC-ID) of the UE2, or an eUICC information set EIS of the eUICC. The information about the eUICC of the UE2 includes at least one of the following: the capability information of the UE2, the device identity of the UE2 UE2-ID, the EID of the eUICC, or the eUICC information set EIS of the eUICC.

[0090] For example, the LPA sends the profile request to a profile server. The profile server may include at least one of network side devices such as MNO, SM-DS, SM-DP, and SM-DR. Correspondingly, the profile request may be sent by the LPA to the MNO, so that the MNO is triggered to generate a profile for or allocate a profile to the eUICC. Alternatively, the profile request may be sent by the LPA to the SM-DS, to obtain an appropriate SM-DR address from the SM-DS, so that the LPA downloads a profile from the SM-DR and SM-DP corresponding to the SM-DR. The profile request may also be sent by the LPA to the SM-DR, so that the SM-DR searches for appropriate SM-DP to download a profile. The profile request may also be sent to the SM-DP to download a profile, and no limitation is set herein.

[0091] The profile request generated by the LPA may further include at least one of the following information: the device identity of the UE2 UE2-ID, the EID of the eUICC of the UE2, the EIS of the eUICC, or the capability information of the UE2. The profile server can identify, according to the information, that a target file configuration terminal of the profile request is the UE2 instead of the UE1 sending the profile request. In this way, the profile server further generates or allocates, according to the capability information of the UE2, a profile matching the capability information.

[0092] The profile request sent by the LPA to the profile server is to be transferred by using a secure session connection established between the LPA and the profile server, for example, by using a Hypertext Transfer Protocol Secure (Hypertext Transfer Protocol Secure, HTTPS) connection established between the LPA and the profile server.

[0093] A specific implementation of generating, by the LPA, the profile request according to the information about the eUICC of the UE2 may be:
generating, by the LPA, the profile request according to the information about the eUICC if the LPA detects an operator network selection instruction, where an operator network provides a network service to the eUICC.

[0094] For example, a user may select an operator for the eUICC of the UE2 by using an eUICC management interface provided by the LPA (specifically, the eUICC management interface may be displayed on a display screen of the UE1). The eUICC management interface provided by the LPA may further include information such as a list of available operators, a charging list, and to-be-configured information about the eUICC. The LPA may refresh information about the list of available operators that can be selected by the user according to location information of the user.

[0095] S202. The LPA receives a profile request response, where the profile request response includes at least a profile of the eUICC.

[0096] In this embodiment of the present invention, after receiving the profile request, the profile server can identify, according to associated information (such as the device identity, a user identity, an EID, and an EIS) of the UE1 to which the LPA belongs and associated information (such as the device identity, a user identity, the EID, and the EIS) of the UE2 to which the eUICC belongs that are in the profile request, that a target receiver of the profile request is the eUICC of the UE2, and further generate or allocate, according to the capability information of the UE2, EID information of the UE2, or EIS information of the UE2, a profile matching the capability information of the UE2. The profile of the eUICC may be immediately generated when the eUICC requests the profile, or may be pre-stored. When the eUICC requests a profile, a pre-stored profile is allocated to the eUICC that performs requesting.

[0097] For example, the UE1 is a smartphone of a user, the UE2 is a smartwatch of the user, an LPA is disposed in the smartphone, and at least one eUICC is disposed in the smartwatch. The LPA in the smartphone can send, for example, to a Unicom network server, a profile request carrying at least one of the following information: capability information (such as a memory capacity and a CPU clock speed) of the smartwatch, a device identity of the smartwatch, an EID of the eUICC of the smartwatch, an EIS of the eUICC of the smartwatch, or a device identity of the smartphone. After receiving the profile request, the Unicom network server first identifies that a device to which the eUICC belongs is not the smartphone to which the LPA belongs, extracts the capability information of the smartwatch, EID information of the smartwatch, or EIS information of the smartwatch, and generates a profile matching the capability information of the smartwatch (the profile may include a third party application program that can be hosted on the smartwatch).

[0098] Further, for example, the profile server includes at least one of network devices such as MNO, SM-DS, SM-DP, and SM-DR. The profile request may be directly sent to the MNO, and the MNO sends, according to the profile request, a profile request response to corresponding SM-DP, so as to generate a matching profile for or allocate a matching profile to the eUICC. The SM-DP sends the profile request response to corresponding SM-SR, and the SM-SR further sends the profile request response to the LPA of the UE1. The profile request response includes: a create message of an issuer security domain-profile ISD-P (Issuer Security Domain-Profile), a profile download message, or a profile data send message. For example, the MNO sends a profile download message to the SM-DP; the SM-DP sends one ISD-P create message to the SM-SR; and after the LPA forwards the ISD-P create message to the eUICC, the SM-DP sends a profile data send message to the SM-SR, and the LPA forwards the profile data send message to the eUICC. These cases are all within the protection scope. The profile request response includes at least the profile of the eUICC.

[0099] S203. The LPA forwards the profile to the eUICC.

[0100] In this embodiment of the present invention, a specific implementation of forwarding, by the LPA, the profile to the eUICC includes:

extracting, by the LPA, the profile from the received profile request response, and forwarding the extracted profile to the eUICC; or

forwarding, by the LPA to the eUICC, the profile request response carrying the profile.



[0101] After receiving the profile request response, the LPA learns, by means of parsing, that the target receiver of the profile is the eUICC of the UE2. For example, the LPA may determine, according to an EID carried in the profile request response, that the target receiver of the profile is the eUICC of the UE2.

[0102] Further, after forwarding the profile to the eUICC, the LPA may further manage the profile of the eUICC, including: sending, by the LPA to the eUICC, a profile activation request used to activate the profile; sending, by the LPA to the eUICC, a profile disabling request used to disable the profile; sending, by the LPA to the eUICC, a profile delete request used to delete the profile; or sending, by the LPA to the eUICC, a profile migration request used to migrate the profile. The management operation on the eUICC may be implemented by using a user interface provided by the LPA, to trigger operations such as activating a profile, disabling a profile, deleting a profile, and migrating a profile.

[0103] It can be learned that in this embodiment of the present invention, an LPA first generates a profile request according to information about an eUICC of a second terminal UE2, and sends the profile request. Then, the LPA receives a sent profile request response, and the profile request response includes at least a profile of the eUICC. Finally, the LPA forwards the profile to the eUICC. The LPA belongs to a first terminal UE1, and the eUICC is disposed in the UE2. Therefore, a local connection is established between the LPA of the UE1 and the eUICC of the UE2, so that the LPA of the UE1 conveniently and quickly manages the eUICC of the UE2, and the LPA of the UE1 can directly download the profile for the eUICC of the UE2. This is conducive to profile processing efficiency enhancement of the eUICC and user experience improvement.

[0104] Optionally, in this embodiment of the present invention, after the LPA sends the profile request and before the LPA receives the profile request response, the LPA may further execute the following operations to implement key negotiation between the eUICC and the profile server:

receiving, by the LPA, a key negotiation request sent by the profile server;

forwarding, by the LPA, the key negotiation request to the eUICC if the LPA determines, according to information carried in the key negotiation request, that a target receiver of the key negotiation request is the eUICC; and

receiving, by the LPA, a key negotiation response sent by the eUICC, and forwarding the key negotiation response to the profile server.



[0105] The key negotiation request sent by the profile server and received by the LPA may carry the EID of the eUICC of the UE2. In this way, the LPA does not parse the key negotiation request, but forwards the key negotiation request to the eUICC of the UE2 according to the EID, and receives the key negotiation response returned by the eUICC and forwards the key negotiation response to the profile server, so as to implement end-to-end key negotiation between the profile server and the eUICC of the UE2.

[0106] Optionally, before receiving the key negotiation request sent by the profile server, the LPA determines whether there is a secure channel between the LPA and the eUICC, for example, whether a secure channel is established, or whether an established secure channel is disabled. If there is no secure channel or the established secure channel is disabled, the LPA establishes a secure channel between the LPA and the eUICC to ensure communication between the LPA and the eUICC.

[0107] Optionally, in this embodiment of the present invention, before the LPA generates the profile request according to the information about the eUICC of UE2, the LPA may further obtain the information about the eUICC.

[0108] It can be understood that there may be various implementations of obtaining the information about the eUICC by the LPA.

[0109] In an embodiment, the LPA may obtain the information about the eUICC by using a short-range communications technology.

[0110] In another embodiment, the LPA may also obtain the information about the eUICC in a manner such as scanning a two-dimensional barcode, RFID, or using an NFC tag.

[0111] In still another embodiment, the LPA may further display, on the UE1, an eUICC management interface including the obtained information about the eUICC and operator information. The operator information includes at least the operator network selected by a user. In this way, the information about the eUICC of the UE2 can be visually displayed by using the eUICC management interface of the UE1. This is convenient for the user to manage the eUICC of the UE2 (such as downloading a profile, selecting a profile server, activating a profile, disabling a profile, and deleting a profile). As a result, this helps the user to more conveniently and quickly manage the eUICC of the UE2, and improve user experience. Optionally, before any communication between the LPA and the eUICC, the LPA needs to determine whether there is a secure channel between the LPA and the eUICC.

[0112] For example, before the LPA obtains the information about the eUICC, the LPA establishes a secure channel between the LPA and the eUICC. The secure channel is used to obtain the information about the eUICC. Before the LPA receives the profile request response, the LPA may further establish a secure channel between the LPA and the eUICC. The secure channel is used to transmit the profile.

[0113] For example, the LPA may establish a secure channel with the eUICC first, transmit the information about the eUICC over the secure channel, and further transfer the profile over the secure channel.

[0114] Alternatively, the LPA may further obtain the information about the eUICC in a manner of scanning a two-dimensional barcode, then establish a secure channel, and transfer the profile over the secure channel.

[0115] Optionally, if there is no secure channel or the established secure channel is disabled, the LPA re-establishes a secure channel between the LPA and the eUICC, so as to ensure communication between the LPA and the eUICC.

[0116] In specific implementation, specific implementations of establishing, by the LPA, the secure channel may include several implementations:

broadcasting, by the LPA, a service search request, establishing a local connection between the LPA and the UE2 or between the LPA and the eUICC, and establishing the secure channel between the LPA and the eUICC based on the local connection; or

receiving, by the LPA, a broadcast service search request, establishing a local connection between the LPA and the UE2 or between the LPA and the eUICC, and establishing the secure channel between the LPA and the eUICC based on the local connection; or

receiving, by the LPA, a broadcast service search request carrying an eUICC service indicator, completing device discovery between the LPA and the eUICC according to the service indicator, establishing a local connection between the LPA and the UE2 or between the LPA and the eUICC, and establishing the secure channel between the LPA and the eUICC based on the local connection.



[0117] The eUICC service indicator is used to notify the LPA that the service search request is a service search request used to perform eUICC profile management, so that the LPA in a device supporting eUICC profile management establishes a secure channel with the eUICC sending the service search request.

[0118] In addition, the local connection, for example, may be implemented by using a short-range communications technology such as a short-range communications technology, a Bluetooth technology, a near field communication NFC technology, a wireless fidelity Wi-Fi technology, or a wireless local area network WLAN direct connection technology, and no limitation is set herein.

[0119] For example, the UE1 enables an underlying Bluetooth communication module, and sends the broadcast service search request; the UE2 also enables a Bluetooth communication module, and after receiving the service search request, the Bluetooth module of the UE2 responds to the service search request. In this way, a Bluetooth-based local connection is established between the UE1 and the UE2, and a secure channel is established between the LPA of the UE1 and the eUICC of the UE2 based on the local connection. The establishment of the Bluetooth connection may be initiated by the LPA or the Bluetooth module of the UE1, and may be responded by the Bluetooth module of the UE2 or the eUICC, and no limitation is set herein. For the secure channel, after the local connection is established, the eUICC may use the established local connection to proactively initiate the establishment of the secure channel to the LPA, or the LPA may use the established local connection to proactively initiate the establishment of the secure channel to the eUICC.

[0120] For example, the secure channel described above may be a secure channel such as a Bearer Independent Protocol BIP (Bearer Independent Protocol) channel or SCP 01, SCP02, SCP 03, SCP 10, SCP 80, or SCP 81 defined in the Secure Channel Protocol SCP (Secure Channel Protocol). The secure channel may be a secure channel established between the profile server and the eUICC by using the LPA as a relay. The secure channel may be implemented by using a manage channel message manage channel message and an open channel message open channel message.

[0121] Referring to FIG. 3, FIG. 3 is a schematic flowchart of a profile processing method according to another embodiment of the present invention. The profile processing method shown in FIG. 3 is described from a perspective of an LPA. As shown in FIG. 3, the profile processing method according to the another embodiment of the present invention may include:

S301. A local profile assistant LPA of a first terminal UE1 obtains information about an eUICC of a second terminal UE2.



[0122] In this embodiment of the present invention, the information about the eUICC of the UE2 includes at least one of the following: capability information of the UE2, a device identity of the UE2 UE2-ID, an EID of the eUICC of the UE2, or an eUICC information set EIS of the eUICC.

[0123] Optionally, the local profile assistant LPA of the first terminal UE1 obtains the information about the eUICC of the second terminal UE2, and the LPA displays the obtained information about the eUICC and operator information.

[0124] In this embodiment of the present invention, the LPA may obtain the information about the eUICC by using a short-range communications technology, or may obtain the information about the eUICC in a manner such as scanning a two-dimensional barcode.

[0125] The LPA may also obtain the information about the eUICC by establishing a secure channel between the LPA and the eUICC of the UE2.

[0126] A specific implementation of establishing, by the LPA, the secure channel between the LPA and the eUICC of the UE2 is the same as that in the embodiment shown in FIG. 2, and details are not described herein again.

[0127] S302. The LPA generates a profile request according to the information about the eUICC, and sends the profile request to a profile server.

[0128] In this embodiment of the present invention, the profile request includes at least one of the following: a device identity of the UE1 UE1-ID, the capability information of the UE2, the device identity of the UE2 UE2-ID, the EID of the eUICC of the UE2, or the eUICC information set EIS of the eUICC.

[0129] S304. The LPA receives a key negotiation request sent by the profile server, and forwards the key negotiation request to the eUICC, where the key negotiation request sent by the profile server and received by the LPA may carry an EID of the eUICC of the UE2, so that the LPA does not parse the key negotiation request, but forwards the key negotiation request to the eUICC of the UE2 according to the EID, and receives a key negotiation response returned by the eUICC and forwards the key negotiation response to the profile server, so as to implement end-to-end key negotiation between the profile server and the eUICC of the UE2.

[0130] Optionally, before receiving the key negotiation request sent by the profile server, the LPA detects whether a secure channel is established between the LPA and the eUICC, or whether the established secure channel is disabled. If there is no secure channel or the established secure channel is disabled, the LPA establishes the secure channel to transfer the key negotiation request over the secure channel.

[0131] Optionally, the EID of the eUICC may be carried in the key negotiation request and a secure channel establishment request, so that the LPA forwards the request to the eUICC of the UE2 according to EID information.

[0132] S305. The LPA receives the key negotiation response sent by the eUICC, forwards the key negotiation response to the profile server, so that the profile server encrypts the profile.

[0133] S306. The LPA receives a profile request response sent by the profile server, where the profile request response includes at least the profile profile, encrypted by the profile server, of the eUICC.

[0134] S307. The LPA forwards the profile to the eUICC.

[0135] Optionally, the LPA forwards the profile to the eUICC of the UE2 according to EID information carried in a profile request response sent by a mobile network service. Optionally, after forwarding the profile to the eUICC of the UE2, the LPA may update information about the profile of the eUICC to a user interface of the LPA, so that a user can view the information about the profile, and can further implement operations, such as activating, disabling, and deleting the profile, by using the user interface. For example, the user interface of the LPA displays at least one of the following information: an identity of the eUICC, corresponding operator information, package service information, profile status information, and EIS information.

[0136] In this embodiment of the present invention, a specific implementation of forwarding, by the LPA, the profile to the eUICC may be:

extracting, by the LPA, the profile from the received profile request response, and forwarding the profile to the eUICC; or

forwarding, by the LPA to the eUICC, the profile request response carrying the profile.



[0137] Further, after forwarding the profile to the eUICC, the LPA may further manage the profile of the eUICC, including: sending, by the LPA to the eUICC, a profile activation request used to activate the profile; sending, by the LPA to the eUICC, a profile disabling request used to disable the profile; sending, by the LPA to the eUICC, a profile delete request used to delete the profile; or sending, by the LPA to the eUICC, a profile migration request used to migrate the profile. The management operation on the eUICC may be implemented by using a user interface provided by the LPA, to trigger operations such as activating a profile, disabling a profile, deleting a profile, and migrating a profile.

[0138] It can be learned that in this embodiment of the present invention, an LPA first generates a profile request according to information about an eUICC of a second terminal UE2, and sends the profile request to a profile server. Then, the LPA receives a profile request response sent by the profile server, and the profile request response includes a profile profile, encrypted by the profile server, of the eUICC. Finally, the LPA forwards the profile to the eUICC. The LPA belongs to a first terminal UE1, and the eUICC is disposed in the UE2. Therefore, it can be learned that by establishing a local connection between the LPA of the UE1 and the eUICC of the UE2, the LPA can conveniently and quickly manage the eUICC of the UE2, and directly download the profile for the eUICC of the UE2. This is conducive to profile processing efficiency enhancement of the eUICC and user experience improvement.

[0139] In addition, after downloading the profile for the eUICC of the UE2, the LPA can further flexibly manage the profile of the eUICC of the UE2, including convenient and quick management operations such as activating the profile, disabling the profile, and deleting the profile for the eUICC of the UE2. This is conducive to profile processing efficiency enhancement of the eUICC and user experience improvement.

[0140] Optionally, in this embodiment of the present invention, after the LPA receives the profile request response sent by the profile server and before the LPA forwards the profile to the eUICC, the LPA detects whether there is a secure channel, or whether an established secure channel is disabled. If there is no secure channel or the established secure channel is disabled, the LPA establishes the secure channel.

[0141] Referring to FIG. 4, FIG. 4 is a schematic flowchart of a profile processing method according to still another embodiment of the present invention. The method described in FIG. 4 is described from a perspective of an eUICC of UE2. As shown in FIG. 4, the method may include the following steps.

[0142] S401. An embedded universal integrated circuit card eUICC of a second terminal UE2 receives a key negotiation request forwarded by a local profile assistant LPA of a first terminal UE1.

[0143] In this embodiment of the present invention, the forwarding means a process in which a profile server sends the key negotiation request to the LPA and the LPA sends the key negotiation request to the eUICC.

[0144] Specifically, after receiving the profile request sent by the LPA, the profile server obtains a profile of the eUICC, and sends the key negotiation request that is generated based on the profile to the LPA. The profile request is generated by the LPA according to information about the eUICC, and is a request used to request configuration of the eUICC. When determining, according to information carried in the key negotiation request, that a target receiver of the key negotiation request is the eUICC, the LPA of the UE1 forwards the key negotiation request to the eUICC.

[0145] S402. The eUICC sends a key negotiation response to the LPA.

[0146] In this embodiment of the present invention, the eUICC sends the key negotiation response to the LPA, so that the LPA forwards the key negotiation response to the profile server. In this way, after receiving the key negotiation response, the profile server encrypts the profile.

[0147] S403. The eUICC receives a profile that is encrypted according to the key negotiation response and that is forwarded by the LPA.

[0148] It can be learned that in this embodiment of the present invention, an eUICC of UE2 first receives a key negotiation request, the eUICC then sends a key negotiation response to an LPA, and finally, the eUICC receives a profile that is encrypted according to the key negotiation response and that is forwarded by the LPA. The LPA is disposed in a first terminal UE1. Therefore, the eUICC of the UE2 can establish a local connection between the LPA of the UE1 and the eUICC of the UE2, to further implement key negotiation between a profile server and the eUICC and download of the profile of the eUICC together with the LPA of the UE1. This is conducive to profile processing efficiency enhancement of the eUICC and user experience improvement.

[0149] Optionally, in this embodiment of the present invention, before the eUICC of the UE2 receives the key negotiation request forwarded by the LPA of the UE1, the eUICC may send information about the eUICC to the LPA.

[0150] It can be understood that there may be various implementations of sending, by the eUICC, the information about the eUICC to the LPA.

[0151] For example, the eUICC may send the information about the eUICC to the LPA by using a secure channel between the LPA and the eUICC of the UE2.

[0152] For another example, the eUICC may also obtain the information about the eUICC by using a short-range communication technology, RFID, or an NFC tag, or by means of scanning a two-dimensional barcode.

[0153] Optionally, the information about the eUICC includes at least one of the following: capability information of the UE2, a device identity of the UE2 UE2-ID, an EID of the eUICC, or an eUICC information set EIS of the eUICC.

[0154] Optionally, in this embodiment of the present invention, before the eUICC sends the information about the eUICC to the LPA, the eUICC may establish a secure channel between the LPA and the eUICC, where the secure channel is used to send the information about the eUICC.

[0155] Optionally, in this embodiment of the present invention, before the eUICC receives the profile that is encrypted according to the key negotiation response and that is forwarded by the LPA, the eUICC may establish a secure channel between the LPA and the eUICC, where the secure channel is used to forward the profile.

[0156] Further, optionally, in this embodiment of the present invention, after the eUICC establishes the secure channel, if the eUICC detects that establishment duration of the secure channel is greater than or equal to a preset threshold, the eUICC may disable the secure channel.

[0157] Further, optionally, in this embodiment of the present invention, before the eUICC receives the profile in a profile request response sent by the profile server and forwarded by the LPA, the eUICC detects whether the secure channel is established, or whether an established secure channel is disabled. If there is no secure channel or the established secure channel is disabled, the eUICC re-establishes the secure channel.

[0158] Optionally, in this embodiment of the present invention, a specific implementation of establishing, by the eUICC, the secure channel between the LPA and the eUICC may be:

receiving, by the eUICC, a broadcast service search request, establishing a local connection between the eUICC and the UE1 or between the eUICC and the LPA, and establishing the secure channel between the LPA and the eUICC based on the local connection; or

broadcasting, by the eUICC, a service search request, establishing a local connection between the eUICC and the UE1 or between the eUICC and the LPA, and establishing the secure channel between the LPA and the eUICC based on the local connection; or

broadcasting, by the eUICC, a service search request carrying an eUICC service indicator, establishing a local connection between the eUICC and the UE1 or between the eUICC and the LPA, and establishing the secure channel between the LPA and the eUICC based on the local connection, where the service indicator is used to complete device discovery between the LPA and the eUICC.



[0159] The eUICC service indicator is used to indicate, to the LPA, that the service search request is a service search request used to perform eUICC profile management, so that the LPA in a device supporting eUICC profile management establishes a secure channel with the eUICC sending the service search request.

[0160] In this embodiment of the present invention, the eUICC may establish the secure channel by using a local connection, for example, by using a short-range communications technology such as a short-range communications technology, a Bluetooth technology, a near field communication NFC technology, a wireless fidelity Wi-Fi technology, or a wireless local area network WLAN direct connection technology, and no limitation is set herein. For example, the UE2 enables an underlying Bluetooth communication module, and sends the broadcast service search request; the UE1 also enables a Bluetooth communication module, and after receiving the service search request, the Bluetooth module of the UE1 responds to the service search request. In this way, a Bluetooth-based local connection is established between the UE2 and the UE1, and a secure channel is established between the LPA of the UE1 and the eUICC of the UE2 based on the local connection. The establishment of the Bluetooth connection may be initiated by the eUICC or the Bluetooth module of the UE2, and may be responded by the Bluetooth module of the UE1 or the LPA, and no limitation is set herein. For the secure channel, after the local connection is established, the eUICC may use the established local connection to proactively initiate the establishment of the secure channel to the LPA, or the LPA may use the established local connection to proactively initiate the establishment of the secure channel to the eUICC.

[0161] To more clearly describe the embodiments of the present invention, a profile processing method according to an embodiment of the present invention is described with reference to the network architecture shown in FIG. 1. Referring to FIG. 5, FIG. 5 is a schematic flowchart of yet another profile processing method according to an embodiment of the present invention. The method described in FIG. 5 is described from perspectives of an LPA, an eUICC, and a profile server. As shown in FIG. 5, the method may include the following steps.

[0162] S501. An LPA of a first terminal UE1 obtains information about an eUICC of a second terminal UE2.

[0163] Optionally, the LPA may obtain the information about the eUICC by using a secure channel between the LPA and the eUICC; or the eUICC may obtain the information about the eUICC by using a short-range communication technology, RFID, or an NFC tag, or by means of scanning a two-dimensional barcode.

[0164] Optionally, before the LPA obtains the information about the eUICC by using a secure channel between the LPA and the eUICC, the LPA may further establish the secure channel between the LPA and the eUICC of the UE2. The LPA belongs to the first terminal UE1. Establishment of the secure channel may be initiated by the LPA or by the eUICC.

[0165] In this embodiment of the present invention, the secure channel may be established by using a local connection, for example, by using a short-range communications technology such as a short-range communications technology, a Bluetooth technology, a near field communication NFC technology, a wireless fidelity Wi-Fi technology, or a wireless local area network WLAN direct connection technology, and no limitation is set herein. For example, the UE1 enables an underlying Bluetooth communication module, and sends a broadcast service search request; the UE2 also enables a Bluetooth communication module, and after receiving the service search request, the Bluetooth module of the UE2 responds to the service search request. In this way, a Bluetooth-based local connection is established between the UE1 and the UE2, and a secure channel is established between the LPA of the UE1 and the eUICC of the UE2 based on the local connection. The establishment of the Bluetooth connection may be initiated by the LPA or the Bluetooth module of the UE1, and may be responded by the Bluetooth module of the UE2 or the eUICC, and no limitation is set herein. The establishment of the Bluetooth connection may be initiated by the eUICC or the Bluetooth module of the UE2, and may be responded by the Bluetooth module of the UE1 or the LPA, and no limitation is set herein. For the secure channel, after the local connection is established, the eUICC may use the established local connection to proactively initiate the establishment of the secure channel to the LPA, or the LPA may use the established local connection to proactively initiate the establishment of the secure channel to the eUICC.

[0166] The information about the eUICC of the UE2 includes at least one of the following: capability information of the UE2, a device identity of the UE2 UE2-ID, an EID of the eUICC, or an eUICC information set EIS of the eUICC.

[0167] For example, the LPA generates at least one of the following information: the device identity of the UE2 UE2-ID, the EID of the eUICC of the UE2, the EIS of the eUICC of the UE2, or the capability information of the UE2, and the information is carried in a profile request. The information is used by a profile server to identify that the profile request is used to request to generate a profile for or allocate a profile to the second terminal of a user instead of the terminal UE1 sending the profile request, so that the profile server can generate or allocate a suitable file configuration for or to the UE2 or the eUICC of the UE2.

[0168] S502. The LPA generates a profile request according to the information about the eUICC of the UE2.

[0169] The profile request includes at least one of the following: a device identity of the UE1 UE1-ID, the capability information of the UE2, the device identity of the UE2 UE2-ID, the EID of the eUICC (eUICC-ID) of the UE2, or the eUICC information set EIS of the eUICC.

[0170] A specific implementation of generating, by the LPA, the profile request according to the information about the eUICC of the UE2 may be:

generating, by the LPA, the profile request according to the information about the eUICC of the UE2 when the LPA detects a select operation instruction, where the select operation instruction is made by the user to select an operator network corresponding to the profile serve, and the operator network is a network used to provide a network service to the eUICC and selected by the user. For example, the user may use a user interface provided by the LPA to select one operator for the eUICC of the UE2. The user interface provided by the LPA may further provide information such as a list of available operators, a charging list, and to-be-configured information about the eUICC. The LPA may refresh information about the list of available operators that can be selected by the user according to location information of the user. Alternatively, a corresponding profile server may be directly selected according to EID or EIS information of the eUICC. For example, initial MNO, SM-DP, SM-SR, or SM-DS information has been preset in the EID and the EIS of the eUICC.



[0171] S503. The LPA sends the profile request to a profile server.

[0172] For example, the profile server may include at least one of network devices such as MNO, SM-DS, SM-DP, and SM-DR. Therefore, the profile request may be directly sent to the MNO, so that the MNO is triggered to generate a profile for or allocate a profile to the eUICC. Alternatively, the profile request may be sent to the SM-DS, to obtain an appropriate SM-DR address from the SM-DS, so that the LPA downloads a profile from the SM-DR and SM-DP corresponding to the SM-DR. The profile request may also be sent to the SM-DR, so that the SM-DR searches for appropriate SM-DP to download a profile. The profile request may also be sent to the SM-DP to download a profile, and no limitation is set herein.

[0173] The profile request sent by the LPA to the profile server is to be transferred by using a secure session connection established between the LPA and the profile server, for example, by using a Hypertext Transfer Protocol Secure (Hypertext Transfer Protocol Secure, HTTPS) connection established between the LPA and the profile server.

[0174] S504. The profile server obtains a profile.

[0175] After receiving the profile request, the profile server can identify, according to associated information (such as the device identity, a user identity, an EID, and an EIS) of the UE1 to which the LPA belongs and associated information (such as the device identity, a user identity, the EID, and the EIS) the UE2 to which the eUICC belongs that are in the profile request, that an object of the profile request is the eUICC of the UE2, and further generate or allocate, according to the capability information of the UE2, EID information of the UE2, or EIS information of the UE2, a profile matching the capability information of the UE2 or a profile matching the eUICC of the UE2. The obtaining a profile includes: immediately generating, by the profile server, the profile when receiving the request of the eUICC for a profile, or allocating, by the profile server when receiving the request of the eUICC for a profile, a pre-stored profile to the eUICC that performs requesting.

[0176] S505. The profile server sends a key negotiation request to the LPA.

[0177] Before the profile server sends the key negotiation request to the LPA, the LPA may detect whether there is a secure channel between the LPA and the eUICC, or whether an established secure channel is disabled. If there is no secure channel or the established secure channel is disabled, the LPA re-establishes the secure channel.

[0178] Optionally, the key negotiation request may carry the EID of the eUICC of the UE2, so that the LPA determines that a target receiver of the key negotiation request is the eUICC.

[0179] For example, for the key negotiation request of the profile server, key negotiation with the eUICC may be completed by SM-DP by using the LPA. The SM-DP may obtain information such as a public key, a private key, or a certificate of the eUICC from SM-SR.

[0180] Optionally, the key negotiation request may also carry a shared key ShS generated by the profile server, and the shared key ShS is sent to the LPA after being encrypted by using a public key in the received information about the eUICC.

[0181] S506. The LPA forwards the key negotiation request to the eUICC.

[0182] Optionally, the LPA forwards the key negotiation request to the eUICC according to the EID of the eUICC of the UE2 carried in the key negotiation request.

[0183] S507. The eUICC receives the key negotiation request, and obtains a key set keyset of a shared key.

[0184] Optionally, the eUICC decrypts and verifies the received shared key ShS encrypted by the profile server. The eUICC may decrypt and calculate the shared key ShS according to an obtained public key of the profile server, and verify the shared key, to obtain a keyset. The eUICC sends a key negotiation response to the LPA. The key negotiation response may carry the private key of the eUICC. The LPA returns the key negotiation response to the profile server, so that the profile server and the eUICC generate a keyset.

[0185] S508. The LPA forwards a key negotiation response to the profile server.

[0186] S509. The profile server receives the key negotiation response, obtains the key set keyset including the shared key, and encrypts the profile.

[0187] Optionally, the profile server calculates the shared key ShS, obtains the keyset, and uses a negotiated keyset to encrypt the profile.

[0188] S510. The profile server sends a profile request response to the LPA, where the profile request response includes at least the encrypted profile.

[0189] Further, for example, the profile server may include at least one of network devices such as MNO, SM-DS, SM-DP, and SM-DR. The profile request may be directly sent to the MNO, and the MNO sends, according to the profile request, a profile transmit message to corresponding SM-DP, so as to generate a matching profile for or allocate a matching profile to the eUICC. The SM-DP sends the profile transmit message to corresponding SM-SR, and the SM-SR further sends the profile transmit message to the LPA of the UE1. The LPA forwards the profile transmit message to the eUICC of the UE2 according to information such as the EID and the UE2 ID related to the eUICC in the profile transmit message. The profile transmit message may be a create message of an issuer security domain-profile ISD-P (Issuer Security Domain-Profile), a profile download message, or a profile data send message. For example, the MNO sends a profile download message to the SM-DP; the SM-DP sends one ISD-P create message to the SM-SR; and after the LPA forwards the ISD-P create message to the eUICC, the SM-DP sends a profile data send message to the SM-SR, and the LPA forwards the profile data send message to the eUICC. These cases are all within the protection scope.

[0190] S511. The LPA forwards the profile to the eUICC.

[0191] It can be learned that in the profile processing method described in FIG. 5, an LPA first generates a profile request according to information about an eUICC of a second terminal UE2, and sends the profile request to a profile server. Then, the LPA receives a profile request response sent by the profile server, and the profile request response includes a profile profile, encrypted by the profile server, of the eUICC. Finally, the LPA forwards the profile to the eUICC. The LPA belongs to a first terminal UE1, and the eUICC is disposed in the UE2. Therefore, it can be learned that by establishing a local connection between the LPA of the UE1 and the eUICC of the UE2, the LPA can conveniently and quickly manage the eUICC of the UE2, and directly download the profile for the eUICC of the UE2. This is conducive to profile processing efficiency enhancement of the eUICC and user experience improvement.

[0192] Referring to FIG. 6, an embodiment of the present invention further provides a local profile processing apparatus. The profile processing apparatus may include a generation unit 610, a sending unit 620, and a receiving unit 630.

[0193] The generation unit 610 is configured to generate a profile request according to information about an embedded universal integrated circuit card eUICC of a second terminal UE2.

[0194] The information about the eUICC includes at least one of the following: a device identity of the UE2 UE2-ID, capability information of the UE2, a card identity of the eUICC EID, or an eUICC information set EIS of the eUICC.

[0195] The sending unit 620 is configured to send the profile request generated by the generation unit 610.

[0196] In this embodiment of the present invention, a specific manner of sending, by the sending unit 620, the profile request generated by the generation unit 610 is: sending the profile request generated by the generation unit 610 to a profile server.

[0197] The profile request includes at least one of the following: a device identity of the UE1 UE1-ID, the device identity of the UE2 UE2-ID, the capability information of the UE2, the card identity of the eUICC EID, or the eUICC information set EIS of the eUICC.

[0198] The profile matches the capability information of the UE2.

[0199] The receiving unit 630 is configured to receive a profile request response, where the profile request response includes at least a profile of the eUICC.

[0200] Optionally, in this embodiment of the present invention, the receiving unit 630 is further configured to: after the sending unit 620 sends the profile request and before the receiving unit 630 receives the profile request response, receive a key negotiation request sent by the profile server.

[0201] The sending unit 620 is further configured to forward the key negotiation request to the eUICC when the profile processing apparatus determines, according to information carried in the key negotiation request, that a target receiver of the key negotiation request is the eUICC.

[0202] The receiving unit 630 is further configured to receive a key negotiation response sent by the eUICC.

[0203] The sending unit 620 is further configured to forward the key negotiation response to the profile server.

[0204] Optionally, in this embodiment of the present invention, the profile processing apparatus further includes:

an obtaining unit, configured to obtain the information about the eUICC; or

an obtaining unit, configured to obtain the information about the eUICC, and

a display unit, configured to display the obtained information about the eUICC and operator information.



[0205] Optionally, in this embodiment of the present invention, the profile processing apparatus further includes:
a channel establishment unit, configured to establish a secure channel between the profile processing apparatus and the eUICC before the obtaining unit obtains the information about the eUICC, where the secure channel is used to obtain the information about the eUICC.

[0206] Optionally, in this embodiment of the present invention, the channel establishment unit is further configured to establish a secure channel between the profile processing apparatus and the eUICC before the receiving unit 630 receives the profile request response, where the secure channel is used to transmit the profile.

[0207] Optionally, in this embodiment of the present invention, the channel establishment unit is further configured to: if the profile processing apparatus detects that the secure channel is disabled, re-establish a secure channel between the profile processing apparatus and the eUICC.

[0208] Optionally, in this embodiment of the present invention, the channel establishment unit is specifically configured to:

broadcast a service search request, establish a local connection between the LPA and the UE2 or between the LPA and the eUICC, and establish the secure channel between the profile processing apparatus and the eUICC based on the local connection; or

receive a broadcast service search request, establish a local connection between the LPA and the UE2 or between the LPA and the eUICC, and establish the secure channel between the profile processing apparatus and the eUICC based on the local connection; or

receive a broadcast service search request carrying an eUICC service indicator, complete device discovery between the profile processing apparatus and the eUICC according to the service indicator, establish a local connection between the LPA and the UE2 or between the LPA and the eUICC, and establish the secure channel between the profile processing apparatus and the eUICC based on the local connection.



[0209] Optionally, in this embodiment of the present invention, a specific manner of forwarding, by the sending unit 620, the profile to the eUICC includes:

extracting the profile from the received profile request response, and forwarding the extracted profile to the eUICC; or

forwarding, to the eUICC, the profile request response carrying the profile.



[0210] Optionally, in this embodiment of the present invention, after forwarding the profile to the eUICC, the sending unit 620 is further configured to:

send, to the eUICC, a profile activation request used to activate the profile;

send, to the eUICC, a profile disabling request used to disable the profile; or

send, to the eUICC, a profile delete request used to delete the profile.



[0211] Optionally, in this embodiment of the present invention, the generation unit 610 is specifically configured to:
generate the profile request according to the information about the eUICC when the profile processing apparatus detects an operator network selection instruction, where an operator network provides a network service to the eUICC.

[0212] It can be understood that functions of each functional module of the profile processing apparatus in this embodiment may be specifically implemented according to the method in the method embodiments. For a specific implementation process, refer to the related descriptions in the method embodiments. Details are not described again herein. Some or all functional modules of the profile processing apparatus may be implemented by a hardware circuit, or by using a processor (such as a digital signal processor) by executing code or an instruction.

[0213] It can be learned from above that in this embodiment of the present invention, a profile processing apparatus of a first terminal UE1 first generates a profile request according to information about an eUICC of a second terminal UE2, and sends the profile request. Then, an LPA receives a profile request response, and the profile request response includes a profile profile, encrypted by a profile server, of the eUICC. Finally, the LPA forwards the profile to the eUICC. The LPA belongs to the first terminal UE1, and the eUICC is disposed in the UE2. Therefore, it can be learned that by establishing a local connection between the LPA of the UE1 and the eUICC of the UE2, the LPA can conveniently and quickly manage the eUICC of the UE2, and directly download the profile for the eUICC of the UE2. This is conducive to profile processing efficiency enhancement of the eUICC and user experience improvement.

[0214] Referring to FIG. 7, an embodiment of the present invention further provides an embedded universal integrated circuit card eUICC. The eUICC may include a receiving unit 710 and a sending unit 720.

[0215] The receiving unit 710 is configured to receive a key negotiation request forwarded by a local profile assistant LPA of a first terminal UE1.

[0216] The sending unit 720 is configured to send a key negotiation response to the LPA.

[0217] The receiving unit 710 is further configured to receive a profile that is encrypted according to the key negotiation response and that is forwarded by the LPA.

[0218] Optionally, in this embodiment of the present invention, the sending unit is further configured to send information about the eUICC to the LPA before the receiving unit receives the key negotiation request forwarded by the LPA.

[0219] The information about the eUICC includes at least one of the following: a device identity of the UE2 UE2-ID, capability information of the UE2, a card identity of the eUICC EID, or an eUICC information set EIS of the eUICC.

[0220] The profile matches the capability information of the UE2.

[0221] Optionally, in this embodiment of the present invention, the eUICC further includes:
a channel establishment unit, configured to establish a secure channel between the LPA and the eUICC before the sending unit sends the information about the eUICC to the LPA, where the secure channel is used to send the information about the eUICC.

[0222] Optionally, in this embodiment of the present invention, the channel establishment unit is further configured to establish a secure channel between the LPA and the eUICC before the receiving unit receives the profile that is encrypted according to the key negotiation response and that is forwarded by the LPA, where the secure channel is used to forward the profile.

[0223] Optionally, in this embodiment of the present invention, the eUICC further includes:
a channel disabling unit, configured to: after the channel establishment unit establishes the secure channel between the LPA and the eUICC, disable the secure channel if the eUICC detects that establishment duration of the secure channel is greater than or equal to a preset threshold.

[0224] Optionally, in this embodiment of the present invention, the channel establishment unit is further configured to: before the receiving unit receives the profile that is encrypted according to the key negotiation response and that is forwarded by the LPA and if the eUICC detects that the secure channel is disabled, re-establish the secure channel.

[0225] Optionally, in this embodiment of the present invention, the channel establishment unit is specifically configured to:

receive a broadcast service search request, establish a local connection between the eUICC and the UE1 or between the eUICC and the LPA, and establish the secure channel between the LPA and the eUICC based on the local connection; or

broadcast a service search request, establish a local connection between the eUICC and the UE1 or between the eUICC and the LPA, and establish the secure channel between the LPA and the eUICC based on the local connection; or

broadcast a service search request carrying an eUICC service indicator, establish a local connection between the eUICC and the UE1 or between the eUICC and the LPA, and establish the secure channel between the LPA and the eUICC based on the local connection, where the service indicator is used to complete device discovery between the LPA and the eUICC.



[0226] It can be understood that functions of each functional module of the eUICC in this embodiment may be specifically implemented according to the method in the method embodiments. For a specific implementation process, refer to the related descriptions in the method embodiments. Details are not described again herein. Some or all functional modules of the eUICC may be implemented by a hardware circuit, or by using a processor (such as a digital signal processor) by executing code or an instruction.

[0227] It can be learned from above that in this embodiment of the present invention, an eUICC of UE2 first receives a key negotiation request forwarded by a local profile assistant LPA of a first terminal UE1, the eUICC then sends a key negotiation response to the LPA, and finally, the eUICC receives a profile that is encrypted according to the key negotiation response and that is forwarded by the LPA. The LPA is disposed in the first terminal UE1. Therefore, the eUICC of the UE2 can implement key negotiation between a profile server and the eUICC and download of the profile of the eUICC by using the LPA of the UE1. This is conducive to profile processing efficiency enhancement of the eUICC and user experience improvement.

[0228] Referring to FIG. 8, an embodiment of the present invention further provides a user terminal UE. The UE includes a local profile assistant LPA and further includes a processor 810 and a memory 820.

[0229] The processor 810 and the memory 820 are coupled by using a bus 830. The LPA uses the processor 810 to execute the following steps:

generating a profile profile request according to information about an embedded universal integrated circuit card eUICC of a second terminal UE2;

sending the profile request, where

in this embodiment of the present invention, a specific manner of sending, by the LPA, the profile request by using the processor 810 is: sending the profile request to a profile server;

receiving a profile request response, where the profile request response includes at least a profile of the eUICC; and

forwarding the profile to the eUICC.



[0230] The profile request includes at least one of the following: a device identity of the UE1 UE1-ID, a device identity of the UE2 UE2-ID, capability information of the UE2, a card identity of the eUICC EID, or an eUICC information set EIS of the eUICC.

[0231] The profile matches the capability information of the UE2.

[0232] Optionally, in this embodiment of the present invention, after sending the profile request and before receiving the profile request response, the LPA uses the processor 810 to
receive a key negotiation request sent by the profile server;
forward the key negotiation request to the eUICC if determining, according to information carried in the key negotiation request, that a target receiver of the key negotiation request is the eUICC; and
receive a key negotiation response sent by the eUICC, and forward the key negotiation response to the profile server.

[0233] Optionally, in this embodiment of the present invention, before generating the profile request according to the information about the eUICC of the UE2, the LPA uses the processor 810 to
obtain the information about the eUICC; or
obtain the information about the eUICC, and
display the obtained information about the eUICC and operator information.

[0234] The information about the eUICC includes at least one of the following: the device identity of the UE2 UE2-ID, the capability information of the UE2, the card identity of the eUICC EID, or the eUICC information set EIS of the eUICC.

[0235] Optionally, in this embodiment of the present invention, before the LPA uses the processor 810 to obtain the information about the eUICC, the LPA uses the processor 810 to establish a secure channel between the LPA and the eUICC, where the secure channel is used to obtain the information about the eUICC.

[0236] Optionally, in this embodiment of the present invention, before the LPA uses the processor 810 to receive the profile request response, the LPA uses the processor 810 to establish a secure channel between the LPA and the eUICC, where the secure channel is used to transmit the profile.

[0237] Optionally, in this embodiment of the present invention, when detecting that the secure channel is disabled, the LPA uses the processor 810 to re-establish a secure channel between the LPA and the eUICC.

[0238] Optionally, in this embodiment of the present invention, the using, by the LPA, the processor 810 to establish a secure channel between the LPA and the eUICC includes:

broadcasting a service search request, establishing a local connection between the LPA and the UE2 or between the LPA and the eUICC, and establishing the secure channel between the LPA and the eUICC based on the local connection; or

receiving a broadcast service search request, establishing a local connection between the LPA and the UE2 or between the LPA and the eUICC, and establishing the secure channel between the LPA and the eUICC based on the local connection; or

receiving a broadcast service search request carrying an eUICC service indicator, completing device discovery between the LPA and the eUICC according to the service indicator, establishing a local connection between the LPA and the UE2 or between the LPA and the eUICC, and establishing the secure channel between the LPA and the eUICC based on the local connection.



[0239] Optionally, in this embodiment of the present invention, the using, by the LPA, the processor 810 to forward the profile to the eUICC includes:

extracting the profile from the received profile request response, and forwarding the extracted profile to the eUICC; or

forwarding, to the eUICC, the profile request response carrying the profile.



[0240] Optionally, in this embodiment of the present invention, after the LPA uses the processor 810 to forward the profile to the eUICC, the processor
sends, to the eUICC, a profile activation request used to activate the profile;
sends, to the eUICC, a profile disabling request used to disable the profile; or
sends, to the eUICC, a profile delete request used to delete the profile.

[0241] Optionally, in this embodiment of the present invention, the using, by the LPA, the processor 810 to generate a profile request according to information about an eUICC of UE2 includes:
generating the profile request according to the information about the eUICC if an operator network selection instruction is detected, where an operator network provides a network service to the eUICC.

[0242] It can be understood that functions of each module of the user terminal in this embodiment may be specifically implemented according to the method in the method embodiments. For a specific implementation process, refer to the related descriptions in the method embodiments. Details are not described again herein.

[0243] It can be learned from above that in this embodiment of the present invention, an LPA first generates a profile request according to information about an eUICC of a second terminal UE2, and sends the profile request. Then, the LPA receives a profile request response, and the profile request response includes at least a profile of the eUICC. Finally, the LPA forwards the profile to the eUICC. The LPA belongs to a first terminal UE1, and the eUICC is disposed in the UE2. Therefore, it can be learned that the LPA can conveniently and quickly manage the eUICC of the UE2, and directly download the profile for the eUICC of the UE2. This is conducive to profile processing efficiency enhancement of the eUICC and user experience improvement.

[0244] Referring to FIG. 9, an embodiment of the present invention further provides another eUICC. The eUICC is disposed in a second terminal UE2 and may include a processor 910 and a memory 920.

[0245] The processor 910 and the memory 920 are coupled by using a bus 930, and the processor 910 may invoke code or an instruction in the memory 920 to execute the following steps:

receiving a key negotiation request forwarded by a local profile assistant LPA of a first terminal UE1;

sending a key negotiation response to the LPA; and

receiving a profile that is encrypted according to the key negotiation response and that is forwarded by the LPA.



[0246] Optionally, in this embodiment of the present invention, before the processor 910 receives the key negotiation request forwarded by the LPA, the processor 910 sends information about the eUICC to the LPA.

[0247] The information about the eUICC includes at least one of the following: a device identity of the UE2 UE2-ID, capability information of the UE2, a card identity of the eUICC EID, or an eUICC information set EIS of the eUICC.

[0248] The profile matches the capability information of the UE2.

[0249] Optionally, in this embodiment of the present invention, before the processor 910 sends the information about the eUICC to the LPA, the processor establishes a secure channel between the LPA and the eUICC, where the secure channel is used to send the information about the eUICC.

[0250] Optionally, in this embodiment of the present invention, before the processor 910 receives the profile that is encrypted according to the key negotiation response and that is forwarded by the LPA, the processor 910 establishes a secure channel between the LPA and the eUICC, where the secure channel is used to forward the profile.

[0251] Optionally, in this embodiment of the present invention, after the processor 910 establishes the secure channel between the LPA and the eUICC,
the processor 910 disables the secure channel if the processor 910 detects that establishment duration of the secure channel is greater than or equal to a preset threshold.

[0252] Optionally, in this embodiment of the present invention, before the processor 910 receives the profile that is encrypted according to the key negotiation response and that is forwarded by the LPA,
if the processor 910 detects that the secure channel is disabled, the processor 910 re-establishes the secure channel.

[0253] Optionally, in this embodiment of the present invention, the establishing, by the processor 910, the secure channel includes:

receiving, by the processor 910, a broadcast service search request, establishing a local connection between the eUICC and the UE1 or between the eUICC and the LPA, and establishing the secure channel between the LPA and the eUICC based on the local connection; or

broadcasting, by the processor 910, a service search request, establishing a local connection between the eUICC and the UE1 or between the eUICC and the LPA, and establishing the secure channel between the LPA and the eUICC based on the local connection; or

broadcasting, by the processor 910, a service search request carrying an eUICC service indicator, establishing a local connection between the eUICC and the UE1 or between the eUICC and the LPA, and establishing the secure channel between the LPA and the eUICC based on the local connection, where the service indicator is used to complete device discovery between the LPA and the eUICC.



[0254] It can be understood that functions of each module of the eUICC in this embodiment may be specifically implemented according to the method in the method embodiments. For a specific implementation process, refer to the related descriptions in the method embodiments. Details are not described again herein.

[0255] It can be learned from above that in this embodiment of the present invention, an eUICC of UE2 first receives a key negotiation request forwarded by an LPA of a second terminal UE2, the eUICC then sends a key negotiation response to the LPA, and finally, the eUICC receives a profile forwarded by the LPA. The LPA is disposed in a first terminal UE1. Therefore, the eUICC of the UE2 can implement key negotiation between a profile server and the eUICC and download of the profile of the eUICC by using the LPA of the UE1. This is conducive to profile processing efficiency enhancement of the eUICC and user experience improvement.

[0256] Referring to FIG. 10, an embodiment of the present invention further provides a profile processing system. The profile processing system may include a profile server 1010, a first terminal UE1 including a profile processing apparatus 1020 or a user terminal UE including a local profile assistant LPA, and a second terminal UE2 including an embedded universal integrated circuit card eUICC 1030. The profile processing apparatus 1020 may be any LPA in the foregoing embodiments. The user terminal UE including an LPA may be any user terminal in the foregoing embodiments. The eUICC may be any eUICC in the foregoing embodiments.

[0257] It should be noted that, to make the description brief, the foregoing method embodiments are expressed as a series of actions. However, a person skilled in the art should appreciate that the present invention is not limited to the described action sequence, because according to the present invention, some steps may be performed in other sequences or performed simultaneously. In addition, a person skilled in the art should also appreciate that all the embodiments described in the specification are example embodiments, and the related actions and modules are not necessarily mandatory to the present invention.

[0258] In the foregoing embodiments, the description of each embodiment has respective focuses. For a part that is not described in detail in an embodiment, reference may be made to related descriptions in other embodiments.

[0259] In the several embodiments provided in the present application, it should be understood that the disclosed apparatus may be implemented in other manners. For example, the described apparatus embodiment is merely an example. For example, the unit division is merely logical function division and may be other division in actual implementation. For example, a plurality of units or components may be combined or integrated into another system, or some features may be ignored or not performed. In addition, the displayed or discussed mutual couplings or direct couplings or communication connections may be implemented through some interfaces. The indirect couplings or communication connections between the apparatuses or units may be implemented in electronic or other forms.

[0260] The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one position, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual requirements to achieve the objectives of the solutions of the embodiments.

[0261] In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each of the units may exist alone physically, or two or more units are integrated into one unit. The integrated unit may be implemented in a form of hardware, or may be implemented in a form of a software functional unit.

[0262] When the integrated unit is implemented in the form of a software functional unit and sold or used as an independent product, the integrated unit may be stored in a computer-readable storage medium. Based on such an understanding, the technical solutions of the present invention essentially, or the part contributing to the prior art, or all or a part of the technical solutions may be implemented in the form of a software product. The software product is stored in a storage medium and includes several instructions for instructing a computer device (which may be a personal computer, a server, a network device, or the like) to perform all or a part of the steps of the methods described in the embodiments of the present invention. The foregoing storage medium includes: any medium that can store program code, such as a USB flash drive, a read-only memory (ROM, Read-Only Memory), a random access memory (RAM, Random Access Memory), a removable hard disk, a magnetic disk, or an optical disc.

[0263] The foregoing embodiments are merely intended for describing the technical solutions of the present invention, but not for limiting the present invention. Although the present invention is described in detail with reference to the foregoing embodiments, a person of ordinary skill in the art should understand that they may still make modifications to the technical solutions described in the foregoing embodiments or make equivalent replacements to some technical features thereof, without departing from the scope of the technical solutions of the embodiments of the present invention.


Claims

1. A profile profile processing method, comprising:

generating, by a local profile assistant LPA of a first terminal UE1, a profile request according to information about an embedded universal integrated circuit card eUICC of a second terminal UE2, and sending the profile request;

receiving, by the LPA, a profile request response, wherein the profile request response comprises at least a profile of the eUICC; and

forwarding, by the LPA, the profile to the eUICC.


 
2. The method according to claim 1, wherein the sending, by an LPA, the profile request comprises:
sending, by the LPA, the profile request to a profile server.
 
3. The method according to claim 2, wherein after the sending, by an LPA, the profile request and before the receiving, by the LPA, a profile request response, the method further comprises:

receiving, by the LPA, a key negotiation request sent by the profile server;

forwarding, by the LPA, the key negotiation request to the eUICC if the LPA determines, according to information carried in the key negotiation request, that a target receiver of the key negotiation request is the eUICC; and

receiving, by the LPA, a key negotiation response sent by the eUICC, and forwarding the key negotiation response to the profile server.


 
4. The method according to any one of claims 1 to 3, wherein before the generating, by an LPA, a profile request according to information about an eUICC of UE2, the method further comprises:

obtaining, by the LPA, the information about the eUICC; or

obtaining, by the LPA, the information about the eUICC, and

displaying, by the LPA, the obtained information about the eUICC and operator information.


 
5. The method according to claim 4, wherein before the obtaining, by the LPA, the information about the eUICC, the method further comprises:
establishing, by the LPA, a secure channel between the LPA and the eUICC, wherein the secure channel is used to obtain the information about the eUICC.
 
6. The method according to any one of claims 1 to 4, wherein before the receiving, by the LPA, a profile request response, the method further comprises:
establishing, by the LPA, a secure channel between the LPA and the eUICC, wherein the secure channel is used to transmit the profile.
 
7. The method according to claim 5 or 6, wherein the method further comprises:
if the LPA detects that the secure channel is disabled, re-establishing, by the LPA, a secure channel between the LPA and the eUICC.
 
8. The method according to any one of claims 5 to 7, wherein the establishing, by the LPA, a secure channel between the LPA and the eUICC comprises:

broadcasting, by the LPA, a service search request, establishing a local connection between the LPA and the UE2 or between the LPA and the eUICC, and establishing the secure channel between the LPA and the eUICC based on the local connection; or

receiving, by the LPA, a broadcast service search request, establishing a local connection between the LPA and the UE2 or between the LPA and the eUICC, and establishing the secure channel between the LPA and the eUICC based on the local connection; or

receiving, by the LPA, a broadcast service search request carrying an eUICC service indicator, completing device discovery between the LPA and the eUICC according to the service indicator, establishing a local connection between the LPA and the UE2 or between the LPA and the eUICC, and establishing the secure channel between the LPA and the eUICC based on the local connection.


 
9. The method according to any one of claims 1 to 8, wherein the information about the eUICC comprises at least one of the following: a device identity of the UE2 UE2-ID, capability information of the UE2, a card identity of the eUICC EID, or an eUICC information set EIS of the eUICC.
 
10. The method according to any one of claims 1 to 9, wherein the profile request comprises at least one of the following: a device identity of the UE1 UE1-ID, the device identity of the UE2 UE2-ID, the capability information of the UE2, the card identity of the eUICC EID, or the eUICC information set EIS of the eUICC.
 
11. The method according to claim 10, wherein
the profile matches the capability information of the UE2.
 
12. The method according to any one of claims 1 to 11, wherein the forwarding, by the LPA, the profile to the eUICC comprises:

extracting, by the LPA, the profile from the received profile request response, and forwarding the extracted profile to the eUICC; or

forwarding, by the LPA to the eUICC, the profile request response carrying the profile.


 
13. The method according to any one of claims 1 to 12, wherein after the forwarding, by the LPA, the profile to the eUICC, the method further comprises:

sending, by the LPA to the eUICC, a profile activation request used to activate the profile;

sending, by the LPA to the eUICC, a profile disabling request used to disable the profile; or

sending, by the LPA to the eUICC, a profile delete request used to delete the profile.


 
14. The method according to any one of claims 1 to 13, wherein the generating, by an LPA, a profile request according to information about an eUICC of UE2 comprises:
generating, by the LPA, the profile request according to the information about the eUICC if the LPA detects an operator network selection instruction, wherein an operator network is used to provide a network service to the eUICC.
 
15. A profile processing profile method, comprising:

receiving, by an embedded universal integrated circuit card eUICC of a second terminal UE2, a key negotiation request forwarded by a local profile assistant LPA of a first terminal UE1;

sending, by the eUICC, a key negotiation response to the LPA; and

receiving, by the eUICC, a profile that is encrypted according to the key negotiation response and that is forwarded by the LPA.


 
16. The profile processing method according to claim 15, wherein before the receiving, by an eUICC, a key negotiation request forwarded by an LPA, the method further comprises:
sending, by the eUICC, information about the eUICC to the LPA.
 
17. The profile processing method according to claim 16, wherein before the sending, by the eUICC, information about the eUICC to the LPA, the method further comprises:
establishing, by the eUICC, a secure channel between the LPA and the eUICC, wherein the secure channel is used to send the information about the eUICC.
 
18. The method according to claim 15 or 16, wherein before the receiving, by the eUICC, a profile that is encrypted according to the key negotiation response and that is forwarded by the LPA, the method further comprises:
establishing, by the eUICC, a secure channel between the LPA and the eUICC, wherein the secure channel is used to forward the profile.
 
19. The method according to claim 17 or 18, wherein after the establishing, by the eUICC, a secure channel between the LPA and the eUICC, the method further comprises:
disabling, by the eUICC, the secure channel if the eUICC detects that establishment duration of the secure channel is greater than or equal to a preset threshold.
 
20. The method according to claim 19, wherein before the receiving, by the eUICC, a profile that is encrypted according to the key negotiation response and that is forwarded by the LPA, the method further comprises:
if the eUICC detects that the secure channel is disabled, re-establishing, by the eUICC, the secure channel.
 
21. The method according to claim 17, 18, or 20, wherein the establishing, by the eUICC, the secure channel comprises:

receiving, by the eUICC, a broadcast service search request, establishing a local connection between the eUICC and the UE1 or between the eUICC and the LPA, and establishing the secure channel between the LPA and the eUICC based on the local connection; or

broadcasting, by the eUICC, a service search request, establishing a local connection between the eUICC and the UE1 or between the eUICC and the LPA, and establishing the secure channel between the LPA and the eUICC based on the local connection; or

broadcasting, by the eUICC, a service search request carrying an eUICC service indicator, establishing a local connection between the eUICC and the UE1 or between the eUICC and the LPA, and establishing the secure channel between the LPA and the eUICC based on the local connection, wherein the service indicator is used to complete device discovery between the LPA and the eUICC.


 
22. The method according to any one of claims 15 to 21, wherein the information about the eUICC comprises at least one of the following: a device identity of the UE2 UE2-ID, capability information of the UE2, a card identity of the eUICC EID, or an eUICC information set EIS of the eUICC.
 
23. The method according to claim 22, wherein
the profile matches the capability information of the UE2.
 
24. A profile profile processing apparatus, disposed in a first terminal UE1, wherein the apparatus comprises:

a generation unit, configured to generate a profile request according to information about an embedded universal integrated circuit card eUICC of a second terminal UE2;

a sending unit, configured to send the profile request generated by the generation unit; and

a receiving unit, configured to receive a profile request response, wherein the profile request response comprises at least a profile of the eUICC, wherein

the sending unit is further configured to forward the profile to the eUICC.


 
25. The apparatus according to claim 24, wherein a specific manner of sending, by the sending unit, the profile request generated by the generation unit comprises:
sending, by the sending unit, the profile request generated by the generation unit to a profile server.
 
26. The apparatus according to claim 25, wherein
the receiving unit is further configured to: after the sending unit sends the profile request and before the receiving unit receives the profile request response, receive a key negotiation request sent by the profile server;
the sending unit is further configured to forward the key negotiation request to the eUICC when it is determined, according to information carried in the key negotiation request, that a target receiver of the key negotiation request is the eUICC;
the receiving unit is further configured to receive a key negotiation response sent by the eUICC; and
the sending unit is further configured to forward the key negotiation response to the profile server.
 
27. The apparatus according to claim 24 or 26, further comprising:

an obtaining unit, configured to obtain the information about the eUICC; or

an obtaining unit, configured to obtain the information about the eUICC, and

a display unit, configured to display the obtained information about the eUICC and operator information.


 
28. The apparatus according to claim 27, further comprising:
a channel establishment unit, configured to establish a secure channel between the profile processing apparatus and the eUICC before the obtaining unit obtains the information about the eUICC, wherein the secure channel is used to obtain the information about the eUICC.
 
29. The apparatus according to any one of claims 24 to 27, wherein
the channel establishment unit is further configured to establish a secure channel between the profile processing apparatus and the eUICC before the receiving unit receives the profile request response, wherein the secure channel is used to transmit the profile.
 
30. The apparatus according to claim 28 or 29, wherein
the channel establishment unit is further configured to: if the profile processing apparatus detects that the secure channel is disabled, re-establish a secure channel between the profile processing apparatus and the eUICC.
 
31. The apparatus according to any one of claims 28 to 30, wherein the channel establishment unit is specifically configured to:

broadcast a service search request, establish a local connection between the LPA and the UE2 or between the LPA and the eUICC, and establish the secure channel between the profile processing apparatus and the eUICC based on the local connection; or

receive a broadcast service search request, establish a local connection between the LPA and the UE2 or between the LPA and the eUICC, and establish the secure channel between the profile processing apparatus and the eUICC based on the local connection; or

receive a broadcast service search request carrying an eUICC service indicator, complete device discovery between the profile processing apparatus and the eUICC according to the service indicator, establish a local connection between the LPA and the UE2 or between the LPA and the eUICC, and establish the secure channel between the profile processing apparatus and the eUICC based on the local connection.


 
32. The apparatus according to any one of claims 24 to 31, wherein the information about the eUICC comprises at least one of the following: a device identity of the UE2 UE2-ID, capability information of the UE2, a card identity of the eUICC EID, or an eUICC information set EIS of the eUICC.
 
33. The apparatus according to any one of claims 24 to 32, wherein the profile request comprises at least one of the following: a device identity of the UE1 UE1-ID, the device identity of the UE2 UE2-ID, the capability information of the UE2, the card identity of the eUICC EID, or the eUICC information set EIS of the eUICC.
 
34. The apparatus according to claim 33, wherein
the profile matches the capability information of the UE2.
 
35. The apparatus according to claims 24 to 34, wherein a specific manner of forwarding, by the sending unit, the profile to the eUICC comprises:

extracting the profile from the received profile request response, and forwarding the extracted profile to the eUICC; or

forwarding, to the eUICC, the profile request response carrying the profile.


 
36. The apparatus according to claims 24 to 35, wherein after forwarding the profile to the eUICC, the sending unit is further configured to:

send, to the eUICC, a profile activation request used to activate the profile;

send, to the eUICC, a profile disabling request used to disable the profile; or

send, to the eUICC, a profile delete request used to delete the profile.


 
37. The apparatus according to any one of claims 24 to 36, wherein the generation unit is specifically configured to:
generate the profile request according to the information about the eUICC when the profile processing apparatus detects an operator network selection instruction, wherein an operator network is used to provide a network service to the eUICC.
 
38. An eUICC, disposed in a second terminal UE2, wherein the eUICC comprises:

a receiving unit, configured to receive a key negotiation request forwarded by a local profile assistant LPA of a first terminal UE1; and

a sending unit, configured to send a key negotiation response to the LPA, wherein

the receiving unit is further configured to receive a profile that is encrypted according to the key negotiation response and that is forwarded by the LPA.


 
39. The eUICC according to claim 38, wherein
the sending unit is further configured to send information about the eUICC to the LPA before the receiving unit receives the key negotiation request forwarded by the LPA.
 
40. The eUICC according to claim 39, further comprising:
a channel establishment unit, configured to establish a secure channel between the LPA and the eUICC before the sending unit sends the information about the eUICC to the LPA, wherein the secure channel is used to send the information about the eUICC.
 
41. The eUICC according to claim 38 or 39, wherein
the channel establishment unit is further configured to establish a secure channel between the LPA and the eUICC before the receiving unit receives the profile that is encrypted according to the key negotiation response and that is forwarded by the LPA, wherein the secure channel is used to forward the profile.
 
42. The eUICC according to claim 40 or 41, wherein the eUICC further comprises:a channel disabling unit, configured to: after the channel establishment unit establishes the secure channel between the LPA and the eUICC, disable the secure channel if the eUICC detects that establishment duration of the secure channel is greater than or equal to a preset threshold.
 
43. The eUICC according to claim 41, wherein
the channel establishment unit is further configured to: before the receiving unit receives the profile that is encrypted according to the key negotiation response and that is forwarded by the LPA and if the eUICC detects that the secure channel is disabled, re-establish the secure channel.
 
44. The eUICC according to claim 40, 41, or 43, wherein the channel establishment unit is specifically configured to:

receive a broadcast service search request, establish a local connection between the eUICC and the UE1 or between the eUICC and the LPA, and establish the secure channel between the LPA and the eUICC based on the local connection; or

broadcast a service search request, establish a local connection between the eUICC and the UE1 or between the eUICC and the LPA, and establish the secure channel between the LPA and the eUICC based on the local connection; or

broadcast a service search request carrying an eUICC service indicator, establish a local connection between the eUICC and the UE1 or between the eUICC and the LPA, and establish the secure channel between the LPA and the eUICC based on the local connection, wherein the service indicator is used to complete device discovery between the LPA and the eUICC.


 
45. The eUICC according to any one of claims 38 to 44, wherein the information about the eUICC comprises at least one of the following: a device identity of the UE2 UE2-ID, capability information of the UE2, a card identity of the eUICC EID, or an eUICC information set EIS of the eUICC.
 
46. The eUICC according to claim 45, wherein
the profile matches the capability information of the UE2.
 
47. A user terminal UE, comprising a local profile assistant LPA, wherein the UE includes:
a processor and a memory, wherein the LPA uses the processor to execute the following steps:

generating a profile profile request according to information about an embedded universal integrated circuit card eUICC of a second terminal UE2;

sending the profile request;

receiving a profile request response, wherein the profile request response comprises at least a profile of the eUICC; and

forwarding the profile to the eUICC.


 
48. The UE according to claim 47, wherein when sending the profile request, the processor is specifically configured to:
send the profile request to a profile server.
 
49. The UE according to claim 48, wherein after sending the profile request and before receiving the profile request response, the processor is configured to:

receive a key negotiation request sent by the profile server;

forward the key negotiation request to the eUICC if determining, according to information carried in the key negotiation request, that a target receiver of the key negotiation request is the eUICC; and

receive a key negotiation response sent by the eUICC, and forward the key negotiation response to the profile server.


 
50. The UE according to claim 47 or 49, wherein before generating the profile request according to the information about the eUICC of the UE2, the processor is configured to:

obtain the information about the eUICC; or

obtain the information about the eUICC, and

display the obtained information about the eUICC and operator information.


 
51. The UE according to claim 50, wherein before obtaining the information about the eUICC, the processor is configured to:
establish a secure channel between the LPA and the eUICC, wherein the secure channel is used to obtain the information about the eUICC.
 
52. The UE according to claim 50, wherein before receiving the profile request response, the processor is configured to:
establish a secure channel between the LPA and the eUICC, wherein the secure channel is used to transmit the profile.
 
53. The UE according to claim 51 or 52, wherein the processor is configured to: when detecting that the secure channel is disabled, re-establish a secure channel between the LPA and the eUICC.
 
54. The UE according to claim 51 or 53, wherein when establishing the secure channel between the LPA and the eUICC, the processor is specifically configured to:

broadcast a service search request, establish a local connection between the LPA and the UE2 or between the LPA and the eUICC, and establish the secure channel between the LPA and the eUICC based on the local connection; or

receive a broadcast service search request, establish a local connection between the LPA and the UE2 or between the LPA and the eUICC, and establish the secure channel between the LPA and the eUICC based on the local connection; or

receive a broadcast service search request carrying an eUICC service indicator, complete device discovery between the LPA and the eUICC according to the service indicator, establish a local connection between the LPA and the UE2 or between the LPA and the eUICC, and establish the secure channel between the LPA and the eUICC based on the local connection.


 
55. The UE according to any one of claims 47 to 54, wherein the processor is configured to obtain the information about the eUICC, wherein the information about the eUICC comprises at least one of the following: a device identity of the UE2 UE2-ID, capability information of the UE2, a card identity of the eUICC EID, or an eUICC information set EIS of the eUICC.
 
56. The UE according to any one of claims 47 to 55, wherein the processor is configured to send the profile request, wherein the profile request comprises at least one of the following: a device identity of the UE1 UE1-ID, the device identity of the UE2 UE2-ID, the capability information of the UE2, the card identity of the eUICC EID, or the eUICC information set EIS of the eUICC.
 
57. The UE according to claim 56, wherein
the profile matches the capability information of the UE2.
 
58. The UE according to any one of claims 47 to 57, wherein when forwarding the profile to the eUICC, the processor is specifically configured to:

extract the profile from the received profile request response, and forward the extracted profile to the eUICC; or

forward, to the eUICC, the profile request response carrying the profile.


 
59. The UE according to any one of claims 47 to 58, wherein after forwarding the profile to the eUICC, the processor is configured to:

send, to the eUICC, a profile activation request used to activate the profile;

send, to the eUICC, a profile disabling request used to disable the profile; or

send, to the eUICC, a profile delete request used to delete the profile.


 
60. The UE according to any one of claims 47 to 59, wherein the generating, by the processor, a profile request according to information about an eUICC of UE2 comprises:
generating the profile request according to the information about the eUICC if an operator network selection instruction is detected, wherein an operator network provides a network service to the eUICC.
 
61. An embedded universal integrated circuit card eUICC, disposed in a second terminal UE2, wherein the eUICC comprises:
a processor and a memory, wherein the processor invokes code or an instruction in the memory to execute the following steps:

receiving a key negotiation request forwarded by a local profile assistant LPA of a first terminal UE1;

sending a key negotiation response to the LPA; and

receiving a profile that is encrypted according to the key negotiation response and that is forwarded by the LPA.


 
62. The eUICC according to claim 61, wherein before receiving the key negotiation request forwarded by the LPA, the processor is configured to:
send information about the eUICC to the LPA.
 
63. The eUICC according to claim 62, wherein before sending the information about the eUICC to the LPA, the processor is configured to:
establish a secure channel between the LPA and the eUICC, wherein the secure channel is used to send the information about the eUICC.
 
64. The eUICC according to claim 61 or 62, wherein before receiving the profile that is encrypted according to the key negotiation response and that is forwarded by the LPA, the processor is configured to:
establish a secure channel between the LPA and the eUICC, wherein the secure channel is used to forward the profile.
 
65. The eUICC according to claim 62 or 63, wherein after establishing the secure channel between the LPA and the eUICC, the processor is configured to:
disable the secure channel when detecting that establishment duration of the secure channel is greater than or equal to a preset threshold.
 
66. The eUICC according to claim 65 wherein before receiving the profile that is encrypted according to the key negotiation response and that is forwarded by the LPA, the processor is configured to:
when detecting that the secure channel is disabled, re-establish the secure channel.
 
67. The eUICC according to claim 64, 65, or 66, wherein when establishing the secure channel, the processor is specifically configured to:

receive a broadcast service search request, establish a local connection between the eUICC and the UE1 or between the eUICC and the LPA, and establish the secure channel between the LPA and the eUICC based on the local connection; or

broadcast a service search request, establish a local connection between the eUICC and the UE1 or between the eUICC and the LPA, and establish the secure channel between the LPA and the eUICC based on the local connection; or

broadcast a service search request carrying an eUICC service indicator, establish a local connection between the eUICC and the UE1 or between the eUICC and the LPA, and establish the secure channel between the LPA and the eUICC based on the local connection, wherein the service indicator is used to complete device discovery between the LPA and the eUICC.


 
68. The eUICC according to any one of claims 61 to 67, wherein the information about the eUICC comprises at least one of the following: a device identity of the UE2 UE2-ID, capability information of the UE2, a card identity of the eUICC EID, or an eUICC information set EIS of the eUICC.
 
69. The eUICC according to claim 68, wherein
the profile matches the capability information of the UE2.
 
70. A profile processing system, comprising:
a first terminal UE1 comprising the profile processing apparatus according to any one of claims 24 to 37, or the user terminal according to any one of claims 47 to 60, and a second terminal UE2 comprising the eUICC according to any one of claims 38 to 46 or claims 61 to 69.
 




Drawing






















Search report