-------------------------------------
3.11.2 Profile Recovery
This procedure will allow the End User to recover the deleted Profile on the old Device.
Start Conditions:
• The LPAd of the old Device has deleted the installed Profile as instructed by the SMDP+ during the Device Change procedure.
• The SM-DP+ has indicated to the LPAd of the old Device the support of the recovery of the deleted Profile in the Device Change Response.
• The relevant information for the recovery of the deleted Profile has been stored and validity period of the Profile Recovery is not expired in the LPAd of the old Device.
• The Profile Installation on the eUICC of the new Device has failed due to a permanent error described in section 2.5.6.1.
• The LPAd of the new Device has delivered the Profile Installation Result to the SMDP+ by calling the "ES9+.HandleNotification".
Procedure:
1. The End User initiates the Profile Recovery operation within the LUId of the old Device by selecting the Profile that was deleted for Device Change.
2. The LPAd of the old Device retrieves the SM-DP+ address and an optional allowed eSIM CA RootCA Public Key identifier for recovery of the selected Profile. If the LPAd of the old Device cannot retrieve the SM-DP+ address, the procedure SHALL stop.
3. The LPAd of the old Device initiates the Common Mutual Authentication procedure defined in section 3.0.1 to the retrieved SM-DP+ address. If an allowed eSIM CA RootCA public key identifier was retrieved, the LPAd SHALL restrict the allowed eSIM CA RootCA public key identifiers to that value. During the Common Mutual Authentication procedure at step (10), the LPAd SHALL build the ctxParams1 data object with ctxParamsForProfileRecovery comprising the ICCID of the selected Profile to be recovered.
4. On reception of the "ES9+.AuthenticateClient" function call comprising ctxParamsForProfileRecovery, the SM-DP+ SHALL verify that there was a permanent error in installing the prepared Profile on the new Device for Device Change, corresponding to the ICCID therein. If verification fails, the SM-DP+ SHALL return a status code "Profile – Not allowed".
5. The SM-DP+ SHALL prepare a Profile for recovery and the associated Activation Code for the old Device. The SM-DP+ MAY interact with the Service Provider for the Profile preparation.
6. The SM-DP+ SHALL return the ES9+.AuthenticateClient response comprising transactionId, smdpSigned4 and smdpSignature4.
7. Upon receiving the response, if the eUICC supports Device Change, the LPAd of the old Device SHALL call "ES10b.VerifyDeviceChange" function comprising profileRecoveryResponse to verify the SM-DP+ signature via eUICC as described in section 5.7.27. If the eUICC returns an error, the procedure SHALL stop.
8. The LPAd of the old Device initiate Profile download and installation procedure, as defined in section 3.1.3, by opening a new RSP session to the SM-DP+ identified by the Activation Code contained in the smdpSigned4 (see step 6 above).
--------------------------------------
5.6.3 Function: AuthenticateClient
Beginning of Profile Recovery operation
The SM-DP+ SHALL:
• Identify the Profile by ICCID contained in the ctxParamsForProfileRecovery, and verify that the Profile was processed for Device Change previously. If the Profile cannot be identified or the Profile was not processed for Device Change previously, the SM-DP+ SHALL return an error status "ICCID – Unknown".
• Verify that the identified Profile is associated with the EID of the incoming eUICC, i.e., the eUICC of the old Device. If the Profile is not associated with the EID of the eUICC of the old Device, the SM-DP+ SHALL return an error status "EID – Refused".
• Verify that there was a permanent error whilst installing the prepared Profile on the new Device for Device Change, corresponding to the ICCID contained in the ctxParamsForProfileRecovery. If verification fails, the SM-DP+ SHALL return a status code "Profile – Not allowed".
• Prepare a Profile for recovery and the associated Activation Code for the old Device. The SM-DP+ MAY interact with the Service Provider for the Profile preparation.
• Generate an smdpSigned4 data object including the Activation Code for Profile Recovery as defined in "ES10b.PrepareDeviceChangeRequest".
• Compute the signature smdpSignature4 over the concatenated data objects smdpSigned4 and euiccSignature1 using SK.DPauth.SIG.
End of Profile Recovery operation
--------------------------------------
启动条件是指在执行profile恢复之前必须满足的一系列前提条件。以下是启动profile恢复程序所需的条件:
1. **旧设备已删除安装的profile**:根据SM-DP+(订阅管理数据准备)在设备更换过程中的指示,旧设备的LPAd(本地资料管理员)已经删除了已安装的profile。这是profile恢复过程的基础,因为没有删除的profile就无需恢复。
2. **SM-DP+支持恢复操作**:SM-DP+在设备更换响应中已向旧设备的LPAd表明支持恢复已删除的profile。这意味着SM-DP+已经确认可以进行profile的恢复操作,并且相关的配置和权限已经就绪。
3. **恢复信息已存储且有效**:旧设备的LPAd已经存储了恢复已删除profile所需的相关信息,并且profile恢复的有效期尚未过期。这确保了在尝试恢复profile时,所有必要的信息都是可用的,并且没有超出其设定的有效期限。
4. **新设备eUICC上的profile安装失败**:由于2.5.6.1节中描述的永久性错误,新设备的eUICC上未能成功安装profile。这种情况触发了对旧设备上已删除profile的恢复需求,因为新设备无法继续使用。
5. **新设备LPAd已通知SM-DP+安装结果**:新设备的LPAd通过调用“ES9+.HandleNotification”功能,已经将profile安装结果通知给SM-DP+。这是一个关键步骤,因为它告知SM-DP+新设备上profile安装失败的情况,从而启动了对旧设备profile的恢复流程。
这些启动条件确保了在新设备无法成功安装profile的情况下,可以通过一系列有序的步骤来恢复旧设备上已删除的profile,从而保障服务的连续性和用户的体验。
-----
以上描述的程序详细阐述了在电信生态系统中,当新设备的eUICC(嵌入式通用集成电路卡)上配置profile失败时,如何在旧设备上恢复已删除的profile的系统方法。以下是该profile恢复程序的详细步骤分解:
1. **终端用户发起**:过程始于终端用户在旧设备的LUId(本地用户身份)内采取行动,以启动恢复因设备更换而删除的profile。这通过选择要恢复的特定profile来完成。
2. **检索SM-DP+地址**:旧设备的LPAd(本地资料管理员)检索SM-DP+(订阅管理数据准备)的地址,并在适用的情况下,检索允许的eSIM CA(证书颁发机构)RootCA公钥标识符。如果LPAd无法获取SM-DP+地址,则程序无法继续,必须停止。
3. **共同相互认证**:旧设备的LPAd与检索到的SM-DP+地址启动共同相互认证程序。如果获得了允许的eSIM CA RootCA公钥标识符,则LPAd将限制允许的eSIM CA RootCA公钥标识符到该特定值。在此过程中,构造包含ctxParamsForProfileRecovery的ctxParams1数据对象,其中包括要恢复的profile的ICCID(集成电路卡标识符)。
4. **SM-DP+验证**:在接收到包含ctxParamsForProfileRecovery的“ES9+.AuthenticateClient”功能调用时,SM-DP+验证在新设备上安装准备好的profile是否发生了永久性错误。如果验证失败,SM-DP+将返回“profile - 不允许”状态代码。
5. **SM-DP+准备profile**:SM-DP+为旧设备准备一个恢复的profile和相关的激活代码。这可能涉及与服务提供商互动来准备profile。
6. **SM-DP+响应**:SM-DP+返回“ES9+.AuthenticateClient”功能调用的响应,其中包括交易ID、smdpSigned4和smdpSignature4。
7. **验证SM-DP+签名**:如果旧设备的eUICC支持设备更换,LPAd调用“ES10b.VerifyDeviceChange”功能,使用profileRecoveryResponse通过eUICC验证SM-DP+签名,如5.7.27节所述。如果在验证过程中出现错误,程序将停止。
8. **profile下载和安装**:最后,旧设备的LPAd通过使用smdpSigned4中的激活代码(步骤6以上)打开与SM-DP+的新RSP(远程服务提供商)会话,启动profile下载和安装程序,如3.1.3节所述。
该程序确保了终端用户在新设备上profile安装失败时,能够在旧设备上恢复已删除的profile。它涉及一系列验证和认证,以维护profile恢复过程的安全性和完整性。
---------------------------------
在profile恢复操作的开始阶段,SM-DP+(订阅管理数据准备+)需要执行一系列验证和准备工作,以确保恢复过程的安全性和准确性。以下是SM-DP+在“AuthenticateClient”功能中应执行的步骤:
1. **通过ICCID识别profile**:SM-DP+应从ctxParamsForProfileRecovery中提取ICCID(集成电路卡标识符),并验证该profile之前是否已经为设备更换处理过。如果无法识别profile或者该profile之前未处理过设备更换,SM-DP+应返回错误状态“ICCID – Unknown”(ICCID未知)。
2. **验证profile与eUICC的关联性**:SM-DP+需要验证所识别的profile是否与传入eUICC的EID(设备标识)相关联,即旧设备的eUICC。如果profile与旧设备的eUICC的EID不相关联,SM-DP+应返回错误状态“EID – Refused”(EID拒绝)。
3. **验证新设备上安装profile时的永久错误**:SM-DP+应验证在新设备上为设备更换安装准备好的profile时是否发生了永久错误,这与ctxParamsForProfileRecovery中包含的ICCID相对应。如果验证失败,SM-DP+应返回状态码“Profile – Not allowed”(不允许profile)。
4. **准备恢复的profile和激活代码**:SM-DP+应为旧设备准备一个用于恢复的profile和相关的激活代码。在此过程中,SM-DP+可以与服务提供商进行互动,以准备profile。
5. **生成smdpSigned4数据对象**:SM-DP+应生成一个包含profile恢复激活代码的smdpSigned4数据对象,具体定义在“ES10b.PrepareDeviceChangeRequest”中。
6. **计算签名**:SM-DP+应使用SK.DPauth.SIG算法计算smdpSigned4和euiccSignature1数据对象连接后的签名,生成smdpSignature4。
这些步骤共同确保了profile恢复操作的安全性和有效性。通过严格的验证和签名过程,SM-DP+能够防止未授权的profile恢复尝试,并确保只有符合条件的请求才能继续进行下一步的profile恢复操作。这有助于保护用户的服务连续性和数据安全。
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
