Communication method, apparatus, device, system and storage medium based on esim card
By using eSIM cards for identity and hardware verification, the problem of insufficient identity security identification for wireless communication devices is solved, enabling secure communication between terminal devices and cloud devices and ensuring the security of data transmission.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- BEIJING SMARTCHIP MICROELECTRONICS TECHNOLOGY CO LTD
- Filing Date
- 2022-09-23
- Publication Date
- 2026-07-07
AI Technical Summary
In the process of data security interaction in the power system, the insufficient identification of the identity of wireless communication devices may lead to the theft of wireless communication devices and the inability to guarantee the security of data transmission links.
The communication method based on eSIM card is adopted. Identity and hardware verification are performed by obtaining device verification information and hardware fingerprint information of terminal device. Secure communication between terminal device and cloud device is realized by using communication control platform access gateway.
Effectively terminate communication connections between unauthorized or tampered wireless communication devices and cloud devices to ensure the security and integrity of data transmission.
Smart Images

Figure CN115499838B_ABST
Abstract
Description
Technical Field
[0001] This application relates to the field of communication technology, and in particular to a communication method, apparatus, device, system and storage medium based on an eSIM card. Background Technology
[0002] In the process of secure data exchange in power systems, identity authentication is typically performed only on cloud devices (i.e., upstream data centers) or terminal devices (i.e., downstream terminals) to ensure secure data exchange. However, the identity authentication of wireless communication devices is rarely addressed, thus creating the possibility of unauthorized use of these devices and compromising the security of the data transmission link. Therefore, how to ensure the security of wireless communication devices to improve the data transmission security of the entire communication link has become an urgent problem to be solved. Summary of the Invention
[0003] In view of this, embodiments of this application provide a communication method, apparatus, device, system, and storage medium based on an eSIM card.
[0004] This application provides a communication method based on an eSIM card, applied to a wireless communication device, the wireless communication device including an eSIM card and a communication control platform, the method including:
[0005] After the terminal device is powered on, obtain the device verification information of the terminal device and the device binding information pre-stored in the eSIM card;
[0006] The terminal device is authenticated based on the device binding information and the device verification information;
[0007] Hardware verification of the terminal device is performed based on the hardware fingerprint information pre-stored in the eSIM card;
[0008] If the authentication and hardware verification results are both successful, the wireless communication device is connected to the gateway through the communication control platform to enable communication interaction between the terminal device and the cloud device.
[0009] This application utilizes the eSIM card of a wireless communication device to verify the acquired terminal device information, thereby establishing a communication connection between the cloud device and the terminal device upon successful verification. Since the wireless communication device cannot perform data matching when illegally intruded or tampered with, this method can effectively terminate the communication connection between the cloud device and the terminal device, thus protecting data transmission. Specifically, the wireless communication device deploys an eSIM card and a communication control platform. The eSIM card can store device binding information used to verify the terminal device's identity during communication, as well as hardware fingerprint information to verify the identity of the terminal device's internal hardware. After the terminal device is powered on, the wireless communication device can collect the terminal device's device verification information, verify the legitimacy of the terminal device's identity based on the device binding information, and, if the terminal device's identity is legitimate, use the hardware fingerprint information to further authenticate the hardware within the terminal device. If both verifications by the terminal device pass, the communication control platform can initiate access to the gateway, enabling the wireless communication device to access the gateway and achieve communication interaction between the terminal device and the cloud device.
[0010] In some embodiments, the method further includes:
[0011] The power safety application is installed on the eSIM card, and the eSIM card's working state is adjusted to an activated state; wherein, the communication control platform can obtain the terminal device's device information through the power safety application on the activated eSIM card; the device information includes the device verification information.
[0012] This method controls the working state of the eSIM card, enabling the activated eSIM card to provide power security applications to the communication control platform. This allows the communication control platform to access device information from the terminal device based on the corresponding power security applications. These power security applications can include secure boot, identity verification, access control, certificate and key management, standard encryption / decryption, secure storage, and extended applications. Furthermore, by invoking identity verification, the device authentication information of the terminal device can be retrieved, thereby authenticating the terminal device.
[0013] In some embodiments, the method further includes:
[0014] Send a certificate request to the cloud device to obtain the requested certificate;
[0015] The application certificate is stored in the eSIM card so that the wireless communication device can authenticate the cloud device using the application certificate.
[0016] This method can send a certificate to a cloud device to obtain an application certificate, and store the application certificate as the identity identifier of the eSIM card in the eSIM card. This allows the cloud device to verify the legitimacy of the wireless communication device by reading the application certificate stored in the eSIM card.
[0017] In some embodiments, before obtaining the device verification information of the terminal device and the device binding information pre-stored in the eSIM card after the terminal device is powered on, the method further includes:
[0018] Detect the storage status of device binding information in the eSIM card;
[0019] If the device binding information is not detected in the eSIM card, preset binding information is obtained and stored in the eSIM card as the device binding information.
[0020] This method can retrieve preset binding information to provide terminal device identity verification information even when device binding information is not stored in the eSIM card. The preset binding information can be obtained through the communication control platform. This method obtains the device ID, module IMEI, and eSIM-EID by acquiring and binding these codes together to obtain the preset binding information, which is then used as the device binding information to identify the device.
[0021] In some implementations, the eSIM card pre-stores a list of legitimate gateways. If the authentication and hardware verification results are successful, the wireless communication device is connected to the gateway via a communication control platform to enable communication between the terminal device and the cloud device. This includes:
[0022] Invoke the list of legitimate gateways and initiate a gateway access request;
[0023] Obtain the gateway address of the gateway to be connected, and verify the gateway address according to the list of valid gateways;
[0024] If the gateway address exists in the list of legitimate gateways, the wireless communication device is connected to the gateway, and the cloud device is authenticated through the wireless communication device.
[0025] If the authentication result of the cloud device is successful, a communication key is generated to enable encrypted communication between the terminal device and the cloud device.
[0026] This method initiates a gateway access request and calls a list of legitimate gateways to determine the security of the gateway to be accessed. If the list includes the gateway address of the desired gateway, the wireless communication device is connected to the gateway, and the wireless communication device authenticates the cloud device. If the cloud device's authentication is successful, a communication key is generated to enable encrypted communication between the terminal device and the cloud device.
[0027] This application also provides a communication device based on an eSIM card, applied to wireless communication equipment, comprising:
[0028] The information acquisition module is used to acquire the device verification information of the terminal device and the device binding information pre-stored in the eSIM card after the terminal device is powered on;
[0029] The first verification module is used to authenticate the terminal device based on the device binding information and the device verification information;
[0030] The second verification module is used to perform hardware verification on the terminal device based on the hardware fingerprint information pre-stored in the eSIM card.
[0031] The first gateway access module is used to connect the wireless communication device to the gateway through the communication control platform when the authentication and hardware verification results are successful, so as to realize the communication interaction between the terminal device and the cloud device through the wireless communication device.
[0032] This device can detect the power-on status of the terminal device through the information acquisition module. After detecting that the terminal device has completed power-on, it acquires the device verification information of the terminal device and the device binding information pre-stored in the eSIM card. The device verification information and device binding information are then obtained through the first verification module to authenticate the device. Furthermore, the second verification module reads the hardware fingerprint information pre-stored in the eSIM card to perform hardware detection on the terminal device based on the hardware device information and hardware fingerprint information. Furthermore, the first gateway access module can connect the wireless communication device to the gateway according to the communication control platform when the first and second verification modules pass verification, thereby providing a communication link between the terminal device and the cloud device. Through the first and second verification modules in the wireless communication device, tampered communication devices are effectively prevented from participating in the communication connection between the terminal device and the cloud device, thus ensuring data security.
[0033] This application also provides a communication device based on an eSIM card, applied to wireless communication devices, comprising:
[0034] processor, and
[0035] The memory communicatively connected to the processor, wherein
[0036] The memory stores instructions that the processor can execute to implement an eSIM-based communication method for use in wireless communication devices.
[0037] The processor allows this application to execute instructions stored in memory, thereby implementing a communication method applicable to wireless communication devices. The effects of executing the communication method provided in this application have been discussed in detail above and will not be repeated here.
[0038] This application also provides a communication method based on an eSIM card, applied to cloud devices, including:
[0039] Obtain a gateway access request initiated by a wireless communication device and output the gateway address to the wireless communication device;
[0040] The wireless communication device is authenticated.
[0041] If the authentication result of the wireless communication device is successful, a communication key is generated to enable encrypted communication between the terminal device and the cloud device.
[0042] This method can obtain gateway access requests initiated by wireless communication devices, and then output the gateway address to the wireless communication devices so that the wireless communication devices can access the gateway based on the gateway address. After detecting that the wireless communication devices have accessed the gateway, the method authenticates the identity of the wireless communication devices. After the identity authentication of the wireless communication devices is successful, a communication key is generated so that cloud devices can use the communication key and the wireless communication devices to achieve encrypted communication with terminal devices.
[0043] In some implementations, the cloud device includes a third-party platform, and the authentication of the wireless communication device includes:
[0044] The application certificate stored in the eSIM card within the wireless communication device is obtained through the third-party platform.
[0045] The validity of the applied certificate is verified.
[0046] This method can retrieve the application certificate stored in the eSIM card of the wireless communication device in the access gateway through a third-party platform, and perform data authentication on the legality of the application certificate according to the digital security service platform in the cloud device. When there is an application record for the application certificate in the digital security service platform, the authentication result of the legality of the application certificate can be output.
[0047] In some implementations, authenticating the legality of the application certificate includes:
[0048] Obtain the list of legitimate certificates stored in the digital security service platform through a third-party platform;
[0049] The application certificate is authenticated based on the list of valid certificates.
[0050] This method verifies the legitimacy of the application certificate through a third-party platform. Specifically, it obtains a list of legitimate certificates stored within the digital security service platform. This list includes all legitimate certificates already registered on cloud devices, and each legitimate certificate corresponds to at least one authenticated legitimate wireless communication device. Further, this method compares the application certificate with each legitimate certificate in the list to complete the authentication. Specifically, if the application certificate to be tested is present in the list of legitimate certificates, it proves that the wireless communication device corresponding to this application certificate has been registered on the cloud device side beforehand and is a secure device. Alternatively, if the application certificate is not present in the list of legitimate certificates, it proves that this wireless communication device has not been registered or has been maliciously tampered with, and the device security cannot be guaranteed. Therefore, the use of this wireless communication device for encrypted transmission of business data between the terminal device and the cloud device is rejected.
[0051] In some embodiments, the method further includes:
[0052] If the validity of the application certificate is verified as passed, the cloud device identity identifier is output to the wireless communication device so that the wireless communication device can authenticate the cloud device through the cloud device identity identifier; and a communication key is generated based on the application certificate.
[0053] This method can achieve two-way authentication between cloud devices and wireless communication devices based on identity identifiers. Specifically, when the certificate validity verification result is successful, the cloud device identity identifier is output to the wireless communication device, so that the wireless communication device can authenticate the cloud device through the cloud device identity identifier.
[0054] This application also provides a secure communication device based on an eSIM card, applied to cloud devices, including:
[0055] The second gateway access module is used to obtain the gateway access request initiated by the wireless communication device and output the gateway address to the wireless communication device.
[0056] An identity authentication module is used to authenticate the identity of the wireless communication device;
[0057] An encrypted communication module is used to generate a communication key when the authentication result of the wireless communication device is successful, so as to realize encrypted communication between the terminal device and the cloud device based on the communication key.
[0058] This device can enable wireless communication devices to connect to the gateway via a second gateway access module, and output the gateway address to the wireless communication devices. This allows the wireless communication devices to choose whether to connect to the gateway based on the gateway address detection result. Furthermore, through an authentication module, this device can authenticate the wireless communication devices connecting to the gateway, ensuring their secure use. Moreover, through an encrypted communication module, it can negotiate and generate a communication key with the authenticated secure wireless communication device, enabling the cloud device to achieve encrypted communication with the terminal device using the communication key and the wireless communication device.
[0059] This application also provides a secure communication device based on an eSIM card, applied to cloud devices, including:
[0060] processor, and
[0061] The memory communicatively connected to the processor, wherein
[0062] The memory stores instructions that the processor can execute to implement an eSIM-based communication method for cloud devices.
[0063] The processor allows this application to execute instructions stored in memory, thereby implementing a communication method applicable to cloud devices. The effects of executing the communication method provided in this application have been discussed in detail above and will not be repeated here.
[0064] This application also provides a secure communication system based on an eSIM card, comprising: a terminal device, a wireless communication device, and a cloud device, wherein...
[0065] The terminal device is used to store and output device information to the wireless communication device; wherein, the device information includes device verification information; and is also used to communicate with the cloud device through the wireless communication device.
[0066] The wireless communication device includes an eSIM card and a communication control platform; used to implement the above-described eSIM card-based communication method applied to the wireless communication device.
[0067] The cloud device is used to implement the above-described communication method based on an eSIM card applied to the cloud device.
[0068] The secure communication system provided in this application can provide device information to a wireless communication device via a terminal device, and provide service data. The wireless communication device then enables encrypted transmission and encrypted acquisition of service data with the network side. The effects achievable by the terminal device and the wireless communication device have been discussed above and will not be repeated here.
[0069] This application also provides a computer-readable storage medium storing computer-executable instructions, which enable a computer to implement a communication method based on an eSIM card applied to a wireless communication device, or to implement a communication method based on an eSIM card applied to a cloud device, by executing the computer-executable instructions. Attached Figure Description
[0070] The above and / or additional aspects and advantages of this application will become apparent and readily understood from the following description of the embodiments taken in conjunction with the accompanying drawings, wherein:
[0071] Figure 1 This is a schematic diagram of a communication method based on an eSIM card applied to a wireless communication device according to certain embodiments of this application.
[0072] Figure 2 This is a schematic diagram of a specific process of a communication method based on an eSIM card according to certain embodiments of this application.
[0073] Figure 3 This is a schematic diagram of the structure of a communication device applied to a wireless communication device according to certain embodiments of this application.
[0074] Figure 4 This is a schematic diagram of the structure of a communication device applied to a wireless communication device according to certain embodiments of this application.
[0075] Figure 5 This is a schematic diagram of a communication method based on an eSIM card applied to a cloud device according to certain embodiments of this application.
[0076] Figure 6 This is a schematic diagram of the structure of a communication device applied to a terminal device according to certain embodiments of this application.
[0077] Figure 7 This is a schematic diagram of the structure of a communication device applied to a terminal device according to certain embodiments of this application.
[0078] Figure 8 This is a schematic diagram of the structure of a secure communication system based on an eSIM card according to certain embodiments of this application.
[0079] Figure descriptions: Information acquisition module 11, first verification module 12, second verification module 13, first gateway access module 14, terminal device 100, processor 15, memory 16, second gateway access module 21, identity authentication module 22, encrypted communication module 23, processor 24, memory 25, wireless communication device 200, eSIM card 210, communication control platform 220, cloud device 300. Detailed Implementation
[0080] The embodiments of this application are described in detail below. Examples of the embodiments are shown in the accompanying drawings, wherein the same or similar reference numerals denote the same or similar elements or elements having the same or similar functions throughout. The embodiments described below with reference to the accompanying drawings are exemplary and intended to explain this application, and should not be construed as limiting this application.
[0081] Reference Figure 1 This application provides a communication method based on an eSIM card, applied to a wireless communication device. The wireless communication device includes an eSIM card and a communication control platform. The method includes:
[0082] S11. After the terminal device is powered on, obtain the device verification information of the terminal device and the device binding information pre-stored in the eSIM card;
[0083] S12. Verify the identity of the terminal device based on the device binding information and device verification information;
[0084] S13. Perform hardware verification on the terminal device based on the hardware fingerprint information pre-stored in the eSIM card.
[0085] S14. If the authentication and hardware authentication results are successful, the wireless communication device is connected to the gateway through the communication control platform to enable communication interaction between the terminal device and the cloud device.
[0086] This application utilizes the eSIM card of a wireless communication device to verify the acquired terminal device information, thereby establishing a communication connection between the cloud device and the terminal device upon successful verification. Since the wireless communication device cannot perform data matching when illegally intruded or tampered with, this method can effectively terminate the communication connection between the cloud device and the terminal device, thus protecting data transmission. Specifically, the wireless communication device deploys an eSIM card and a communication control platform. The eSIM card can store device binding information used to verify the terminal device's identity during communication, as well as hardware fingerprint information to verify the identity of the terminal device's internal hardware. After the terminal device is powered on, the wireless communication device can collect the terminal device's device verification information, verify the legitimacy of the terminal device's identity based on the device binding information, and, if the terminal device's identity is legitimate, use the hardware fingerprint information to further authenticate the hardware within the terminal device. If both verifications by the terminal device pass, the communication control platform can initiate access to the gateway, enabling the wireless communication device to access the gateway and achieve communication interaction between the terminal device and the cloud device.
[0087] After the terminal device is powered on, the wireless communication device can obtain the device verification information of the terminal device and the device binding information pre-stored in the eSIM card; perform identity verification of the terminal device based on the device binding information and device verification information; perform hardware verification of the terminal device based on the hardware fingerprint information pre-stored in the eSIM card; if the identity verification and hardware verification results are successful, the wireless communication device is connected to the gateway through the communication control platform to realize communication interaction between the terminal device and the cloud device through the wireless communication device.
[0088] Thus, this method effectively verifies the legitimacy of the terminal device itself and its internal hardware based on the device binding information and hardware fingerprint information pre-stored in the eSIM card. Upon successful verification, the communication control platform initiates an access request to the gateway, enabling the wireless communication device to communicate with the cloud device through the gateway, thereby facilitating data interaction between the cloud device and the terminal device.
[0089] Specifically, the eSIM card can also store an access control whitelist, which allows the communication control platform to call relevant power security applications based on the access control whitelist to grant different accounts different access permissions, thereby further ensuring the transmission security of the data communication process.
[0090] In some implementations, the method further includes:
[0091] Install the power safety application onto the eSIM card and adjust the eSIM card's working status to an activated state; wherein, the communication control platform can obtain the terminal device's device information through the power safety application on the activated eSIM card; the device information includes device verification information.
[0092] This method controls the working state of the eSIM card, enabling the activated eSIM card to provide power security applications to the communication control platform. This allows the communication control platform to access device information from the terminal device based on the corresponding power security applications. These power security applications can include secure boot, identity verification, access control, certificate and key management, standard encryption / decryption, secure storage, and extended applications. Furthermore, by invoking identity verification, the device authentication information of the terminal device can be retrieved, thereby authenticating the terminal device.
[0093] Wireless communication devices can install power safety applications on eSIM cards and adjust the working status of eSIM cards to an activated state; wherein, the communication control platform can obtain device information of terminal devices through the power safety application of the activated eSIM card; the device information includes device verification information.
[0094] In some implementations, the method further includes:
[0095] Send a certificate request to the cloud device to obtain the requested certificate;
[0096] The certificate request is stored on the eSIM card so that wireless communication devices can authenticate cloud devices by requesting the certificate.
[0097] This method can send a certificate to a cloud device to obtain an application certificate, and store the application certificate as the identity identifier of the eSIM card in the eSIM card, thereby enabling the wireless communication device to verify the legitimacy of the cloud device through the application certificate stored in the eSIM card.
[0098] Wireless communication devices can send certificate request requests to cloud devices to obtain certificates; the requested certificates are stored in eSIM cards so that wireless communication devices can authenticate with cloud devices by using the requested certificates.
[0099] Thus, this method implements a device security verification method for wireless communication devices. The wireless communication device can apply for a certificate to verify the legitimacy of the cloud device corresponding to the gateway it connects to. After successfully verifying the legitimacy of the cloud device, the wireless communication device can perform certificate or key negotiation with the cloud device to generate a certificate or key for encrypted communication.
[0100] In some implementations, prior to S11, the method further includes:
[0101] Detect the storage status of device binding information in the eSIM card;
[0102] If no device binding information is detected in the eSIM card, the preset binding information is obtained and stored in the eSIM card as device binding information.
[0103] This method can retrieve preset binding information to provide terminal device identity verification information even when device binding information is not stored in the eSIM card. The preset binding information can be obtained through the communication control platform. This method obtains the device ID, module IMEI, and eSIM-EID by acquiring and binding these codes together to obtain the preset binding information, which is then used as the device binding information to identify the device.
[0104] Wireless communication devices can detect the storage status of device binding information in the eSIM card; if no device binding information is detected in the eSIM card, they can obtain preset binding information and store the preset binding information as device binding information in the eSIM card.
[0105] Specifically, this method can write the device ID, device IMEI, and eSIM card EID together into the secure storage application of the eSIM card when the terminal device is powered on for the first time, complete the initial binding, and then obtain the preset binding information.
[0106] In some implementations, the eSIM card pre-stores a list of legitimate gateways, and S14 includes:
[0107] Invoke the list of legitimate gateways and initiate a gateway access request;
[0108] Obtain the gateway address of the gateway to be connected, and verify the gateway address according to the list of valid gateways;
[0109] If a gateway address exists in the list of legitimate gateways, connect the wireless communication device to the gateway and use the wireless communication device to authenticate the cloud device.
[0110] If the authentication result of the cloud device is successful, a communication key is generated to enable encrypted communication between the terminal device and the cloud device.
[0111] This method initiates a gateway access request and calls a list of legitimate gateways to determine the security of the gateway to be accessed. If the list includes the gateway address of the desired gateway, the wireless communication device is connected to the gateway, and the wireless communication device authenticates the cloud device. If the cloud device's authentication is successful, a communication key is generated to enable encrypted communication between the terminal device and the cloud device.
[0112] Wireless communication devices can access a list of legitimate gateways and initiate a gateway access request; obtain the gateway address of the gateway to be accessed and verify the gateway address according to the list of legitimate gateways; if the gateway address exists in the list of legitimate gateways, the wireless communication device is connected to the gateway and authenticates the cloud device through the wireless communication device; if the authentication result of the cloud device is successful, a communication key is generated to enable encrypted communication between the terminal device and the cloud device.
[0113] Specifically, this method achieves identity authentication between wireless communication devices and cloud devices by applying for a certificate, and generates a communication key by applying for a certificate to achieve encrypted data communication.
[0114] Reference Figure 2 This application provides a specific communication method. A wireless communication device can pre-install a power safety application into its built-in eSIM card and use it to apply for a certificate from the digital security service platform of the cloud device. The applied certificate is then installed into the eSIM card to identify the wireless communication device. Furthermore, the wireless communication device can personalize its hardware fingerprint according to user needs, provide an access control whitelist to the communication control platform, and further initiate a gateway access request to access the gateway address. Furthermore, by switching the wireless communication device's operating state to an active state, the communication control platform can retrieve verification data such as device information from the terminal device, and verify the terminal device's hardware fingerprint when the module within the terminal device is powered on to verify the terminal device's identity and legitimacy. Furthermore, upon successful verification of the terminal device's hardware legitimacy, the platform prepares to connect the wireless communication device to the gateway.
[0115] After the above steps are executed, this method takes the power-on of the terminal device as the task start node and verifies the identity information of the terminal device through the communication control platform. Specifically, the communication control platform can read the device binding information in the eSIM card and compare this information with the obtained device verification information to achieve identity verification of the terminal device. Furthermore, if the terminal device is successfully authenticated, preparations are made to connect the wireless communication device to the gateway.
[0116] When the above two conditions are met, namely, the terminal device's authentication is valid and the terminal device's hardware authentication is valid, the gateway address is further provided by the third-party platform of the cloud device to connect the wireless communication device to the gateway, thereby enabling communication interaction between the terminal device and the cloud device through the wireless communication device.
[0117] Specifically, when the terminal device is powered on for the first time, the eSIM card does not contain device binding information. At this time, this method writes the device ID, device IMEI, and eSIM card EID together into a secure storage application to complete the initial binding and generate the initial device binding information.
[0118] Reference Figure 3 This application also provides a communication device based on an eSIM card, applied to wireless communication equipment, characterized in that it includes:
[0119] Information acquisition module 11 is used to acquire device verification information of terminal device and device binding information pre-stored in eSIM card after the terminal device is powered on;
[0120] The first verification module 12 is used to authenticate the terminal device based on the device binding information and the device verification information.
[0121] The second verification module 13 is used to perform hardware verification on the terminal device based on the hardware fingerprint information pre-stored in the eSIM card.
[0122] The first gateway access module 14 is used to connect the wireless communication device to the gateway through the communication control platform when the authentication and hardware authentication results are successful, so as to realize the communication interaction between the terminal device and the cloud device through the wireless communication device.
[0123] This device can detect the power-on status of the terminal device through the information acquisition module 11. After detecting that the terminal device has completed power-on, it acquires the device verification information of the terminal device and the device binding information pre-stored in the eSIM card. The device verification information and device binding information are then acquired through the first verification module 12 to authenticate the device. Furthermore, the second verification module 13 reads the hardware fingerprint information pre-stored in the eSIM card to perform hardware detection on the terminal device based on the hardware device information and hardware fingerprint information. Furthermore, the first gateway access module 14 can connect the wireless communication device to the gateway according to the communication control platform when the first verification module 12 and the second verification module 13 have passed verification, thereby providing a communication link between the terminal device and the cloud device. Through the first verification module 12 and the second verification module 13 in the wireless communication device, tampered communication devices are effectively prevented from participating in the communication connection between the terminal device and the cloud device, thus ensuring data security.
[0124] Reference Figure 4 This application also provides a communication device based on an eSIM card, applied to wireless communication devices, characterized in that it includes:
[0125] Processor 15, and
[0126] The memory 16 is communicatively connected to the processor 15, wherein
[0127] The memory 16 stores instructions that the processor 15 can execute to implement an eSIM-based communication method for use in wireless communication devices.
[0128] Through the processor 15, this application can execute the instructions stored in the memory 16, thereby implementing a communication method applied to a wireless communication device. The effects that can be achieved by executing the communication method provided in this application have been discussed in detail above and will not be repeated here.
[0129] Reference Figure 5 This application also provides a communication method based on an eSIM card, applied to cloud devices, including:
[0130] S21. Obtain the gateway access request initiated by the wireless communication device and output the gateway address to the wireless communication device;
[0131] S22. Perform identity authentication on wireless communication devices;
[0132] S23. If the authentication result of the wireless communication device is successful, a communication key is generated to enable encrypted communication between the terminal device and the network based on the communication key.
[0133] This method can obtain gateway access requests initiated by wireless communication devices, and then output the gateway address to the wireless communication devices so that the wireless communication devices can access the gateway based on the gateway address. After detecting that the wireless communication devices have accessed the gateway, the method authenticates the identity of the wireless communication devices. After the identity authentication of the wireless communication devices is successful, a communication key is generated so that cloud devices can use the communication key and the wireless communication devices to achieve encrypted communication with terminal devices.
[0134] The cloud device can obtain the gateway access request initiated by the wireless communication device and output the gateway address to the wireless communication device; it can authenticate the wireless communication device; if the authentication result of the wireless communication device is successful, it can generate a communication key to realize encrypted communication between the terminal device and the network.
[0135] Thus, this method can verify the identity of wireless communication devices participating in the communication process. If the identity of the wireless communication device is found to be legitimate, a communication key for communication encryption is generated through mutual negotiation with the wireless communication device, thereby realizing encrypted communication between the cloud device and the terminal device.
[0136] In some implementations, the cloud device includes a third-party platform, and S22 includes:
[0137] Obtain the application certificate stored in the eSIM card within the wireless communication device through a third-party platform;
[0138] Verify the legality of the applied certificate;
[0139] This method can retrieve the application certificate stored in the eSIM card of the wireless communication device in the access gateway through a third-party platform, and perform data authentication on the legality of the application certificate according to the digital security service platform in the cloud device. When there is an application record for the application certificate in the digital security service platform, the authentication result of the legality of the application certificate can be output.
[0140] Cloud devices can use a third-party platform to obtain the application certificate stored in the eSIM card within the wireless communication device and verify the legality of the application certificate.
[0141] In some implementations, authenticating the legitimacy of the certificate application includes:
[0142] Obtain the list of legitimate certificates stored in the digital security service platform through a third-party platform;
[0143] The applied certificate is authenticated based on the list of valid certificates.
[0144] This method verifies the legitimacy of the application certificate through a third-party platform. Specifically, it obtains a list of legitimate certificates stored within the digital security service platform. This list includes all legitimate certificates already registered on cloud devices, and each legitimate certificate corresponds to at least one authenticated legitimate wireless communication device. Further, this method compares the application certificate with each legitimate certificate in the list to complete the authentication. Specifically, if the application certificate to be tested is present in the list of legitimate certificates, it proves that the wireless communication device corresponding to this application certificate has been registered on the cloud device side beforehand and is a secure device. Alternatively, if the application certificate is not present in the list of legitimate certificates, it proves that this wireless communication device has not been registered or has been maliciously tampered with, and the device security cannot be guaranteed. Therefore, the use of this wireless communication device for encrypted transmission of business data between the terminal device and the cloud device is rejected.
[0145] Cloud devices can obtain a list of legitimate certificates stored in the digital security service platform through a third-party platform; and authenticate the applied certificate based on the list of legitimate certificates.
[0146] In some implementations, the method further includes:
[0147] If the certificate application is verified as valid, the cloud device identity identifier is output to the wireless communication device so that the wireless communication device can authenticate the cloud device using the cloud device identity identifier; and a communication key is generated based on the certificate application.
[0148] This method can achieve two-way authentication between cloud devices and wireless communication devices based on identity identifiers. Specifically, when the certificate validity verification result is successful, the cloud device's identity identifier is output to the wireless communication device, so that the wireless communication device can authenticate the cloud device's identity through the online store's identity identifier.
[0149] If the validity verification result of the certificate application is successful, the cloud device can output the cloud device identity identifier to the wireless communication device, so that the wireless communication device can authenticate the cloud device through the cloud device identity identifier; and generate a communication key based on the certificate application.
[0150] Specifically, after the wireless communication device authenticates the identity of the cloud device, if the authentication result is successful, the digital security service platform performs a certificate or key negotiation operation with the cloud device so that the cloud device can perform encrypted communication based on the certificate or key obtained after the negotiation operation.
[0151] Reference Figure 2 In some specific implementations, the cloud device can establish a communication connection between the wireless communication device and the cloud device by outputting a gateway address after the hardware and identity of the terminal device have been verified through a built-in third-party platform. Furthermore, a digital security service platform can be invoked through the third-party platform or gateway to achieve two-way authentication between the digital security service platform and the wireless communication device. Upon successful re-verification, an encryption key required for the communication process is negotiated and generated, thereby enabling encrypted communication between the cloud device and the terminal device.
[0152] Reference Figure 6 This application also provides a secure communication device based on an eSIM card, applied to cloud devices, characterized in that it includes:
[0153] The second gateway access module 21 is used to obtain the gateway access request initiated by the wireless communication device and output the gateway address to the wireless communication device.
[0154] The identity authentication module 22 is used to authenticate the identity of wireless communication devices;
[0155] The encrypted communication module 23 is used to generate a communication key when the authentication result of the wireless communication device is successful, so as to realize encrypted communication between the terminal device and the cloud device based on the communication key.
[0156] This device can realize the access process between the wireless communication device and the gateway through the second gateway access module 21, and output the gateway address to the wireless communication device so that the wireless communication device can choose whether to access the gateway based on the detection result of the gateway address. Furthermore, through the identity authentication module 22, this device can authenticate the identity of the wireless communication device accessing the gateway to ensure that the accessed wireless communication device can be used securely. Furthermore, through the encrypted communication module 23, it can negotiate and generate a communication key with the authenticated secure wireless communication device, so that the cloud device can realize encrypted communication with the terminal device through the communication key and the wireless communication device.
[0157] Reference Figure 7 This application also provides a secure communication device based on an eSIM card, applied to cloud devices, including:
[0158] Processor 24, and
[0159] The memory 25 is communicatively connected to the processor 24, wherein
[0160] The memory 25 stores instructions that the processor 24 can execute to implement an eSIM-based communication method for cloud devices.
[0161] Through processor 24, this application can execute instructions stored in memory 25, thereby implementing a communication method applicable to cloud devices. The effects achievable by executing the communication method provided in this application have been discussed in detail above and will not be repeated here.
[0162] Reference Figure 8 This application also provides a secure communication system based on an eSIM card, comprising: a terminal device 100, a wireless communication device 200, and a cloud device 300, wherein...
[0163] Terminal device 100 is used to store and output device information to wireless communication device 200; wherein, device information includes device authentication information; and is also used to communicate with cloud device 30 through wireless communication device 2000;
[0164] The wireless communication device 200 includes an eSIM card 210 and a communication control platform 220; used to implement the above-described eSIM card-based communication method applied to the wireless communication device 200.
[0165] The cloud device 300 is used to implement the above-mentioned communication method based on the eSIM card applied to the cloud device 300.
[0166] The secure communication system provided in this application can provide device information to the wireless communication device 200 through the terminal device 100, and provide service data. The wireless communication device 200 then enables encrypted transmission of service data to the network side, as well as encrypted data retrieval. The effects achievable by the terminal device 100 and the wireless communication device 200 have been discussed above and will not be repeated here.
[0167] Specifically, the wireless communication device 200 can install power security applications, which may include secure boot, identity verification, access control, certificate and key management, standard encryption and decryption, secure storage, and extended applications. The communication control platform 220 can obtain the corresponding functions of different power security applications by calling them.
[0168] Reference Figure 4 Specifically, the cloud device 300 may further include a digital security service platform, a third-party platform, a gateway, and an encryption device. The digital security service platform communicates with both the encryption device and the gateway, while the third-party platform communicates with the gateway. The digital security service platform controls the encryption device to generate an application certificate and outputs the application certificate to the gateway. The third-party platform authenticates the wireless communication device 200 through the gateway based on the application certificate and generates a communication key if the authentication result is successful. The gateway enables communication interaction between the cloud device 30 and the communication module and implements encrypted communication between the terminal device 100 and the network based on the communication key.
[0169] This application also provides a computer-readable storage medium storing computer-executable instructions. By executing the computer-executable instructions, a computer can implement a communication method based on an eSIM card applied to a wireless communication device, or implement a communication method based on an eSIM card applied to a cloud device.
[0170] In the description of this specification, the references to terms such as "one embodiment," "some embodiments," "illustrative embodiment," "example," "specific example," or "some examples," etc., indicate that a specific feature, structure, material, or characteristic described in connection with an embodiment or example is included in at least one embodiment or example of this application. In this specification, the illustrative expressions of the above terms do not necessarily refer to the same embodiment or example. Furthermore, the specific features, structures, materials, or characteristics described may be combined in any suitable manner in one or more embodiments or examples.
[0171] Any process or method description in the flowchart or otherwise herein can be understood as representing a module, segment, or portion of code comprising one or more steps for implementing a particular logical function or process, and the scope of the preferred embodiments of this application includes additional implementations in which functions may be performed not in the order shown or discussed, including substantially simultaneously or in reverse order depending on the function involved, as should be understood by those skilled in the art to which embodiments of this application pertain.
Claims
1. A communication method based on an eSIM card, applied to a wireless communication device, characterized in that, The wireless communication device includes an eSIM card and a communication control platform, and the method includes: After the terminal device is powered on, the device verification information of the terminal device and the device binding information pre-stored in the eSIM card are obtained. The device binding information is obtained by obtaining the ID written to the terminal device, the IMEI of the wireless communication device and the EID of the eSIM card, and binding them. The terminal device is authenticated based on the device binding information and the device verification information; The terminal device is hardware verified based on the hardware fingerprint information pre-stored in the eSIM card, which also contains a list of legitimate gateways. If the authentication and hardware verification results are both successful, the list of legitimate gateways is invoked, and a gateway access request is initiated. Obtain the gateway address of the gateway to be connected, and verify the gateway address according to the list of valid gateways; If the gateway address exists in the list of legitimate gateways, the wireless communication device is connected to the gateway, and the cloud device is authenticated through the wireless communication device. If the authentication result of the cloud device is successful, a communication key is generated to enable encrypted communication between the terminal device and the cloud device.
2. The communication method according to claim 1, characterized in that, The method further includes: The power safety application is installed on the eSIM card, and the eSIM card's working state is adjusted to an activated state; wherein, the communication control platform can obtain the terminal device's device information through the power safety application on the activated eSIM card; the device information includes the device verification information.
3. The communication method according to claim 1, characterized in that, The method further includes: Send a certificate request to the cloud device to obtain the requested certificate; The application certificate is stored in the eSIM card so that the wireless communication device can authenticate the cloud device using the application certificate.
4. The communication method according to claim 1, characterized in that, Before obtaining the device verification information of the terminal device and the device binding information pre-stored in the eSIM card after the terminal device is powered on, the method further includes: Detect the storage status of device binding information in the eSIM card; If the device binding information is not detected in the eSIM card, preset binding information is obtained and stored in the eSIM card as the device binding information.
5. A communication device based on an eSIM card, applied to wireless communication equipment, characterized in that, include: The information acquisition module is used to acquire the device verification information of the terminal device and the device binding information pre-stored in the eSIM card after the terminal device is powered on. The device binding information is obtained by acquiring the ID written to the terminal device, the IMEI of the wireless communication device and the EID of the eSIM card, and binding them. The first verification module is used to authenticate the terminal device based on the device binding information and the device verification information; The second verification module is used to perform hardware verification on the terminal device based on the hardware fingerprint information pre-stored in the eSIM card. The eSIM card also pre-stores a list of legitimate gateways. The first gateway access module is used to call the list of legitimate gateways and initiate a gateway access application when the authentication and hardware verification results are both successful. Obtain the gateway address of the gateway to be connected, and verify the gateway address according to the list of valid gateways; If the gateway address exists in the list of legitimate gateways, the wireless communication device is connected to the gateway, and the cloud device is authenticated through the wireless communication device. If the authentication result of the cloud device is successful, a communication key is generated to enable encrypted communication between the terminal device and the cloud device.
6. A communication device based on an eSIM card, applied to wireless communication devices, characterized in that, include: processor, and The memory communicatively connected to the processor, wherein The memory stores instructions that the processor can execute to implement the eSIM-based communication method as described in any one of claims 1 to 4.
7. A communication method based on an eSIM card, applied to cloud devices, characterized in that, include: The system acquires a gateway access request initiated by a wireless communication device and outputs a gateway address to the wireless communication device. The wireless communication device includes an eSIM card and a communication control platform. If the authentication and hardware verification results of the terminal device are successful, the wireless communication device connects to the gateway through the communication control platform. The authentication is performed based on the device verification information of the terminal device and the device binding information pre-stored in the eSIM card. The device binding information is obtained by acquiring and binding the ID of the terminal device, the IMEI of the wireless communication device, and the EID of the eSIM card. The hardware verification is performed based on the hardware fingerprint information pre-stored in the eSIM card. The eSIM card also pre-stores a list of legitimate gateways. The wireless communication device is authenticated. If the authentication result of the wireless communication device is successful, a communication key is generated to enable encrypted communication between the terminal device and the cloud device. Specifically, if the authentication and hardware verification results are successful, the wireless communication device calls the list of legitimate gateways and initiates a gateway access request to obtain the gateway address of the gateway to be accessed. The device then verifies the gateway address against the list of legitimate gateways. If the gateway address exists in the list, the wireless communication device is connected to the gateway, and the cloud device is authenticated through the wireless communication device. If the authentication result of the cloud device is successful, a communication key is generated to enable encrypted communication between the terminal device and the cloud device.
8. The communication method according to claim 7, characterized in that, The cloud device includes a third-party platform, and the authentication of the wireless communication device includes: The application certificate stored in the eSIM card within the wireless communication device is obtained through the third-party platform; The validity of the applied certificate is verified.
9. The communication method according to claim 8, characterized in that, The authentication of the legality of the application certificate includes: Obtain the list of legitimate certificates stored in the digital security service platform through a third-party platform; The application certificate is authenticated based on the list of valid certificates.
10. The communication method according to claim 8, characterized in that, The method further includes: If the validity of the application certificate is verified as passed, the cloud device identity identifier is output to the wireless communication device so that the wireless communication device can authenticate the cloud device through the cloud device identity identifier; and a communication key is generated based on the application certificate.
11. A secure communication device based on an eSIM card, applied to cloud devices, characterized in that, include: The second gateway access module is used to obtain a gateway access request initiated by a wireless communication device and output a gateway address to the wireless communication device. The wireless communication device includes an eSIM card and a communication control platform. When the authentication and hardware verification results of the terminal device are successful, the wireless communication device connects to the gateway through the communication control platform. The authentication is based on the device verification information of the terminal device and the device binding information pre-stored in the eSIM card. The device binding information is obtained by obtaining and binding the ID written to the terminal device, the IMEI of the wireless communication device, and the EID of the eSIM card. The hardware verification is based on the hardware fingerprint information pre-stored in the eSIM card. The eSIM card also pre-stores a list of legitimate gateways. An identity authentication module is used to authenticate the identity of the wireless communication device; An encrypted communication module is used to generate a communication key when the authentication result of the wireless communication device is successful, so as to realize encrypted communication between the terminal device and the cloud device according to the communication key. Specifically, when the authentication result and the hardware authentication result are successful, the wireless communication device calls a list of legitimate gateways and initiates a gateway access request to obtain the gateway address of the gateway to be accessed. It then verifies the gateway address according to the list of legitimate gateways. If the gateway address exists in the list of legitimate gateways, the wireless communication device is connected to the gateway, and the cloud device is authenticated through the wireless communication device. When the authentication result of the cloud device is successful, a communication key is generated to realize encrypted communication between the terminal device and the cloud device.
12. A secure communication device based on an eSIM card, applied to cloud devices, characterized in that, include: processor, and The memory communicatively connected to the processor, wherein The memory stores instructions that the processor can execute to implement the eSIM-based communication method as described in any one of claims 7 to 10.
13. A secure communication system based on an eSIM card, characterized in that, include: Terminal devices, wireless communication devices, and cloud devices, among which, The terminal device is used to store and output device information to the wireless communication device; wherein, the device information includes device verification information; and is also used to communicate with the cloud device through the wireless communication device. The wireless communication device includes an eSIM card and a communication control platform; it is used to implement the eSIM card-based communication method according to any one of claims 1 to 4. The cloud device is used to implement the eSIM-based communication method according to any one of claims 7 to 10.
14. A computer-readable storage medium, characterized in that, The computer-readable storage medium stores computer-executable instructions, which enable a computer to implement the eSIM-based communication method according to any one of claims 1 to 4, or the eSIM-based communication method according to any one of claims 7 to 10, by executing the computer-executable instructions.