Remote management method, and device

What is claimed is: 1. A remote management method, comprising: receiving, by a subscription manager-data preparation (SM-DP+) server, a first identifier from a local profile assistant (LPA) in a user terminal; searching for, by the SM-DP+ server, a remote profile management command corresponding to the first identifier; generating, by the SM-DP+ server, a first digital signature according to the first identifier and the remote profile management command; sending, by the SM-DP+ server, the first digital signature and the remote profile management command to an embedded universal integrated circuit card (eUICC) using the LPA; receiving, by the SM-DP+ server a message from the LPA, wherein the message comprises the first identifier, a token, a digital certificate of a subscription manager-discovery service (SM-DS) server, and an address of the SM-DS server, and wherein the token is a digital signature generated by the SM-DS server according to at least the first identifier, an eUICC identifier, and the address of the SM-DS server; verifying, by the SM-DP+ server, the token; and responsive to successfully verifying the token, verifying, by the SM-DP+ server, (i) whether the address of the SM-DS server matches a first address of a first SM-DS server corresponding to the first identifier, and (ii) whether the eUICC identifier matches a first eUICC identifier corresponding to the first identifier. 2. The method of claim 1 , wherein after receiving the first identifier from the LPA, the method further comprises: checking, by the SM-DP+ server, whether the SM-DP+ server stores an event corresponding to the first identifier; and replacing, by the SM-DP+ server, an interaction identifier with the first identifier when the SM-DP+ server stores the event and the event comprises a remote profile management event, wherein searching for the remote profile management command comprises searching for, by the SM-DP+ server, the remote profile management command when the event comprises the remote profile management event. 3. The method of claim 1 , further comprising: receiving, by the SM-DP+ server, a second digital signature, a first digital certificate of the eUICC, and a second digital certificate of an eUICC manufacturer (EUM) from the eUICC using the LPA, the second digital signature being generated by the eUICC according to the first identifier; verifying, by the SM-DP+ server, the second digital certificate and the first digital certificate; verifying, by the SM-DP+ server, the second digital signature using the first identifier and a public key in the first digital certificate of the eUICC; and searching for, by the SM-DP+ server, the remote profile management command corresponding to the first identifier when verification on the first digital certificate, the second digital certificate, and the second digital signature all succeed. 4. The method of claim 1 , wherein after sending the first digital signature and the remote profile management command to the eUICC using the LPA, the method further comprises: receiving, by the SM-DP+ server, a first message from the LPA, wherein the first message comprises the first identifier and a second digital signature generated by the eUICC according to the first identifier; and sending, by the SM-DP+ server, a second message to SM-DS server, wherein the second message comprises the address of the SM-DP+ server, the eUICC identifier, and the first identifier, wherein the second message is to be used by the SM-DS server to delete the address of the SM-DP+, the eUICC identifier, and the first identifier after the eUICC executes the remote profile management command. 5. The method of claim 1 , further comprising: performing, by the SM-DP+ server, a hash operation on the first identifier and the remote profile management command to obtain a message digest; and generating, by the SM-DP+ server, a first digital signature by encrypting the message digest, wherein the SM-DP+ server generates the first digital signature according to the first identifier and the remote profile management command, wherein the SM-DP+ server encrypts the message digest using a private key of the SM-DP+ server. 6. The method of claim 5 , further comprising the eUICC decrypting the first digital signature to obtain a previous message digest. 7. The method of claim 6 , wherein the eUICC decrypts the first digital signature using a public key in a previously received digital certificate of the SM-DP+ server. 8. The method of claim 1 , further comprising: receiving, by the SM-DP+ server, a first message from the LPA, wherein the first message comprises the first identifier and a second digital signature generated by the eUICC according to the first identifier, and wherein the first message notifies the SM-DP+ server of a remote profile management result of the remote profile management command executed by the eUICC; and sending, by the SM-DP+ server, a second message to a subscription manager-discovery service (SM-DS) server in response to being notified of the remote profile management result, wherein the second message comprises an address of the SM-DP+ server, an eUICC identifier, and the first identifier, and wherein the second message instructs the SM-DS server to delete the address of the SM-DP+, the eUICC identifier, and the first identifier such that the remote profile management command can no longer be executed. 9. The method of claim 1 , further comprising determining, by the SM-DP+ server, that authentication on an identity of the eUICC succeeds when the address of the SM-DS server matches the first address and the eUICC identifier matches the first eUICC identifier. 10. A remote management method, comprising: receiving, by an embedded universal integrated circuit card (eUICC), a first identifier from a local profile assistant (LPA); receiving, by the eUICC, a message from the LPA, wherein the message includes at least a first digital signature, a remote profile management command, and a digital certificate of a subscription manager-data preparation (SM-DP+) server, wherein the first digital signature is generated by the SM-DP+ server according to at least a random number and the remote profile management command, and wherein the random number is generated by the eUICC; verifying, by the eUICC, the digital certificate of the SM-DP+ server; verifying, by the eUICC, the first digital signature by using at least the random number, a public key in the digital certificate of the SM-DP+ server, and the remote profile management command; and executing, by the eUICC, the remote profile management command only when the eUICC successfully verifies both the digital certificate of the SM-DP+ server and the first digital signature succeeds, wherein after receiving the first identifier from the LPA, the method further comprises: generating, by the eUICC, a second digital signature according to the first identifier; and sending, by the eUICC, the second digital signature, a digital certificate of the eUICC, and a second digital certificate of an eUICC manufacturer (EUM) to the SM-DP+ server using the LPA. 11. The method of claim 10 , wherein after verification performed by the eUICC on the first digital signature succeeds and before the eUICC executes the remote profile management command, the method further comprises: sending, by the eUICC, a first message requesting for a user confirmation to the LPA when the remote profile management command comprises a target command; and executing, by the eUICC, the remote profile management command after receiving an execution confirmation message from the LPA. 12. The method of claim 10 , wherein after executing the