Embedded universal integrated circuit card supporting two-factor authentication
First Claim
1. A method for a module comprising a network application and an embedded universal integrated circuit card to receive a profile for use with the embedded universal integrated circuit card, the method comprising:
- (a) sending, from the module via the network application to a subscription manager system, a first message comprising;
(i) an identity for the embedded universal integrated circuit card;
(ii) a nonce; and
(iii) a first digital signature, generated using a first eUICC private key, wherein the first eUICC private key corresponds to a first eUICC public key;
(b) deriving a second eUICC private key and a corresponding second eUICC public key using a first random number generator and a first set of cryptographic algorithms;
(c) recording, by the module, a subscription manager public key which corresponds to a subscription manager private key;
(d) deriving, by the module, a profile key using a key exchange algorithm based on at least;
(i) the second eUICC private key, and(ii) the recorded subscription manager public key,wherein the profile key can also be derived at the subscription manager system based at least on;
(i) the second eUICC public key, and(ii) the subscription manager private key;
(e) receiving, at the module by the network application, an encrypted profile comprising a ciphertext including a key K encrypted with a symmetric key;
(f) receiving at the module for use by the embedded universal integrated circuit card, the symmetric key;
(g) decrypting, by the embedded universal integrated circuit card, the ciphertext using the symmetric key;
(h) decrypting, by the embedded universal integrated circuit card, the encrypted profile using the profile key; and
(i) recording, by the embedded universal integrated circuit card, the decrypted profile for use in future communications.
3 Assignments
0 Petitions
Accused Products
Abstract
A module with an embedded universal integrated circuit card (eUICC) can include a profile for the eUICC. The profile can include a first and second shared secret key K for authenticating with a wireless network. The first shared secret key K can be encrypted with a first key, and the second shared secret key K can be encrypted with a second key. The module can (i) receive the first key, (ii) decrypt the first shared secret key K with the first key, and (iii) subsequently authenticate with the wireless network using the plaintext first shared secret key K. The wireless network can authenticate the user of the module using a second factor. The module can then (i) receive the second key, (ii) decrypt the second shared secret key K, and (iii) authenticate with the wireless network using the second shared secret key K. The module can comprise a mobile phone.
191 Citations
10 Claims
-
1. A method for a module comprising a network application and an embedded universal integrated circuit card to receive a profile for use with the embedded universal integrated circuit card, the method comprising:
-
(a) sending, from the module via the network application to a subscription manager system, a first message comprising; (i) an identity for the embedded universal integrated circuit card; (ii) a nonce; and (iii) a first digital signature, generated using a first eUICC private key, wherein the first eUICC private key corresponds to a first eUICC public key; (b) deriving a second eUICC private key and a corresponding second eUICC public key using a first random number generator and a first set of cryptographic algorithms; (c) recording, by the module, a subscription manager public key which corresponds to a subscription manager private key; (d) deriving, by the module, a profile key using a key exchange algorithm based on at least; (i) the second eUICC private key, and (ii) the recorded subscription manager public key, wherein the profile key can also be derived at the subscription manager system based at least on; (i) the second eUICC public key, and (ii) the subscription manager private key; (e) receiving, at the module by the network application, an encrypted profile comprising a ciphertext including a key K encrypted with a symmetric key; (f) receiving at the module for use by the embedded universal integrated circuit card, the symmetric key; (g) decrypting, by the embedded universal integrated circuit card, the ciphertext using the symmetric key; (h) decrypting, by the embedded universal integrated circuit card, the encrypted profile using the profile key; and (i) recording, by the embedded universal integrated circuit card, the decrypted profile for use in future communications. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
Specification