Embedded universal integrated circuit card supporting two-factor authentication
First Claim
Patent Images
1. A method for a module comprising a network application and an embedded universal integrated circuit card to receive a profile for use with the embedded universal integrated circuit card, the method comprising:
- (a) sending, from the module via the network application to a subscription manager system, a first message comprising;
(i) an identity for the embedded universal integrated circuit card;
(ii) a nonce; and
(iii) a first digital signature, generated using a first eUICC private key, wherein the first eUICC private key corresponds to a first eUICC public key;
(b) deriving a second eUICC private key and a corresponding second eUICC public key using a first random number generator and a first set of cryptographic algorithms;
(c) recording, by the module, a subscription manager public key which corresponds to a subscription manager private key;
(d) deriving, by the module, a profile key using a key exchange algorithm based on at least;
(i) the second eUICC private key, and(ii) the recorded subscription manager public key,wherein the profile key can also be derived at the subscription manager system based at least on;
(i) the second eUICC public key, and(ii) the subscription manager private key;
(e) receiving, at the module by the network application, an encrypted profile comprising a ciphertext including a key K encrypted with a symmetric key;
(f) receiving at the module for use by the embedded universal integrated circuit card, the symmetric key;
(g) decrypting, by the embedded universal integrated circuit card, the ciphertext using the symmetric key;
(h) decrypting, by the embedded universal integrated circuit card, the encrypted profile using the profile key; and
(i) recording, by the embedded universal integrated circuit card, the decrypted profile for use in future communications.
3 Assignments
0 Petitions
Accused Products
Abstract
A module with an embedded universal integrated circuit card (eUICC) can include a profile for the eUICC. The profile can include a first and second shared secret key K for authenticating with a wireless network. The first shared secret key K can be encrypted with a first key, and the second shared secret key K can be encrypted with a second key. The module can (i) receive the first key, (ii) decrypt the first shared secret key K with the first key, and (iii) subsequently authenticate with the wireless network using the plaintext first shared secret key K. The wireless network can authenticate the user of the module using a second factor. The module can then (i) receive the second key, (ii) decrypt the second shared secret key K, and (iii) authenticate with the wireless network using the second shared secret key K. The module can comprise a mobile phone.
191 Citations
10 Claims
-
1. A method for a module comprising a network application and an embedded universal integrated circuit card to receive a profile for use with the embedded universal integrated circuit card, the method comprising:
-
(a) sending, from the module via the network application to a subscription manager system, a first message comprising; (i) an identity for the embedded universal integrated circuit card; (ii) a nonce; and (iii) a first digital signature, generated using a first eUICC private key, wherein the first eUICC private key corresponds to a first eUICC public key; (b) deriving a second eUICC private key and a corresponding second eUICC public key using a first random number generator and a first set of cryptographic algorithms; (c) recording, by the module, a subscription manager public key which corresponds to a subscription manager private key; (d) deriving, by the module, a profile key using a key exchange algorithm based on at least; (i) the second eUICC private key, and (ii) the recorded subscription manager public key, wherein the profile key can also be derived at the subscription manager system based at least on; (i) the second eUICC public key, and (ii) the subscription manager private key; (e) receiving, at the module by the network application, an encrypted profile comprising a ciphertext including a key K encrypted with a symmetric key; (f) receiving at the module for use by the embedded universal integrated circuit card, the symmetric key; (g) decrypting, by the embedded universal integrated circuit card, the ciphertext using the symmetric key; (h) decrypting, by the embedded universal integrated circuit card, the encrypted profile using the profile key; and (i) recording, by the embedded universal integrated circuit card, the decrypted profile for use in future communications. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeJohn A. Nix
-
Original AssigneeNetwork-1 Technologies, Inc.
-
InventorsNix, John A.
-
Primary Examiner(s)Najjar, Saleh
-
Assistant Examiner(s)Teng, Louis C
-
Application NumberUS15/928,848Publication NumberTime in Patent Office187 DaysField of SearchUS Class CurrentCPC Class CodesH04B 1/3816 Mechanical arrangements for...H04L 2209/80 Wireless network architectu...H04L 63/0428 wherein the data content is...H04L 63/0435 wherein the sending and rec...H04L 63/06 for supporting key manageme...H04L 63/062 for key distribution, e.g. ...H04L 63/08 for authentication of entit...H04L 63/101 Access control lists [ACL]H04L 67/12 specially adapted for propr...H04L 9/0819 Key transport or distributi...H04L 9/0869 involving random numbers or...H04L 9/3271 using challenge-responseH04W 12/03 Protecting confidentiality,...H04W 12/06 AuthenticationH04W 12/35 Protecting application or s...H04W 12/40 Security arrangements using...H04W 4/70 Services for machine-to-mac...H04W 8/18 Processing of user or subsc...
