Network supporting two-factor authentication for modules with embedded universal integrated circuit cards
First Claim
Patent Images
1. A method for securely distributing a profile from a subscription manager system to an embedded universal integrated circuit card comprising the steps of:
- (a) recording, in memory operatively connected to the subscription manager system, a digital signature algorithm comprising an elliptic curve digital signature algorithm;
(b) recording, by the memory operatively connected to the subscription manager system, a profile for the embedded universal integrated circuit card comprising;
(i) a key K; and
(ii) a network module identity,wherein the profile has been encrypted using a first key that is a symmetric key;
(c) recording, by the memory operatively connected to the subscription manager system,(i) a profile ciphering algorithm to cipher the profile into a ciphered profile for the embedded universal integrated circuit card, and(ii) ciphering parameters to be used by the profile ciphering algorithm, wherein the ciphering parameters comprisean Advanced Encryption Standard ciphering algorithm;
(d) authenticating, by the subscription manager system, the embedded universal integrated circuit card, by performing the steps of;
(i) receiving, by the subscription manager system from the embedded universal integrated circuit card, a first message comprising an eUICC identity associated with the embedded universal integrated circuit card;
(ii) receiving, by the subscription manager system from the embedded universal integrated circuit card, a second message comprising a first digital signature generated by the embedded universal integrated circuit card using the same digital signature algorithm as stored in the memory operatively connected to the subscription manager; and
(iii) authenticating, by the subscription manager system, the embedded universal integrated circuit card by confirming;
(A) the eUICC identity corresponds to the embedded universal integrated circuit card; and
(B) the first digital signature which was signed by the embedded universal integrated circuit card using the digital signature algorithm;
(e) authenticating the subscription manager system with the embedded universal integrated circuit, by performing the steps of;
(i) generating, by the subscription manager system, a third message including a second digital signature, generated by the subscription manager using the digital signature algorithm; and
(ii) sending, from the subscription manager system to the embedded universal integrated circuit card, the third message;
(f) receiving, by the subscription manager system from the embedded universal integrated circuit card a fourth message comprising;
(i) an eUICC public key corresponding to an eUICC private key stored at the embedded universal integrated circuit card; and
(ii) a third digital signature which was generated by the embedded universal integrated circuit card using the same digital signature algorithm as stored in the memory operatively connected to the subscription manager;
(g) confirming, by the subscription manager system, that the third digital signature was signed by the embedded universal integrated circuit card using the digital signature algorithm;
(h) generating, by the subscription manager system, an eUICC subscription manager public key and a corresponding eUICC subscription manager private key, using elliptic curve cryptography;
(i) generating, by the subscription manager system, a second key that is a mutually derived shared key using Elliptical Curve Diffie-Heilman based on at least;
(i) the eUICC public key; and
(ii) the eUICC subscription manager private key;
wherein the mutually derived shared key is configured to be derived by the embedded universal integrated circuit card based on at least;
(A) the eUICC private key associated with the eUICC public key; and
(B) the eUICC subscription manager public key associated with the eUICC subscription manager private key;
(j) generating, by the subscription manager system, a third key that is a profile key using the second key that is the mutually derived shared key;
(k) encrypting, by the subscription manager system, the profile using;
(i) the profile ciphering algorithm; and
(ii) the third key that is the profile key;
(l) authenticating, by the subscription manager system, a user associated with the embedded universal integrated circuit card;
(m) sending, by the subscription manager system to the embedded universal integrated circuit card, the symmetric key, after the user associated with the embedded universal integrated circuit card is authenticated;
(n) sending, from the subscription manager system to the embedded universal integrated circuit card, the encrypted profile.
4 Assignments
0 Petitions
Accused Products
Abstract
A network with a set of servers can support authentication from a module, where the module includes an embedded universal integrated circuit card (eUICC). The network can send a first network module identity, a first key K, and an encrypted second key K for an eUICC profile to an eUICC subscription manager. The second key K can be encrypted with a symmetric key. The module can receive and activate the eUICC profile, and the network can authenticate the module using the first network module identity and the first key K. The network can (i) authenticate the user of the module using a second factor, and then (ii) send the symmetric key to the module. The module can decrypt the encrypted second key K using the symmetric key. The network can authenticate the module using the second key K. The module can comprise a mobile phone.
-
Citations
8 Claims
-
1. A method for securely distributing a profile from a subscription manager system to an embedded universal integrated circuit card comprising the steps of:
-
(a) recording, in memory operatively connected to the subscription manager system, a digital signature algorithm comprising an elliptic curve digital signature algorithm; (b) recording, by the memory operatively connected to the subscription manager system, a profile for the embedded universal integrated circuit card comprising; (i) a key K; and (ii) a network module identity, wherein the profile has been encrypted using a first key that is a symmetric key; (c) recording, by the memory operatively connected to the subscription manager system, (i) a profile ciphering algorithm to cipher the profile into a ciphered profile for the embedded universal integrated circuit card, and (ii) ciphering parameters to be used by the profile ciphering algorithm, wherein the ciphering parameters comprise an Advanced Encryption Standard ciphering algorithm; (d) authenticating, by the subscription manager system, the embedded universal integrated circuit card, by performing the steps of; (i) receiving, by the subscription manager system from the embedded universal integrated circuit card, a first message comprising an eUICC identity associated with the embedded universal integrated circuit card; (ii) receiving, by the subscription manager system from the embedded universal integrated circuit card, a second message comprising a first digital signature generated by the embedded universal integrated circuit card using the same digital signature algorithm as stored in the memory operatively connected to the subscription manager; and (iii) authenticating, by the subscription manager system, the embedded universal integrated circuit card by confirming; (A) the eUICC identity corresponds to the embedded universal integrated circuit card; and (B) the first digital signature which was signed by the embedded universal integrated circuit card using the digital signature algorithm; (e) authenticating the subscription manager system with the embedded universal integrated circuit, by performing the steps of; (i) generating, by the subscription manager system, a third message including a second digital signature, generated by the subscription manager using the digital signature algorithm; and (ii) sending, from the subscription manager system to the embedded universal integrated circuit card, the third message; (f) receiving, by the subscription manager system from the embedded universal integrated circuit card a fourth message comprising; (i) an eUICC public key corresponding to an eUICC private key stored at the embedded universal integrated circuit card; and (ii) a third digital signature which was generated by the embedded universal integrated circuit card using the same digital signature algorithm as stored in the memory operatively connected to the subscription manager; (g) confirming, by the subscription manager system, that the third digital signature was signed by the embedded universal integrated circuit card using the digital signature algorithm; (h) generating, by the subscription manager system, an eUICC subscription manager public key and a corresponding eUICC subscription manager private key, using elliptic curve cryptography; (i) generating, by the subscription manager system, a second key that is a mutually derived shared key using Elliptical Curve Diffie-Heilman based on at least; (i) the eUICC public key; and (ii) the eUICC subscription manager private key; wherein the mutually derived shared key is configured to be derived by the embedded universal integrated circuit card based on at least; (A) the eUICC private key associated with the eUICC public key; and (B) the eUICC subscription manager public key associated with the eUICC subscription manager private key; (j) generating, by the subscription manager system, a third key that is a profile key using the second key that is the mutually derived shared key; (k) encrypting, by the subscription manager system, the profile using; (i) the profile ciphering algorithm; and (ii) the third key that is the profile key; (l) authenticating, by the subscription manager system, a user associated with the embedded universal integrated circuit card; (m) sending, by the subscription manager system to the embedded universal integrated circuit card, the symmetric key, after the user associated with the embedded universal integrated circuit card is authenticated; (n) sending, from the subscription manager system to the embedded universal integrated circuit card, the encrypted profile. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeJohn A. Nix
-
Original AssigneeNetwork-1 Technologies, Inc.
-
InventorsNix, John A.
-
Primary Examiner(s)Herzog, Madhuri R
-
Application NumberUS15/162,292Publication NumberTime in Patent Office1,156 DaysField of SearchNoneUS Class CurrentCPC Class CodesH04B 1/3816 Mechanical arrangements for...H04L 2209/80 WirelessH04L 63/0428 wherein the data content is...H04L 63/0435 wherein the sending and rec...H04L 63/06 for supporting key manageme...H04L 63/062 for key distribution, e.g. ...H04L 63/08 for authentication of entit...H04L 63/101 Access control lists [ACL]H04L 67/12 specially adapted for propr...H04L 9/0819 Key transport or distributi...H04L 9/0869 involving random numbers or...H04L 9/3271 using challenge-responseH04W 12/03 Protecting confidentiality,...H04W 12/06 AuthenticationH04W 12/35 Protecting application or s...H04W 12/40 Security arrangements using...H04W 4/70 Services for machine-to-mac...H04W 8/18 Processing of user or subsc...
