×

Network supporting two-factor authentication for modules with embedded universal integrated circuit cards

  • US 10,362,012 B2
  • Filed: 05/23/2016
  • Issued: 07/23/2019
  • Est. Priority Date: 11/19/2013
  • Status: Active Grant
First Claim
Patent Images

1. A method for securely distributing a profile from a subscription manager system to an embedded universal integrated circuit card comprising the steps of:

  • (a) recording, in memory operatively connected to the subscription manager system, a digital signature algorithm comprising an elliptic curve digital signature algorithm;

    (b) recording, by the memory operatively connected to the subscription manager system, a profile for the embedded universal integrated circuit card comprising;

    (i) a key K; and

    (ii) a network module identity,wherein the profile has been encrypted using a first key that is a symmetric key;

    (c) recording, by the memory operatively connected to the subscription manager system,(i) a profile ciphering algorithm to cipher the profile into a ciphered profile for the embedded universal integrated circuit card, and(ii) ciphering parameters to be used by the profile ciphering algorithm, wherein the ciphering parameters comprisean Advanced Encryption Standard ciphering algorithm;

    (d) authenticating, by the subscription manager system, the embedded universal integrated circuit card, by performing the steps of;

    (i) receiving, by the subscription manager system from the embedded universal integrated circuit card, a first message comprising an eUICC identity associated with the embedded universal integrated circuit card;

    (ii) receiving, by the subscription manager system from the embedded universal integrated circuit card, a second message comprising a first digital signature generated by the embedded universal integrated circuit card using the same digital signature algorithm as stored in the memory operatively connected to the subscription manager; and

    (iii) authenticating, by the subscription manager system, the embedded universal integrated circuit card by confirming;

    (A) the eUICC identity corresponds to the embedded universal integrated circuit card; and

    (B) the first digital signature which was signed by the embedded universal integrated circuit card using the digital signature algorithm;

    (e) authenticating the subscription manager system with the embedded universal integrated circuit, by performing the steps of;

    (i) generating, by the subscription manager system, a third message including a second digital signature, generated by the subscription manager using the digital signature algorithm; and

    (ii) sending, from the subscription manager system to the embedded universal integrated circuit card, the third message;

    (f) receiving, by the subscription manager system from the embedded universal integrated circuit card a fourth message comprising;

    (i) an eUICC public key corresponding to an eUICC private key stored at the embedded universal integrated circuit card; and

    (ii) a third digital signature which was generated by the embedded universal integrated circuit card using the same digital signature algorithm as stored in the memory operatively connected to the subscription manager;

    (g) confirming, by the subscription manager system, that the third digital signature was signed by the embedded universal integrated circuit card using the digital signature algorithm;

    (h) generating, by the subscription manager system, an eUICC subscription manager public key and a corresponding eUICC subscription manager private key, using elliptic curve cryptography;

    (i) generating, by the subscription manager system, a second key that is a mutually derived shared key using Elliptical Curve Diffie-Heilman based on at least;

    (i) the eUICC public key; and

    (ii) the eUICC subscription manager private key;

    wherein the mutually derived shared key is configured to be derived by the embedded universal integrated circuit card based on at least;

    (A) the eUICC private key associated with the eUICC public key; and

    (B) the eUICC subscription manager public key associated with the eUICC subscription manager private key;

    (j) generating, by the subscription manager system, a third key that is a profile key using the second key that is the mutually derived shared key;

    (k) encrypting, by the subscription manager system, the profile using;

    (i) the profile ciphering algorithm; and

    (ii) the third key that is the profile key;

    (l) authenticating, by the subscription manager system, a user associated with the embedded universal integrated circuit card;

    (m) sending, by the subscription manager system to the embedded universal integrated circuit card, the symmetric key, after the user associated with the embedded universal integrated circuit card is authenticated;

    (n) sending, from the subscription manager system to the embedded universal integrated circuit card, the encrypted profile.

View all claims
  • 4 Assignments
Timeline View
Assignment View
    ×
    ×