Methods and apparatus for establishing a secure communication channel
First Claim
1. A wireless device comprising:
- one or more antennas;
an embedded Universal Integrated Circuit Card (eUICC) communicatively coupled to the one or more antennas, the eUICC comprising a processor and a memory communicatively coupled to the processor and storing instructions that, when executed by the processor, cause the eUICC to perform operations comprising;
providing, to a server via the wireless device, a request to establish a secure connection with the server, wherein the server is associated with a long-term server public key (PKserver) and a long-term server private key (SKserver),providing to the server via the wireless device;
(i) a signature produced using a long-term eUICC public key (PKeUICC), and (ii) PKeUICC,authenticating the server using PKserver,generating, subsequent to the authenticating, an ephemeral eUICC public key (ePKeUICC) and an ephemeral eUICC private key (eSKeUICC),providing, to the server via the wireless device, a signed ePKeUICC that is signed using SKeUICC,receiving, from the server via the wireless device, an ephemeral server public key (ePKserver) that is signed using using SKserver,generating a shared symmetric key using eSKeUICC and ePKserver, andestablishing the secure connection with the server using the shared symmetric key.
0 Assignments
0 Petitions
Accused Products
Abstract
A method for establishing a secure communication channel between an off-card entity and an embedded Universal Integrated Circuit Card (eUICC) is provided. The method involves establishing symmetric keys that are ephemeral in scope. Specifically, an off-card entity, and each eUICC in a set of eUICCs managed by the off-card entity, possess long-term Public Key Infrastructure (PKI) information. When a secure communication channel is to be established between the off-card entity and an eUICC, the eUICC and the off-card entity can authenticate one another in accordance with the respectively-possessed PKI information (e.g., verifying public keys). After authentication, the off-card entity and the eUICC establish a shared session-based symmetric key for implementing the secure communication channel. Specifically, the shared session-based symmetric key is generated according to whether perfect or half forward security is desired. Once the shared session-based symmetric key is established, the off-card entity and the eUICC can securely communicate information.
24 Citations
20 Claims
-
1. A wireless device comprising:
-
one or more antennas; an embedded Universal Integrated Circuit Card (eUICC) communicatively coupled to the one or more antennas, the eUICC comprising a processor and a memory communicatively coupled to the processor and storing instructions that, when executed by the processor, cause the eUICC to perform operations comprising; providing, to a server via the wireless device, a request to establish a secure connection with the server, wherein the server is associated with a long-term server public key (PKserver) and a long-term server private key (SKserver), providing to the server via the wireless device;
(i) a signature produced using a long-term eUICC public key (PKeUICC), and (ii) PKeUICC,authenticating the server using PKserver, generating, subsequent to the authenticating, an ephemeral eUICC public key (ePKeUICC) and an ephemeral eUICC private key (eSKeUICC), providing, to the server via the wireless device, a signed ePKeUICC that is signed using SKeUICC, receiving, from the server via the wireless device, an ephemeral server public key (ePKserver) that is signed using using SKserver, generating a shared symmetric key using eSKeUICC and ePKserver, and establishing the secure connection with the server using the shared symmetric key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An apparatus configurable for operation in a wireless device, the apparatus comprising:
-
an embedded Universal Integrated Circuit Card (eUICC) comprising a processor and a memory communicatively coupled to the processor and storing instructions that, when executed by the processor, cause the eUICC to perform operations comprising; providing, to a server via the wireless device, a request to establish a secure connection with the server, wherein the server is associated with a long-term server public key (PKserver) and a long-term server private key (SKserver), providing to the server via the wireless device;
(i) a signature produced using a long-term eUICC public key (PKeUICC), and (ii) PKeUICC,authenticating the server using PKserver, generating, subsequent to the authenticating, an ephemeral eUICC public key (ePKeUICC) and an ephemeral eUICC private key (eSKeUICC), providing, to the server via the wireless device, a signed ePKeUICC that is signed using SKeUICC, receiving, from the server via the wireless device, an ephemeral server public key (ePKserver) that is signed using using SKserver, generating a shared symmetric key using eSKeUICC and ePKserver, and establishing the secure connection with the server using the shared symmetric key. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A method performed by an embedded Universal Integrated Circuit Card (eUICC) of a wireless device, the method comprising:
-
by the eUICC; providing, to a server via the wireless device, a request to establish a secure connection with the server, wherein the server is associated with a long-term server public key (PKserver) and a long-term server private key (SKserver), providing to the server via the wireless device;
(i) a signature produced using a long-term eUICC public key (PKeUICC), and (ii) PKeUICC,authenticating the server using PKserver, generating, subsequent to the authenticating, an ephemeral eUICC public key (ePKeUICC) and an ephemeral eUICC private key (eSKeUICC), providing, to the server via the wireless device, a signed ePKeUICC that is signed using SKeUICC, receiving, from the server via the wireless device, an ephemeral server public key (ePKserver) that is signed using using SKserver, generating a shared symmetric key using eSKeUICC and ePKserver, and establishing the secure connection with the server using the shared symmetric key. - View Dependent Claims (17, 18, 19, 20)
-
Specification