×

Network supporting two-factor authentication for modules with embedded universal integrated circuit cards

  • US 10,594,679 B2
  • Filed: 02/08/2019
  • Issued: 03/17/2020
  • Est. Priority Date: 11/19/2013
  • Status: Active Grant
0
Associated Cases
0
Associated Defendants
0
Product Citations
0
Petitions
0
Forward Citations
3
Assignments
First Claim
Patent Images

1. A computer system comprising:

  • (a) one or more processors; and

    (b) one or more non-transitory computer-readable media operatively connected to the one or more processors and having stored thereon instructions that, when executed by the one or more processors, cause the computer system to perform a method of securely distributing a profile from a subscription manager system to an embedded universal integrated circuit card, the method comprising steps of;

    (1) recording, by the computer system in memory operatively connected to the subscription manager system, a digital signature algorithm comprising an elliptic curve digital signature algorithm;

    (2) recording, by the computer system in the memory operatively connected to the subscription manager system, a profile for the embedded universal integrated circuit card comprising;

    (A) a key K; and

    (B) a network module identity,wherein the profile has been encrypted using a first key that is a symmetric key;

    (3) recording, by the computer system in the memory operatively connected to the subscription manager system,(A) a profile ciphering algorithm to cipher the profile into a ciphered profile for the embedded universal integrated circuit card, and(B) ciphering parameters to be used by the profile ciphering algorithm, wherein the ciphering parameters comprise an Advanced Encryption Standard ciphering algorithm;

    (4) authenticating, by the computer system using the subscription manager system, the embedded universal integrated circuit card, by performing steps of;

    (A) receiving, by the computer system using the subscription manager system from the embedded universal integrated circuit card, a first message comprising an eUICC identity associated with the embedded universal integrated circuit card;

    (B) receiving, by the computer system using the subscription manager system from the embedded universal integrated circuit card, a second message comprising a first digital signature generated by the embedded universal integrated circuit card using the same digital signature algorithm as stored in the memory operatively connected to the subscription manager; and

    (C) authenticating, by the computer system using the subscription manager system, the embedded universal integrated circuit card by confirming;

    (i) the eUICC identity which corresponds to the embedded universal integrated circuit card; and

    (ii) the first digital signature which was signed by the embedded universal integrated circuit card using the digital signature algorithm;

    (5) authenticating, by the computer system, the subscription manager system with the embedded universal integrated circuit by performing steps of;

    (A) generating, by the computer system using the subscription manager system, a third message including a second digital signature, generated by the subscription manager using the digital signature algorithm; and

    (B) sending, by the computer system from the subscription manager system to the embedded universal integrated circuit card, the third message;

    (6) receiving, by the computer system using the subscription manager system from the embedded universal integrated circuit card a fourth message comprising;

    (A) an eUICC public key corresponding to an eUICC private key stored at the embedded universal integrated circuit card; and

    (B) a third digital signature which was generated by the embedded universal integrated circuit card using the same digital signature algorithm as stored in the memory operatively connected to the subscription manager;

    (7) confirming, by the computer system using the subscription manager system, that the third digital signature was signed by the embedded universal integrated circuit card using the digital signature algorithm;

    (8) generating, by the computer system using the subscription manager system, an eUICC subscription manager public key and a corresponding eUICC subscription manager private key, using elliptic curve cryptography;

    (9) generating, by the computer system using the subscription manager system, a second key that is a mutually derived shared key using Elliptical Curve Diffie-Hellman based on at least;

    (A) the eUICC public key; and

    (B) the eUICC subscription manager private key;

    wherein the mutually derived shared key is configured to be derived by the embedded universal integrated circuit card based on at least;

    (i) the eUICC private key associated with the eUICC public key; and

    (ii) the eUICC subscription manager public key associated with the eUICC subscription manager private key;

    (10) generating, by the computer system using the subscription manager system, a third key that is a profile key using the second key that is the mutually derived shared key;

    (11) encrypting, by the computer system using the subscription manager system, the profile using;

    (A) the profile ciphering algorithm; and

    (B) the third key that is the profile key;

    (12) authenticating, by the computer system using the subscription manager system, a user associated with the embedded universal integrated circuit card;

    (13) sending, by the computer system using the subscription manager system to the embedded universal integrated circuit card, the symmetric key, after the user associated with the embedded universal integrated circuit card is authenticated; and

    (14) sending, by the computer system from the subscription manager system to the embedded universal integrated circuit card, the encrypted profile.

View all claims
  • 3 Assignments
Timeline View
Assignment View
    ×
    ×