METHOD AND ARRANGEMENT FOR PROVISIONING AND MANAGING A DEVICE
First Claim
1. A method of securely changing control of a device from an old manager to a new manager, wherein the device obeys commands from a manager only if the commands are verifiable utilizing a device key known to the device, said method comprising the steps of:
- initiating the change of control by the old manager, said initiating step including changing a first device key in use between the old manager and the device to a second device key, and sending the second device key from the old manager to the new manager; and
completing the change of control by the new manager, said completing step including changing the second device key in use between the new manager and the device to a third device key;
wherein upon completion of the change of control, the new manager does not know the first device key and the old manager does not know the third device key.
1 Assignment
0 Petitions
Accused Products
Abstract
A system, method, and owner node for securely changing a mobile device from an old owner to a new owner, or from an old operator network to a new operator network. The old owner initiates the change of owner or operator. The old owner or operator then commands the mobile device to change a currently active first key to a second key. The second key is then transferred to the new owner or operator. The new owner or operator then commands the mobile device to change the second key to a third key for use between the mobile device and the new owner or operator. Upon completion of the change, the new owner or operator does not know the first key in use before the change, and the old owner does not know the third key in use after the change.
67 Citations
22 Claims
-
1. A method of securely changing control of a device from an old manager to a new manager, wherein the device obeys commands from a manager only if the commands are verifiable utilizing a device key known to the device, said method comprising the steps of:
-
initiating the change of control by the old manager, said initiating step including changing a first device key in use between the old manager and the device to a second device key, and sending the second device key from the old manager to the new manager; and completing the change of control by the new manager, said completing step including changing the second device key in use between the new manager and the device to a third device key; wherein upon completion of the change of control, the new manager does not know the first device key and the old manager does not know the third device key. - View Dependent Claims (2, 3, 4)
-
-
5. A method of securely changing a communication device from an old operator to a new operator, wherein the communication device has a subscription key and obeys commands from an operator only if the commands are verifiable utilizing an authentication key known to the communication device, said method comprising the steps of:
-
initiating the change of operator by a manager of the communication device; in response to the initiating step, changing a first subscription key in use between the old operator and the communication device to a second subscription key, and sending the second subscription key from the old operator to the new operator; and completing the change of operator by the new operator, said completing step including changing the second subscription key in use between the new operator and the communication device to a third subscription key; wherein upon completion of the change of operator, the new operator does not know the first subscription key and the old operator does not know the third subscription key. - View Dependent Claims (6, 7, 8, 9, 10, 11, 12)
-
-
13. A first owner node in a telecommunication network for securely changing ownership of a communication device from the first owner node to a second owner node, wherein the communication device obeys commands from owner nodes only if the commands are verifiable utilizing a device key known to the communication device, said first owner node comprising:
-
communication means for sending a command to the communication device to change a currently active device key to a new device key, the command encrypting the currently active device key and a secret parameter known by the first owner node; means for calculating the new device key utilizing the currently active device key and the secret parameter; and communication means for sending the new device key to the second owner node.
-
-
14. A second owner node in a telecommunication network for securely obtaining ownership of a communication device from a first owner node, wherein the communication device obeys commands from owner nodes only if the commands are verifiable utilizing a device key known to the communication device, said second owner node comprising:
-
communication means for receiving from the first owner node, a currently active device key for the communication device; communication means for sending a command to the communication device to change the currently active device key to a new device key, the command encrypting the currently active device key and a secret parameter known by the second owner node; and means for calculating the new device key utilizing the currently active device key and the secret parameter.
-
-
15. A system for securely changing a communication device from an old operator network to a new operator network, wherein the communication device has a subscription key and obeys commands from an operator network only if the commands are verifiable utilizing an authentication key known to the communication device, said system comprising:
-
an owner node of the communication device for initiating the change of operator network by sending a subscription registration message to the new operator network, the subscription registration message including first and second authentication keys and an identifier of the communication device; communication means within the new operator network for sending a notification to the old operator network indicating that the new operator network has a new subscription with the communication device; communication means within the old operator network for sending a command to the communication device to change a currently active first subscription key to a second subscription key, the command encrypting a currently active authentication key and a secret parameter known by the old operator network; means within the communication device for calculating the second subscription key utilizing the first subscription key and the secret parameter received from the old operator network; means within the old operator network for calculating the second subscription key; communication means within the old operator network for sending the second subscription key to the new operator network; communication means within the new operator network for sending a command to the communication device to change the second subscription key to a third subscription key, the command encrypting the first authentication key received from the owner node and a secret parameter known by the new operator network; means within the communication device for calculating the third subscription key utilizing the second subscription key and the secret parameter received from the new operator network; and means within the new operator network for calculating the third subscription key. - View Dependent Claims (16, 17)
-
-
18. A method of downloading a new Downloadable Universal Subscriber Identity Module (DLUSIM) to a communication device while changing the communication device from a first operator network to a second operator network, said method comprising the steps of:
-
a manager of the communication device registering with the second operator network, wherein the registering step includes transferring KAuth to the second operator network; receiving by the communication device, a bootstrapping message instructing the device to connect to a provisioning service of the new operator network, wherein the bootstrapping message includes an address of the provisioning service of the new operator network and an authentication nonce; validating the communication device by the new operator network when the communication device attempts to connect to the provisioning service; the second operator network generating a new DLUSIM and encrypting the DLUSIM with KProvision, downloading the DLUSIM as an encrypted blob to the communication device from an Open Mobile Alliance Device Management (OMA DM) provisioning server in the second operator network; and the communication device attaching to the second operator network utilizing the new DLUSIM. - View Dependent Claims (19, 20, 21, 22)
-
Specification