METHOD AND ARRANGEMENT FOR PROVISIONING AND MANAGING A DEVICE

US 20100106967A1
Filed: 10/27/2009
Published: 04/29/2010
Est. Priority Date: 10/28/2008
Status: Active Grant

First Claim

Patent Images

1. A method of securely changing control of a device from an old manager to a new manager, wherein the device obeys commands from a manager only if the commands are verifiable utilizing a device key known to the device, said method comprising the steps of:

initiating the change of control by the old manager, said initiating step including changing a first device key in use between the old manager and the device to a second device key, and sending the second device key from the old manager to the new manager; and

completing the change of control by the new manager, said completing step including changing the second device key in use between the new manager and the device to a third device key;

wherein upon completion of the change of control, the new manager does not know the first device key and the old manager does not know the third device key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method, and owner node for securely changing a mobile device from an old owner to a new owner, or from an old operator network to a new operator network. The old owner initiates the change of owner or operator. The old owner or operator then commands the mobile device to change a currently active first key to a second key. The second key is then transferred to the new owner or operator. The new owner or operator then commands the mobile device to change the second key to a third key for use between the mobile device and the new owner or operator. Upon completion of the change, the new owner or operator does not know the first key in use before the change, and the old owner does not know the third key in use after the change.

67 Citations

View as Search Results

22 Claims

1. A method of securely changing control of a device from an old manager to a new manager, wherein the device obeys commands from a manager only if the commands are verifiable utilizing a device key known to the device, said method comprising the steps of:
- initiating the change of control by the old manager, said initiating step including changing a first device key in use between the old manager and the device to a second device key, and sending the second device key from the old manager to the new manager; and
  
  completing the change of control by the new manager, said completing step including changing the second device key in use between the new manager and the device to a third device key;
  
  wherein upon completion of the change of control, the new manager does not know the first device key and the old manager does not know the third device key.
- View Dependent Claims (2, 3, 4)
- - 2. The method as recited in claim 1, wherein the step of changing the first device key in use between the old manager and the device to a second device key includes:
    - sending a command from the old manager to the device to change the first device key to the second device key, the command encrypting the first device key and a secret parameter known by the old manager;
      
      calculating by the device, the second device key utilizing the first device key and the secret parameter received from the old manager; and
      
      calculating by the old manager, the second device key utilizing the first device key and the secret parameter known by the old manager.
  - 3. The method as recited in claim 2, wherein the step of changing the second device key in use between the new manager and the device to a third device key includes:
    - sending a command from the new manager to the device to change the second device key to the third device key, the command encrypting the second device key and a secret parameter known by the new manager;
      
      calculating by the device, the third device key utilizing the second device key and the secret parameter received from the new manager; and
      
      calculating by the new manager, the third device key utilizing the second device key and the secret parameter known by the new manager.
  - 4. The method as recited in claim 3, further comprising the steps of:
    - upon receiving the command from the old manager, validating by the device that the command from the old manager was created with the first device key; and
      
      upon receiving the command from the new manager, validating by the device that the command from the new manager was created with the second device key.

5. A method of securely changing a communication device from an old operator to a new operator, wherein the communication device has a subscription key and obeys commands from an operator only if the commands are verifiable utilizing an authentication key known to the communication device, said method comprising the steps of:
- initiating the change of operator by a manager of the communication device;
  
  in response to the initiating step, changing a first subscription key in use between the old operator and the communication device to a second subscription key, and sending the second subscription key from the old operator to the new operator; and
  
  completing the change of operator by the new operator, said completing step including changing the second subscription key in use between the new operator and the communication device to a third subscription key;
  
  wherein upon completion of the change of operator, the new operator does not know the first subscription key and the old operator does not know the third subscription key.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12)
- - 6. The method as recited in claim 5, wherein the initiating step includes sending from the manager to the new operator, first and second authentication keys and an identifier of the communication device.
  - 7. The method as recited in claim 6, wherein the communication device is a mobile device, and the manager sends the first and second authentication keys and the mobile device'"'"'s International Mobile Station Identifier (IMSI) to the new operator in a subscription registration message.
  - 8. The method as recited in claim 6, further comprising, after sending the first and second authentication keys and the identifier of the communication device from the manager to the new operator, the step of sending a notification from the new operator to the old operator indicating that the new operator has a new subscription with the communication device.
  - 9. The method as recited in claim 8, wherein the step of changing the first subscription key in use between the old operator and the mobile device to a second subscription key includes:
    - sending a command from the old operator to the communication device to change the first subscription key to the second subscription key, the command encrypting a currently active authentication key and a secret parameter known by the old operator;
      
      calculating by the communication device, the second subscription key utilizing the first subscription key and the secret parameter received from the old operator; and
      
      calculating by the old operator, the second subscription key utilizing the first subscription key and the secret parameter known by the old operator.
  - 10. The method as recited in claim 9, wherein the step of changing the second subscription key in use between the new operator and the communication device to a third subscription key includes:
    - sending a command from the new operator to the communication device to change the second subscription key to the third subscription key, the command encrypting the first authentication key received from the owner and a secret parameter known by the new operator;
      
      calculating by the communication device, the third subscription key utilizing the second subscription key and the secret parameter received from the new operator; and
      
      calculating by the new operator, the third subscription key utilizing the second subscription key and the secret parameter known by the new operator.
  - 11. The method as recited in claim 10, further comprising the steps of:
    - upon receiving the command from the old operator, validating by the communication device that the command from the old operator was created with the currently active authentication key; and
      
      upon receiving the command from the new operator, validating by the communication device that the command from the new operator was created with the first authentication key.
  - 12. The method as recited in claim 10, further comprising validating the communication device by the new operator.

13. A first owner node in a telecommunication network for securely changing ownership of a communication device from the first owner node to a second owner node, wherein the communication device obeys commands from owner nodes only if the commands are verifiable utilizing a device key known to the communication device, said first owner node comprising:
- communication means for sending a command to the communication device to change a currently active device key to a new device key, the command encrypting the currently active device key and a secret parameter known by the first owner node;
  
  means for calculating the new device key utilizing the currently active device key and the secret parameter; and
  
  communication means for sending the new device key to the second owner node.

14. A second owner node in a telecommunication network for securely obtaining ownership of a communication device from a first owner node, wherein the communication device obeys commands from owner nodes only if the commands are verifiable utilizing a device key known to the communication device, said second owner node comprising:
- communication means for receiving from the first owner node, a currently active device key for the communication device;
  
  communication means for sending a command to the communication device to change the currently active device key to a new device key, the command encrypting the currently active device key and a secret parameter known by the second owner node; and
  
  means for calculating the new device key utilizing the currently active device key and the secret parameter.

15. A system for securely changing a communication device from an old operator network to a new operator network, wherein the communication device has a subscription key and obeys commands from an operator network only if the commands are verifiable utilizing an authentication key known to the communication device, said system comprising:
- an owner node of the communication device for initiating the change of operator network by sending a subscription registration message to the new operator network, the subscription registration message including first and second authentication keys and an identifier of the communication device;
  
  communication means within the new operator network for sending a notification to the old operator network indicating that the new operator network has a new subscription with the communication device;
  
  communication means within the old operator network for sending a command to the communication device to change a currently active first subscription key to a second subscription key, the command encrypting a currently active authentication key and a secret parameter known by the old operator network;
  
  means within the communication device for calculating the second subscription key utilizing the first subscription key and the secret parameter received from the old operator network;
  
  means within the old operator network for calculating the second subscription key;
  
  communication means within the old operator network for sending the second subscription key to the new operator network;
  
  communication means within the new operator network for sending a command to the communication device to change the second subscription key to a third subscription key, the command encrypting the first authentication key received from the owner node and a secret parameter known by the new operator network;
  
  means within the communication device for calculating the third subscription key utilizing the second subscription key and the secret parameter received from the new operator network; and
  
  means within the new operator network for calculating the third subscription key.
- View Dependent Claims (16, 17)
- - 16. The system as recited in claim 15, wherein the communication device also includes:
    - means for validating that the command from the old operator network was created with the currently active authentication key; and
      
      means for validating that the command from the new operator network was created with the first authentication key.
  - 17. The system as recited in claim 16, wherein the new operator network includes means for validating the communication device.

18. A method of downloading a new Downloadable Universal Subscriber Identity Module (DLUSIM) to a communication device while changing the communication device from a first operator network to a second operator network, said method comprising the steps of:
- a manager of the communication device registering with the second operator network, wherein the registering step includes transferring K_Authto the second operator network;
  
  receiving by the communication device, a bootstrapping message instructing the device to connect to a provisioning service of the new operator network, wherein the bootstrapping message includes an address of the provisioning service of the new operator network and an authentication nonce;
  
  validating the communication device by the new operator network when the communication device attempts to connect to the provisioning service;
  
  the second operator network generating a new DLUSIM and encrypting the DLUSIM with K_Provision,downloading the DLUSIM as an encrypted blob to the communication device from an Open Mobile Alliance Device Management (OMA DM) provisioning server in the second operator network; and
  
  the communication device attaching to the second operator network utilizing the new DLUSIM.
- View Dependent Claims (19, 20, 21, 22)
- - 19. The method as recited in claim 18, wherein the step of receiving a bootstrapping message by the communication device includes receiving the bootstrapping message from an entity selected from the manager of the device, the second operator network, and the first operator network.
  - 20. The method as recited in claim 18, wherein the encrypted blob includes a password parameter based on K_Auth.
  - 21. The method as recited in claim 18, wherein the step of downloading the DLUSIM as an encrypted blob includes the second operator network utilizing K_Authas an integrity protection key to protect the encrypted blob.
  - 22. The method as recited in claim 18, wherein the OMA DM provisioning server is not located in the second operator network, and the method further comprises the steps of:
    - the second operator applying K_Authand confidentiality protection to the encrypted DLUSIM; and
      
      passing the protected encrypted DLUSIM to the OMA DM provisioning server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Telefonaktiebolaget LM Ericsson
Original Assignee
Telefonaktiebolaget LM Ericsson
Inventors
Englund, Hakan, Johansson, Mattias

Granted Patent

US 8,578,153 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/158
CPC Class Codes

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 2463/061   applying further key deriva...

H04L 63/08   for authentication of entit...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/0869   involving random numbers or...

H04L 9/0891   Revocation or update of sec...

H04L 9/12   Transmitting and receiving ...

H04W 12/04   Key management, e.g. using ...

H04W 12/35   Protecting application or s...

H04W 4/50   Service provisioning or rec...

H04W 4/60   Subscription-based services...

H04W 4/70   Services for machine-to-mac...

METHOD AND ARRANGEMENT FOR PROVISIONING AND MANAGING A DEVICE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

67 Citations

22 Claims

Specification

Use Cases

Quick Links

Others

METHOD AND ARRANGEMENT FOR PROVISIONING AND MANAGING A DEVICE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

67 Citations

22 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others