Embedded Universal Integrated Circuit Card Supporting Two-Factor Authentication
First Claim
1. A method for authentication, the method performed by a module, the method comprising:
- recording a first key and an identity, and sending the identity;
receiving a profile, wherein the module uses the first key to decrypt a first portion of the profile, and wherein the first portion includes a first key K and a network module identity;
sending the network module identity, receiving a first pseudo-random number (RAND), processing a first response value (RES) using the first key K, and sending the first RES;
receiving a second key, wherein the module uses the second key to decrypt a second portion of the profile, and wherein the second portion includes a second key K; and
,receiving a second RAND, processing a second RES using the second key K, and sending the second RES.
4 Assignments
0 Petitions
Accused Products
Abstract
A module with an embedded universal integrated circuit card (eUICC) can include a profile for the eUICC. The profile can include a first and second shared secret key K for authenticating with a wireless network. The first shared secret key K can be encrypted with a first key, and the second shared secret key K can be encrypted with a second key. The module can (i) receive the first key, (ii) decrypt the first shared secret key K with the first key, and (iii) subsequently authenticate with the wireless network using the plaintext first shared secret key K. The wireless network can authenticate the user of the module using a second factor. The module can then (i) receive the second key, (ii) decrypt the second shared secret key K, and (iii) authenticate with the wireless network using the second shared secret key K. The module can comprise a mobile phone.
-
Citations
26 Claims
-
1. A method for authentication, the method performed by a module, the method comprising:
-
recording a first key and an identity, and sending the identity; receiving a profile, wherein the module uses the first key to decrypt a first portion of the profile, and wherein the first portion includes a first key K and a network module identity; sending the network module identity, receiving a first pseudo-random number (RAND), processing a first response value (RES) using the first key K, and sending the first RES; receiving a second key, wherein the module uses the second key to decrypt a second portion of the profile, and wherein the second portion includes a second key K; and
,receiving a second RAND, processing a second RES using the second key K, and sending the second RES. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for authentication, the method performed by a module, the method comprising:
-
recording a first key and an identity, and sending the identity; receiving a profile, wherein the module uses the first key to decrypt at least a portion of the profile, wherein the portion includes a first key K and a network module identity; sending the network module identity, receiving a first pseudo-random number (RAND), processing a first response value (RES) using the first key K, and sending the first RES; receiving a key exchange token, wherein the module uses a key exchange algorithm, a private key, and the received key exchange token to derive a second key K; sending the network module identity, receiving a second RAND, processing a second RES using the second key K, and sending the second RES. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A system for supporting authentication, the system comprising:
-
a nonvolatile memory for recording an identity, a private key, and an address; a network interface for sending the identity to the address, for receiving a profile and a profile key after sending the identity, wherein the profile key is decrypted with an asymmetric ciphering algorithm and the private key, wherein a first portion of the profile is decrypted with the decrypted profile key, and wherein the decrypted first portion includes a first key K; a random access memory for recording the first key K; a network application for authenticating with a wireless network using the first key K, and for receiving a symmetric key; a processor for decrypting a second portion of the profile with the symmetric key, wherein the decrypted second portion includes a second key K; and
,an embedded universal integrated circuit card for receiving a pseudo-random number (RAND), for calculating a response value (RES) using the RAND and the second key K, and for sending the RES. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26)
-
Specification