Network Supporting Two-Factor Authentication for Modules with Embedded Universal Integrated Circuit Cards
First Claim
1. A method for authentication, the method performed by a network, the method comprising:
- processing a first network module identity, a first key K, and a second key k;
encrypting the second key K with a symmetric key;
sending the first network module identity, the first key K, and the encrypted second key K to a subscription manager;
receiving the first network module identity from a module;
conducting a first authentication using the first network module identity and the first key K;
conducting a second authentication of a user associated with the first network module identity;
sending, after the second authentication, the symmetric key to the module; and
,conducting a third authentication using the second key K.
4 Assignments
0 Petitions
Accused Products
Abstract
A network with a set of servers can support authentication from a module, where the module includes an embedded universal integrated circuit card (eUICC). The network can send a first network module identity, a first key K, and an encrypted second key K for an eUICC profile to an eUICC subscription manager. The second key K can be encrypted with a symmetric key. The module can receive and activate the eUICC profile, and the network can authenticate the module using the first network module identity and the first key K. The network can (i) authenticate the user of the module using a second factor, and then (ii) send the symmetric key to the module. The module can decrypt the encrypted second key K using the symmetric key. The network can authenticate the module using the second key K. The module can comprise a mobile phone.
80 Citations
26 Claims
-
1. A method for authentication, the method performed by a network, the method comprising:
-
processing a first network module identity, a first key K, and a second key k; encrypting the second key K with a symmetric key; sending the first network module identity, the first key K, and the encrypted second key K to a subscription manager; receiving the first network module identity from a module; conducting a first authentication using the first network module identity and the first key K; conducting a second authentication of a user associated with the first network module identity; sending, after the second authentication, the symmetric key to the module; and
,conducting a third authentication using the second key K. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for authentication, the method performed by a network, the method comprising:
-
sending a first network module identity and first key K to a subscription manager; receiving the first network module identity from a module; conducting a first authentication using the first network module identity and the first key K; sending the first network module identity to the subscription manager and receiving an a public key for the module; conducting a second authentication of a user associated with the first network module identity; deriving a second key K using a key exchange algorithm with input of at least the public key, a private key associated with the network, and a key exchange token; sending, after the second authentication, the key exchange token to the module; and
,conducting a third authentication using the second key K; - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
-
19. A system for a network to support authentication, the system comprising:
-
a first server for processing a first network module identity, a first key K, and a second key K, wherein the network encrypts the second key K with a symmetric key, and for sending the first network module identity, the first key K, and the encrypted second key K to a subscription manager; a second server for receiving the first network module identity from a module via a wireless network, and for conducting a first authentication using the first network module identity and the first key K, and, after a second authentication, for conducting a third authentication with the module using the second key K; a third server for conducting the second authentication of a user associated with the first network module identity, and for enabling the network to send, after the second authentication, the symmetric key to the module; - View Dependent Claims (20, 21, 22, 23, 24, 25, 26)
-
Specification