SMART CARD PERSONNALIZATION WITH LOCAL GENERATION OF KEYS

US 20150215121A1
Filed: 08/14/2013
Published: 07/30/2015
Est. Priority Date: 09/03/2012
Status: Active Grant

First Claim

Patent Images

1. A method for personalizing a smart card coupled with a communication device of a user being a subscriber of a first telecommunication network, a first international identity and a first authentication key being stored in the smart card, the method comprising:

receiving a first message from an application server connected to the first telecommunication network and a second telecommunication network, the first message comprising a personalization command and an admin code;

interpreting the personalization command to establish a secure session with a personalization server via the application server if the admin code is valid;

negotiating with the personalization server to agree on a second authentication key by exchanging messages that contain values derived from random secrets;

receiving a second message that contains a second international identity from the personalization server (PS); and

replacing the first international identity and the first authentication key with the second international identity and the second authentication key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

For personalizing a smart card (SC) coupled with a communication device (CD) of a user being a subscriber of a first telecommunication network (TN1) and wishing to become a subscriber of a second telecommunication network (TN2), a first international identity (IMSI_—1) and a first authentication key (AK_—1) being stored in the smart card (SC), the smart card receives a message (MesP) from an application server (AS) connected to the first telecommunication network and the second telecommunication network, the message (MesN) comprising a personalization command (ComP) and an admin code (ACas), after that the application server has received a request (Req) of subscription change comprising an identifier (1dMNO2) of the second telecommunication network (TN2) and has established a secured session with a personalization server (PS) of the second telecommunication network (TN2) identified by the identifier (1dMNO2), LR2 and interprets the personalization command (ComP) to establish a secure session with the personalization server (PS) via the application server (AS), if the admin code (ACas) is valid. The smart card negotiates with the personalization server to agree on an second authentication key, by exchanging messages containing values derived from random secrets, receives a message (Mes3) containing an second international identity (IMSI_—2) from the personalization server (PS), and replaces the first international identity (IMSI_—1) and the first authentication key (AK_—1) by the second international identity and the second authentication key.

10 Citations

View as Search Results

15 Claims

1. A method for personalizing a smart card coupled with a communication device of a user being a subscriber of a first telecommunication network, a first international identity and a first authentication key being stored in the smart card, the method comprising:
- receiving a first message from an application server connected to the first telecommunication network and a second telecommunication network, the first message comprising a personalization command and an admin code;
  
  interpreting the personalization command to establish a secure session with a personalization server via the application server if the admin code is valid;
  
  negotiating with the personalization server to agree on a second authentication key by exchanging messages that contain values derived from random secrets;
  
  receiving a second message that contains a second international identity from the personalization server (PS); and
  
  replacing the first international identity and the first authentication key with the second international identity and the second authentication key.
- View Dependent Claims (2, 3, 4, 5, 7, 8, 9)
- - 2. The method according to claim 1, wherein the negotiation between the smart card and the personalization server comprises:
    - sending a third message that contains a first value derived from a first random secret to the personalization server; and
      
      receiving a fourth message that contains a second value derived from a second random secret from the personalization server, and computing the second authentication key as a function of a third value derived from the second value and the first random secret.
  - 3. The method according to claim 1, wherein a request of subscription change is sent by the communication device or by an entity of the second telecommunication network after user agreement.
  - 4. The method according to claim 3, wherein the request of subscription change comprises an identifier of the smart card.
  - 5. The method according to claim 1, wherein an application in the smart card checks if the admin code received in the first message is compatible with an admin code initially stored in the smart card to determine if the admin code is valid.
  - 7. The method according to claim 1, wherein the messages are encrypted short messages.
  - 8. The method according to claim 1, wherein the messages are decomposed in many messages.
  - 9. The method according to claim 1, wherein the messages contain data packets sent to the smart card through a service node and a gateway node of the second telecommunication network via the secured session.

6. (canceled)

10. (canceled)

11. A smart card coupled with a communication device of a user being a subscriber of a first telecommunication network, a first international identity and a first authentication key being stored in the smart card, the smart card comprising:
- means for receiving a first message from an application server connected to the first telecommunication network and a second telecommunication network, the first message comprising a personalization command and an admin code;
  
  means for interpreting the personalization command to establish a secure session with a personalization server via the application server if the admin code is valid;
  
  means for negotiating with the personalization server to agree on a second authentication key by exchanging messages that contain values derived from random secrets;
  
  means for receiving a second message that contains a second international identity from the personalization server (PS);
  
  means for replacing the first international identity and the first authentication key with the second international identity and the second authentication key.

12. An application server for personalizing a smart card coupled with a communication device of a user being a subscriber of a first telecommunication network, a first international identity and a first authentication key being stored in the smart card, the application server being connected to the first telecommunication network and a second telecommunication network, the application server comprising:
- means for receiving a request of subscription change comprising an identifier of the second telecommunication network;
  
  means for establishing a secured session with a personalization server of the second telecommunication network identified by the identifier; and
  
  means for sending a first message comprising a personalization command and an admin code in order that the smart cardinterprets the personalization command to establish a secure session with a personalization server via the application server if the admin code is valid;
  
  negotiates with the personalization server to agree on a second authentication key by exchanging messages that contain values derived from random secret;
  
  receives a second message that contains a second international identity from the personalization server (PS); and
  
  replaces the first international identity and the first authentication key with the second international identity and the second authentication key.

13. An personalization server for personalizing a smart card coupled with a communication device of a user being a subscriber of a first telecommunication network, a first international identity and a first authentication key being stored in the smart card, the personalization server being connected to a second telecommunication network, the personalization server comprising:
- means for establishing a secure session with the smart card via an application server connected to the first and second telecommunication networks if an admin code received in a first message sent from the application server to the smart card is valid;
  
  means for negotiating with the smart card to agree on a second authentication key by exchanging messages that contain values derived from random secrets; and
  
  means for sending a second message that contains a second international identity to the smart card that is able to replace the first international identity and the first authentication key with the second international identity and the second authentication key.

14. An information medium readable by a data processing device having computer readable instructions encoded therein, said computer readable instructions adapted to be executed in an application server for personalizing a smart card coupled with a communication device of a user being a subscriber of a first telecommunication network, a first international identity and a first authentication key being stored in the smart card, the application server being connected to the first telecommunication network and the second telecommunication network, said computer readable instructions adapted to be executed to implement a method, comprising:
- receiving a request of subscription change comprising an identifier of the second telecommunication network;
  
  establishing a secured session with a personalization server of the second telecommunication network identified by the identifier; and
  
  sending a first message comprising a personalization command and an admin code in order that the smart cardinterprets the personalization command to establish a secure session with a personalization server via the application server if the admin code (ACas) is valid;
  
  negotiates with the personalization server to agree on a second authentication key by exchanging messages that contain values derived from random secretsreceives a second message that contains a second international identity from the personalization server; and
  
  replaces the first international identity and the first authentication key with the second international identity and the second authentication key.

15. An information medium readable by a data processing device adapted to be executed in a personalization server for personalizing a smart card coupled with a communication device of a user being a subscriber of a first telecommunication network, a first international identity and a first authentication key being stored in the smart card, the personalization server being connected to the second telecommunication network, said computer readable instructions adapted to be executed to implement a method, comprising:
- establishing a secure session with the smart card via an application server connected to the first and second telecommunication networks if an admin code received in a first message sent from the application server to the smart card is valid;
  
  negotiating with the smart card to agree on a second authentication key by exchanging messages that contain values derived from random secrets; and
  
  sending a second message that contains a second international identity to the smart card that is able to replace the first international identity and the first authentication key with the second international identity and the second authentication key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Alcatel-Lucent SA (Nokia Corporation)
Original Assignee
Alcatel-Lucent SA (Nokia Corporation)
Inventors
El Mghazli, Yacine, Shikfa, Abdullatif

Granted Patent

US 9,923,716 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 9/0844   with user authentication or...

H04W 12/04   Key management, e.g. using ...

H04W 12/08   Access security

H04W 12/35   Protecting application or s...

SMART CARD PERSONNALIZATION WITH LOCAL GENERATION OF KEYS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

10 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

SMART CARD PERSONNALIZATION WITH LOCAL GENERATION OF KEYS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

10 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links