METHOD OF REPLACING AT LEAST ONE AUTHENTICATION PARAMETER FOR AUTHENTICATING A SECURITY ELEMENT AND CORRESPONDING SECURITY ELEMENT

US 20180176778A1
Filed: 06/23/2016
Published: 06/21/2018
Est. Priority Date: 06/25/2015
Status: Active Grant

First Claim

Patent Images

1. A method of replacing at least one authentication parameter for authenticating a security element co-operating with a terminal, said authentication parameter enabling an authentication system of a mobile network to authenticate said security element, said mobile network being operated by a mobile network operator, said method comprising:

A—

Having an entity store in said security element a first authentication parameter;

B—

Having said entity transmit to said mobile network operator said first authentication parameter so that said operator can record it in its authentication system for authenticating said security element;

C—

On occurrence of an event, having a remote platform transmit to said security element an indicator informing said security element that it is authorized to replace said first authentication parameter with a second authentication parameter if its authentication fails with said authentication system the next time it attempts to connect to said mobile network;

D—

On occurrence of said event, having said entity transmit to said operator a second authentication parameter so as to enable said operator to replace said first authentication parameter by said second authentication parameter in its authentication system;

E—

In the event of subsequent failure of said security element to connect to said mobile network and if said indicator is present at said security element, replacing said first authentication parameter with said second authentication parameter at said security element so that said security element can authenticate itself with said mobile network by means of said second authentication parameter.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of replacing an authentication parameter for authenticating a security element co-operating with a terminal includes storing in the security element a first authentication parameter; transmitting to a mobile network operator the first authentication parameter for the operator to record it in its authentication system; on occurrence of an event, having a remote platform transmit to the security element an indicator informing the security element that it is authorized to replace the first authentication parameter with a second authentication parameter if its authentication fails; on occurrence of the event, having the entity transmit to the operator a second authentication parameter to replace the first authentication parameter; and in the event of subsequent failure of the security element to connect to the mobile network and if the indicator is present at the security element, replacing the first authentication parameter with the second authentication parameter at the security element.

Citations

13 Claims

1. A method of replacing at least one authentication parameter for authenticating a security element co-operating with a terminal, said authentication parameter enabling an authentication system of a mobile network to authenticate said security element, said mobile network being operated by a mobile network operator, said method comprising:
- A—
  
  Having an entity store in said security element a first authentication parameter;
  
  B—
  
  Having said entity transmit to said mobile network operator said first authentication parameter so that said operator can record it in its authentication system for authenticating said security element;
  
  C—
  
  On occurrence of an event, having a remote platform transmit to said security element an indicator informing said security element that it is authorized to replace said first authentication parameter with a second authentication parameter if its authentication fails with said authentication system the next time it attempts to connect to said mobile network;
  
  D—
  
  On occurrence of said event, having said entity transmit to said operator a second authentication parameter so as to enable said operator to replace said first authentication parameter by said second authentication parameter in its authentication system;
  
  E—
  
  In the event of subsequent failure of said security element to connect to said mobile network and if said indicator is present at said security element, replacing said first authentication parameter with said second authentication parameter at said security element so that said security element can authenticate itself with said mobile network by means of said second authentication parameter.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. A method according to claim 1, further comprising storing in said security element a plurality of authentication parameters, said first authentication parameter being placed at the head of a list of authentication parameters, and in that, during step E, it consists in replacing said first authentication parameter with said second authentication parameter, said second authentication parameter being ranked in said list immediately after said first authentication parameter.
  - 3. A method according to claim 1, further comprising storing in said security element a plurality of authentication parameters and in that step C further consists in transmitting to said security element the rank in said list of said second authentication parameter to be used at the next attempt to connect to said mobile network, if said indicator is present.
  - 4. A method according to claim 1, wherein said second authentication parameter is computed by said security element on the basis of a seed and of a diversifier.
  - 5. A method according to claim 4, wherein said diversifier is transmitted to said security element during step C.
  - 6. A method according to claim 1, wherein said second authentication parameter is computed by said security element on the basis of said first authentication parameter and of an identifier of said security element.
  - 7. A method according to claim 1, wherein said entity is a manufacturer of said security element.
  - 8. A method according to claim 1, wherein said indicator is transmitted to said security element via said mobile network operator.
  - 9. A method according to claim 1, wherein said security element is constituted by any one of the following elements:
    - A Subscriber Identity Module (SIM) card;
      
      A Universal Integrated Circuit Card (UICC);
      
      orAn embedded UICC (eUICC).

10. Security element comprising a first authentication parameter to a mobile network, said first authentication parameter enabling an authentication system of said mobile network to authenticate said security element, comprising:
- Means for storing an indicator informing said security element that it is authorized to replace said first authentication parameter by a second authentication parameter if its authentication fails with said authentication system the next time it attempts to connect to said mobile network;
  
  Means for replacing said first authentication parameter by said second authentication parameter if said security element fails to connect to said mobile network with said first authentication parameter, said means for replacing being activated if said indicator is present at said security element, so that said security element can authenticate itself with said mobile network by means of said second authentication parameter.
- View Dependent Claims (11, 12, 13)
- - 11. Security element according to claim 10, further comprising a memory storing said second authentication parameter.
  - 12. Security element according to claim 11, wherein said memory stores a plurality of authentication parameters.
  - 13. Security element according to claim 10, further comprising computing means for computing said second authentication parameter after having received said indicator.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Thales DIS France SAS (Thales SA)
Original Assignee
Gemalto SA (Thales SA)
Inventors
AMIEL, Patrice, ENDRUSCHAT, Michel, PONARD, Sbastien, PEREIRA, Gabriel, FINE, Jean-Yves, ZANNIN, Francois, MARTIN, Michel, DURANT DINET, Caroline, BERARD, Xavier

Granted Patent

US 10,959,094 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

H04W 12/35   Protecting application or s...

METHOD OF REPLACING AT LEAST ONE AUTHENTICATION PARAMETER FOR AUTHENTICATING A SECURITY ELEMENT AND CORRESPONDING SECURITY ELEMENT

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD OF REPLACING AT LEAST ONE AUTHENTICATION PARAMETER FOR AUTHENTICATING A SECURITY ELEMENT AND CORRESPONDING SECURITY ELEMENT

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links