Secure remote subscription module access

US 8,295,808 B2
Filed: 03/22/2002
Issued: 10/23/2012
Est. Priority Date: 05/08/2001
Status: Expired due to Term

First Claim

Patent Images

1. A method of granting a client communications terminal access to a subscription module of a server communications terminal, the method comprising the steps of:

establishing a communication link between the client communications terminal and the server communications terminal wherein the server communications terminal includes the subscription module having an authenticating functionality;

authenticating the client communications terminal by the subscription module using a key-based authentication procedure based on a first secret key stored in both the client communications terminal and the subscription module;

generating a second secret key;

exchanging the second secret key between the client communications terminal and the subscription module;

encrypting data related to the subscription module using an encryption key derived from the second secret key; and

communicating the encrypted data between the server communications terminal and the client communications terminal via the communications link.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed is a method of granting a client communications terminal access to a subscription module of a server communications terminal, the method comprising the steps of establishing a communications link between the client communications terminal and the server communications terminal; communicating data related to the subscription module between the server communications terminal and the client communications terminal via the communications link; authenticating the client communications terminal by the subscription module using a key-based authentication procedure; and initiating the step of communicating data related to the subscription module conditioned on a result of the step of authenticating the client communications device. The present invention further relates to an arrangement for granting access to a subscription module in a communications system. The present invention also relates to a server communications terminal comprising a subscription module, a client communications terminal and a subscription module.

Citations

36 Claims

1. A method of granting a client communications terminal access to a subscription module of a server communications terminal, the method comprising the steps of:
- establishing a communication link between the client communications terminal and the server communications terminal wherein the server communications terminal includes the subscription module having an authenticating functionality;
  
  authenticating the client communications terminal by the subscription module using a key-based authentication procedure based on a first secret key stored in both the client communications terminal and the subscription module;
  
  generating a second secret key;
  
  exchanging the second secret key between the client communications terminal and the subscription module;
  
  encrypting data related to the subscription module using an encryption key derived from the second secret key; and
  
  communicating the encrypted data between the server communications terminal and the client communications terminal via the communications link.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 24, 25, 26, 36)
- - 2. The method according to claim 1, further comprises the step of authenticating the subscription module by the client communications terminal using the key-based authentication procedure.
  - 3. The method according to claim 1, wherein the key-based authentication procedure is a symmetric authentication procedure based on the first secret key.
  - 4. The method according to claim 3, further comprises the step of deriving an encryption key from the first secret key.
  - 5. The method according to claim 4, wherein the step of communicating data related to the subscription module further comprises the step of encrypting the data using the encryption key derived from the first secret key.
  - 6. The method according to claim 3, wherein the step of communicating data related to the subscription module further comprises the step of integrity protecting the data using a key derived from the first secret key.
  - 7. The method according to claim 1, wherein the key-based authentication procedure is a public key-based authentication procedure wherein the subscription module has access to a public key related to the client communications terminal.
  - 8. The method according to claim 7, wherein the method further comprises the step of authenticating the subscription module by the client communications terminal using the public key-based authentication procedure wherein the client communications terminal has access to a public key related to the subscription module.
  - 9. The method according to claim 7, wherein the step of communicating data related to the subscription module further comprises the step of integrity protecting the data using the key derived from the second secret key.
  - 10. The method according to claim 1, wherein the step of authenticating the client communications terminal further comprises the step of inquiring an input from a user of the server communications terminal indicative of an approval of the authentication.
  - 11. The method according to claim 1, wherein the step of initiating communicating data related to the subscription module further comprises the step of performing a user authorization based on a PIN code stored on the subscription module.
  - 24. The method according to claim 1, wherein the server communications terminal is a portable radio communications terminal.
  - 25. The method according to claim 24, wherein the subscription module is removably insertable into the portable radio communications terminal.
  - 26. The method according to claim 1, wherein the subscription module is removably insertable into the server communications terminal.
  - 36. The method of claim 1, wherein the client communications terminal requests registration of the client communications terminal in a cellular network utilizing the communicated data.

12. An arrangement for granting access to a subscription module in a communications system, the arrangement comprising:
- a client communications terminal; and
  
  a server communications terminal, said server communications terminal including the subscription module, the client and server communications terminals each comprising respective communications means for establishing a communications link between the client communications terminal and the server communications terminal, and for communicating data related to the subscription module between the server communications terminal and the client communications terminal via the communications link wherein the subscription module further comprises processing means for;
  
  authenticating the client communications terminal using a key-based authentication procedure based on a first secret key stored in both the client communications terminal and the subscription module,generating a second secret key,exchanging the second secret with the client communications terminal,encrypting data related to the subscription module using an encryption key derived from the second secret key, andcommunicating the encrypted data between the server communications terminal and the client communications terminal via the communications link.
- View Dependent Claims (13, 14, 15, 16, 27, 28, 29)
- - 13. The arrangement according to claim 12, wherein the communications link is a wireless communications link.
  - 14. The arrangement according to claim 12, wherein the server communications terminal, the communications means of the server communications terminal, and the subscription module are physically included in a single unit.
  - 15. The arrangement according to claim 12, wherein at least one of the server communications terminal and the client communications terminal is a mobile telephone.
  - 16. The arrangement according to claim 12 wherein the respective communications means are Bluetooth transceivers.
  - 27. The arrangement according to claim 12, wherein the server communications terminal is a portable radio communications terminal.
  - 28. The arrangement according to claim 27, wherein the subscription module is removably insertable into the portable radio communications terminal.
  - 29. The arrangement according to claim 12, wherein the subscription module is removably insertable into the server communications terminal.

17. A server communications terminal comprising:
- a subscription module; and
  
  communications means for establishing a communications link with a client communications terminal and for communicating data related to the subscription module via the communications link wherein the subscription module further comprises processing means for;
  
  authenticating the client communications terminal using a key-based authentication procedure based on a first secret key stored in both the client communications terminal and the subscription module,generating a second secret key,exchanging the second secret with the client communications terminal,encrypting data related to the subscription module using an encryption key derived from the second secret key, andcommunicating the encrypted data between the server communications terminal and the client communications terminal via the communications link.
- View Dependent Claims (30, 31, 32)
- - 30. The server communications terminal according to claim 17, wherein the server communications terminal is a portable radio communications terminal.
  - 31. The server communications terminal according to claim 30, wherein the subscription module is removably insertable into the portable radio communications terminal.
  - 32. The server communications terminal according to claim 17, wherein the subscription module is removably insertable into the server communications terminal.

18. A client communications terminal comprising:
- communications means for establishing a communications link with a server communications terminal, said server communications terminal including a subscription module having an authorization functionality, and for communicating data related to the subscription module via the communications link; and
  
  processing means for performing a key-based authentication procedure cooperatively with the subscription module allowing the subscription module to;
  
  authenticate the client communications terminal based on a first secret key stored in both the client communications terminal and the subscription module,generate a second secret key,exchange the second secret key between the client communications terminal and the subscription module,encrypt data related to the subscription module using an encryption key derived from the second secret key, andcommunicate the encrypted data between the server communications terminal and the client communications terminal via the communications link.
- View Dependent Claims (33, 34, 35)
- - 33. The client communications terminal according to claim 18, wherein the server communications terminal is a portable radio communications terminal.
  - 34. The client communications terminal according to claim 33, wherein the subscription module is removably insertable into the portable radio communications terminal.
  - 35. The client communications terminal according to claim 18, wherein the subscription module is removably insertable into the server communications terminal.

19. A subscription module for use with a portable radio communications terminal, the portable radio communications terminal including communications means for establishing a communications link with a client communications terminal and for communicating data related to the subscription module via the communications link wherein the subscription module comprises processing means to, when the subscription module is in connection with the portable radio communications terminal;
- authenticate the client communications terminal using a key-based authentication procedure based on a first secret key stored in both the client communications terminal and the subscription module,generate a second secret key,exchange the second secret with the client communications terminal,encrypt data related to the subscription module using an encryption key derived from the second secret key, andcommunicate the encrypted data between the server communications terminal and the client communications terminal via the communications link, wherein the subscription module is contained within the server communications terminal.
- View Dependent Claims (20, 21, 22, 23)
- - 20. The subscription module according to claim 19, wherein the subscription module is a smart card.
  - 21. The subscription module according to claim 20, wherein the smart card comprises an integrated radio transceiver.
  - 22. The subscription module according to claim 19, wherein the subscription module is a security module comprising a removably insertable smart card.
  - 23. The subscription module according to claim 19, wherein the subscription module is removably insertable into the portable radio communications terminal.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Telefonaktiebolaget LM Ericsson
Original Assignee
Telefonaktiebolaget LM Ericsson
Inventors
Gehrmann, Christian, Smeets, Bernard
Primary Examiner(s)
Karikari, Kwasi

Application Number

US10/476,522
Publication Number

US 20040176071A1
Time in Patent Office

3,868 Days
Field of Search

455/410, 455/411, 455/517, 455/425, 455/418, 455/419, 455/420, 713/182, 713/171, 713/168
US Class Current

455/411
CPC Class Codes

H04L 2209/80   Wireless

H04L 2463/061   applying further key deriva...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/0853   using an additional device,...

H04L 63/12   Applying verification of th...

H04L 9/0844   with user authentication or...

H04W 12/068   using credential vaults, e....

H04W 12/08   Access security

H04W 8/20   Transfer of user or subscri...

H04W 88/06   adapted for operation in mu...

Secure remote subscription module access

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

Secure remote subscription module access

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links