Method and system for activation

US 8,607,050 B2
Filed: 04/30/2012
Issued: 12/10/2013
Est. Priority Date: 04/30/2012
Status: Active Grant

First Claim

Patent Images

1. A method for activation comprising:

(a) verifying, by a security module card, an activation server using a shared secret key and a first challenge;

(b) mediating, by the security module card, in response to verifying the activation server, a verification of the activation server by a mobile device, wherein the verification uses a second challenge and a key pair;

(c) encrypting, by the security module card, the second challenge using a generated key to obtain an encrypted second challenge, wherein the generated key is generated by the activation server;

(d) transmitting, by the security module card, the encrypted second challenge and a third challenge to the mobile device, wherein the mobile device verifies the security module card using the encrypted second challenge;

(e) receiving, by the security module card, an encrypted third challenge from the mobile device;

(f) decrypting, by the security module card, the encrypted third challenge to obtain a received third challenge;

(g) verifying, by the security module card, the mobile device based on the received third challenge being equal to the third challenge sent to the mobile device; and

(h) sending, by the security module card, a validation of mutual trust between the security module card and the mobile device to the activation server,wherein (a) is performed before (c) and wherein (c) is performed before (h).

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An activation method includes a security module card verifying an activation server using a shared secret key and a first challenge, mediating a verification of the activation server by a mobile device, and encrypting the second challenge using a generated key to obtain an encrypted second challenge. The security module card further transmits the encrypted second challenge and a third challenge to the mobile device. The method further includes receiving an encrypted third challenge from the mobile device, decrypting the encrypted third challenge to obtain a received third challenge, verifying the mobile device based on the received third challenge being equal to the third challenge sent to the mobile device, and sending a validation of mutual trust between the security module card and the mobile device to the activation server.

Citations

20 Claims

1. A method for activation comprising:
- (a) verifying, by a security module card, an activation server using a shared secret key and a first challenge;
  
  (b) mediating, by the security module card, in response to verifying the activation server, a verification of the activation server by a mobile device, wherein the verification uses a second challenge and a key pair;
  
  (c) encrypting, by the security module card, the second challenge using a generated key to obtain an encrypted second challenge, wherein the generated key is generated by the activation server;
  
  (d) transmitting, by the security module card, the encrypted second challenge and a third challenge to the mobile device, wherein the mobile device verifies the security module card using the encrypted second challenge;
  
  (e) receiving, by the security module card, an encrypted third challenge from the mobile device;
  
  (f) decrypting, by the security module card, the encrypted third challenge to obtain a received third challenge;
  
  (g) verifying, by the security module card, the mobile device based on the received third challenge being equal to the third challenge sent to the mobile device; and
  
  (h) sending, by the security module card, a validation of mutual trust between the security module card and the mobile device to the activation server,wherein (a) is performed before (c) and wherein (c) is performed before (h).
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein verifying the activation server comprises:
    - sending the first challenge to the activation server;
      
      receiving, from the activation server, a first encrypted value in response to sending the first challenge;
      
      decrypting the first encrypted value using the shared secret key to obtain a first value; and
      
      authenticating the activation server based on the first value being equal to the first challenge.
  - 3. The method of claim 2, further comprising:
    - receiving, by the security module card from the activation server, a fourth challenge;
      
      encrypting, by the security module card, the fourth challenge using the shared secret key to create a second encrypted value; and
      
      sending the second encrypted value to the activation server,wherein the activation server decrypts the second encrypted value and verifies that the fourth challenge in the decrypted second encrypted value is equal to the fourth challenge received by the security module card to authenticate the security module card.
  - 4. The method of claim 2, further comprising:
    - sending a secret key identifier of the secret key, wherein the activation server communicates with a plurality of security module cards using a corresponding unique secret key, wherein the security module card is one of the plurality of security module cards.
  - 5. The method of claim 1, wherein (b) and (c) are performed concurrently.
  - 6. The method of claim 1, wherein the secret key is stored on the security module card prior to the security module card being provided to a user of the mobile device.
  - 7. The method of claim 1, wherein the activation server authenticates the security module card when creating a GlobalPlatform Secure Channel to communicate with the security module card prior to (a).
  - 8. The method of claim 1, wherein mediating the verification of the activation server by the mobile device comprises:
    - forwarding the second challenge received from the mobile device to the activation server;
      
      receiving, from the activation server, a first encrypted value;
      
      sending, to the mobile device, the first encrypted value,wherein the mobile device decrypts the first encrypted value using a public key to obtain a first value, wherein the public key is in the key pair, andwherein the mobile device verifies the activation server by confirming that the second challenge sent by the mobile device is equal to the second challenge in the first value.
  - 9. The method of claim 8, further comprising:
    - decrypting, by the security module card, an encrypted generated key using the shared secret key to obtain the generated key; and
      
      wherein the mobile device extracts the generated key from the first value and decrypts the encrypted second challenge using the generated key to obtain a decrypted second challenge, andwherein the mobile device validates the security module card based on the second challenge sent by the mobile device being equal to the decrypted second challenge.
  - 10. The method of claim 1, wherein the activation server validates the mobile device based on the validation of the security module card and the receiving of the validation of mutual trust from the security module card.

11. A security module card for activation, the security module card comprising:
- secured memory comprising a shared secret key; and
  
  a card activation module configured to;
  
  (a) verify an activation server using the shared secret key and a first challenge;
  
  (b) mediate, in response to verifying the activation server, a verification of the activation server by a mobile device, wherein the verification uses a second challenge and a key pair;
  
  (c) encrypt the second challenge using a generated key to obtain an encrypted second challenge, wherein the generated key is generated by the activation server;
  
  (d) transmit the encrypted second challenge and a third challenge to the mobile device, wherein the mobile device verifies the security module card using the encrypted second challenge;
  
  (e) receive an encrypted third challenge from the mobile device;
  
  (f) decrypt the encrypted third challenge to obtain a received third challenge;
  
  (g) verify the mobile device based on the received third challenge being equal to the third challenge sent to the mobile device; and
  
  (h) send a validation of mutual trust between the security module card and the mobile device to the activation server,wherein (a) is performed before (c) and wherein (c) is performed before (h).
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The security module card of claim 11, wherein verifying the activation server comprises:
    - sending the first challenge to the activation server;
      
      receiving, from the activation server, a first encrypted value in response to sending the first challenge;
      
      decrypting the first encrypted value using the shared secret key to obtain a first value; and
      
      authenticating the activation server based on the first value being equal to the first challenge.
  - 13. The security module card of claim 12, wherein the card activation module is further configured to:
    - receive, from the activation server, a fourth challenge;
      
      encrypt the fourth challenge using the shared secret key to create a second encrypted value;
      
      send the second encrypted value to the activation server,wherein the activation server decrypts the second encrypted value and verifies that the fourth challenge in the decrypted second encrypted value is equal to the fourth challenge received by the security module card to authenticate the security module card.
  - 14. The security module card of claim 12, wherein the card activation module is further configured to:
    - send a secret key identifier of the secret key, wherein the activation server communicates with a plurality of security module cards using a corresponding unique secret key, wherein the security module card is one of the plurality of security module cards.
  - 15. The security module card of claim 12, wherein (b) and (c) are performed concurrently.
  - 16. The security module card of claim 12, wherein the shared secret key is stored on the security module card prior to the security module card being provided to a user of the mobile device.

17. A system comprising:
- a security module card comprising;
  
  secured memory comprising a shared secret key; and
  
  a card activation module configured to;
  
  (a) verify an activation server using the shared secret key and a first challenge;
  
  (b) mediate, in response to verifying the activation server, a verification of the activation server by a mobile device, wherein the verification uses a second challenge and a key pair;
  
  (c) encrypt the second challenge using a generated key to obtain an encrypted second challenge, wherein the generated key is generated by the activation server;
  
  (d) transmit the encrypted second challenge and a third challenge to the mobile device, wherein the mobile device verifies the security module card using the encrypted second challenge;
  
  (e) receive an encrypted third challenge from the mobile device;
  
  (f) decrypt the encrypted third challenge to obtain a received third challenge;
  
  (g) verify the mobile device based on the received third challenge being equal to the third challenge sent to the mobile device; and
  
  (h) send a validation of mutual trust between the security module card and the mobile device to the activation server,wherein (a) is performed before (c) and wherein (c) is performed before (h); and
  
  a mobile device operatively connected to the security module card, and comprising;
  
  mobile device memory comprising a public key in the key pair; and
  
  a mobile device activation module configured to;
  
  send the second challenge to the activation server via the security module card;
  
  receive from the activation server an encrypted value via the security module card;
  
  decrypt the encrypted value using the public key to obtain a value, andverify the second challenge sent by the mobile device is equal to the second challenge in the value to verify the activation server.
- View Dependent Claims (18, 19, 20)
- - 18. The system of claim 17, wherein the security module card is embedded in the mobile device.
  - 19. The system of claim 18, wherein the security module card is a secured identification module (SIM) card.
  - 20. The system of claim 17, wherein the mobile device activation module is further configured to:
    - receive the third challenge from the security module card;
      
      creates the encrypted third challenge; and
      
      send the encrypted third challenge to the security module card.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Hans, Sebastian, Glasman, Alexander, Ivanova, Natalia
Primary Examiner(s)
Orgad, Edan
Assistant Examiner(s)
TURCHEN, JAMES R

Application Number

US13/459,331
Publication Number

US 20130290714A1
Time in Patent Office

589 Days
Field of Search

713/168
US Class Current

713/168
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 21/445   by mutual authentication, e...

H04L 2463/062   applying encryption of the ...

H04L 9/3273   for mutual authentication n...

H04W 12/06   Authentication

H04W 12/069   using certificates or pre-s...

Method and system for activation

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for activation

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links