Credential provisioning
First Claim
Patent Images
1. A method performed by a provisioning apparatus comprising a processing unit and a memory, the method comprising:
- choosing a family key, a family key defining a family of applications;
submitting the family key to a security element in a secured manner;
choosing credentials;
deriving protection keys based on the family key;
protecting the credentials using the protection keys for securing credential data;
submitting said secured credential data to the security element;
using the family key for binding a credential application to the family; and
submitting said binding to the security element.
2 Assignments
0 Petitions
Accused Products
Abstract
Disclosed is a method in a provisioning apparatus. The method comprises obtaining a family key, a family key defining a family; submitting the family key to a security element in a secure manner (2-2); using the family key for securing credential data; submitting said secured credential data to the security element (2-4); using the family key for binding an application to the family; and submitting said binding to the security element (2-5). Also a method in a related security element and related apparatuses, systems and computer programs are disclosed.
-
Citations
35 Claims
-
1. A method performed by a provisioning apparatus comprising a processing unit and a memory, the method comprising:
-
choosing a family key, a family key defining a family of applications; submitting the family key to a security element in a secured manner; choosing credentials; deriving protection keys based on the family key; protecting the credentials using the protection keys for securing credential data; submitting said secured credential data to the security element; using the family key for binding a credential application to the family; and submitting said binding to the security element. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method performed by a security element comprising a processing unit and a memory, the method comprising:
-
receiving a family key transmitted in a secured manner, the family key defining a family of applications; receiving credential data secured with protection keys derived based on the family key; receiving information binding at least one credential application to the family; and limiting access to said credential data for applications not having a binding to said family. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A provisioning apparatus comprising:
-
a memory, a processing unit coupled to the memory, wherein the processing unit with the memory is configured to cause the provisioning apparatus at least to; choose a family key, a family key defining a family of applications; submit the family key to a security element in a secured manner; choose credentials; derive protection keys based on the family key; protect the credentials using the protection keys for securing credential data; submit said secured credential data to the security element; use the family key for binding a credential application to the family; and submit said binding to the security element. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A security element comprising:
-
a memory, a processing unit coupled to the memory, wherein the processing unit with the memory is configured to cause the security element at least to; receive a family key transmitted in a secured manner, the family key defining a family of applications; receive credential data secured with protection keys derived based on the family key; receive information binding at least one credential application to the family; and limit access to said credential data for applications not having a binding to said family. - View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35)
-
Specification