Key derivation for a module using an embedded universal integrated circuit card
First Claim
1. A method for a module using an embedded integrated circuit card (eUICC) to support authentication, the method comprising the module:
- reading a module identity from a protected memory and sending the module identity to an eUICC subscription manager;
reading an eUICC subscription manager public key from the protected memory;
authenticating the eUICC subscription manager using the eUICC subscription manager public key;
receiving a first profile for the eUICC, wherein the first profile includes a first network module identity and a first key K, and wherein the module sends the module identity to the eUICC subscription manager before receiving the first profile;
using the eUICC, the first network module identity, and the first key K to authenticate with a first wireless network;
receiving from an eUICC subscription manager a server public key after authenticating with the first key K;
deriving a shared secret key using (i) the received server public key, (ii) an eUICC private key, and (iii) a shared secret algorithm;
receiving a second profile for the eUICC, wherein the module decrypts the second profile using the derived shared secret key, wherein the decrypted second profile includes a second network module identity and a second key K; and
authenticating with a second wireless network using the second network module identity and the second key K.
4 Assignments
0 Petitions
Accused Products
Abstract
A module with an embedded universal integrated circuit card (eUICC) can include a received eUICC profile and a set of cryptographic algorithms. The received eUICC profile can include an initial shared secret key for authentication with a wireless network. The module can receive a key K network token and send a key K module token to the wireless network. The module can use the key K network token, a derived module private key, and a key derivation function to derive a secret shared network key K that supports communication with the wireless network. The wireless network can use the received key K module token, a network private key, and the key derivation function in order to derive the same secret shared network key K derived by the module. The module and the wireless network can subsequently use the mutually derived key K to communicate using traditional wireless network standards.
189 Citations
11 Claims
-
1. A method for a module using an embedded integrated circuit card (eUICC) to support authentication, the method comprising the module:
-
reading a module identity from a protected memory and sending the module identity to an eUICC subscription manager; reading an eUICC subscription manager public key from the protected memory; authenticating the eUICC subscription manager using the eUICC subscription manager public key; receiving a first profile for the eUICC, wherein the first profile includes a first network module identity and a first key K, and wherein the module sends the module identity to the eUICC subscription manager before receiving the first profile; using the eUICC, the first network module identity, and the first key K to authenticate with a first wireless network; receiving from an eUICC subscription manager a server public key after authenticating with the first key K; deriving a shared secret key using (i) the received server public key, (ii) an eUICC private key, and (iii) a shared secret algorithm; receiving a second profile for the eUICC, wherein the module decrypts the second profile using the derived shared secret key, wherein the decrypted second profile includes a second network module identity and a second key K; and authenticating with a second wireless network using the second network module identity and the second key K. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for a module using an embedded integrated circuit card (eUICC) to support authentication, the method comprising the module:
-
reading a module identity from a protected memory and sending the module identity to an eUICC subscription manager; receiving a first profile for the eUICC, wherein the first profile includes a first network module identity and a first key K; using the eUICC, the first network module identity, and the first key K to authenticate with a first wireless network; receiving from an eUICC subscription manager a server public key after authenticating with the first key K; deriving a shared secret key using (i) the received server public key, (ii) an eUICC private key, and (iii) a shared secret algorithm; receiving a second profile for the eUICC, wherein the module decrypts the second profile using the derived shared secret key, wherein the decrypted second profile includes a second network module identity and a second key K; and authenticating with a second wireless network using the second network module identity and the second key K, wherein the module (i) sends the second network module identity, (ii) receives a random number (RAND), (iii) uses the RAND, the second key K, and a set of cryptographic algorithms to calculate a response (RES), and (iv) sends the RES to the second wireless network. - View Dependent Claims (8, 9, 10, 11)
-
Specification