Profile download method and apparatus for use in wireless communication system

US 10,368,240 B2
Filed: 08/31/2016
Issued: 07/30/2019
Est. Priority Date: 08/31/2015
Status: Active Grant

First Claim

Patent Images

1. A communication method of a terminal, the method comprising:

transmitting, to a profile provision server, an initial authentication message including a first challenge value for authentication of the profile provision server;

receiving, from the profile provision server, an initial authentication response message including a first data and a first signature value, wherein the first data includes the first challenge value and a second challenge value for authentication of the terminal, and the first signature value is computed over the first data;

verifying the first signature value;

generating a second data including the second challenge value and profile mapping information, and computing a second signature value over the second data;

transmitting, to the profile provision server, an authentication client a first message including the second data and the second signature value;

receiving, from the profile provision server, an authentication client response message including unencrypted information related to a profile and information indicating whether a confirmation code is required for the profile;

receiving, via a user interface, a confirmation code based on the unencrypted information related to the profile in case that the information indicates the confirmation code is required;

transmitting, to the profile provision server, a profile download request message including the confirmation code; and

receiving, from the profile provision server, a profile download response message including an encrypted profile data in response to the profile download request message.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A profile downloading method and apparatus is provided for a terminal to download and install a profile in a communication system. The communication method of the terminal includes transmitting a first message including information on a profile to be received from a profile provision server; receiving a second message including information indicating whether an encryption code input is required and a first modified encryption code; generating, when the first modified encryption code is successfully authenticated, a second modified encryption code; transmitting to the profile provision server a third message including information requesting to the profile provision server for the second modified encryption code and profile download, and receiving a fourth message including information on the profile from the profile provision server.

11 Citations

View as Search Results

20 Claims

1. A communication method of a terminal, the method comprising:
- transmitting, to a profile provision server, an initial authentication message including a first challenge value for authentication of the profile provision server;
  
  receiving, from the profile provision server, an initial authentication response message including a first data and a first signature value, wherein the first data includes the first challenge value and a second challenge value for authentication of the terminal, and the first signature value is computed over the first data;
  
  verifying the first signature value;
  
  generating a second data including the second challenge value and profile mapping information, and computing a second signature value over the second data;
  
  transmitting, to the profile provision server, an authentication client a first message including the second data and the second signature value;
  
  receiving, from the profile provision server, an authentication client response message including unencrypted information related to a profile and information indicating whether a confirmation code is required for the profile;
  
  receiving, via a user interface, a confirmation code based on the unencrypted information related to the profile in case that the information indicates the confirmation code is required;
  
  transmitting, to the profile provision server, a profile download request message including the confirmation code; and
  
  receiving, from the profile provision server, a profile download response message including an encrypted profile data in response to the profile download request message.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein the transmitting the profile download request message comprises:
    - calculating a hashed confirmation code using the confirmation code;
      
      generating the profile download request message including a third data and a third signature value, wherein the third data includes the hashed confirmation code and the third signature value is computed over the third data; and
      
      transmitting, to the profile provision server, the profile download request message.
  - 3. The method of claim 1, wherein receiving the authentication client response message comprises:
    - receiving, from the profile provision server, the authentication client response message including the unencrypted information related to the profile, a fourth data, and a fourth signature value, wherein the fourth data includes the information indicating whether the confirmation code is required, and the fourth signature value is computed over the fourth data and the second signature value.
  - 4. The method of claim 1, wherein receiving the confirmation code further comprises displaying information requesting a user to enter the confirmation code and profile information contained in the unencrypted information related to the profile.
  - 5. The method of claim 1, further comprising:
    - receiving information indicating that a user rejects a download of the profile; and
      
      transmitting, to the profile provision server, the information indicating that the user rejects a download of the profile.

6. A communication method of a profile provision server, the method comprising:
- receiving, from a terminal, an initial authentication message including a first challenge value for authentication of the profile provision server;
  
  generating a first data including the first challenge value and a second challenge value for authentication of the terminal, and computing a first signature value over the first data;
  
  transmitting, to the terminal, an initial authentication response message including the first data and the first signature value;
  
  receiving, from the terminal, an authentication client message including a second data and a second signature value, wherein the second data includes the second challenge value and profile mapping information, and the second signature value is computed over the second data;
  
  verifying the second signature value;
  
  determining whether a confirmation code is required for a profile verified by the profile mapping information;
  
  transmitting, to the terminal, an authentication client response message including unencrypted information related to the profile and information indicating whether the confirmation code is required for the profile;
  
  receiving, from the terminal, a profile download request message including the confirmation code in case that the information indicates the confirmation code is required; and
  
  transmitting, to the terminal, a profile download response message including an encrypted profile data in response to the profile download request message.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The method of claim 6, wherein receiving the profile download request message comprises:
    - receiving, from the terminal, the profile download request message including a third data and a third signature value, wherein the third data includes a hashed confirmation code calculated by the terminal using the confirmation code and the third signature value is computed over the third data.
  - 8. The method of claim 6, wherein receiving the profile download request message comprises:
    - receiving, from the terminal, the profile download request message including a hashed confirmation code calculated by the terminal using the confirmation code;
      
      calculating an expected hash value using a soured hashed confirmation code;
      
      verifying that the received hashed confirmation code matches the expected hash value; and
      
      generating the profile download response message including the encrypted profile data in case that the received hashed confirmation code matches the expected hash value.
  - 9. The method of claim 6, wherein transmitting the authentication client response message comprises:
    - transmitting, to the terminal, the authentication client response message including the unencrypted information related to the profile, a fourth data, and a fourth signature value, wherein the fourth data includes the information indicating whether the confirmation code is required, and the fourth signature value is computed over the fourth data and the second signature value.
  - 10. The method of claim 6, further comprising receiving, from the terminal, information indicating that a user rejects a download of the profile.

11. A terminal comprising:
- a transceiver; and
  
  a controller configured to;
  
  control the transceiver to transmit, to a profile provision server, an initial authentication message including a first challenge value for authentication of the profile provision server,control the transceiver to receive, from the profile provision server, an initial authentication response message including a first data and a first signature value, wherein the first data includes the first challenge value and a second challenge value for authentication of the terminal, and the first signature value is computed over the first data,verify the first signature value,generate a second data including the second challenge value and profile mapping information, and compute a second signature value over the second data,control the transceiver to transmit, to the profile provision server, an authentication client message including the second data and the second signature value,control the transceiver to receive, from the profile provision server, an authentication client response message including unencrypted information related to a profile and information indicating whether a confirmation code is required for the profile,receive, via a user interface, a confirmation code based on the unencrypted information related to the profile in case that the information indicates the confirmation code is required,control the transceiver to transmit, to the profile provision server, a profile download request message including the confirmation code, andcontrol the transceiver to receive, from the profile provision server, a profile download response message including an encrypted profile data in response to the profile download request message.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The terminal of claim 11, wherein the controller is further configured to:
    - calculate a hashed confirmation code using the confirmation code, andgenerate the profile download request message including a third data and a third signature value, wherein the third data includes the hashed confirmation code and the third signature value is computed over the third data, andcontrol the transceiver to transmit, to the profile provision server, the profile download request message.
  - 13. The terminal of claim 11, wherein the controller is further configured to:
    - control the transceiver to receive, from the profile provision server, the authentication client response message including the unencrypted information related to the profile, a fourth data, and a fourth signature value, wherein the fourth data includes the information indicating whether the confirmation code is required, and the fourth signature value is computed over the fourth data and the second signature value.
  - 14. The terminal of claim 11, wherein the controller is further configured to:
    - display information requesting a user to enter the confirmation code and profile information contained in the unencrypted information related to the profile.
  - 15. The terminal of claim 11, wherein the controller is further configured to:
    - receive information indicating that a user rejects a download of the profile, andcontrol the transceiver to transmit, to the profile provision server, the information indicating that the user rejects a download of the profile.

16. A profile provision server comprising:
- a transceiver; and
  
  a controller configured to;
  
  control the transceiver to receive, from a terminal, an initial authentication message including a first challenge value for authentication of the profile provision server,generate a first data including the first challenge value and a second challenge value for authentication of the terminal, and computing a first signature value over the first data,control the transceiver to transmit, to the terminal, an initial authentication response message including the first data and the first signature value,control the transceiver to receive, from the terminal, an authentication client message including a second data and a second signature value, wherein the second data includes the second challenge value and profile mapping information, and the second signature value is computed over the second data,verify the second signature value,determine whether a confirmation code is required for a profile verified by the profile mapping information,control the transceiver to transmit, to the terminal, an authentication client response message including unencrypted information related to the profile and information indicating whether the confirmation code is required for the profile,control the transceiver to receive, from the terminal, a profile download request message including the confirmation code in case that the information indicates the confirmation code is required, andcontrol the transceiver to transmit, to the terminal a profile download response message including an encrypted profile data in response to the profile download request message.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The profile provisioning server of claim 16, wherein the controller is further configured to control the transceiver to receive, from the terminal, the profile download request message including a third data and a third signature value, wherein the third data includes a hashed confirmation code calculated by the terminal using the confirmation code, and the third signature value is computed over the third data.
  - 18. The profile provision server of claim 16, wherein the controller is further configured to:
    - control the transceiver to receive, from the terminal, the profile download request message including a hashed confirmation code calculated by the terminal using the confirmation code,calculate an expected hash value using a soured hashed confirmation code,verify that the received hashed confirmation code matches the expected hash value, andgenerate the profile download response message including the encrypted profile data in case that the received hashed confirmation code matches the expected hash value.
  - 19. The profile provision server of claim 16, wherein the controller is further configured to control the transceiver to transmit, to the terminal, the authentication client response message including the unencrypted information related to the profile, a fourth data, and a fourth signature value, wherein the fourth data includes the information indicating whether the confirmation code is required, and the fourth signature value is computed over the fourth data and the second signature value.
  - 20. The profile provision server of claim 16, wherein the controller is further configured to control the transceiver to receive, from the terminal, information indicating that a user rejects a download of the profile.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung Electronics Co. Ltd. (Samsung Group)
Original Assignee
Samsung Electronics Co. Ltd. (Samsung Group)
Inventors
Park, Jonghan, Lee, Duckey, Lee, Hyewon, Lee, Sangsoo
Primary Examiner(s)
Pwu, Jeffrey C
Assistant Examiner(s)
Woldemariam, Nega

Application Number

US15/253,803
Publication Number

US 20170064552A1
Time in Patent Office

1,063 Days
Field of Search

713168
US Class Current
CPC Class Codes

H04L 63/0869   for achieving mutual authen...

H04L 9/3239   involving non-keyed hash fu...

H04L 9/3273   for mutual authentication n...

H04W 12/06   Authentication

H04W 12/35   Protecting application or s...

H04W 4/50   Service provisioning or rec...

H04W 4/60   Subscription-based services...

H04W 8/205   Transfer to or from user eq...

Profile download method and apparatus for use in wireless communication system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

11 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Profile download method and apparatus for use in wireless communication system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

11 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links