Network assisted terminal to SIM/UICC key establishment
First Claim
Patent Images
1. A method for establishing a shared key (KE) between a mobile device and a smart card, said method comprising the steps of:
- sending, from said mobile device, a first message to a mobile operator which upon receiving the first message said mobile operator generates;
an encrypted shared key (KE′
);
a random challenge value (RAND); and
if needed, an authentication token (AUTN);
receiving, at said mobile device, a second message from said mobile operator, wherein said second message includes;
the encrypted shared key (KE′
);
the random challenge value (RAND); and
if present, the authentication token (AUTN);
decrypting, at said mobile device, the encrypted shared key (KE′
) to determine the shared key (KE);
sending, from said mobile device, a third message to said smart card, wherein said third message includes;
the random challenge value (RAND); and
if present, the authentication token (AUTN);
using, at said smart card, the random challenge value (RAND) and if present the authentication token (AUTN) to determine the shared key (KE).
1 Assignment
0 Petitions
Accused Products
Abstract
A method is described herein which enables a mobile device and a smart card (SIM, UICC) to establish a shared secret KE which can then be used to secure an interface between themselves. A mobile operator helps in the establishment of the shared secret (KE) by taking part in a key exchange between the mobile device and smart card. The mobile operator'"'"'s involvement is desirable since they can keep track of mobile device-smart card pairs and if necessary they can block the security establishment between the mobile device and the smart card in order to prevent fraudulent behavior.
153 Citations
19 Claims
-
1. A method for establishing a shared key (KE) between a mobile device and a smart card, said method comprising the steps of:
-
sending, from said mobile device, a first message to a mobile operator which upon receiving the first message said mobile operator generates;
an encrypted shared key (KE′
);
a random challenge value (RAND); and
if needed, an authentication token (AUTN);
receiving, at said mobile device, a second message from said mobile operator, wherein said second message includes;
the encrypted shared key (KE′
);
the random challenge value (RAND); and
if present, the authentication token (AUTN);
decrypting, at said mobile device, the encrypted shared key (KE′
) to determine the shared key (KE);
sending, from said mobile device, a third message to said smart card, wherein said third message includes;
the random challenge value (RAND); and
if present, the authentication token (AUTN);
using, at said smart card, the random challenge value (RAND) and if present the authentication token (AUTN) to determine the shared key (KE). - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A mobile device/smart card that uses a mobile operator to help establish a shared key (KE) which is used to protect an interface between said mobile device and said smart card, wherein:
-
said mobile device comprising;
logic that sends a request message to a mobile operator and then receives;
an encrypted shared key (KE′
);
a random challenge value (RAND); and
if present, an authentication token (AUTN); and
logic that decrypts the encrypted shared key (KE′
) to determine the shared key (KE);
logic that sends said smart card the following;
the random challenge value (RAND); and
if present, the authentication token (AUTN); and
said smart card comprising;
logic that receives the following;
the random challenge value (RAND); and
if present, the authentication token (AUTN); and
logic that determines the shared key (KE) using the random challenge value (RAND) and if present the authentication token (AUTN). - View Dependent Claims (13, 14, 15)
-
-
16. A mobile network comprising:
-
a node/database that receives a request message from a mobile device and then determines at least the following;
an encrypted shared key (KE′
);
a random challenge value (RAND); and
if needed, an authentication token (AUTN);
said node/database sends said mobile device the following;
the encrypted shared key (KE′
);
the random challenge value (RAND); and
if present, the authentication token (AUTN), wherein said mobile device decrypts the encrypted shared key (KE′
) to determine a shared key (KE), wherein said mobile device sends a smart card the random challenge value (RAND) and if provided the authentication token (AUTN), wherein said smart card uses the random challenge value (RAND) and if provided the authentication token (AUTN) to determine a shared key (KE), wherein said mobile device and said smart card use their shared keys (KEs) to protect an interface between themselves. - View Dependent Claims (17, 18, 19)
-
Specification