Subscriber identification module pooling
US-2016174069-A1 · Jun 16, 2016 · US
Method for starting up and personalizing a subscriber identity module
US10904759B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10904759-B2 |
| Application number | US-201816635845-A |
| Country | US |
| Kind code | B2 |
| Filing date | Aug 16, 2018 |
| Priority date | Aug 17, 2017 |
| Publication date | Jan 26, 2021 |
| Grant date | Jan 26, 2021 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method for the initial operation and personalization of a subscriber identity module in a mobile radio network, prior to its first initial operation in the mobile radio network, the subscriber identity module does not yet include an individual secret key and is being equipped with an individual, unique parameter data set only after its first initial operation in the mobile radio network. A mobile radio server takes on, from the subscriber identity module, an authentication message formed with a preliminary parameter data set comprising an individual, unique subscriber identification and a non-individual, non-unique preliminary secret key, and sends, after a verification, in response thereto an individual, unique final secret key to the subscriber identity module for programming into the subscriber identity module. The preliminary parameter data set is introduced into the subscriber identity module selectively during production or by an initializing step based on an initial parameter data set.
First claim
Opening claim text (preview).
The invention claimed is: 1. A method for the initial operation and personalization of a subscriber identity module in a mobile radio network, in which, prior to its first initial operation in the mobile radio network, the subscriber identity module does not yet include an individual, unique parameter data set comprising at least an individual subscriber identification and an individual secret key and is being equipped with an individual, unique parameter data set only after or on the occasion of its first initial operation in the mobile radio network, characterized by the steps of: a) supplying a subscriber identity module which includes a preliminary parameter data set comprising: a1) a unique subscriber identification individual to the subscriber identity module, and a2) a non-individual, non-unique preliminary secret key identical for a multiplicity of subscriber identity modules; b) supplying a mobile radio server which has the non-individual, non-unique preliminary secret key, and, at the mobile radio server, performing the steps of: b1) taking on, from the subscriber identity module, an authentication message formed with the individual, unique subscriber identification and the non-individual, non-unique preliminary secret key; b2) in response to taking on the authentication message, verifying the authentication message according to predetermined criteria, and in the case of a successful authentication, sending an individual, unique final secret key to the subscriber identity module for programming into the subscriber identity module. 2. The method according to claim 1 , further comprising the steps of: before step a): c) supplying a subscriber identity module which includes an initial parameter data set including: c1) a non-individual, non-unique initial subscriber identification identical for a multiplicity of subscriber identity modules, and c2) the non-individual, non-unique preliminary secret key identical for a multiplicity of subscriber identity modules; d) at the mobile radio server: d1) taking on, from the subscriber identity module, an initial authentication message formed with the non-individual, non-unique initial subscriber identification and the non-individual, non-unique preliminary secret key; d2) in response to taking on the initial authentication message, verifying the initial authentication message according to predetermined criteria, and in the case of a successful authentication, sending the unique subscriber identification individual to the subscriber identity module according to a1) to the subscriber identity module for programming into the subscriber identity module; d3) programming the individual, unique subscriber identification a1) into the subscriber identity module and thus arranging the preliminary parameter data set according to a) in the subscriber identity module. 3. The method for preparing a subscriber identity module for a method according to claim 1 , the method for preparing comprising the steps of: c) supplying a subscriber identity module which includes an initial parameter data set including: c1) a non-individual, non-unique initial subscriber identification identical for a multiplicity of subscriber identity modules, and c2) a non-individual, non-unique preliminary secret key identical for a multiplicity of subscriber identity modules; d) at a mobile radio server: d1) taking on, from the subscriber identity module, an initial authentication message formed with the non-individual, non-unique initial subscriber identification and the non-individual, non-unique preliminary secret key; d2) in response to taking on the initial authentication message, verifying the initial authentication message according to predetermined criteria, and in the case of a successful authentication, sending a unique subscriber identification individual to the subscriber identity module to the subscriber identity module for programming into the subscriber identity module; d3) programming the individual, unique subscriber identification into the subscriber identity module, and therefore arranging a preliminary parameter data set in the subscriber identity module, characterized by the further step of: e) combining, at least in the subscriber identity module the individual, unique subscriber identification and the non-individual, non-unique preliminary secret key into a preliminary parameter data set which is arranged to cause, in a subsequent step, a sending of an individual, unique final secret key to the subscriber identity module for programming into the subscriber identity module. 4. The method according to claim 1 , further comprising the step of: b3) programming the individual, unique final secret key into the subscriber identity module to equip the subscriber identity module with the individual, unique parameter data set. 5. The method according to claim 1 , wherein the preliminary parameter data set according to a) enables only one single authentication operation with the subscriber identity module by means of an authentication message; or/and enables merely the sending of the individual, unique final secret key to the subscriber identity module, but not a multiple or permanent utilization of the subscriber identity module for sending authentication messages. 6. The method according to claim 1 , following the steps of receiving according to b1 or d1 and positively verifying according to b2 or d2, further comprising: at the mobile radio server: registering the unique subscriber identification individual to the subscriber identity module as the final unique subscriber identification associated with the subscriber identity module. 7. The method according to claim 1 , wherein several groups of subscriber identity modules are supplied, each group comprising a multiplicity of subscriber identity modules, wherein the preliminary parameter data set a) includes as the preliminary secret key a preliminary group key from a plurality of group keys, wherein each group has assigned thereto an own group key from the plurality of group keys, wherein the mobile radio server has all the group keys from the plurality of group keys, and wherein the individual, unique subscriber identification according to a1) and, where applicable, the identical, non-individual, non-unique initial subscriber identification according to c1) includes a group key information item from which it can be derived with which group key the subscriber identification is associated. 8. The method according to claim 1 , wherein the step b2) of verifying the authentication message according to predetermined criteria comprises the following sub steps performed at the mobile radio server: b2-1) extracting the non-individual, non-unique preliminary secret key from the authentication message; b2-2) verifying the non-individual, non-unique preliminary secret key extracted according to b2-1). 9. The method according to a claim 8 , further comprising the step of: b2-3) in case that in step b2-2) the extracted non-individual, non-unique preliminary secret key is verified to be positive, evaluating the subscriber identification according to feature a1) as a valid subscriber identification, b3-4) registering the subscriber identification evaluated as valid according to step b2-3) with the mobile radio server as a valid subscriber identification. 10. The method according to claim 9 , wherein step b2) further comprises the steps performed at the mobile radio server: b2-4) after the step b3) of registering the subscriber identification evaluated to be valid with the mobile radio server: taking on, from the subscriber identity module, a second authentication message formed with the individual, unique subscri
Assignees
Inventors
Classifications
Transfer to or from user equipment or user record carrier · CPC title
Key distribution or pre-distribution; Key agreement · CPC title
- H04W8/265Primary
for initial activation of new user · CPC title
Key management, e.g. using generic bootstrapping architecture [GBA] · CPC title
Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10904759B2 cover?
- A method for the initial operation and personalization of a subscriber identity module in a mobile radio network, prior to its first initial operation in the mobile radio network, the subscriber identity module does not yet include an individual secret key and is being equipped with an individual, unique parameter data set only after its first initial operation in the mobile radio network. A mo…
- Who is the assignee on this patent?
- Giesecke & Devrient Mobile Security Gmbh
- What technology area does this patent fall under?
- Primary CPC classification H04W8/265. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jan 26 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).