Communication method and communication system
US-2024422539-A1 · Dec 19, 2024 · US
Key derivation
US9247429B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9247429-B2 |
| Application number | US-201113994389-A |
| Country | US |
| Kind code | B2 |
| Filing date | Dec 15, 2011 |
| Priority date | Dec 15, 2010 |
| Publication date | Jan 26, 2016 |
| Grant date | Jan 26, 2016 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
To facilitate a change in network authentication key (Ki) for use by a smart card (SIM) during authentication on a cellular telecommunications network, there is provided a smart card management scheme that combines key derivation with over the air (OTA) provisioning. This scheme ensures both that the Ki is never transmitted OTA and that the Ki is stored in two locations only: on the SIM and at an authentication center (AuC).
First claim
Opening claim text (preview).
The invention claimed is: 1. A method for managing subscription information stored on a microprocessor card, the card being pre-provisioned with an associated unique card number, at least one predefined unique master key (K_master) and at least one number generating means, the method comprising: receiving at the microprocessor card a derivation value (SEED) from one of a plurality of trusted parties (TSM), said derivation value (SEED) associated with an identification number (Ki); storing the derivation value (SEED) on the microprocessor card; and generating at the microprocessor card the identification number (Ki) using the number generating means, the derivation value (SEED) and the at least one predefined unique master key (K_master); wherein the identification number (Ki) is configured for authorizing a subscription to a telecommunications network and is provided for provisioning the card with said subscription, wherein the microprocessor card is pre-provisioned with a plurality of predefined unique master keys (K_master), wherein the microprocessor card is further pre-provisioned with root key identifiers corresponding to the respective predefined unique master keys (K_master) and at least two number generating means, thereby providing at least a main number generating means and a back-up number generating means, each number generating means identifying a different one of the predefined unique master keys by said master key identifiers. 2. A method as claimed in claim 1 , further comprising: providing an integrity check whereby the card checks the integrity of the generated identification number (Ki). 3. A method as claimed in claim 1 , wherein the identification number (Ki) is deleted after use in authentication with an MNO. 4. A method as claimed in claim 1 , wherein the derivation value (SEED) is received in a secured OTA packet. 5. A method as claimed in claim 1 , wherein the key derivation is a reversible process, so that by applying a reverse key derivation at a trusted party (TSM) using the unique card number, the SEED and master key K_master, the SEED can be correlated with any desired Ki. 6. A method as claimed in claim 1 , wherein the identification number Ki is re-derived on each start-up of the microprocessor card authentication algorithm. 7. A method according to claim 1 , wherein the generating the identification number (Ki) is performed only when the identification number (Ki) is needed. 8. A method according to claim 1 , wherein the identification number (Ki) is a replacement of an identification number (Ki) previously associated with the card. 9. A method according to claim 1 , wherein the identification number (Ki) is used to personalize the card to an operator. 10. A method according to claim 1 , wherein the generating the identification number (Ki) is further performed by using the unique card number and a root key. 11. A method according to claim 1 , wherein the microprocessor for generating the identification number (Ki) is further configured to use the unique card number and a root key. 12. A telecommunications security module, provisioned with one or more unique master keys, and one or more number generating means, the module comprising: means for receiving a derivation value (SEED) from one of a plurality of trusted parties (TSM), said derivation value (SEED) associated with an identification number (Ki); storage means for storing the derivation value (SEED); a microprocessor for generating the identification number (Ki) using the number generating means, the derivation value (SEED) and the one or more unique master keys; wherein the identification number (Ki) generated is configured for authorizing a subscription to a telecommunications network and is provided for provisioning the card with said subscription, wherein the telecommunications security module is pre-provisioned with a plurality of predefined unique master keys (K_master), wherein the telecommunications security module is further pre-provisioned with root key identifiers corresponding to the respective predefined unique master keys (K_master) and at least two number generating means, thereby providing at least a main number generating means and a back-up number generating means, each number generating means identifying a different one of the predefined unique master keys by said master key identifiers. 13. An apparatus incorporating a telecommunications security module as claimed in claim 12 . 14. A method for managing subscription information stored on a microprocessor card, the card being pre-provisioned with an associated unique card number, at least one predefined unique master key (K_master) and at least one number generating means, the method comprising: receiving at the microprocessor card a derivation value (SEED) from one of a plurality of trusted parties (TSM), said derivation value (SEED) associated with an identification number (Ki); storing the derivation value (SEED) on the microprocessor card; and generating at the microprocessor card the identification number (Ki) using the number generating means, the derivation value (SEED) and the at least one predefined unique master key (K_master); wherein the identification number (Ki) is configured for authorizing a subscription to a telecommunications network and is provided for provisioning the card with said subscription, wherein the identification number (Ki) is not stored persistently on the microprocessor card such that the identification number (Ki) is re-derived on each usage of the microprocessor card. 15. A method as claimed in claim 14 , further comprising: providing an integrity check whereby the card checks the integrity of the generated identification number (Ki). 16. A method as claimed in claim 14 , wherein the identification number (Ki) is deleted after use in authentication with an MNO. 17. A method as claimed in claim 14 , wherein the derivation value (SEED) is received in a secured OTA packet. 18. A method as claimed in claim 14 , wherein the key derivation is a reversible process, so that by applying a reverse key derivation at a trusted party (TSM) using the unique card number, the SEED and master key K_master, the SEED can be correlated with any desired Ki. 19. A method as claimed in claim 14 , wherein the microprocessor card is pre-provisioned with a plurality of predefined unique master keys (K_master). 20. A method as claimed in claim 19 , wherein the microprocessor card is further pre-provisioned with root key identifiers corresponding to the respective predefined unique master keys (K_master) and at least two number generating means, thereby providing at least a main number generating means and a back-up number generating means, each number generating means identifying a different one of the predefined unique master keys by said master key identifiers.
Assignees
Inventors
Classifications
involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token (network architectures or network communication protocols for supporting authentication of entities using an additional device in a packet data network H04L63/0853) · CPC title
- H04W12/06Primary
Authentication · CPC title
using cryptographic hash functions · CPC title
- H04L9/0869Primary
involving random numbers or seeds · CPC title
using a plurality of keys or algorithms · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9247429B2 cover?
- To facilitate a change in network authentication key (Ki) for use by a smart card (SIM) during authentication on a cellular telecommunications network, there is provided a smart card management scheme that combines key derivation with over the air (OTA) provisioning. This scheme ensures both that the Ki is never transmitted OTA and that the Ki is stored in two locations only: on the SIM and at …
- Who is the assignee on this patent?
- Babbage Stephen, Bone Nicholas, Vodafone Ip Licensing Ltd
- What technology area does this patent fall under?
- Primary CPC classification H04W12/06. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jan 26 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).