Network Supporting Two-Factor Authentication for Modules with Embedded Universal Integrated Circuit Cards

摘要

A network with a set of servers can support authentication from a module, where the module includes an embedded universal integrated circuit card (eUICC). The network can send a first network module identity, a first key K, and an encrypted second key K for an eUICC profile to an eUICC subscription manager. The second key K can be encrypted with a symmetric key. The module can receive and activate the eUICC profile, and the network can authenticate the module using the first network module identity and the first key K. The network can (i) authenticate the user of the module using a second factor, and then (ii) send the symmetric key to the module. The module can decrypt the encrypted second key K using the symmetric key. The network can authenticate the module using the second key K. The module can comprise a mobile phone.

主权项

1. A method for authentication, the method performed by a set of servers communicating through at least one local area network interface, the set of servers including at least one computer processor for performing the steps of the method, the method comprising:
processing a first key K, and a second key K; authenticating the module using the first key K; encrypting the second key K with a symmetric key, wherein the symmetric key is derived from a key exchange algorithm; sending the encrypted second key K to the module; authenticating a user associated with the module; sending, after authenticating the user, a key exchange token to the module, wherein the module (i) uses the key exchange token to derive the symmetric key from the key exchange algorithm and (ii) decrypt the encrypted second key K; and, authenticating the module using the second key K.