Smart card initial personnalization with local generation of keys

摘要

A method and system for initial personalization of a smart card coupled with a communication device of a user who is not yet a subscriber of any telecommunication network are disclosed. A temporary international identity and a temporary authentication key are stored in the smart card and in a home location register connected to a roaming entity of a telecommunication network. A series of signals are exchanged between the smart card, the roaming entity, an application server and a personalization server to establish a secure session between the smart card and the personalization server. During the secure session, the smart card receives a message containing an initial international identity from the personalization server, and replaces the temporary international identity and the temporary authentication key by the initial international identity and the initial authentication key.

主权项

1. A method for an initial personalization of a smart card coupled with a communication device of a user who is not yet a subscriber of any telecommunication network, a temporary international identity and a temporary authentication key being stored in the smart card and in a home location register connected to a roaming entity of a telecommunication network to which the communication device is able to be attached, the method comprising the following steps in the smart card:
sending a first request to the roaming entity, the first request being forwarded to the home location register that authenticates the user by means of the temporary international identity and the temporary authentication key, the roaming entity allowing the smart card to use resources of the telecommunication network; sending a second request for smart card personalization to an application server connected to the telecommunication network; receiving a response from the application server, the response comprising a personalization command and an admin code, and interpreting the personalization command to establish a secure session with a personalization server via the application server, if the admin code is valid; negotiating with the personalization server to agree on an initial authentication key, by exchanging messages containing values derived from random secrets; receiving a message containing an initial international identity from the personalization server; and replacing the temporary international identity and the temporary authentication key by the initial international identity and the initial authentication key.