| 摘要 |
A module with an embedded universal integrated circuit card (eUICC) can include a profile for the eUICC. The profile can include a first and second shared secret key K for authenticating with a wireless network. The first shared secret key K can be encrypted with a first key, and the second shared secret key K can be encrypted with a second key. The module can (i) receive the first key, (ii) decrypt the first shared secret key K with the first key, and (iii) subsequently authenticate with the wireless network using the plaintext first shared secret key K. The wireless network can authenticate the user of the module using a second factor. The module can then (i) receive the second key, (ii) decrypt the second shared secret key K, and (iii) authenticate with the wireless network using the second shared secret key K. The module can comprise a mobile phone. |
| 主权项 |
1. A method for authentication, the method performed by an embedded Universal Integrated Circuit Card (eUICC), the method comprising:
recording, by the eUICC, a profile key and an eUICC identity, and sending the eUICC identity; receiving, by the eUICC, a profile, wherein the eUICC uses the profile key to decrypt at least a portion of the profile, wherein the portion includes a first key K1 and a network module identity; sending, by the eUICC, the network module identity, receiving a first pseudo-random number (RAND), processing a first response value (RES) using the first key K1, and sending the first RES; receiving, by the eUICC, a key exchange token, wherein the eUICC uses a key derivation algorithm, a private key, and the received key exchange token to derive a second key K2; and, sending, by the eUICC, the network module identity, receiving a second RAND, processing a second RES using the second key K2, and sending the second RES. |
