SYSTEM AND METHODS FOR UICC-BASED SECURE COMMUNICATION

摘要

A system that incorporates the subject disclosure may include, for example, instructions which when executed cause a device processor to perform operations comprising sending a service request to a remote management server; receiving from the management server an authentication management function and an encryption key generator for execution by a secure element and an encryption engine for execution by a secure device processor, sending a request to establish a communication session with a remote device; and communicating with the remote device via a channel established using an application server. The secure element and the secure device processor authenticate each other using a mutual authentication keyset. The secure element, the secure device processor and the device processor each have a security level associated therewith; the security level associated with the secure device processor is intermediate between that of the secure element and that of the device processor. Other embodiments are disclosed.

主权项

1. A method comprising:
receiving, over a network by a system including a processor, a first request for service from a first end user device; providing, by the system over the network to the first end user device, an authentication management function and an encryption key generator for execution by a secure element of the first end user device and an encryption engine for execution by a secure device processor of the first end user device, to cause the secure element and the secure device processor to authenticate each other using a mutual authentication keyset, wherein the secure element and the secure device processor are separate from each other; receiving, by the system over the network from the first end user device, a second request for a secure signaling session, wherein the second request is initiated by the secure device processor of the first end user device; providing, by the system over the network to the first end user device, a first authentication signal, wherein a secure application server associated with the system is authenticated by the authentication management function using a signaling authentication keyset; communicating by the system with the first end user device via a first encrypted channel using a first signaling encryption keyset, wherein encryption and decryption of communications over the first encrypted channel is performed by the encryption engine and the first signaling encryption keyset is generated by the encryption key generator; receiving, by the system over the network from the first end user device, a third request to establish a communication session with a second end user device; and communicating by the system with the second end user device via a second encrypted channel using a second signaling encryption keyset, wherein the communicating by the system with the first and second end user devices enables establishing the communication session between the first and second end user devices, and wherein the mutual authentication keyset, the signaling authentication keyset, and the first and second signaling encryption keysets are distinct keysets.