SMART CARD PERSONNALIZATION WITH LOCAL GENERATION OF KEYS

摘要

For personalizing a smart card (SC) coupled with a communication device (CD) of a user being a subscriber of a first telecommunication network (TN1) and wishing to become a subscriber of a second telecommunication network (TN2), a first international identity (IMSI—1) and a first authentication key (AK—1) being stored in the smart card (SC), the smart card receives a message (MesP) from an application server (AS) connected to the first telecommunication network and the second telecommunication network, the message (MesN) comprising a personalization command (ComP) and an admin code (ACas), after that the application server has received a request (Req) of subscription change comprising an identifier (1dMNO2) of the second telecommunication network (TN2) and has established a secured session with a personalization server (PS) of the second telecommunication network (TN2) identified by the identifier (1dMNO2), LR2 and interprets the personalization command (ComP) to establish a secure session with the personalization server (PS) via the application server (AS), if the admin code (ACas) is valid. The smart card negotiates with the personalization server to agree on an second authentication key, by exchanging messages containing values derived from random secrets, receives a message (Mes3) containing an second international identity (IMSI—2) from the personalization server (PS), and replaces the first international identity (IMSI—1) and the first authentication key (AK—1) by the second international identity and the second authentication key.

主权项

1. A method for personalizing a smart card coupled with a communication device of a user being a subscriber of a first telecommunication network, a first international identity and a first authentication key being stored in the smart card, the method comprising:
receiving a first message from an application server connected to the first telecommunication network and a second telecommunication network, the first message comprising a personalization command and an admin code; interpreting the personalization command to establish a secure session with a personalization server via the application server if the admin code is valid; negotiating with the personalization server to agree on a second authentication key by exchanging messages that contain values derived from random secrets; receiving a second message that contains a second international identity from the personalization server (PS); and replacing the first international identity and the first authentication key with the second international identity and the second authentication key.