Key Derivation for a Module using an Embedded Universal Integrated Circuit Card

摘要

A module with an embedded universal integrated circuit card (eUICC) can include a received eUICC profile and a set of cryptographic algorithms. The received eUICC profile can include an initial shared secret key for authentication with a wireless network. The module can receive a key K network token and send a key K module token to the wireless network. The module can use the key K network token, a derived module private key, and a key derivation function to derive a secret shared network key K that supports communication with the wireless network. The wireless network can use the received key K module token, a network private key, and the key derivation function in order to derive the same secret shared network key K derived by the module. The module and the wireless network can subsequently use the mutually derived key K to communicate using traditional wireless network standards.

主权项

1. A method for a module to derive a secret shared network key K, the method comprising the module:
storing an initial key K in at least one of (i) a universal integrated circuit card (UICC) and (ii) an embedded universal integrated circuit card (eUICC), wherein the module uses the initial key K to authenticate with a wireless network; deriving a module private key and a module public key, wherein the module derives a key K module token using the derived module private key; sending the module key K token to the wireless network after authentication with initial key K; deriving the secret shared network key K using a key derivation function and a set of cryptographic parameters, wherein the key derivation function uses as input at least (i) the derived module private key, (ii) the set of cryptographic parameters, and (iii) a key K network token; and, authenticating with the wireless network using the derived secret shared network key K.