System and methods for UICC-based secure communication

摘要

A system that incorporates the subject disclosure may include, for example, instructions which when executed cause a device processor to perform operations comprising sending a service request to a remote management server; receiving from the management server an authentication management function and an encryption key generator for execution by a secure element and an encryption engine for execution by a secure device processor, sending a request to establish a communication session with a remote device; and communicating with the remote device via a channel established using an application server. The secure element and the secure device processor authenticate each other using a mutual authentication keyset. The secure element, the secure device processor and the device processor each have a security level associated therewith; the security level associated with the secure device processor is intermediate between that of the secure element and that of the device processor. Other embodiments are disclosed.

主权项

1. A device comprising:
a secure element; a secure device processor separate from the secure element; a memory to store executable instructions; and a device processor separate from the secure device processor and coupled to the memory, the secure element and the secure device processor, wherein the device processor, responsive to executing the instructions, performs operations comprising:
sending a first request for service to a management server remote from the device;receiving from the management server an authentication management function and an encryption key generator for execution by the secure element and an encryption engine for execution by the secure device processor, to cause the secure element and the secure device processor to authenticate each other using a mutual authentication keyset;authenticating a user of the device using a user interface keyset, wherein user credentials are verified by the authentication management function;sending a second request for a secure signaling session to a secure application server remote from the device, wherein the second request is initiated by the secure device processor;receiving from the secure application server a first authentication signal, wherein the secure application server is authenticated by the authentication management function using a signaling authentication keyset;communicating with the secure application server via a first encrypted channel using a first signaling encryption keyset, wherein encryption and decryption of communications over the first encrypted channel is performed by the encryption engine and the first signaling encryption keyset is generated by the encryption key generator;sending a third request to the secure application server to establish a communication session with a second device; andreceiving from the second device a second authentication signal, wherein the second device is authenticated by the authentication management function using a bearer path authentication keyset, wherein the mutual authentication keyset, the user interface keyset, the signaling authentication keyset, the first signaling encryption keyset, and the bearer path authentication keyset are distinct keysets.