Key Derivation for a Module Using an Embedded Universal Integrated Circuit Card

摘要

A module with an embedded universal integrated circuit card (eUICC) can include a received eUICC profile and a set of cryptographic algorithms. The received eUICC profile can include an initial shared secret key for authentication with a wireless network. The module can receive a key K network token and send a key K module token to the wireless network. The module can use the key K network token, a derived module private key, and a key derivation function to derive a secret shared network key K that supports communication with the wireless network. The wireless network can use the received key K module token, a network private key, and the key derivation function in order to derive the same secret shared network key K derived by the module. The module and the wireless network can subsequently use the mutually derived key K to communicate using traditional wireless network standards.

主权项

1. A method for an embedded universal integrated circuit card (eUICC) to receive an eUICC profile, the method comprising the eUICC:
storing a network public key and an eUICC identity, wherein the eUICC uses the network public key to authenticate an eUICC subscription manager; receiving a server public key from the authenticated eUICC subscription manager; deriving the first shared secret key using a key derivation function and a set of cryptographic parameters, wherein the key derivation function uses as input at least (i) the received server public key, (ii) an eUICC private key, and (iii) the set of cryptographic parameters; deriving a second shared secret key using (i) a shared secret algorithm and (ii) the derived first shared secret key as an algorithm token for the shared secret algorithm, wherein the shared secret algorithm uses a secure hash algorithm; and receiving the eUICC profile, wherein the eUICC uses the derived second shared secret key and a symmetric ciphering algorithm to decrypt the eUICC profile.