EP1832133A1 - System for allocating a chip card to a network operator - Google Patents

System for allocating a chip card to a network operator

Info

Publication number
EP1832133A1
EP1832133A1 EP05850439A EP05850439A EP1832133A1 EP 1832133 A1 EP1832133 A1 EP 1832133A1 EP 05850439 A EP05850439 A EP 05850439A EP 05850439 A EP05850439 A EP 05850439A EP 1832133 A1 EP1832133 A1 EP 1832133A1
Authority
EP
European Patent Office
Prior art keywords
key
allocation
card
authentication
operator
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP05850439A
Other languages
German (de)
French (fr)
Inventor
Max De Groot
Gary Chew
Lionel Merrien
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Gemalto SA
Original Assignee
Gemplus Card International SA
Gemplus SA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to FR0413714A priority Critical patent/FR2879867A1/en
Application filed by Gemplus Card International SA, Gemplus SA filed Critical Gemplus Card International SA
Priority to PCT/EP2005/056535 priority patent/WO2006067037A1/en
Publication of EP1832133A1 publication Critical patent/EP1832133A1/en
Application status is Withdrawn legal-status Critical

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/355Personalisation of cards for use
    • G06Q20/3552Downloading or loading of personalisation data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements, e.g. access security or fraud detection; Authentication, e.g. verifying user identity or authorisation; Protecting privacy or anonymity ; Protecting confidentiality; Key management; Integrity; Mobile application security; Using identity modules; Secure pairing of devices; Context aware security; Lawful interception
    • H04W12/002Mobile device security; Mobile application security
    • H04W12/0023Protecting application or service provisioning, e.g. securing SIM application provisioning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • H04W8/20Transfer of user or subscriber data
    • H04W8/205Transfer to or from user equipment or user record carrier
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/26Network addressing or numbering for mobility support
    • H04W8/265Network addressing or numbering for mobility support for initial activation of new user

Abstract

A chip card (CP) needs to be allocated in a secured manner to a network operator (MNO) via a personalization center (CE) in order to determine a final authentication key which is attributed to a subscriber of the operator without it being transmitted via a network. The following is loaded into a card by a module (MP): an algorithm and an allocation key; an algorithm for determination of the authentication key and at least one intermediate authentication key. A module (MA) transmits an allocation message which includes a final identity number (IMSI), a random number and an allocation signature from the center to the card. The card authenticates the message by means of the allocation algorithm as a function of the allocation key and the allocation signature, and determines the final authentication key as a function of the intermediate key and the random number.

Description

System smart card allocation to a network operator

The invention relates to a system of smart card allocation to a specific network operator. More particularly it relates to the allocation of a smart card to an operator once the card is produced, customized by a manufacturer and sent, for example, in a communication service provider (service provider) proposed by the operator .

Currently the chip cards are allocated to a specific operator of a network during their manufacture and customization from a manufacturer. Smart cards are type microcontroller cards UICC (Universal Integrated Circuit (s) Card) such as a SIM (subcriber Identity Module) for a cellular radio communication network of the GSM type, or a module USIM identity ( subcriber Universal Identity Module) for a multiple access network division CDMA codes (Code Divided multiple Acess) of the third generation (3GPP) UMTS (Universal Mobile Telecommunications System). Such a card is insertable in a mobile terminal and participates among others to the identification of the card and therefore the subscriber possessing the card.

A service provider can also be an authentication provider, for example a bank, which delivers an identification card insertable in a terminal ID and including an identifier and an authentication key.

Reference is made in the following, as an example, the GSM network. For the network, SIM cards include, after customization, at least a number of international identity IMSI (International Mobile Subscriber Identity) assigned to a subscriber of an operator and an authentication key Ki also allocated to said subscriber. The authentication key Ki and associated IMSI number and already loaded to the card are assigned to a user when subscribing subscription to a telecommunications service provided by an operator. The key Ki is stored in the SIM card of the subscriber and also in a database of the operator also called authentication center. To limit the reading possibilities of the key Ki, it n 'j Amais is transmitted through the network. Figure 1 shows the known allocation of cards of mobile cellular network operators

(Mobile Network Operator) MNOl, MN02 and MN03, for instance mobile telephony. The MNOl operators

MN02 and MN03 command to a manufacturer F specific smart card numbers and transmit the manufacturer incoming files respectively with numbers of Imsil own identity, and IMS12 IMSI3. After receiving incoming files, card personalization device manufacturer generates F key authentication Kii Ki 2, respectively Ki3 received numbers Imsil, IMSI2, IMSI3 by means of a known key generation algorithm. When customizing cards, card personalization device load in each card IMSI number of an operator and the authentication key associated Ki and transmits outgoing files with numbers and key authentication associated operators to respectively that integrate in their databases. For example two maps respectively store pairs number and IMSIIa key and Kiia, IMSIIb and KIIB allocated to a common operator MNOl.

This known cards allowance does not allocate to a second operator with a map already allocated to a first operator. Each map may be allocated definitively that an operator.

This disadvantage is evidenced, for example, when selling services offered by different operators in a single service provider, also said virtual network operator, having no network. The purchase order with several operators a fixed number of cards each with a respective IMSI number and respective key Ki specific to an operator to sell them for example in an annex store. Each card is assigned to a specific operator, the supplier must continuously manage its stock of already allocated to cards. A supplier may sell many more cards a leading operator of cards that a second operator, and therefore maps the second unallocated operator to subscribers remain stored at the supplier. The management of this stock because a significant cost to the supplier. To remedy this, a post-card allowance is now scheduled for the sale of services subscriptions to users. The postallocation has the advantage that the cards stored in the vendor neutral and independent of any allocation of operator and can be allocated gradually when sold depending on the users wish. The card postallocation requires no specific operator customization for the allocation of each card produced. It is known to post-allocate smart cards by generating a key to f encrypted authentication Ki either on the map or in an external entity such as in a card manufacturer, and transmitting the encrypted key eg SMS short message or from the card to the operator, or the external entity to the card and to the operator. These post-allocations are not secure since key authentication are transmitted through telecommunications networks.

The invention aims to remedy the aforementioned drawbacks in post-allocating cards via telecommunications networks securely, without key authentication is transmitted through telecommunications networks.

To achieve this obj ective, a method of allocating a chip card to a network operator via a personalization means to determine a key for final authentication assigned to a subscriber of the operator is characterized in that it comprises the following steps: loading the card in the personalization means of an algorithm for allocating and a key allocation, and a key determination algorithm authentication and at least one intermediate authentication key not assigned to the operator, transmitting a message of allocation including to issue final identity assigned to the subscriber of the operator, a random number on the subscriber and signature allocation resulting from the application of the number of final identity of the random number and the key allocation to the algorithm of allocation from the personalization means to map, message authentication allocation by the algorithm of allocation in the card according to the key allocation and signature allocation and determination of the key for final authentication assigned to the subscriber the key determination algorithm for authenticating the card based on the intermediate key and the random number.

This method combines the following three advantages: not transmitted by network key of specific authentication to each subscriber of a network operator, determine this key directly to the card during the transmission over the network of an optionally encrypted random data not allowing once intercepted by a third party, to disclose the authentication key and do not store the key to final authentication in the personalization means.

Loading the card is charged further in the map a boot to program a first communication between the card and the personalization means, the boot loader having a number of identity priming and a key authentication seed that can be replaced by the number of final identity and the key to final authentication after determining the key to final authentication.

The invention also obj and a system of smart card allocation to a network operator via a personalization means to determine a key for final authentication assigned to a subscriber of the operator . The system is characterized in that it comprises: means for loading the card in the personalization means an algorithm for allocation and a key allocation, and a key determination algorithm of authentication and at least one intermediate authentication key not assigned to the operator, means for transmitting a message allocation including to issue final identity assigned to the subscriber of the operator, a random number on the subscriber and a signature allocation resulting from the application of the number of final identity of the random number and the key allocation to the algorithm of allocation from the personalization means to the card, a way to authenticate the message allocation in the map by the algorithm of allocation in the card according to the key allocation and signature allocation, and means for determining the key of assigned final authentication the subscriber by the key determination algorithm authentication based on the intermediate key and the random number.

The invention also obj and a smart card to be allocated to a network operator via a personalization means to determine a key for final authentication assigned to a subscriber of the operator, the map comprising at least a memory and a microprocessor. The chip card is characterized in that the memory comprises after loading the card by the personalization means: a key allocation and an algorithm for allocation to authenticate by the microprocessor when the allocation map the operator message allocation transmitted by means of customization and including to issue final identity assigned to the subscriber of the operator, a random number and a signature allocation resulting from the application of number the final identity of the random number and the key allocation to the algorithm of allocation, and a key determination algorithm authentication and at least one intermediate authentication key not assigned to the operator to determine by the microprocessor based on the random number key for final authentication assigned to the subscriber.

The smartcard may further comprise a boot loader of a first communication between the card and the personalization means when the allocation of the card to a subscriber of the operator, the program comprising an identity number boot and authentication key boot that can be replaced by the number of final identity and the key to final authentication after determining the key to final authentication.

Other features and advantages of the present invention will become apparent from reading the following description of several preferred embodiments of the invention, given by way of non-limiting examples with reference to the corresponding accompanying drawings in which Figure 1 , already commented on, is a block-schematic diagram of a system smart card allocation according to prior art;

- Figures 2 and 3 are block diagrams of a system card allocation of the invention, relating card personalization respectively and allocation map;

- Figure 4 is a flowchart of a post-allocation method of a smart card according to the invention; - Figure 5 is an algorithm for a smart card personalization process according to the invention; and

- Figure 6 is an algorithm of a method for smart card allocation according to the invention.

The embodiment shown in Figures 2 and 3 shows a system smart card allocation to a mobile digital cellular radio communication network operator according to the invention. A smart card is post-allocated to a specific operator when, for example, the subscription by a new user in a subscription of telecommunication services sold by a service provider such that said network operator or such as a virtual network operator, also said distributor or retailer. The card is not directly allocated during production, but is allocated when purchased at the supplier as soon as the user has chosen an operator and a service of this operator. The system of the invention includes a personalization center CE to customize smart cards CP in relation to one or more network operators, for example three MNOl operators, MN02 and MNO3. In a preferred embodiment of the invention, the system manufactures SIM cards and allocates to GSM network operators. The invention can be applied to any type of smart card and any network.

The EC personalization center is such a server managed by the card manufacturer and accessible via the Internet or dedicated lines. It comprises a MP card personalization module and a module MA card allocation for example in the form of computer program, as well as a BD database storing all the data related to the MNO operator. MP and MA modules are detailed in the description of the process of one invention.

According to another embodiment, the MP and MA modules are servers located in different places and managed by separate entities, and the database is a database management server, three servers are connected via the Internet or by leased lines. As is known, a smart card CP, also called card microcontroller includes mainly a processor PC, MCI memories MC3 and a port input / output PES with or without electrical contact. The various components of the PC card are interconnected by a bidirectional bus BC. MCI memory is of the ROM or Flash type and includes the operating system of the card. The memory MC2 is a non-volatile memory such as EEPROM or Flash to store particular keys, identity numbers and other characteristics of the profile of subscription of the user possessing the card. The MC3 memory is a RAM or SRAM memory used for data processing. Referring to Figure 4, the card post-allocation method of the invention comprises two main steps El and E2. At a command million subscriptions with a provider to operators associated with AC Control million cards from a manufacturer, step El of making the cards million and customize the EC personalization center without allocating the cards to a specific operator. Once manufactured and personalized cards are delivered to the supplier. When a user subscribes to a service offered by an operator, for example the operator MNOl according to Figure 2, from a supplier such as a network operator MNO or a virtual network operator, the vendor sends to the center of EC customizing an order of OA allocation to allocate smart cards, such as PC card, to MNOl operator. The EC personalization center allocates CP card to the operator MNOl, in step E2, without it there is transmission key d of specific authentication Ki of the subscriber between the EC personalization center and the CP card via the network of the operator MNOl.

The CP card personalization comprises stages ElO to E17 shown in FIG 5, itself associated with Figure 2.

At the step E, the personalization module MP personalization center CE load remembered MCI and MC2 of the card CP AD algorithm implemented in the MP personalization module to further determine a key for final authentication Ki assigned to a subscriber, a d algorithm allocation AA implemented in the module MA allowance subsequently to authenticate a message allocation MES, and a boot loader boot a first communication via a network between the personalization center and the card during the allocation of said card. AD and AA algorithms may be known and be unidirectional, c 'is to say that it is impossible to determine an input variable of the algorithm from the result of the algorithm.

The bootloader Boot includes for each manufactured card CP an identity number of IMSIA boot and authentication key to KiA priming necessary for the authentication of a first network communication between the card CP and the center EC customization. The number of IMSI final identity and the key to final authentication Ki assigned to a subscriber when subscribing to a subscription are not known as the CP card is not allocated to the network operator providing said subscription. The ID number of IMSIA boot and authentication key to KiA boot can be attributed to the personalization center and provided by a first operator in a contract between the card manufacturer and said first operator which allows first communications between the CP cards and personalization center CE, regardless second operators finally chosen by the subscriber cards. The IMSIA KiA key number and are then replaced by the number of final IMSI identity and the key to final authentication Ki assigned to a subscriber of a second operator in the allocation of the card in step E2. An interface for reading / writing (not shown) of the MP module connects with or without contact to the input port / output PES map to load the AA and AD algorithms and the boot program.

The supplier sends an AC control M cards associated with control M subscriptions EC personalization center that receives the AC control to step Eli.

At the step E12, the MP module transmits the AC control to at least one MNO operator with which the manufacturer works and receives securely encrypted file containing numbers IMSI not yet allocated to subscribers in response to AC control, in step 13. for example, referring to Figure 2, the three operators MNOl, MN02 and MN03 each send respective numbers of end identity Imsil, IMSI2 and IMSI3 relating to the purchase of cards, operator transmitting as many IMSI numbers that there ad subscriptions for this operator and controlled by the provider. The identification number file is decrypted by the personalization module.

According to one embodiment, the steps E12 and E13 are not executed as soon as the provider is the operator offering their own subscriptions. The personalization center receives in step Eli CA command with the encrypted file numbers of identity sent by the operator.

The MP module generates in step E14, at least one intermediate authentication key Kint necessary for the determination of the keys to Ki final authentication, and M keys to Kalloc allowance allocated respectively to the M cards to authenticate messages allocation received the cards. To protect the intermediate key Kint and do not forward it to the personalization center, it is masked by applying it with a random number to a function XOR so that the result of this function is transmitted in place of the key intermediate. A key intermediate d f authentication Kint is not attributed to a single card. Several cards can contain the same intermediate key to f authentication and more intermediate keys may be generated in step E12.

At the step E15, a pseudo-random generator in the MP module generates a respective RND random number for each number of final IMSI identity sent. Then, the MP module determines a key for final authentication Ki not yet assigned to a card for each IMSI number sent. The key to Ki authentication is determined by the DA algorithm, which has been loaded into the card, according to the intermediate authentication key Kint generated and the random number RND generated associated with the IMSI number. In Figure 2, three key authentication are deducted from Kii relationships = AD (Kint, RNDl) Ki2 = AD (Kint, RND2) and Ki3 = AD (Kint, RND3) as a function of random numbers RNDl, RND2 and RND3 associated respectively with the numbers Imsil, IMSI2 and IMSI3 sent by MNOl operators, MN02 and MNO3. After identifying key authentication Ki, the MP module stores, in step E16, the key to Kalloc allocation of each card manufactured and couples composed of a number of IMSI final identity and the random number associated RND in the database BD of the EC personalization center. Returning to the example of Figure 2, the Imsil couples - RNDl, IMS12 - RND2 and IMS13 - RND3 are respectively stored in memory spaces for MNOl operators, MN02 and MN03 in the database BD. At the step E17, the charging module MP of the intermediate key f Kint authentication and key to respective Kalloc allocation in the memory MC2 of each PC card via the interface to read / write. At the step E18, CE personalization center communicates securely to the operator MNO an encrypted file with the final numbers IMSI and its associated Ki final key. According to the example in Figure 2, the MNOl operators, MN02 and MN03 respectively receive the key and number of couples Imsil -

Kii IMSI2 - Ki 2 and IMSI3 - Ki3. The final numbers and end keys are stored in the respective databases of operators waiting to be interviewed for the allocation of cards with intermediate key authentication Kint participating in the determination of the keys to Ki final authentication.

The personalized cards are manufactured and delivered to the communication service provider.

The allocation of cards to a specific operator comprises steps E20 to E28 shown in FIG 6, itself associated with FIG 3. When the allocation, the personalization center transmits the message for allocating to a terminal in wherein the card is inserted to be allocated.

Upon subscription of a user to a subscription offered by the operator MNO, the module allocation MA EC personalization center receives from the supplier an allocation order OA of a PC card to the user becoming a subscriber, to step E20; the card is identified as the key to Kalloc allocation thereof, or by an identifier associated with the key to Kalloc allowance sent to the supplier upon delivery of the card. At the step E21, the MA module searches in the database BD an IMSI-RND torque associated with the operator MNO selected by the user according to the key to Kalloc allocation in the order of OA allocation, or Kalloc-IMSI-RND triplet associated with the MNO operator according to said identifier in the order of allocation OA. Referring to Figure 3, the selected operator is the operator and the module MA MNOl search Imsil-RNDl torque in the database BD. At the step E22, the module MA applies Kalloc key and the IMSI-RND torque to the algorithm AA allocation to determine a signature allocation Salloc = AA (Kalloc, IMSI, RND). The Salloc signature is used to authenticate the card later during his allocation to the operator. The module MA form and figure in a cipher message to MY allocation including signature Salloc, IMSI number and the number RND. At the step E23, the module MA sends the message allocation MES by the network associated with the first operator on the Boot program, for example in the form of a short message via a short message server of the first operator network to the PC card inserted into a mobile terminal. At the step E24, the PC card receives the message MES MC3 in the memory and the processor PC thereof decrypts it according to a pre-set decryption algorithm in the card during its manufacture and corresponding encryption algorithm. The PC processor authenticates the message MES by running the algorithm allocation AA based on the IMSI-RND torque received and stored Kalloc key in the memory MC2 of the card, and compares the resulting signature to Salloc signature extracted message MY received. If the compared signatures match, the processor writes the identity number IMSI extracted from the received message MES, in the memory MC2 of the card, in step E25. Then the processor determines in step E26 the key to final Ki authentication of the card by running the AD algorithm based on the stored key Kint in the memory MC2 of the card and the number RND extract the message received MES. The key to final authentication Ki is stored in the memory MC2. The key to final authentication Ki and the number of final IMSI identity replacing the authentication key boot KiA and the identity number of IMSIA boot that can be erased.

Once the steps E24 to E26 were executed smoothly, the card emits an acknowledgment message OK indicating the proper conduct of the allocation to the center of personalization EC to step E27. If the allocation fails in steps E24 to E26, for example if the message MES has not been authenticated, the card CP signals the central personalization by issuing another message. At the step E28, the personalization center transmits the activation of the subscription to the selected operator. Once the subscription activated by the operator, a server it can download various applications according to the service plan in the CP card designated by the final key Ki and IMSI final number.

As explained above, each manufactured and personalized card includes a bootloader boot, including a key to boot KiA and number boot IMSIA. The manufacturer with the personalization center acquires from the first operator a predetermined number of subscriptions each associated with a key and a KiA IMSIA number to be stored in cards made via the bootloader. The predetermined number of subscriptions acquired naturally much lower than the number of cards to build and customize, and KiA IMSIA keys and numbers must be re-usable. Each card made not allocated to a particular operator with a KiA key and IMSIA number may be replaced by the final key K and the final number IMSI in the allocation of the card, the personalization center assigns after allocation KiA key card and the number IMSIA replaced with another card to customize.

According to another embodiment, a plurality of intermediate keys for authentication, e.g. kinta, KintB and KintC, are generated by the MP module and stored in each PC card. In one example, a provider acquires a first batch of 15 subscriptions divided between different operators MNOl, MN02 and MNO3. The MP module receives the 15 numbers in Imsil IMSI15 and saves them in the memory spaces dedicated to MNOl operators, MN02 and MN03 in the database BD. The MP module generates 15 key of Kallocl allowance Kallocl5 respectively for 15 cards and stores in each card the key to respective allocation and the three intermediate keys Kinta KintB and KintC. The MP module also generates 15 random numbers RNDl to RND15 associated with the numbers of identity Imsil A IMSI15 and identifies 15 key of end authentication Kii to Kil5 associated with 15 issues of identity by the AD algorithm based on 15 random numbers and the first intermediate key to f authentication Kinta. The 15 couples ID number and random number are stored in the database BD of the personalization center under the reference of the intermediate key Kinta in memory spaces dedicated to various MNOl operators, MN02 and MNO3. The 15 keys of Kallocl allowance Kallocl5 are also stored in the database BD of the EC personalization center. The Imsil data IMSI15 and KII to associated Kil5 are sent to the operators to be respectively stored in their databases. This first batch of personalized cards is delivered to the service provider.

Supplier acquires from operators a second batch of 15 subscriptions divided between operators. The MP module applies the second batch the same steps of customization for the first batch of subscriptions, but determines 15 keys for final authentication Kilβ to KI30 associated with 15 numbers IMSI16 to IMSI30 according to the second intermediate authentication key KintB . This second batch of personalized cards is delivered to the service provider.

Subscriptions of the first batch of subscriptions are assigned to users and IMSI-RAND pairs associated with selected operators are searched in the database BD and transmitted for example by short messages to users' maps, as explained in steps E20 to E28 . Once subscriptions allocated the first batch, they are activated by the module MA of personalization center in selected operators without other subscribers of other operators which do not chosen are disabled. In this embodiment, intermediate keys f Kinta authentication, and KintB KintC sufficient are defined a priori and stored in each card. So a card belonging to the second batch of manufactured cards can be attributed to a subscription belonging to the first batch of subscriptions acquired by the supplier, f authentication keys associated with the first batch of subscriptions is determined by the first means of f passkey kinta also stored with the second intermediate key d f KintB authentication in the card. Conversely, a card belonging to the first batch of manufactured cards can be attributed to a subscription belonging to the second batch of subscriptions acquired by the supplier. This construction avoids the deactivation of unallocated pending subscriptions among operators and adapts better to the choice of operators by users. These subscriptions will be subsequently allocated all thanks to the higher number of manufactured cards that feature all the intermediate authentication key linked to the determination of the key for final authentication associated with said subscriptions.

Claims

1 - The process of allocation of a smart card (PC) to a network operator (MNO) via a personalization means (EC) to determine a key for final authentication (Ki) assigned a subscriber to the operator, characterized in that it comprises the steps of: loading (El) in the card (CP) in the personalization means of an algorithm for allocating (AA) and a key allocation (Kalloc), and a key determination authentication algorithm (AD) and at least one intermediate authentication key (Kint) not allocated to the operator (MNO), transmission (E23) a message allocation (MES) including to issue final identity (IMSI) assigned to the subscriber to the operator (MNO), a random number (RND) concerning the subscriber and a signature allocation (Salloc) resulting from the application of the number of final identity of the random number and the key to allocat ion to the algorithm of allocation from the personalization means (EC) for the card authentication (E24) of the message allocation (MES) by the algorithm of allocation (AA) in the card according to the key allocation (Kalloc) and signature allocation (Salloc) and determination (E26) of the key for final authentication (Ki) allocated to the subscriber by the key determination algorithm authentication ( AD) in the map based on the intermediate key (Kint) and random number (RND).
2 - Process according to Claim 1, wherein loading of the card (El) is charged further in the map a bootloader (Boot) of a first communication between the card (CP) and means personalization (EC), the bootloader with an ID number boot (IMSIA) and an authentication key boot (KiA).
3 - Process according to Claim 1 or 2, comprising during loading of the card, the following steps in the card personalization means: receiving (E11-E13) of a card control (CA) from an external entity and a number of final identity of a subscriber (IMSI) provided by the operator (MNO), generation (E14) of at least said intermediate key authentication (Kint) and the key allocation (Kalloc ), determining (E15) of the key for final authentication (Ki) by the key determination authentication algorithm (AD) according to the intermediate key authentication (Kint) and random number (RND) storing (E16) of the key allocation (Kalloc), the d number ultimate identity of the subscriber (IMSI) and the random number (RND), loading (E17) of the key allocation (Kalloc) and the intermediate authentication key (Kint) in the card (PC), and communication (E18) to the op Operator (MNO) to secure the number of final identity (IMSI) and the key to determined final authentication (Ki) to store them at the operator (MNO). 4 - Process according to any one of claims 1 to 3, wherein the customization means (EC) receives (E20) an allocation order (OA) of the card to the subscriber from an external entity search ( E21) the number of end identity (IMSI) assigned to the subscriber to the operator (MNO) and the random number (RND) associated with the number of final identity based on the key to Kalloc allowance (Kalloc) or number of end identity (IMSI) and the random number (RND) on the basis of an identifier associated with the key to Kalloc allocation and determines (E22) signature allocation (Salloc) by algorithm allowance (AA) according to the key allocation (Kalloc), the number of end identity (IMSI) and the random number (RND), before transmission (E23) of the message allocation (MES).
5 - System SmartCard allowance (PC) to a network operator (MNO) via a personalization means (EC) to determine a key for final authentication (Ki) attributed to subscriber of the operator, characterized in that it comprises: means (MP) for loading in the card (CP) in the personalization means an algorithm for allocation (AA) and a key allocation (Kalloc) and a key determination authentication algorithm (AD) and at least one intermediate authentication key (Kint) not allocated to the operator (MNO), means (MA) to send a message allocation (MES ) including a number of end identity (IMSI) assigned to the subscriber to the operator (MNO), a random number (RND) concerning the subscriber and a signature allocation (Salloc) resulting from the application of number of final identity of the random number and the key allocation to the algorithm allocation from the personalization means (EC) to the card, a means (PC, MC2) to authenticate the message allocation (MES) by the algorithm of allocation (AA) in the card according to the key allocation (Kalloc) and signature allocation (Salloc), and means (PC, MC2) to determine the key to final authentication (Ki) allocated to the subscriber by the key determination algorithm authentication (AD) based on the intermediate key (Kint) and random number (RND).
6 - Smart Card (PC) to allocate for a network operator (MNO) via a personalization means (EC) to determine a key for final authentication (Ki) assigned to a subscriber of operator, the card comprising at least one memory (MC1-MC3) and a microprocessor (PC), characterized in that the memory comprises after loading the card by the personalization means: a key allocation (Kalloc) and an algorithm of allocation (AA) to authenticate by the microprocessor in the allocation of the card to the operator message allocation (MES) transmitted by the personalization means (EC) and including a number of final identity (IMSI) assigned to the subscriber to the operator, a random number (RND) and a signature allocation (Salloc) resulting from the application of the number of final identity of the random number and the key to allocation to the algorithm of allocation, and an algorithm e determination key dpf authentication (AD) and at least one intermediate key dpf authentication (Kint) not assigned to the operator to determine by the microprocessor depending on the random number key dpf final authentication (Ki) attributed to 1 subscriber.
7 - Chipcard according to claim 6, including a boot loader (boot) of a first communication between the card and the personalization means when the allocation of the card to a subscriber of the operator, the program having an ID number priming (IMSIA) and an authentication key boot (KiA).
EP05850439A 2004-12-22 2005-12-06 System for allocating a chip card to a network operator Withdrawn EP1832133A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
FR0413714A FR2879867A1 (en) 2004-12-22 2004-12-22 Chip card allocation system to a network operator
PCT/EP2005/056535 WO2006067037A1 (en) 2004-12-22 2005-12-06 System for allocating a chip card to a network operator

Publications (1)

Publication Number Publication Date
EP1832133A1 true EP1832133A1 (en) 2007-09-12

Family

ID=34952924

Family Applications (1)

Application Number Title Priority Date Filing Date
EP05850439A Withdrawn EP1832133A1 (en) 2004-12-22 2005-12-06 System for allocating a chip card to a network operator

Country Status (5)

Country Link
US (1) US8032748B2 (en)
EP (1) EP1832133A1 (en)
CN (1) CN101120604B (en)
FR (1) FR2879867A1 (en)
WO (1) WO2006067037A1 (en)

Families Citing this family (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2009837A1 (en) * 2007-06-26 2008-12-31 Gemplus On board generation process of an identifier and associated key in a communicating portable object
EP2200253A1 (en) 2008-12-19 2010-06-23 Gemalto SA Method of managing sensitive data in an electronic token
FR2947410A1 (en) * 2009-06-30 2010-12-31 France Telecom Method for changing an authentication key
WO2011079369A1 (en) * 2009-12-30 2011-07-07 Gemalto Canada Method for unlocking a secure device
GB2486461B (en) 2010-12-15 2015-07-29 Vodafone Ip Licensing Ltd Key derivation
DE102011001430A1 (en) * 2011-03-21 2012-09-27 Wincor Nixdorf International Gmbh Method of operating a cashbox with custom keys
EP2704467A1 (en) * 2012-09-03 2014-03-05 Alcatel Lucent Smart card initial personnalization with local generation of keys
US8898769B2 (en) 2012-11-16 2014-11-25 At&T Intellectual Property I, Lp Methods for provisioning universal integrated circuit cards
US8959331B2 (en) * 2012-11-19 2015-02-17 At&T Intellectual Property I, Lp Systems for provisioning universal integrated circuit cards
US9036820B2 (en) 2013-09-11 2015-05-19 At&T Intellectual Property I, Lp System and methods for UICC-based secure communication
US9124573B2 (en) 2013-10-04 2015-09-01 At&T Intellectual Property I, Lp Apparatus and method for managing use of secure tokens
US9208300B2 (en) 2013-10-23 2015-12-08 At&T Intellectual Property I, Lp Apparatus and method for secure authentication of a communication device
US9240994B2 (en) 2013-10-28 2016-01-19 At&T Intellectual Property I, Lp Apparatus and method for securely managing the accessibility to content and applications
US9240989B2 (en) 2013-11-01 2016-01-19 At&T Intellectual Property I, Lp Apparatus and method for secure over the air programming of a communication device
US9313660B2 (en) 2013-11-01 2016-04-12 At&T Intellectual Property I, Lp Apparatus and method for secure provisioning of a communication device
WO2015080460A1 (en) * 2013-11-26 2015-06-04 엘지전자 주식회사 Method for allocating ae id in wireless communication system
US9713006B2 (en) 2014-05-01 2017-07-18 At&T Intellectual Property I, Lp Apparatus and method for managing security domains for a universal integrated circuit card
CN104519480B (en) 2014-12-30 2016-02-17 悠游宝(天津)网络科技有限公司 Communication control unit, authentication device, central controller and communication system
CN106465095B (en) * 2016-07-29 2018-07-24 北京小米移动软件有限公司 Information write-in method and device

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
SE468068C (en) * 1991-09-30 1994-01-13 Comvik Gsm Ab Method for personalization of an active card, for use in a mobile phone system
DE19733662C2 (en) * 1997-08-04 2001-05-23 Deutsche Telekom Mobil Method and device for customer personalization of GSM chips
DE19820422A1 (en) 1998-05-07 1999-11-11 Giesecke & Devrient Gmbh A method of authenticating a smart card within a message transmission network
FR2779896B1 (en) * 1998-06-15 2000-10-13 Sfr Sa METHOD FOR PAY RANGE USING A MOBILE RADIO, the ACQUISITION OF PROPERTY AND / OR SERVICE AND MOBILE RADIOTELEPHONE SYSTEM AND CORRESPONDENTS
JP2004503031A (en) * 2000-07-11 2004-01-29 カバ・シュリースジステーメ・アー・ゲー Method for initialization of a mobile data storage medium
EP1209934A1 (en) * 2000-11-27 2002-05-29 Siemens Aktiengesellschaft Method and apparatus to counter the rogue shell threat by means of local key derivation
JP4488354B2 (en) * 2002-09-16 2010-06-23 テレフオンアクチーボラゲット エル エム エリクソン(パブル) Loading data to electronic equipment
CN1501322A (en) 2002-11-15 2004-06-02 上海市社会保障和市民服务信息中心上 A personalized method for making identification card adaptive for the need of issuing card in batch

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO2006067037A1 *

Also Published As

Publication number Publication date
WO2006067037A1 (en) 2006-06-29
CN101120604A (en) 2008-02-06
US8032748B2 (en) 2011-10-04
FR2879867A1 (en) 2006-06-23
US20080276090A1 (en) 2008-11-06
CN101120604B (en) 2011-09-07

Similar Documents

Publication Publication Date Title
US9843585B2 (en) Methods and apparatus for large scale distribution of electronic access clients
JP5005811B2 (en) Method, system and trusted service manager for securely transmitting an application to a mobile phone
KR101533787B1 (en) Writing application data to a secure element
EP2405378B1 (en) Method of executing a secure application in an NFC device
US6799155B1 (en) Replacement of externally mounted user interface modules with software emulation of user interface module functions in embedded processor applications
CN103430222B (en) Local trusted services manager for contactless smart card
US20120117635A1 (en) Simulacrum of physical security device and methods
US8966262B2 (en) Methods and apparatus for delivering electronic identification components over a wireless network
FI114434B (en) Communication equipment
ES2216886T3 (en) Procedure for pre-control of a program contained in an additional chip card of a terminal.
JP4628468B2 (en) Providing limited access to mobile device functions
US20100197350A1 (en) Method and apparatus for controlling the uicc application file
US20170006473A1 (en) Apparatus and methods for controlling distribution of electronic access clients
KR20140086950A (en) Profile management method, embedded uicc, and device provided with the embedded uicc
US9301145B2 (en) UICCs embedded in terminals or removable therefrom
KR20180014850A (en) Systems, methods, and computer program products for interfacing multiple service provider trusted service managers and secure elements
US10327135B2 (en) Access data provisioning apparatus and methods
KR101527550B1 (en) Personalizing a sim by means of a unique personalized master sim
JP3852482B2 (en) Communication system enabling corresponding independent management of a plurality of applications by each user card, corresponding user card and management method
EP1560120B1 (en) Access method
US8738729B2 (en) Virtual access module distribution apparatus and methods
ES2708696T3 (en) Method for changing the mobile network operator in an integrated SIM based on a special privilege
EP2741548B1 (en) Method for changing mno in embedded sim on basis of dynamic key generation and embedded sim and recording medium therefor
EP1943849B1 (en) Method and apparatus for initializing a secure element in a wireless terminal
KR20130049726A (en) Method for creating trust relationship and embedded uicc

Legal Events

Date Code Title Description
17P Request for examination filed

Effective date: 20070723

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC NL PL PT RO SE SI SK TR

DAX Request for extension of the european patent (to any country) (deleted)
RAP1 Rights of an application transferred

Owner name: GEMALTO SA

17Q First examination report despatched

Effective date: 20110405

RIC1 Information provided on ipc code assigned before grant

Ipc: H04W 8/26 20090101ALI20170926BHEP

Ipc: H04L 9/32 20060101ALI20170926BHEP

Ipc: G07F 7/10 20060101ALI20170926BHEP

Ipc: H04W 8/20 20090101ALI20170926BHEP

Ipc: G06Q 20/34 20120101AFI20170926BHEP

INTG Intention to grant announced

Effective date: 20171102

RIN1 Information on inventor provided before grant (corrected)

Inventor name: MERRIEN, LIONEL

Inventor name: DE GROOT, MAX

Inventor name: CHEW, GARY

INTG Intention to grant announced

Effective date: 20171120

18D Application deemed to be withdrawn

Effective date: 20180404