EP4226662A1 - Traitement de justificatifs d'une appliquette iot safe - Google Patents

Traitement de justificatifs d'une appliquette iot safe

Info

Publication number
EP4226662A1
EP4226662A1 EP20803443.9A EP20803443A EP4226662A1 EP 4226662 A1 EP4226662 A1 EP 4226662A1 EP 20803443 A EP20803443 A EP 20803443A EP 4226662 A1 EP4226662 A1 EP 4226662A1
Authority
EP
European Patent Office
Prior art keywords
credentials
communication device
lot
subscription
network node
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
EP20803443.9A
Other languages
German (de)
English (en)
Inventor
Per STÅHL
Juha SÄÄSKILAHTI
Timo Suihko
Toni UOTILA
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Telefonaktiebolaget LM Ericsson AB
Original Assignee
Telefonaktiebolaget LM Ericsson AB
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Telefonaktiebolaget LM Ericsson AB filed Critical Telefonaktiebolaget LM Ericsson AB
Publication of EP4226662A1 publication Critical patent/EP4226662A1/fr
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • H04W12/086Access security using security domains
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/40Security arrangements using identity modules
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/70Services for machine-to-machine communication [M2M] or machine type communication [MTC]

Definitions

  • Embodiments presented herein relate to methods, a communication device, a network node, computer programs, and a computer program product for handling credentials of an loT SAFE applet.
  • loT SAFE applet where loT is short for Intemet-of-Things, where SAFE is short for SIM Applet For End-to-end communication, and where SIM is short for Subscriber Identity Module, aims at leveraging the SIM to establish/provision long-term credentials on a communication device for use to establish secure communication between the communication device and an loT service.
  • loT SAFE is also the name of the security applet running on the SIM card (such as the universal integrated circuit card (UICC), embedded UICC (eUICC), or integrated UICC (iUICC)), commonly referred to as UICC or subscription module hereinafter.
  • UICC universal integrated circuit card
  • iUICC integrated UICC
  • loT SAFE applet will refer to the applet.
  • a first variant of the loT SAFE applet supports cryptographic operations that make use of both asymmetric and symmetric credentials whereas a second variant of the loT SAFE applet only supports cryptographic operations using symmetric credentials for use with very constrained devices.
  • loT SAFE applet provides operations, involving the long-term credentials, for use by the communication device when establishing secure communication with the loT service and where the longterm credentials never leave the UICC.
  • loT SAFE vl.O currently supports establishing secure communication based on the Datagram Transport Layer Security (DTLS) protocol and the Transport Layer Security (TLS) protocol, where both vl.2 and vl.3 of (D)TLS are supported.
  • DTLS Datagram Transport Layer Security
  • TLS Transport Layer Security
  • TLS Transport Layer Security
  • the operations currently defined for the loT SAFE applet are those needed for (D)TLS 1.2 and (D)TLS 1.3.
  • a UICC supports security domains for isolation of code and data owned and controlled by different parties such as the MNO and the UICC manufacturer.
  • the loT SAFE applet is either provisioned to the UICC at manufacturing of the UICC or, in case of eUICC, the loT SAFE applet may alternatively be downloaded to the eUICC as part of the subscription profile. In the latter case the loT SAFE applet is part of the same security domain as the subscription profile, or a subdomain of this domain. In the first case the loT SAFE applet may belong to a security domain associated with a subscription profile or a separate security domain.
  • loT SAFE vl.O also specifies the option to allow a device application to use the interface to generate credentials (e.g. device private and public key pair where the private key is kept inside loT SAFE applet) and to store credentials (e.g. device certificate containing the public key). These credentials can then be used in operations similar to those established via SIM OTA. How the trust in these credentials is established with a potential remote entity is up to the device application. Only the first mentioned variant of the loT SAFE applet supports generation and storage of credentials triggered by a device application.
  • credentials e.g. device private and public key pair where the private key is kept inside loT SAFE applet
  • credentials e.g. device certificate containing the public key
  • the subscription profile should be kept as small as possible in order to save power during the download of the subscription profile.
  • LPWA Low-Power Wide-Area
  • IMSI international mobile subscriber identity
  • a few other network configuration parameters might be required, resulting in a subscription profile of a few hundred bytes.
  • no SIM OTA is needed as part of such a profile.
  • the second mentioned variant of the loT SAFE is several tens of kilobytes in size, which comparatively much with respect to the parts of the subscription profile necessary for gaining network access. The first mentioned variant is even bigger than that.
  • the loT SAFE applet needs to be pre-installed on the UICC not to ruin the power budget.
  • the loT SAFE applet becomes specific per MNO when the SIM OTA mechanism is used by the loT SAFE applet.
  • the SIM OTA secure channel is standardized, the set of commands, mechanisms, and message formats used for provisioning over the air are linked to provisioning infrastructure specific to each MNO.
  • the subscription module with pre-installed loT SAFE applet it must thus be known at manufacturing of the subscription module which MNO is to be used such that the proper subscription profile and loT SAFE applet are installed. This information might not be available at the time of manufacturing of the subscription module.
  • Having credential(s) pre-installed at manufacturing of the subscription module causes the credential(s) to be exposed to the manufacturer of the subscription module. This requires logistics for secure exchange of credential(s) between the MNO and the manufacturer of the subscription module.
  • An object of embodiments herein is to provide efficient handling of credentials of an loT SAFE applet whereby the issues noted above are resolved.
  • a method for handling credentials of an loT SAFE applet is performed by a communication device.
  • the communication device stores the loT SAFE applet in a first security domain of a subscription module in the communication device.
  • the first security domain is free from any subscription profile and is different from any security domain of the subscription module for storing subscription profdes.
  • the loT SAFE applet is independent from any MNO.
  • the communication device is without credentials for the loT SAFE applet for establishing secure communication for the communication device with a network node.
  • the method comprises obtaining credentials for the loT SAFE applet from the network node.
  • the method comprises storing the credentials in the first security domain of the subscription module.
  • the credentials are, after successful storage, accessible only from within the first security domain.
  • the method comprises establishing, using the loT SAFE applet and at least one of the credentials, secure communication for the communication device with the network node.
  • a communication device for handling credentials of an loT SAFE applet.
  • the communication device stores the loT SAFE applet in a first security domain of a subscription module in the communication device.
  • the first security domain is free from any subscription profile and is different from any security domain of the subscription module for storing subscription profiles.
  • the loT SAFE applet is independent from any MNO.
  • the communication device is without credentials for the loT SAFE applet for establishing secure communication for the communication device with a network node.
  • the communication device comprises processing circuitry.
  • the processing circuitry is configured to cause the communication device to obtain credentials for the loT SAFE applet from the network node.
  • the processing circuitry is configured to cause the communication device to store the credentials in the first security domain of the subscription module.
  • the credentials are, after successful storage, accessible only from within the first security domain.
  • the processing circuitry is configured to cause the communication device to establish, using the loT SAFE applet and at least one of the credentials, secure communication for the communication device with the network node.
  • a communication device for handling credentials of an loT SAFE applet.
  • the communication device stores the loT SAFE applet in a first security domain of a subscription module in the communication device.
  • the first security domain is free from any subscription profile and is different from any security domain of the subscription module for storing subscription profiles.
  • the loT SAFE applet is independent from any MNO.
  • the communication device is without credentials for the loT SAFE applet for establishing secure communication for the communication device with a network node.
  • the communication device comprises an obtain module configured to obtain credentials for the loT SAFE applet from the network node.
  • the communication device comprises a store module configured to store the credentials in the first security domain of the subscription module. The credentials are, after successful storage, accessible only from within the first security domain.
  • the communication device comprises an establish module configured to establish, using the loT SAFE applet and at least one of the credentials, secure communication for the communication device with the network node.
  • an establish module configured to establish, using the loT SAFE applet and at least one of the credentials, secure communication for the communication device with the network node.
  • the computer program comprises computer program code which, when run on processing circuitry of a communication device, causes the communication device to perform a method according to the first aspect.
  • a method for handling credentials of an loT SAFE applet is performed by a network node.
  • the method comprises generating credentials for the loT SAFE applet.
  • the method comprises providing the credentials for the loT SAFE applet to a communication device.
  • the method comprises establishing, using at least one of the credentials, secure communication with the communication device.
  • a network node for handling credentials of an loT SAFE applet.
  • the network node comprises processing circuitry.
  • the processing circuitry is configured to cause the network node to generate credentials for the loT SAFE applet.
  • the processing circuitry is configured to cause the network node to provide the credentials for the loT SAFE applet to a communication device.
  • the processing circuitry is configured to cause the network node to establish, using at least one of the credentials, secure communication with the communication device.
  • a network node for handling credentials of an loT SAFE applet.
  • the network node comprises a generate module configured to generate credentials for the loT SAFE applet.
  • the network node comprises a provide module configured to provide the credentials for the loT SAFE applet to a communication device.
  • the network node comprises an establish module configured to establish, using at least one of the credentials, secure communication with the communication device.
  • a computer program for handling credentials of an loT SAFE applet comprising computer program code which, when run on processing circuitry of a network node, causes the network node to perform a method according to the fifth aspect.
  • a ninth aspect there is presented a computer program product comprising a computer program according to at least one of the fourth aspect and the eighth aspect and a computer readable storage medium on which the computer program is stored.
  • the computer readable storage medium could be a non-transitory computer readable storage medium.
  • these methods, these communication devices, these network nodes, these computer programs, and this computer program product enable the loT SAFE technology for establishing and using credentials between a device application and an loT service to be used also on constrained battery powered loT devices.
  • these methods, these communication devices, these network nodes, these computer programs, and this computer program product enable an MNO to offer a service to provide content, in terms of credential(s), to the loT SAFE applet in a secure way, through the standard subscription profde delivery mechanism.
  • Fig. 1 is a schematic diagram illustrating a communication system according to embodiments
  • FIGS. 2 and 3 are flowcharts of methods according to embodiments
  • Figs. 4, 5 and 6 are signalling diagrams of methods according to embodiments
  • Fig. 7 is a schematic diagram showing functional units of a communication device according to an embodiment
  • Fig. 8 is a schematic diagram showing functional modules of a communication device according to an embodiment
  • Fig. 9 is a schematic diagram showing functional units of a network node according to an embodiment
  • Fig. 10 is a schematic diagram showing functional modules of a network node according to an embodiment.
  • Fig. 11 shows one example of a computer program product comprising computer readable means according to an embodiment.
  • the wording that a certain data item or piece of information is obtained by a first device should be construed as that data item or piece of information being retrieved, fetched, received, or otherwise made available to the first device.
  • the data item or piece of information might either be pushed to the first device from a second device or pulled by the first device from a second device.
  • the first device might be configured to perform a series of operations, possible including interaction with the second device. Such operations, or interactions, might involve a message exchange comprising any of a request message for the data item or piece of information, a response message comprising the data item or piece of information, and an acknowledge message of the data item or piece of information.
  • the request message might be omitted if the data item or piece of information is neither explicitly nor implicitly requested by the first device.
  • the wording that a certain data item or piece of information is provided by a first device to a second device should be construed as that data item or piece of information being sent or otherwise made available to the second device by the first device.
  • the data item or piece of information might either be pushed to the second device from the first device or pulled by the second device from the second device.
  • the first device and the second device might be configured to perform a series of operations in order to interact with each other. Such operations, or interaction, might involve a message exchange comprising any of a request message for the data item or piece of information, a response message comprising the data item or piece of information, and an acknowledge message of the data item or piece of information.
  • the request message might be omitted if the data item or piece of information is neither explicitly nor implicitly requested by the second device.
  • Another issue concerns how to ensure that the credential(s) is/are only used with the MNO of the linked subscription profile and not usable at later stages in case the subscription profde is changed.
  • Another issue concerns communication devices that are moved geographically and that uses different subscription profdes depending on their location and that would like to use the same credential(s) towards the loT service whilst being served by networks of different MNOs.
  • Fig. 1 is a schematic diagram illustrating a communication system 100 where embodiments presented herein can be applied.
  • the communication system 100 comprises a communication device 200 and a network node 300 that are configmed to communicate with each other over a wireless link 400.
  • the communication device 200 comprises a device application 240, a modem 245, and a subscription module 250.
  • the subscription module 250 comprises security domains, such as a Supplementary Security Domain (SSD) 252a, an Issuer Security Domain Root (ISD-R) 252b, a first Issuer Security Domain Profile (ISD-P) 252c, and a second ISD-P 252d.
  • the SSD 252a stores an loT SAFE applet 254.
  • the first ISD-P 252c stores a first subscription profile 256a
  • the second ISD-P 252d stores a second subscription profile 256b.
  • the network node 300 might act as, fulfil the roles of, or implement the functionalities of, an loT service provider 340, a certificate authority (CA) 345, a provisioning server 340, a first MNO 355, and a second MNO 360.
  • the entities 340:360 might be implemented separately, or be co-located and integrated together.
  • the communication device 200 might be an loT device and comprises a realization of a SIM functionality, provided by a subscription module, supporting remote SIM provisioning according the GSM Association (GSMA; where GSM is short for or Global System for Mobile communications), either the Machine-to-Machine (M2M) variant or the consumer variant.
  • the subscription module might be an eUICC, iUICC, ieUICC, UICC, or a Smart Secure Platform (SSP) such as any of an integrated SSP (iSSP), an embedded SSP (eSSP) or a removable SSP (rSSP).
  • the communication device 200 comprises a wireless modem supporting at least one cellular standard from the 3rd Generation Partnership Project (3GPP).
  • 3GPP 3rd Generation Partnership Project
  • the subscription module comprises an loT SAFE applet that is pre-installed at manufacturing of the subscription module.
  • the loT SAFE applet is meant to be common for use by any MNO and typically does not contain any SIM OTA mechanism support for credential provisioning/establishment.
  • the loT SAFE applet might reside in a dedicated separate security domain on the subscription module. Such a security domain is referred to as Supplementary Security Domain (SSD).
  • SSD Supplementary Security Domain
  • a third party might be the application provider of the loT SAFE applet.
  • the loT SAFE applet resides in the Issuer Security Domain Root (ISD-R) security domain of the subscription module.
  • ISD-R Issuer Security Domain Root
  • the subscription module may be configured with a provisioning/bootstrapping subscription profile such that the communication device 200 can get initial connectivity and download an operational subscription profile.
  • the provisioning/bootstrapping subscription profile resides in a security domain separate from the security domain of the loT SAFE applet and typically separate from the ISD-R.
  • a new security domain is created where the subscription profile is stored.
  • Such a security domain is referred to as Issuer Security Domain Profile (ISD-P).
  • the communication device 200 might further comprise a further wireless modem which can be used to locally connect the communication device 200 to a primary device in order to get connectivity such that an operational subscription profile can be downloaded to the communication device 200.
  • the communication device 200 comprises an application that is configured to establish secure communication (e.g. based on the DTLS protocol) with a remote server of an loT service provider utilizing the loT SAFE applet of the subscription module according to the loT SAFE framework.
  • the remote server may be a device and data management server and the protocol used for communication between the communication device 200 and the device and data management server might, for example, be the Open Mobile Alliance (OMA) LwM2M protocol, where LwM2M is short for Lightweight Machine -to -Machine .
  • OMA Open Mobile Alliance
  • the MNO provides cellular connectivity for the communication device 200.
  • the MNO also assists the owner/manager (e.g. an enterprise) of the communication device 200 in establishing credentials for secure communication between a remote server of the loT service provider and the communication device 200 leveraging the subscription module, in particular the loT SAFE applet.
  • the loT service provider is a provider of an loT service and hosting a remote server to which a set of devices, such as communication device 200, would like to securely connect to using e.g. the DTLS protocol.
  • a set of devices such as communication device 200
  • One purpose is for the devices to report sensor data to the loT service provider.
  • the loT service provider may be the owner of the devices or license the devices for its service.
  • the provisioning server handles profile download and may also handle profile management operations.
  • the provisioning server may either be a Subscription Manager - Data Preparation plus (SM-DP+) server (for the consumer variant), or a Subscription Manager - Data Preparation (SM-DP) server and a Subscription Manager - Secure Routing (SM-SR) server (for the M2M variant).
  • SM-DP+ Subscription Manager - Data Preparation plus
  • SM-SR Subscription Manager - Secure Routing
  • the provisioning server is either operated by the MNO providing the operational subscription profile or a third party trusted by the MNO.
  • the embodiments disclosed herein relate to mechanisms for handling credentials of an loT SAFE applet.
  • a communication device 200 a method performed by the communication device 200, a computer program product comprising code, for example in the form of a computer program, that when run on processing circuitry of the communication device 200, causes the communication device 200 to perform the method.
  • a network node 300 a method performed by the network node 300, and a computer program product comprising code, for example in the form of a computer program, that when run on processing circuitry of the network node 300, causes the network node 300 to perform the method.
  • Fig. 2 illustrating a method for handling credentials of an loT SAFE applet as performed by the communication device 200 according to an embodiment.
  • Parallel reference is made to the signalling diagram of Fig. 4.
  • the communication device 200 is storing the loT SAFE applet in a first security domain of a subscription module in the communication device 200.
  • the first security domain is free from any subscription profile and is different from any security domain of the subscription module for storing subscription profiles.
  • the loT SAFE applet is independent from any MNO.
  • the communication device 200 is without credentials for the loT SAFE applet for establishing secure communication for the communication device 200 with a network node 300.
  • SI 02 The communication device 200 obtains credentials for the loT SAFE applet from the network node 300.
  • SI 04 The communication device 200 stores the credentials in the first security domain of the subscription module.
  • the credentials are, after successful storage, accessible only from within the first security domain.
  • SI 06 The communication device 200 establishes, using the loT SAFE applet and at least one of the credentials, secure communication for the communication device 200 with the network node 300.
  • Embodiments relating to further details of handling credentials of an loT SAFE applet as performed by the communication device 200 will now be disclosed.
  • first credentials i.e., the credentials as obtained in step SI 02, stored in step SI 04, and used in step SI 06.
  • the communication device 200 is storing the loT SAFE applet. There could be different ways for the communication device 200 to obtain, or be provided with, the loT SAFE applet in the first place. Different embodiments relating thereto will now be described in turn.
  • the loT SAFE applet is provided to the communication device 200 as part of manufacturing of the communication device 200. According to a first embodiment, the communication device 200 is thus preconfigured with the loT SAFE applet.
  • the loT SAFE applet is downloaded to the communication device 200 as part of subscription profile download. That is the communication device 200 might have a subscription profile, and according to a second embodiment the loT SAFE applet is downloaded to the communication device 200 as part of the subscription profile being downloaded to the communication device 200. Then, as part of installing the subscription profile into the subscription module, the subscription profile, except the loT SAFE applet, is stored in at least one other security domain (such as a first ISD-P or a second ISD-P, etc.) of the subscription module, and the loT SAFE applet is stored in the first security domain.
  • the subscription profile except the loT SAFE applet
  • the loT SAFE applet is prestored in the first security domain of the subscription module.
  • the first security domain of the subscription module is thus preconfigured with the loT SAFE applet.
  • the communication device 200 in step SI 02 obtains first credentials for the loT SAFE applet.
  • the communication device 200 could be different ways for the communication device 200 to obtain the first credentials. Different embodiments relating thereto will now be described in turn.
  • the first credentials are obtained as part of subscription profile download. That is, the communication device 200 might have a subscription profile, and in a first embodiment the first credentials are obtained by being downloaded to the communication device 200 as part of the subscription profile being downloaded to the communication device 200.
  • the communication device 200 Upon having obtained, or downloaded, the subscription profile, the communication device 200 might parse profile elements of the subscription profile (e.g., using a Profile Package Interpreter; PPI) in order to identify the first credentials. That is, in some embodiments, the communication device 200 is configured to perform (optional) step SI 02a as part of step SI 02:
  • PPI Profile Package Interpreter
  • SI 02a The communication device 200 parses, using a PPI, profile elements of the subscription profile for identifying the first credentials.
  • the PPI thus needs to be configured for identification of first credentials.
  • the profile element of the first credentials has a flag, or other type of indicator, as to whether the first credentials should be bound to an active subscription profile or not. That is, the flag is set when the first credentials are bound to an active subscription profile and the flag is not set when the first credentials are not bound to an active subscription profile.
  • the profile element carrying the first credentials comprises an indicator of whether (i) the first credentials are limited to be used only when the subscription profile in which the first credentials were downloaded is active or (ii) the first credentials are usable independently of which subscription profile is currently active in the wireless device 200.
  • the indicator might be stored into the first security domain.
  • a subscription profile identifier such as the Integrated Circuit Card Identifier (ICCID) or ISD-P Application Identifier (AID) is also stored. Credentials downloaded from the subscription profile might thus be allowed to be permanent credentials usable independently of the active subscription profile. It could be the choice of the MNO whether this is allowed or not.
  • the flag, or other type of indicator can be introduced in the Profile Element (PE) carrying the first credentials to indicate whether the use of the first credentials is bound to the subscription profde being active or not. The PPI when parsing the subscription profile will act upon the flag.
  • PE Profile Element
  • the PPI either binds the first credentials to the subscription profile being active by assigning the subscription profile identifier according to the above as the subscription profile identifier to be stored along with the first credentials or marks the first credentials as always usable e.g. by assigning the all-zero ICCID or ISD-P AID as the subscription profile identifier to be stored along with the first credentials.
  • the first credentials are by the communication device 200 obtained after having downloaded the subscription profile. That is, the communication device 200 might have a subscription profile and in some embodiments the first credentials are obtained after the subscription profile has been downloaded to the communication device 200.
  • One way for the communication device 200 to obtain the first credentials after the communication device 200 has downloaded the subscription profile is for the communication device 200 to use the SIM OTA mechanism for the active subscription profile. That is, when the subscription profile is an active subscription profile, the first credentials are in some embodiments obtained by being downloaded to the communication device 200 using an OTA mechanism of the subscription module for the active subscription profile. The above-disclosed indicator, or flag, might then be downloaded to the communication device 200 using the OTA mechanism.
  • the first credentials are, after successful storage, accessible only from within the first security domain. Further in this respect, the first credentials, when being obtained, might be encrypted. Thus, decryption might be required before use of the first credentials. Therefore, in some embodiments, the first credentials as obtained are encrypted, and before being stored in the first security domain of the subscription module, are decrypted inside the subscription module.
  • the secure communication could be established using different communications and security protocols.
  • the secure communication is based on any of: DTLS, TLS, OSCORE (short for Object Security for Constrained RESTful Environments).
  • step SI 06 it is verified that the subscription profile linked to the first credentials is active when the secure communication for the communication device 200 is established.
  • establishing, using at least one of the first credentials, secure communication for the communication device 200 as in step SI 06 comprises verifying by the loT SAFE applet if usage of the at least one of the first credentials is limited to be used when a particular subscription profile is active and, if so, verifying that this particular subscription profile is currently active.
  • further credentials need to be established.
  • the communication device 200 is configured to perform (optional) step SI 08:
  • SI 08 The communication device 200 obtains a trigger for establishment of further credentials.
  • the trigger might be set by, and obtained from, the network node 300 or from an application (which in turn could be triggered by the network node 300) in the communication device 200.
  • the further credentials are then established by the loT SAFE applet and then stored inside the first security domain of the subscription module. Both when the trigger is obtained from the network node 300 and when the trigger is obtained from an application, the establishment of the further credentials is triggered by an application via the loT SAFE applet interface. The further credentials are then, when stored in the first security domain, marked as usable independently of which subscription profile is active in the communication device 200.
  • the first credentials are used when further credentials of the communication device 200 are to be established. A proof of establishment of the further credentials can then be generated in the loT SAFE applet.
  • the communication device 200 is configured to perform (optional) step SI 10:
  • the communication device 200 generates a proof of establishment in the first security domain of the subscription module that the further credentials have been established by the loT SAFE applet in the first security domain. At least one of the first credentials already stored in the first security domain of the subscription module is used in establishing the proof.
  • step S112 the communication device 200 is configured to perform (optional) step S112:
  • SI 12 The communication device 200 provides the proof of establishment and any public part of the further credentials of the communication device 200 to the network node 300 for verification of the proof of establishment.
  • the further credentials are usable independently of which subscription profile is active in the communication device 200.
  • the further credentials can be used by the communication device 200 for establishing secure communication with an loT service provider.
  • the communication device 200 is configured to perform (optional) step SI 14 when the first credentials were obtained from a first MNO of the network node 300: SI 14: The communication device 200 establishes, using the further credentials, secure communication for the communication device 200 with an loT service provider of the network node 300, wherein a subscription profile in the subscription module of a second MNO is active.
  • the loT SAFE applet there are two variants of the loT SAFE applet; a first variant supporting cryptographic operations that make use of both asymmetric and symmetric credentials and a second variant only supporting cryptographic operations using symmetric credentials for use with very constrained devices.
  • the loT SAFE applet disclosed herein might be any of these variants.
  • the first credential(s) that is/are part of the subscription profile might be a symmetric key, a private key, a device certificate, and/or a CA certificate.
  • the first credential(s) that is/are part of the subscription profile is a symmetric key, e.g.
  • PSK 128 bits, for use with TLS- PSK or DTLS-PSK based secure communication, where PSK is short for pre-shared key.
  • a PSK identifier may also be included as part of the subscription profile or a device identifier already known to the loT service provider is used, e.g. International Mobile Equipment Identity (IMEI) or equipment identifier (EID).
  • IMEI International Mobile Equipment Identity
  • EID equipment identifier
  • the MNO provides temporary credential(s), e.g. a symmetric key, via the subscription profile, but the MNO never delivers this credential(s) to the loT service provider. Instead the MNO uses the device and data management protocol, e.g. the LwM2M protocol, to trigger establishment of further credential(s) not bound to a specific subscription profile. Then upon successful installation of the further credential(s) the MNO provides the necessary information about the further credentials to the loT service provider. The MNO may then trigger (via e.g. the LwM2M protocol) the device application to delete temporary credential(s).
  • the device and data management protocol e.g. the LwM2M protocol
  • Fig. 3 illustrating a method for handling credentials of an loT SAFE applet as performed by the network node 300 according to an embodiment.
  • Parallel reference is made to the signalling diagram of Fig. 4.
  • S202 The network node 300 generates credentials for the loT SAFE applet.
  • S204 The network node 200 provides the credentials for the loT SAFE applet to the communication device 200.
  • the communication device 200 establishes secure communication with the network node 300.
  • the network node 300 is configured to perform step S206:
  • the network node 300 establishes, using at least one of the credentials, secure communication with the communication device 200.
  • the secure communication is established at the communication device 200 using the loT SAFE applet.
  • first credentials i.e., the credentials as generated in step S202, provided in step S204, and used in step S206.
  • the network node 300 may generate the first credentials.
  • the first credentials are generated by any of: an MNO of the network node 300, a provisioning server of the network node 300, an loT service provider of the network node 300.
  • the loT SAFE applet is downloaded to the communication device 200 as part of subscription profile download. That is, the communication device 200 might have a subscription profile, and in an embodiment the loT SAFE applet is provided to the communication device 200 as part of the network node 300 providing the subscription profile to the communication device 200.
  • the first credentials are obtained as part of subscription profile download. That is, the communication device 200 might have a subscription profile, and in an embodiment the first credentials are provided to the communication device 200 as part of the network node 300 providing the subscription profile to the communication device 200.
  • the profile element of the first credentials has a flag, or other type of indicator, as to whether the first credentials should be bound to an active subscription profile or not.
  • the profile element carrying the first credentials comprises an indicator of whether the first credentials are bound to that the subscription profile is active or not bound to that the subscription profile is active.
  • the first credentials are by the communication device 200 obtained after having downloaded the subscription profile. That is, the communication device 200 might have a subscription profile and in some embodiments the first credentials are provided to the communication device 200 by the network node 300 after having provided the subscription profile to the communication device 200.
  • the secure communication could be established using different communications and security protocols.
  • the secure communication is based on any of: DTLS, TLS, OSCORE.
  • the network node 300 triggers the communication device 200 to establish further credentials.
  • the network node 300 is configured to perform (optional) step S208: S208: The network node 300 provides a trigger to the communication device 200 for establishment of further credentials.
  • a proof of establishment (and potential public credentials) of the further credentials might be sent to the network node 300 from the communication device 200.
  • the network node 300 is configured to perform (optional) step S210:
  • the network node 300 obtains a proof of establishment of the further credentials by the loT SAFE applet of the communication device 200 and any public part of the further credentials.
  • the network node 300 might then, using the received proof and any public credentials, verify that the further credentials were securely established inside the loT SAFE applet. That is, in some embodiments, the network node 300 is configured to perform (optional) step S212:
  • S212 The network node 300 verifies, using the proof of establishment, at least one of the first credentials, and any public part of the further credentials, that the further credentials have been securely established inside a security domain of the loT SAFE applet.
  • the further credentials can be used by the communication device 200 for establishing secure communication with another MNO than the MNO to which the first credentials are bound.
  • the network node 300 is configured to perform (optional) step S214 when the first credentials were provided to the communication device 200 from a first MNO of the network node 300:
  • the network node 300 establishes, using the further credentials, secure communication between the communication device 200 and an loT service provider of the network node 300, while the communication device 200 is connected to the network of the second MNO.
  • each MNO provides credentials for use with the loT SAFE applet through the subscription profile.
  • the download, parsing and installation of a subscription profile is split between one Issuer Security Domain Root (ISD-R) and one or more Issuer Security Domain Profiles (ISD-P), where the ISD- R is the security domain of the subscription module issuer and ISD-P is the security domain where a subscription profile is stored.
  • ISD-R Issuer Security Domain Root
  • ISD-P Issuer Security Domain Profiles
  • the ISD-R creates a new ISD-P in which the new subscription profile shall reside. It is in the ISD-P the encrypted subscription profile package is decrypted and parsed.
  • the PPI of the operating system of the subscription module is invoked to parse the subscription profde package upon successful decryption.
  • the PPI is configured to handle parsing of the credentials.
  • the credentials may be stored in a dedicated Profile Element (PE) recognized by the PPI.
  • PE Profile Element
  • an existing profile element such as PE-NonStandard, is used with a dedicated issuer ID identifying loT SAFE credential provisioning.
  • the PPI is privileged to store the credentials into the security domain of the loT SAFE applet where the loT SAFE applet can retrieve the credentials.
  • the credentials delivered in a subscription profile of a given MNO should only be usable by device applications when that particular subscription profile is active. For this reason, the PPI associates each credential obtained via a subscription profile with the ICCID of the subscription profile.
  • the Application Identifier (AID) of the ISD-P in which the subscription profile is installed may be used.
  • Generation or establishment of credentials may also be performed by the loT SAFE applet triggered by a device application via the loT SAFE applet.
  • Credentials may also be provided to the loT SAFE applet for storage by a device application. In these two cases the credentials are always usable in operations independently of what subscription profile that is active. The credentials are then marked as always usable e.g. by assigning the all-zero ICCID or ISD-P AID.
  • the loT SAFE applet For each loT SAFE operation involving the use of a credential the loT SAFE applet checks that the credential is usable by checking that the ICCID/ISD-P AID associated with the credential in the loT SAFE applet belongs to an active profile. For example, in the current case of only one active subscription profde at a time, the loT SAFE applet may read the EF ICCID file to obtain the ICCID of the active subscription profile and compare it to the ICCID is stored with the credential. The loT SAFE applet may perform this operation once and then cache the currently active ICCID internally as long as the application remains selected.
  • an loT service provider owns or license a batch of communication devices for which the loT service provider orders subscription profdes.
  • the eUICC is manufactured with eSIM support including credentials for subscription profde download.
  • the eUICC is also configured with an loT SAFE applet common for all MNOs.
  • the loT SAFE applet is stored in a dedicated security domain according to above.
  • the loT SAFE applet does not contain any credentials.
  • the loT service provider orders a subscription profde with credential(s) for loT SAFE from an MNO for the communication device 200.
  • the credential(s) is/are to be used in establishing secure communication between the communication device 200 and an loT service.
  • S302 The MNO generates credential(s) for the communication device 200.
  • S303 The MNO interacts with the provisioning server to prepare a subscription profile for the communication device 200.
  • the generated credential(s) is/are transferred from the MNO to the provisioning server.
  • the loT SAFE credentials are generated at the provisioning server and delivered to the MNO.
  • S304 The provisioning server prepares a subscription profile where the credential(s) is/are included.
  • the MNO provides a response back to the loT service provider, where the response comprises the credential(s).
  • the credential(s) is/are securely delivered based on established secure communication.
  • the response may also comprise information needed for triggering subscription profile download (e.g. an Activation Code (AC)).
  • AC Activation Code
  • step S306 (Optional) In case the eSIM consumer variant is used and an AC was received in step S305 the AC is delivered to the Local Profile Assistant (LPA) of the communication device 200.
  • LPA Local Profile Assistant
  • S307 Subscription profile download, installation, and enabling of the downloaded subscription profile is performed.
  • the LPA triggers subscription profile download using information from the AC.
  • S308 During subscription profile installation the PPI (running in the ISD-P security domain) parses the subscription profile and extracts the credential(s) and stores the credential(s) in loT SAFE applet storage. The PPI associates each credential with the ICCID of the subscription profile.
  • S310 The device application establishes secure communication based on DTLS with the loT service provider using the loT SAFE applet and the new credential(s).
  • loT SAFE operations requested by the device application is accessing a credential stored in the loT SAFE applet
  • the loT SAFE applet checks that the subscription profile linked with the credential(s) (if any) is activated.
  • S312 The communication device 200 is registered with the loT service provider.
  • S313 The communication device 200, using the credential(s), securely communicates with the loT service provider.
  • Steps S301 - S305 may be performed once for a whole batch of communication devices 200 instead of for an individual communication device 200 as shown here.
  • One particular embodiment for establishment of further credentials not linked to a specific subscription profde based on at least some of the above disclosed embodiments will now be disclosed in detail with reference to the signalling diagram of Fig. 6.
  • a device application may utilize first credentials downloaded via a subscription profde (and bound to a specific subscription profile) to establish secure communication with a remote server controlled by the loT service provider in order to establish further credentials that are not bound to a specific MNO and allowing the further credentials to be used whilst the communication device 200 is connected to different networks.
  • Credentials generated/established in the loT SAFE applet are not accessible by the device application.
  • the loT SAFE applet ensures that these credentials are not accessed and when the OTA mechanism is used the MNO provides guarantees to the loT service provider that these credentials are generated/established in the loT SAFE applet. But the loT service provider must still trust the device application.
  • the loT service provider may want to have proof that the further credentials are generated/established in the loT SAFE applet and not outside the loT SAFE applet by the device application.
  • S400 The communication device 200 is attached to the network of MNO 1 for which the communication device 200 has previously downloaded a subscription profile and credential(s) bound to the subscription profile.
  • the credential(s) has/have been securely delivered from MN01 to the loT service provider.
  • S401 The device application establishes secure communication based on DTLS with the loT service provider using the credential(s).
  • the credential(s) is a symmetric key and DTLS-PSK is used to secure the communication.
  • loT SAFE operations requested by the device application is accessing credential(s) stored in the loT SAFE applet (in this case the symmetric key) the loT SAFE applet checks that the subscription profile linked with the credential(s) (if any) is activated.
  • the communication device 200 is registered with the loT service provider using the device and data management protocol.
  • the LwM2M protocol is used.
  • the loT service provider uses the LwM2M protocol to trigger the generation of further credential(s), in the form of a private -public key pair, in the loT SAFE applet.
  • the device application triggers the loT SAFE applet to generate the further credential(s).
  • the further credential(s), in terms of the private -public key pair, is generated by the loT SAFE applet.
  • the device application (or device middleware) generates a Certificate Signing Request (CSR) for the received public key.
  • CSR Certificate Signing Request
  • the device application uses the loT SAFE applet SignQ -operation to sign the CSR using the new private key.
  • the device application uses the loT SAFE applet SignQ -operation to sign the first credential(s), for example a symmetric key, bound to the subscription profile. Further aspects relating to the signing will be disclosed below.
  • the loT SAFE applet checks that the first credential(s) is/are allowed to be used by checking that the subscription profile bound to first credential(s) is active. The signature on the first credential(s) is then returned.
  • S411 The loT service provider verifies the received credential signature.
  • the loT service provider Upon successful verification of the credential signature, the loT service provider requests a certificate from a CA.
  • the CSR is provided as part of the request.
  • S413 Upon examining the CSR (e.g. verifying the CSR signature), the CA generates a certificate for the communication device 200.
  • the loT service provider uses the LwM2M protocol to send the certificate to the communication device 200.
  • S417 The device application stores the new device certificate in the loT SAFE applet.
  • S418 (Optional) The communication device 200 continues to communicate securely using the first credential(s). Alternatively, the communication device 200 is rebooted to start using the further credential(s).
  • a new subscription profile is downloaded and installed to the communication device 200 from a second MNO, denoted MN02. This may be due to that the communication device 200 is moved to new area where the new subscription profile is more suitable to be used.
  • the new subscription profile is enabled.
  • S420 The communication device 200 attaches to the network of MN02.
  • S421 The device application establishes secure communication based on DTLS with the loT service provider using the further credential(s).
  • S423 The communication device 200, using the further credential(s), securely communicates with the loT service provider.
  • the communication device 200 might as an alternative on its own connect to a CA using Enrollment over Secure Transport (EST) over the CoAP protocol, deliver the CSR, and obtain a device certificate.
  • the device certificate might then either be obtained by the loT service provider from the communication device 200 or from the CA.
  • the loT service provider may want to have proof that the further credentials are generated/established in the loT SAFE applet and not outside the loT SAFE applet by a rogue device application.
  • first credential(s) and the further credential(s) impact how proof of the that the further credentials are generated/established in the loT SAFE applet can be provided will now be disclosed for different examples of first credential(s) and further credential(s).
  • the first credential(s) is a symmetric key and the further credential(s) is a private-public key pair.
  • the applet Sign()-operation extended to sign an internal loT SAFE secret credential such as a symmetric key.
  • the device application can call this function and request the new private key to be used to sign the old symmetric key.
  • the signature is then delivered to the loT service provider along with the public key (e.g. as in Fig. 6).
  • the loT service provider has the symmetric key and may then verily the signature using the received public key.
  • the loT service provider is convinced that the private key was generated in the loT SAFE applet since only private keys internal to the loT SAFE applet can be used to sign keys internal to the loT SAFE applet.
  • An alternative approach is to extend the Sign() -operation allowing a symmetric key and encryption algorithm to be specified and where the signature is encrypted before it is delivered to the device application.
  • the device application can use this operation when signing the CSR.
  • the loT service provider can then decrypt the signature using the first credential(s) such that the loT service provider can obtain the signature in plain in order to provide it to the CA for issuing a certificate.
  • the first credential(s) and the further credential(s) are private-public key pairs.
  • One way to provide proof that the new key pair is generated in the loT SAFE applet is for the loT service provider to generate and wrap a symmetric key using the old public key of the loT SAFE applet and send the wrapped key as part of the request to generate a new key pair (as in step S405 of Fig. 6).
  • the loT SAFE applet then unwraps the thus wrapped key and store the thus unwrapped key as an internal key in the loT SAFE applet.
  • the extended SignQ -operation described above is then used to sign the symmetric key using the new private key and provide the signature back to the loT service provider for verification similar to what was described above.
  • the first credential(s) is a private-public key pair and the further credential(s) is a symmetric key.
  • the further credential(s) is a symmetric key it is typically generated by the loT service provider and sent to the communication device 200.
  • the same wrapping mechanism as described above can be used to transfer the symmetric into the loT SAFE internal storage.
  • a proof may be provided to the loT service provider that the symmetric key was successfully installed.
  • the applet extended Sign()-operation described above can be used to sign the new symmetric key using the old private key and provide the signature back to the loT service provider for verification.
  • Another example is to use the Compute pseudorandom function family (PRF) operation or the Compute Hash-based key derivation function (HKDF) operation with the new symmetric key on some agreed data to provide some footprint data that can be provided to the loT service provider for verification and that proves the symmetric key was successfully installed.
  • PRF Compute pseudorandom function family
  • HKDF Compute Hash-based key derivation function
  • the first credential(s) is a symmetric key and the further credential(s) is a symmetric key.
  • the further credential(s) is a symmetric key generated by the loT service provider.
  • the new key is wrapped (i.e. encrypted) using e.g. the Advanced Encryption Standard (AES) with the old symmetric key and is then sent to the communication device 200.
  • AES Advanced Encryption Standard
  • An AES unwrap operation is used by the loT SAFE applet to decrypt and install the new symmetric key.
  • a proof may be provided to the loT service provider that the symmetric key was successfully installed.
  • the Compute PRF operation or the Compute HKDF operation may be used with the new symmetric key on some agreed data to provide some footprint data that can be provided to the loT service provider for verification and that proves the symmetric key was successfully installed.
  • Fig. 7 schematically illustrates, in terms of a number of functional units, the components of a communication device 200 according to an embodiment.
  • Processing circuitry 210 is provided using any combination of one or more of a suitable central processing unit (CPU), multiprocessor, microcontroller, digital signal processor (DSP), etc., capable of executing software instructions stored in a computer program product 1010a (as in Fig. 11), e.g. in the form of a storage medium 230.
  • the processing circuitry 210 may further be provided as at least one application specific integrated circuit (ASIC), or field programmable gate array (FPGA).
  • ASIC application specific integrated circuit
  • FPGA field programmable gate array
  • the processing circuitry 210 is configured to cause the communication device 200 to perform a set of operations, or steps, as disclosed above.
  • the storage medium 230 may store the set of operations
  • the processing circuitry 210 may be configured to retrieve the set of operations from the storage medium 230 to cause the communication device 200 to perform the set of operations.
  • the set of operations may be provided as a set of executable instructions.
  • the processing circuitry 210 is thereby arranged to execute methods as herein disclosed.
  • the storage medium 230 may also comprise persistent storage, which, for example, can be any single one or combination of magnetic memory, optical memory, solid state memory or even remotely mounted memory.
  • the communication device 200 may further comprise a communications interface 220 for communications with other entities, functions, nodes, and devices.
  • the communications interface 220 may comprise one or more transmitters and receivers, comprising analogue and digital components.
  • the processing circuitry 210 controls the general operation of the communication device 200 e.g. by sending data and control signals to the communications interface 220 and the storage medium 230, by receiving data and reports from the communications interface 220, and by retrieving data and instructions from the storage medium 230.
  • Other components, as well as the related functionality, of the communication device 200 are omitted in order not to obscure the concepts presented herein.
  • Fig. 8 schematically illustrates, in terms of a number of functional modules, the components of a communication device 200 according to an embodiment.
  • the communication device 200 of Fig. 8 comprises a number of functional modules; an obtain module 210a configmed to perform step S102, a store module 210c configmed to perform step SI 04, and an establish module 210d configured to perform step SI 06.
  • the communication device 200 of Fig. 8 may further comprise a number of optional functional modules, such as any of a parse module 210b configured to perform step SI 02a, an obtain module 210e configured to perform step SI 08, a generate module 21 Of configured to perform step SI 10, a provide module 210g configured to perform step SI 12, and an establish module 21 Oh configmed to perform step S114.
  • each functional module 210a-210f may be implemented in hardware or in software.
  • one or more or all functional modules 210a-210f may be implemented by the processing circuitry 210, possibly in cooperation with the communications interface 220 and/or the storage medium 230.
  • the processing circuitry 210 may thus be arranged to from the storage medium 230 fetch instructions as provided by a functional module 210a-210f and to execute these instructions, thereby performing any steps of the communication device 200 as disclosed herein.
  • Fig. 9 schematically illustrates, in terms of a number of functional units, the components of a network node 300 according to an embodiment.
  • Processing circuitry 310 is provided using any combination of one or more of a suitable central processing unit (CPU), multiprocessor, microcontroller, digital signal processor (DSP), etc., capable of executing software instructions stored in a computer program product 1010b (as in Fig. 11), e.g. in the form of a storage medium 330.
  • the processing circuitry 310 may further be provided as at least one application specific integrated circuit (ASIC), or field programmable gate array (FPGA).
  • ASIC application specific integrated circuit
  • FPGA field programmable gate array
  • the processing circuitry 310 is configured to cause the network node 300 to perform a set of operations, or steps, as disclosed above.
  • the storage medium 330 may store the set of operations
  • the processing circuitry 310 may be configured to retrieve the set of operations from the storage medium 330 to cause the network node 300 to perform the set of operations.
  • the set of operations may be provided as a set of executable instructions.
  • the processing circuitry 310 is thereby arranged to execute methods as herein disclosed.
  • the storage medium 330 may also comprise persistent storage, which, for example, can be any single one or combination of magnetic memory, optical memory, solid state memory or even remotely mounted memory.
  • the network node 300 may further comprise a communications interface 320 for communications with other entities, functions, nodes, and devices.
  • the communications interface 320 may comprise one or more transmitters and receivers, comprising analogue and digital components.
  • the processing circuitry 310 controls the general operation of the network node 300 e.g. by sending data and control signals to the communications interface 320 and the storage medium 330, by receiving data and reports from the communications interface 320, and by retrieving data and instructions from the storage medium 330.
  • Other components, as well as the related functionality, of the network node 300 are omitted in order not to obscure the concepts presented herein.
  • Fig. 10 schematically illustrates, in terms of a number of functional modules, the components of a network node 300 according to an embodiment.
  • the network node 300 of Fig. 10 comprises a number of functional modules; a generate module 310a configured to perform step S202, a provide module 310b configured to perform step S204, and an establish module 310c configured to perform step S206.
  • the network node 300 of Fig. 10 may further comprise a number of optional functional modules, such as any of a provide module 310d configured to perform step S208, an obtain module 310e configured to perform step S210, a verily module 31 Of configured to perform step S212, and an establish module 310g configured to perform step S214.
  • each functional module 310a-310g may be implemented in hardware or in software.
  • one or more or all functional modules 310a-310g may be implemented by the processing circuitry 310, possibly in cooperation with the communications interface 320 and/or the storage medium 330.
  • the processing circuitry 310 may thus be arranged to from the storage medium 330 fetch instructions as provided by a functional module 310a-310g and to execute these instructions, thereby performing any steps of the network node 300 as disclosed herein.
  • the network node 300 may be provided as a standalone device or as a part of at least one further device.
  • the network node 300 may be provided in a node of the radio access network or in a node of the core network.
  • functionality of the network node 300 may be distributed between at least two devices, or nodes. These at least two nodes, or devices, may either be part of the same network part (such as the radio access network or the core network) or may be spread between at least two such network parts.
  • instructions that are required to be performed in real time may be performed in a device, or node, operatively closer to the cell than instructions that are not required to be performed in real time.
  • a first portion of the instructions performed by the network node 300 may be executed in a first device, and a second portion of the instructions performed by the network node 300 may be executed in a second device; the herein disclosed embodiments are not limited to any particular number of devices on which the instructions performed by the network node 300 may be executed.
  • the methods according to the herein disclosed embodiments are suitable to be performed by a network node 300 residing in a cloud computational environment. Therefore, although a single processing circuitry 210, 310 is illustrated in Fig. 9 the processing circuitry 310 may be distributed among a plurality of devices, or nodes. The same applies to the functional modules 310a-310g of Fig. 10 and the computer program 1020b of Fig. 11.
  • Fig. 11 shows one example of a computer program product 1010a, 1010b comprising computer readable means 1030.
  • a computer program 1020a can be stored, which computer program 1020a can cause the processing circuitry 210 and thereto operatively coupled entities and devices, such as the communications interface 220 and the storage medium 230, to execute methods according to embodiments described herein.
  • the computer program 1020a and/or computer program product 1010a may thus provide means for performing any steps of the communication device 200 as herein disclosed.
  • a computer program 1020b can be stored, which computer program 1020b can cause the processing circuitry 310 and thereto operatively coupled entities and devices, such as the communications interface 320 and the storage medium 330, to execute methods according to embodiments described herein.
  • the computer program 1020b and/or computer program product 1010b may thus provide means for performing any steps of the network node 300 as herein disclosed.
  • the computer program product 1010a, 1010b is illustrated as an optical disc, such as a CD (compact disc) or a DVD (digital versatile disc) or a Blu-Ray disc.
  • the computer program product 1010a, 1010b could also be embodied as a memory, such as a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM), or an electrically erasable programmable read-only memory (EEPROM) and more particularly as a non-volatile storage medium of a device in an external memory such as a USB (Universal Serial Bus) memory or a Flash memory, such as a compact Flash memory.
  • RAM random access memory
  • ROM read-only memory
  • EPROM erasable programmable read-only memory
  • EEPROM electrically erasable programmable read-only memory
  • the computer program 1020a, 1020b is here schematically shown as a track on the depicted optical disk, the computer program 1020a,

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

L'invention concerne des mécanismes de traitement de justificatifs d'une appliquette IoT SAFE. Un procédé est réalisé par un dispositif de communication. Le dispositif de communication stocke l'appliquette IoT SAFE dans un premier domaine de sécurité d'un module d'abonnement dans le dispositif de communication. Le premier domaine de sécurité est exempt de tout profil d'abonnement et est différent de tout domaine de sécurité du module d'abonnement servant à stocker des profils d'abonnement. L'appliquette IoT SAFE est indépendante de tout MNO. Le dispositif de communication est sans justificatifs pour l'appliquette IoT SAFE en vue de l'établissement d'une communication sécurisée pour le dispositif de communication avec un nœud de réseau. Le procédé comporte l'obtention de justificatifs pour l'appliquette IoT SAFE à partir du nœud de réseau. Le procédé comporte le stockage des justificatifs dans le premier domaine de sécurité du module d'abonnement. Les justificatifs, après un stockage réussi, ne sont accessibles que depuis l'intérieur du premier domaine de sécurité. Le procédé comporte l'établissement, à l'aide de l'appliquette IoT SAFE et d'au moins un des justificatifs, d'une communication sécurisée pour le dispositif de communication avec le nœud de réseau.
EP20803443.9A 2020-10-09 2020-10-09 Traitement de justificatifs d'une appliquette iot safe Pending EP4226662A1 (fr)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2020/078503 WO2022073623A1 (fr) 2020-10-09 2020-10-09 Traitement de justificatifs d'une appliquette iot safe

Publications (1)

Publication Number Publication Date
EP4226662A1 true EP4226662A1 (fr) 2023-08-16

Family

ID=73172644

Family Applications (1)

Application Number Title Priority Date Filing Date
EP20803443.9A Pending EP4226662A1 (fr) 2020-10-09 2020-10-09 Traitement de justificatifs d'une appliquette iot safe

Country Status (2)

Country Link
EP (1) EP4226662A1 (fr)
WO (1) WO2022073623A1 (fr)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20220385483A1 (en) * 2021-05-27 2022-12-01 Kigen (Uk) Limited Credential bootstrapping

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9363676B2 (en) * 2010-12-06 2016-06-07 Interdigital Patent Holdings, Inc. Smart card with domain-trust evaluation and domain policy management functions

Also Published As

Publication number Publication date
WO2022073623A1 (fr) 2022-04-14

Similar Documents

Publication Publication Date Title
KR102570563B1 (ko) 무선 통신 시스템에서 프로파일을 다운로드 하는 방법 및 장치
CN111602417B (zh) 通信设备的简档处理
CN110798833B (zh) 一种鉴权过程中验证用户设备标识的方法及装置
KR102502503B1 (ko) 프로파일 제공 방법 및 장치
EP3281436B1 (fr) Procédé et appareil de téléchargement d'un profil dans un système de communication sans fil
US20190313246A1 (en) Device default wifi credentials for simplified and secure configuration of networked transducers
US9253178B2 (en) Method and apparatus for authenticating a communication device
US11496883B2 (en) Apparatus and method for access control on eSIM
US20210144551A1 (en) Method and apparatus for discussing digital certificate by esim terminal and server
EP3044975A1 (fr) Communication sécurisée avec un dispositif mobile
KR20170115609A (ko) eUICC의 원격 가입 관리 방법, 해당 단말
EP3837868A1 (fr) Gestion de profils d'abonnement pour un ensemble de dispositifs sans fil
CN108702386A (zh) 一种嵌入式通用集成电路卡配置文件的管理方法及装置
GB2527276A (en) Providing network credentials
KR20200028786A (ko) Ssp 단말과 서버가 디지털 인증서를 협의하는 방법 및 장치
US20230379717A1 (en) Credential handling of an iot safe applet
EP4226662A1 (fr) Traitement de justificatifs d'une appliquette iot safe
CN103329508B (zh) 针对应用标识符到连接标识符的解析的记录创建
EP3704884B1 (fr) Gestion d'une entité d'abonné
EP3984262B1 (fr) Provisionnement d'identité de niveau d'application
WO2023237187A1 (fr) Fourniture d'un profil d'abonnement à un module d'abonné
US20240031805A1 (en) Download of a subscription profile to a communication device
WO2023134844A1 (fr) Établissement de connexion réseau pour dispositif de communication
WO2023169682A1 (fr) Téléchargement vers l'aval d'un profil d'abonnement vers un dispositif de communication
CN117676565A (zh) 验证接入请求的方法、用户终端和基站

Legal Events

Date Code Title Description
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: UNKNOWN

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20230509

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

DAV Request for validation of the european patent (deleted)
DAX Request for extension of the european patent (deleted)