WO2010051715A1 - Procédé, système et terminal mobile de distribution de clé initiale d’un domaine de sécurité d’une carte à puce - Google Patents

Procédé, système et terminal mobile de distribution de clé initiale d’un domaine de sécurité d’une carte à puce Download PDF

Info

Publication number
WO2010051715A1
WO2010051715A1 PCT/CN2009/073489 CN2009073489W WO2010051715A1 WO 2010051715 A1 WO2010051715 A1 WO 2010051715A1 CN 2009073489 W CN2009073489 W CN 2009073489W WO 2010051715 A1 WO2010051715 A1 WO 2010051715A1
Authority
WO
WIPO (PCT)
Prior art keywords
management platform
smart card
card
mobile terminal
security domain
Prior art date
Application number
PCT/CN2009/073489
Other languages
English (en)
Chinese (zh)
Inventor
余万涛
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2010051715A1 publication Critical patent/WO2010051715A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards

Definitions

  • the present invention relates to an NFC-based mobile terminal electronic payment technology, and in particular, to a smart card slave security key initial key distribution method, system, and mobile terminal.
  • NFC Near Field Communication
  • 1356MHz a short-range wireless communication technology operating at 13.56MHz
  • mobile communication terminals such as mobile phones can simulate contactless IC cards for related applications of electronic payment.
  • Implementing this solution on a mobile communication terminal requires adding an NFC analog front end chip and an NFC antenna to the terminal, and using a smart card that supports electronic payment.
  • IC cards especially non-contact IC cards
  • mobile phones have experienced rapid development for more than 20 years, and have been widely popular among residents, bringing great convenience to people's work and life.
  • the capabilities of mobile phones are becoming more powerful and there is a tendency to integrate more features.
  • Combining mobile phones with non-contact IC card technology mobile phones used in the field of electronic payment will further expand the use of mobile phones, bring convenience to people's lives, and have broad application prospects.
  • the business framework of the mobile payment system for mobile terminals based on NFC technology usually adopts the multi-application framework of the Global Platform specification.
  • the smart card supporting the Global Platform specification refers to the Global Platform Card Specification V2.1.1/V2.2 specification.
  • the IC chip or smart card can be physically a SIM/USIM card, a pluggable smart memory card or an IC chip integrated on the mobile terminal.
  • NFC Near Field Communication
  • secure channel protocol needs to support SCP02 (based on symmetric key); if the mobile terminal electronic payment system based on near field communication technology supports GP2.2 specification, the secure channel protocol needs to support SCP02 (based on symmetric key) and SCP10 (based on non- Symmetric keys), card issuers, application providers can choose based on security policy requirements.
  • an NFC-based mobile terminal short-range electronic payment system mainly consists of a card issuer management platform, an application provider management platform, and a mobile terminal supporting a smart card with an electronic payment application function, and multiple application providers may exist in the system. Management platform.
  • multiple applications can be installed on the smart card supporting the Global Platform specification.
  • the smart card is divided into several independent security domains to ensure the isolation and independence of multiple applications. Manage their respective security domains as well as applications, application data, and more.
  • Security domains include primary and secondary security domains.
  • the primary security domain is the card issuer's mandatory card representation on the smart card.
  • the security domain is represented by a card issuer or application provider on an additional optional card on the smart card.
  • the key generation and distribution of the secure domain is the responsibility of the card issuer or application provider that manages the secure domain, which ensures that applications and data from different application providers can coexist on the same card.
  • the keys for the security domain include the primary security domain key, the security domain initial key, and the secondary security domain key.
  • the primary security domain key and the secondary domain security key are generated by the card issuer management platform, and the security domain key is managed by
  • a secure domain Before downloading and installing an electronic payment application to a smart card, a secure domain needs to be created for the application on the smart card.
  • the creation of a smart card from a secure domain is done by the card issuer management platform. After the smart card is issued, when the smart card is created from the secure domain, the initial key from the secure domain must be imported by the card issuer management platform to the secure domain on the smart card.
  • the process of distributing the initial key from the security domain is related to the specific implementation of the system network architecture. In order to realize the security management of the smart card and the downloading, installation, etc. of the payment application, the smart card needs to establish communication with the card issuer management platform and the application provider management platform.
  • the smart card establishes communication through the mobile terminal using the mobile communication network and the management platform, and how to import the security key from the security domain initial key to the slave security zone generated by the card issuer management platform while establishing communication, is the mobile terminal electronic payment One that needs to be solved Question.
  • the present invention provides a smart card initial key distribution method, system and mobile terminal from a security domain to securely import a security key from a security domain initial key.
  • the present invention provides a method for initializing a smart card from a security domain.
  • the method establishes communication between a smart card and an out-of-card entity management platform through an over-the-air server and a mobile terminal to implement distribution of a smart card from a security domain initial key.
  • the method includes:
  • the card issuer management platform creates a slave security domain for the smart card and generates a slave security domain initial key, and the generated slave security key initial key is imported into the smart card through the secure channel area.
  • the method further includes: before the step (a):
  • the smart card establishes an over-the-air connection with the over-the-air server through the mobile terminal; and the over-the-air server establishes a secure connection with the out-of-card entity management platform.
  • the application download request includes smart card identification information, an application identifier, and application provider identity information;
  • the method further includes: the card issuer management platform, according to the smart card identification information, application identifier and application provider identity information, or according to smart card status information, between the step (b) and the step (c) , to determine whether to create a slave security domain for the smart card.
  • the step of establishing a secure channel between the card issuer management platform and the smart card primary security domain includes:
  • the card issuer management platform performs mutual authentication with the primary security domain of the smart card
  • the user submits an application download request to the card issuer management platform through the mobile terminal and the over-the-air download server;
  • the card issuer management platform performs mutual authentication through the over-the-air server and the mobile terminal and the primary security domain of the smart card;
  • the card issuer management platform creates the slave security domain and generates the slave security domain initial key for the smart card
  • the generated secure domain initial key is imported to the airlink server and the mobile terminal through the secure channel.
  • the slave security zone of the smart card is defined by the card issuer management platform.
  • the card external entity management platform is an application provider management platform
  • the user submits an application download request to the card issuing management platform through the mobile terminal, the over-the-air server, and the application provider management platform;
  • the card issuer management platform performs mutual authentication through an application provider management platform, an over-the-air server, and a mobile terminal and a primary security domain of the smart card;
  • the card issuer management platform creates the slave security domain and generates the slave security domain initial key
  • the generated slave security domain initial key is downloaded through the application provider management platform through the secure channel.
  • the server and the mobile terminal are imported into the slave security domain of the smart card.
  • the present invention further provides a mobile terminal electronic payment system, the system comprising a smart card having an electronic payment application function, a mobile terminal, an OTA server, and a card issuer management platform, wherein the smart card is installed on the mobile terminal;
  • the smart card is configured to communicate with the card issuing management platform through the mobile terminal and the over-the-air server;
  • the card issuer management platform is arranged to distribute the smart card from the secure domain initial key to the smart card via the over-the-air server and the mobile terminal.
  • the smart card is further configured to pass the mobile terminal and the over-the-air download service Establish an over-the-air connection;
  • the over-the-air server is configured to communicate with the card issuer management platform over a secure connection and to communicate communication data between the smart card and the card issuer management platform over the over-the-air connection.
  • the smart card is further configured to provide support for submitting an application download request to the card issuer management platform, perform mutual authentication with the card issuer management platform, and establish a temporary session key, and decrypt the obtained slave security domain initial The key, as well as the initialization from the security domain;
  • the card issuer management platform is further configured to perform mutual authentication with the smart card and establish a temporary session key, determine whether to establish a slave security domain for the smart card according to an application download request or smart card status information, and establish a slave security for the smart card.
  • system further includes an application provider management platform, the application provider management platform being configured to communicate with the card issuer management platform and the over-the-air server via a secure connection;
  • the smart card is further configured to pass the mobile terminal and the over-the-air download server and the
  • the card issuer management platform is further configured to distribute the slave security domain initial key to the smart card by the application provider management platform, the air download server, and the mobile terminal;
  • the over-the-air server is further configured to transmit communication data between the smart card and the application provider management platform over the over-the-air connection.
  • the present invention further provides a mobile terminal, the mobile terminal comprising a smart card having an electronic payment application function, wherein the slave security domain initial key of the smart card is distributed by the card issuer management platform through the over-the-air server and the mobile terminal; or The slave security zone initial key of the smart card is distributed by the card issuer management platform through the application provider management platform, the over-the-air server, and the mobile terminal.
  • the smart card initial key distribution method, system and mobile terminal of the smart card can solve the situation that after the card is issued, for the symmetric key, when the slave security domain is created, the card issuer management platform generates the initial secret from the security domain. Key security is imported into the security domain, thus achieving initial security from the security domain. Secure distribution of keys.
  • 1 is a schematic diagram of the architecture of an electronic payment system for a mobile terminal based on the near field communication technology of the present invention.
  • 2 is a schematic diagram of an OTA-based slave domain initial key distribution process according to the present invention.
  • FIG. 3 is a schematic diagram of an initial key distribution process of a slave security domain based on an application provider management platform and an OTA according to the present invention.
  • the mobile payment electronic payment system of the present invention comprises an application provider management platform, a card issuer management platform, an OTA server, a mobile terminal and a smart card, wherein:
  • a smart card having an electronic payment application function installed on a mobile terminal, the smart card and the mobile terminal supporting an OTA function, the smart card also supporting a Global Platform Card Specification V2.1.1/V2.2 specification; when a user downloads an application, The smart card establishes an OTA connection with the OTA server through the mobile terminal, and the OTA connection supports transmission methods such as short message and BIP.
  • connection may also be connected to the card issuer management platform and the application provider management platform through the card issuer service terminal or the application provider service terminal, respectively.
  • the OTA server communicates with the card issuer management platform and the application provider management platform through a secure connection, and transmits communication data between the smart card and the card issuer management platform and the application provider management platform through the OTA connection;
  • the card issuer management platform is responsible for card issuance and management, manages card resources and lifecycles, keys, and certificates, is responsible for creating security domains, and interacts with other security domains to apply data to interact with the smart cards. Authenticate and establish temporary session keys, and generate and distribute to smart cards from Security domain initial key.
  • the card issuer management platform may include a card management system, an application management system, a key management system, a certificate management system, an application provider management system, etc., wherein the certificate management system supports an asymmetric key.
  • the certificate management system supports an asymmetric key.
  • CA card issuer certification authority
  • the application provider management platform is responsible for the provision and management functions of the electronic payment application, provides various business applications, and performs security management on the card with its corresponding slave security domain, and applies the key, certificate, and data to the slave security domain. Control, etc., to provide secure download and installation of applications.
  • the application provider management platform may include an application management system, a key management system, and a certificate management system, wherein the certificate management system is used in the case of supporting asymmetric keys, a certificate management system, and an application provider certification authority.
  • CA System connection.
  • the application provider management platform communicates with the card issuer management platform over a secure connection.
  • the card issuer management platform and the application provider management platform can provide electronic payment related services through the OTA server: provide a list of downloadable electronic payment applications, participate in creation of security domains and key distribution, download of electronic payment applications, and electronic payment. Personalization of the application, etc.
  • the smart card communicates with the application provider management platform and the card issuer management platform through the mobile terminal and the OTA server.
  • the card issuer management platform can also communicate with the smart card through the card issuer service terminal, the application provider management platform management, or the application provider service terminal can communicate with the smart card.
  • the present invention is described based on the mobile payment electronic payment system architecture shown in FIG. 1 , but is not limited to the mobile terminal electronic payment system architecture shown in FIG. 1 .
  • FIG. 2 is a schematic diagram of the initial key distribution process from the security domain of the present invention. As shown in Figure 2, when creating a slave security domain, the initial key distribution process steps from the security domain include:
  • Step 201 The user triggers an application download request by using a mobile terminal client program or a card program, and submits an application download request to the card issuer management platform via the OTA server, where the application download request may include the smart card identification information ICCID information, the application identifier, and the application provider. Identity information, etc.; when the user downloads the application, the smart card establishes an OTA connection between the mobile terminal and the OTA server, and the OTA connection supports a transmission mode bearer such as a short message and a BIP.
  • OTA server passed Secure connection to the application provider management platform and card issuer management platform;
  • Step 202 The card issuer management platform sends a SELECT command message to the smart card via the OTA server and the mobile terminal, and selects a primary security domain.
  • Step 203 The smart card submits a SELECT command response to the card issuer management platform via the mobile terminal and the OTA server;
  • Step 204 The card issuer management platform and the smart card master security domain establish an SCP02 security channel via the OTA server and the mobile terminal; the mutual authentication of the domain, after the mutual authentication is completed, between the card issuer management platform and the smart card primary security domain Establish a temporary session key to establish a secure channel.
  • the temporary session key may be established in accordance with the Global Platform Card Specification V2.1.1/V2.2 specification, or may be established by other methods; the mutual authentication process is managed by the card issuer via the UI server and the mobile terminal The platform and the smart card primary security domain are completed.
  • Step 205 The card issuer management platform determines whether the slave security domain needs to be created. If the slave security domain is not required to be created, the slave security domain creation process is terminated. If the slave security domain needs to be created, the subsequent steps are continued.
  • the card issuer management platform determines whether to create a slave security domain according to the information such as the smart card ICCID information, the application identifier, and the application provider identity, or the smart card status information.
  • the smart card status information is obtained from the smart card primary security domain by the card issuer management platform.
  • Step 206 The card issuer management platform sends the smart card to the smart card via the UI server and the mobile terminal
  • Step 207 The smart card submits an INSTALL command response to the card issuer management platform via the mobile terminal and the OTA server.
  • Step 208 The card issuer management platform generates an initial key, and sends a slave security initial key to the smart card primary security domain via the OTA server and the mobile terminal through the PUTKEY command.
  • Step 209 After receiving the initial key from the security domain, the smart card primary security domain initializes the secondary security domain with the received secondary domain security key; Step 210: The smart card master security domain sends a PUTKEY command response to the card issuer management platform via the mobile terminal and the OTA server, and ends the initial key distribution process from the security domain.
  • FIG. 3 is a schematic diagram of an initial key distribution process of a slave security domain based on an application provider management platform and an OTA according to the present invention. As shown in Figure 3, the steps from the security provider initial key distribution process based on the application provider management platform and the OTA include:
  • Step 301 The user triggers an application download request by using a mobile terminal client program or a card program, and the application download request includes the smart card ICCID information, the application identifier, and the application provider identity information;
  • Step 302 The card issuer management platform sends a SELECT command message to the smart card via the application provider management platform, the OTA server, and the mobile terminal, and selects the primary security domain.
  • Step 303 The smart card submits a SELECT command response to the card issuer management platform via the mobile terminal, the OTA server, and the application provider management platform.
  • Step 304 The card issuer management platform and the smart card primary security domain establish an SCP02 secure channel via the application provider management platform, the OTA server, and the mobile terminal; the mutual authentication of the domain, after the mutual authentication is completed, the card issuer management platform and the A temporary session key is established between the smart card primary security domains to establish a secure communication channel.
  • the temporary session key can be established in accordance with the Global Platform Card Specification V2.1.1/V2.2 specification, or it can be established by other methods.
  • the mutual authentication process may also be completed between the card issuer management platform and the smart card primary security domain via the application provider management platform, the UI server, and the mobile terminal.
  • Step 305 The card issuer management platform determines whether the slave security domain needs to be created. If the slave security domain is not required to be created, the slave security domain creation process is terminated. If the slave security domain needs to be created, the subsequent steps are continued.
  • Step 306 The card issuer management platform sends an INSTALL command to the smart card via the application provider management platform, the server and the mobile terminal;
  • Step 307 The smart card is managed by the mobile terminal, the OTA server, and the application provider management platform.
  • the card issuer management platform submits an INSTALL command response;
  • Step 308 The card issuer management platform sends the slave security domain initial key to the smart card primary security domain via the application provider management platform, the OTA server, and the mobile terminal through the PUTKEY command.
  • Step 309 The smart card primary security domain receives the initial from the security domain. After the key, the slave security domain initial key is used to initialize the slave security domain;
  • Step 310 The smart card primary security domain sends a PUTKEY command response to the card issuer management platform via the mobile terminal, the OTA server, and the application provider management platform, and ends the initial key distribution process from the secure domain.
  • the smart card initial key distribution method and system for the smart card can solve the problem that the security key initial key is generated by the card issuer management platform when creating the slave security domain after the card is issued for the symmetric key. Imported from a secure domain, thereby enabling secure distribution of the initial key from the secure domain.
  • the smart card from the security domain initial key distribution method, system and mobile terminal adopts OTA technology, and can solve the situation that after the card is issued, for the symmetric key, when the slave security domain is created, the card issuer management platform is generated.
  • the security of the initial key security from the security domain is imported into the security domain, thereby enabling secure distribution of the initial key from the security domain.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

L’invention concerne un procédé, un système et un terminal mobile de distribution de clé initiale d’un domaine de sécurité d’une carte à puce. Ledit système comprend une carte à puce munie d’une fonction d’application de paiement électronique, un terminal mobile, un serveur radio (OTA) et une plate-forme de gestion d’émetteur de carte. Ladite carte à puce est installée sur ledit terminal mobile et est utilisée pour communiquer avec ladite plate-forme de gestion d’émetteur de carte via ledit terminal mobile et ledit serveur OTA. Ladite plate-forme de gestion d’émetteur de carte est utilisée pour distribuer, à ladite carte à puce, une clé initiale d’un domaine de sécurité d’une carte à puce via ledit serveur OTA et ledit terminal mobile. Ledit procédé établi une communication entre une carte à puce et une plate-forme de gestion d’entité extérieure à la carte via un serveur OTA et un terminal mobile, ce qui permet une introduction sécurisée de clé initiale d’un domaine de sécurité dans une carte à puce.
PCT/CN2009/073489 2008-11-10 2009-08-25 Procédé, système et terminal mobile de distribution de clé initiale d’un domaine de sécurité d’une carte à puce WO2010051715A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200810177015.XA CN101742480B (zh) 2008-11-10 2008-11-10 智能卡从安全域初始密钥分发方法、系统及移动终端
CN200810177015.X 2008-11-10

Publications (1)

Publication Number Publication Date
WO2010051715A1 true WO2010051715A1 (fr) 2010-05-14

Family

ID=42152478

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2009/073489 WO2010051715A1 (fr) 2008-11-10 2009-08-25 Procédé, système et terminal mobile de distribution de clé initiale d’un domaine de sécurité d’une carte à puce

Country Status (2)

Country Link
CN (1) CN101742480B (fr)
WO (1) WO2010051715A1 (fr)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8898769B2 (en) 2012-11-16 2014-11-25 At&T Intellectual Property I, Lp Methods for provisioning universal integrated circuit cards
US8959331B2 (en) 2012-11-19 2015-02-17 At&T Intellectual Property I, Lp Systems for provisioning universal integrated circuit cards
US9036820B2 (en) 2013-09-11 2015-05-19 At&T Intellectual Property I, Lp System and methods for UICC-based secure communication
US9124573B2 (en) 2013-10-04 2015-09-01 At&T Intellectual Property I, Lp Apparatus and method for managing use of secure tokens
US9208300B2 (en) 2013-10-23 2015-12-08 At&T Intellectual Property I, Lp Apparatus and method for secure authentication of a communication device
US9240994B2 (en) 2013-10-28 2016-01-19 At&T Intellectual Property I, Lp Apparatus and method for securely managing the accessibility to content and applications
US9240989B2 (en) 2013-11-01 2016-01-19 At&T Intellectual Property I, Lp Apparatus and method for secure over the air programming of a communication device
US9313660B2 (en) 2013-11-01 2016-04-12 At&T Intellectual Property I, Lp Apparatus and method for secure provisioning of a communication device
US9413759B2 (en) 2013-11-27 2016-08-09 At&T Intellectual Property I, Lp Apparatus and method for secure delivery of data from a communication device
US9967247B2 (en) 2014-05-01 2018-05-08 At&T Intellectual Property I, L.P. Apparatus and method for managing security domains for a universal integrated circuit card

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102630083B (zh) * 2012-02-29 2015-02-11 中国工商银行股份有限公司 利用移动终端进行卡操作的系统及方法
CN105825134A (zh) * 2016-03-16 2016-08-03 中国联合网络通信集团有限公司 智能卡处理方法、智能卡管理服务器及终端
CN105976008B (zh) * 2016-05-11 2019-04-05 新智数字科技有限公司 一种智能卡数据加密方法及系统

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1926836A (zh) * 2004-02-25 2007-03-07 诺基亚公司 用于短程交易的移动环境中的电子支付方案
US20080058014A1 (en) * 2006-09-01 2008-03-06 Vivotech, Inc. Methods, systems and computer program products for over the air (OTA) provisioning of soft cards on devices with wireless communications capabilities
CN101140649A (zh) * 2007-10-22 2008-03-12 中兴通讯股份有限公司 利用集成了rfid芯片的手机实现电子商务的方法及系统
CN101164086A (zh) * 2005-03-07 2008-04-16 诺基亚公司 能够使用无线网络实现信用卡个人化的方法、系统和移动设备

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1926836A (zh) * 2004-02-25 2007-03-07 诺基亚公司 用于短程交易的移动环境中的电子支付方案
CN101164086A (zh) * 2005-03-07 2008-04-16 诺基亚公司 能够使用无线网络实现信用卡个人化的方法、系统和移动设备
US20080058014A1 (en) * 2006-09-01 2008-03-06 Vivotech, Inc. Methods, systems and computer program products for over the air (OTA) provisioning of soft cards on devices with wireless communications capabilities
CN101140649A (zh) * 2007-10-22 2008-03-12 中兴通讯股份有限公司 利用集成了rfid芯片的手机实现电子商务的方法及系统

Cited By (37)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10015665B2 (en) 2012-11-16 2018-07-03 At&T Intellectual Property I, L.P. Methods for provisioning universal integrated circuit cards
US10834576B2 (en) 2012-11-16 2020-11-10 At&T Intellectual Property I, L.P. Methods for provisioning universal integrated circuit cards
US8898769B2 (en) 2012-11-16 2014-11-25 At&T Intellectual Property I, Lp Methods for provisioning universal integrated circuit cards
US10681534B2 (en) 2012-11-16 2020-06-09 At&T Intellectual Property I, L.P. Methods for provisioning universal integrated circuit cards
US8959331B2 (en) 2012-11-19 2015-02-17 At&T Intellectual Property I, Lp Systems for provisioning universal integrated circuit cards
US9886690B2 (en) 2012-11-19 2018-02-06 At&T Mobility Ii Llc Systems for provisioning universal integrated circuit cards
US9185085B2 (en) 2012-11-19 2015-11-10 At&T Intellectual Property I, Lp Systems for provisioning universal integrated circuit cards
US9036820B2 (en) 2013-09-11 2015-05-19 At&T Intellectual Property I, Lp System and methods for UICC-based secure communication
US10091655B2 (en) 2013-09-11 2018-10-02 At&T Intellectual Property I, L.P. System and methods for UICC-based secure communication
US10735958B2 (en) 2013-09-11 2020-08-04 At&T Intellectual Property I, L.P. System and methods for UICC-based secure communication
US11368844B2 (en) 2013-09-11 2022-06-21 At&T Intellectual Property I, L.P. System and methods for UICC-based secure communication
US9461993B2 (en) 2013-09-11 2016-10-04 At&T Intellectual Property I, L.P. System and methods for UICC-based secure communication
US10122534B2 (en) 2013-10-04 2018-11-06 At&T Intellectual Property I, L.P. Apparatus and method for managing use of secure tokens
US9419961B2 (en) 2013-10-04 2016-08-16 At&T Intellectual Property I, Lp Apparatus and method for managing use of secure tokens
US9124573B2 (en) 2013-10-04 2015-09-01 At&T Intellectual Property I, Lp Apparatus and method for managing use of secure tokens
US10778670B2 (en) 2013-10-23 2020-09-15 At&T Intellectual Property I, L.P. Apparatus and method for secure authentication of a communication device
US10104062B2 (en) 2013-10-23 2018-10-16 At&T Intellectual Property I, L.P. Apparatus and method for secure authentication of a communication device
US9208300B2 (en) 2013-10-23 2015-12-08 At&T Intellectual Property I, Lp Apparatus and method for secure authentication of a communication device
US11477211B2 (en) 2013-10-28 2022-10-18 At&T Intellectual Property I, L.P. Apparatus and method for securely managing the accessibility to content and applications
US11005855B2 (en) 2013-10-28 2021-05-11 At&T Intellectual Property I, L.P. Apparatus and method for securely managing the accessibility to content and applications
US10375085B2 (en) 2013-10-28 2019-08-06 At&T Intellectual Property I, L.P. Apparatus and method for securely managing the accessibility to content and applications
US9813428B2 (en) 2013-10-28 2017-11-07 At&T Intellectual Property I, L.P. Apparatus and method for securely managing the accessibility to content and applications
US9240994B2 (en) 2013-10-28 2016-01-19 At&T Intellectual Property I, Lp Apparatus and method for securely managing the accessibility to content and applications
US10104093B2 (en) 2013-10-28 2018-10-16 At&T Intellectual Property I, L.P. Apparatus and method for securely managing the accessibility to content and applications
US9313660B2 (en) 2013-11-01 2016-04-12 At&T Intellectual Property I, Lp Apparatus and method for secure provisioning of a communication device
US10200367B2 (en) 2013-11-01 2019-02-05 At&T Intellectual Property I, L.P. Apparatus and method for secure provisioning of a communication device
US9942227B2 (en) 2013-11-01 2018-04-10 At&T Intellectual Property I, L.P. Apparatus and method for secure over the air programming of a communication device
US9882902B2 (en) 2013-11-01 2018-01-30 At&T Intellectual Property I, L.P. Apparatus and method for secure provisioning of a communication device
US10567553B2 (en) 2013-11-01 2020-02-18 At&T Intellectual Property I, L.P. Apparatus and method for secure over the air programming of a communication device
US9628587B2 (en) 2013-11-01 2017-04-18 At&T Intellectual Property I, L.P. Apparatus and method for secure over the air programming of a communication device
US10701072B2 (en) 2013-11-01 2020-06-30 At&T Intellectual Property I, L.P. Apparatus and method for secure provisioning of a communication device
US9240989B2 (en) 2013-11-01 2016-01-19 At&T Intellectual Property I, Lp Apparatus and method for secure over the air programming of a communication device
US9413759B2 (en) 2013-11-27 2016-08-09 At&T Intellectual Property I, Lp Apparatus and method for secure delivery of data from a communication device
US9729526B2 (en) 2013-11-27 2017-08-08 At&T Intellectual Property I, L.P. Apparatus and method for secure delivery of data from a communication device
US9560025B2 (en) 2013-11-27 2017-01-31 At&T Intellectual Property I, L.P. Apparatus and method for secure delivery of data from a communication device
US10476859B2 (en) 2014-05-01 2019-11-12 At&T Intellectual Property I, L.P. Apparatus and method for managing security domains for a universal integrated circuit card
US9967247B2 (en) 2014-05-01 2018-05-08 At&T Intellectual Property I, L.P. Apparatus and method for managing security domains for a universal integrated circuit card

Also Published As

Publication number Publication date
CN101742480B (zh) 2013-05-08
CN101742480A (zh) 2010-06-16

Similar Documents

Publication Publication Date Title
WO2010051715A1 (fr) Procédé, système et terminal mobile de distribution de clé initiale d’un domaine de sécurité d’une carte à puce
JP5508428B2 (ja) 鍵の配布方法及びシステム
WO2010051714A1 (fr) Procédé, système et terminal mobile de mise à jour et distribution de clé d’un domaine de sécurité d’une carte à puce
EP1856671B1 (fr) Procedes, systeme et dispositif mobile permettant une personnalisation de carte de credit au moyen d'un reseau sans fil
JP5513527B2 (ja) アプリケーションダウンロードシステム及びアプリケーションダウンロード方法
US8781131B2 (en) Key distribution method and system
JP6185152B2 (ja) サービスにアクセスする方法、アクセスするためのデバイスおよびシステム
CN102202307B (zh) 基于数字证书的移动终端身份认证系统及方法
WO2010045807A1 (fr) Procédé et système de distribution de clés
KR20160124648A (ko) 프로파일 다운로드 및 설치 장치
TW201004394A (en) Method of authenticating home operator for over-the-air provisioning of a wireless device
WO2010096991A1 (fr) Système et procédé de téléchargement d'application
WO2010051713A1 (fr) Procédé, système et terminal mobile de distribution de clé initiale d’un domaine de sécurité d’une carte à puce
CN202696901U (zh) 基于数字证书的移动终端身份认证系统
WO2010045823A1 (fr) Procédé et système de mise à jour de clé cryptographique
US11950320B2 (en) Apparatus and methods for linkage of or profile transfer between devices
US10097553B2 (en) Installation of a secure-element-related service application in a secure element in a communication device, system and telecommunications
WO2010045824A1 (fr) Procédé et système de distribution de clés
WO2018107723A1 (fr) Procédé et dispositif de commutation de plateforme de gestion d'abonnement à distance pour carte à puce intelligente, carte à puce intelligente, et sm-sr
WO2010045821A1 (fr) Procédé et système de mise à jour de clé cryptographique
WO2010051716A1 (fr) Procédé, système et terminal mobile de mise à jour et distribution de clé d’un domaine de sécurité d’une carte à puce
WO2010045825A1 (fr) Procédé et système pour la distribution de clés
KR20130102642A (ko) 프로파일 사용과 데이터 준비를 통한 어플리케이션 ota 프로비저닝 관리 시스템 및 방법
US20220278985A1 (en) Method and device for transferring bundle between devices
KR20100078612A (ko) 스마트 카드 기반 세션 암호화 키 설정 시스템 및 그 방법,그리고 이에 적용되는 스마트 카드

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09824370

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09824370

Country of ref document: EP

Kind code of ref document: A1