WO2022117384A1 - System for providing a uicc communication between a ue and a uicc service - Google Patents

System for providing a uicc communication between a ue and a uicc service Download PDF

Info

Publication number
WO2022117384A1
WO2022117384A1 PCT/EP2021/082465 EP2021082465W WO2022117384A1 WO 2022117384 A1 WO2022117384 A1 WO 2022117384A1 EP 2021082465 W EP2021082465 W EP 2021082465W WO 2022117384 A1 WO2022117384 A1 WO 2022117384A1
Authority
WO
WIPO (PCT)
Prior art keywords
uicc
base station
side channel
service
ues
Prior art date
Application number
PCT/EP2021/082465
Other languages
French (fr)
Inventor
Robert Scheffel
Andreas von Borany
Martin FRÖHLICH
Original Assignee
Shenzhen GOODIX Technology Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from EP21162379.8A external-priority patent/EP4009685A1/en
Application filed by Shenzhen GOODIX Technology Co., Ltd. filed Critical Shenzhen GOODIX Technology Co., Ltd.
Publication of WO2022117384A1 publication Critical patent/WO2022117384A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/40Security arrangements using identity modules
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/40Security arrangements using identity modules
    • H04W12/43Security arrangements using identity modules using shared identity modules, e.g. SIM sharing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • H04W8/20Transfer of user or subscriber data
    • H04W8/205Transfer to or from user equipment or user record carrier
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • H04W84/12WLAN [Wireless Local Area Networks]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/18Self-organising networks, e.g. ad-hoc networks or sensor networks

Definitions

  • the invention relates to a system for providing a UICC communication between a UE and a UICC service.
  • UE 3GPP based cellular user equipment
  • LoT Internet of Things
  • the Universal Integrated Circuit Card (UICC - the hardware) also called SIM card, with a USIM application (the software) running on it, is used.
  • the UICC is a high secure hardware module that is connected (wired) to the UE .
  • the USIM application contains all secret keys and provider specific information.
  • the USIM application is provisioned by the cellular operator .
  • the secret keys inside the USIM application stored on the UICC must not be read out.
  • the keys are used to authenticate the UE against the cellular network with the help of a cryptographic algorithm.
  • the USIM application generates the secret session keys for the UE .
  • each UE requires a USIM application (running on the UICC) to attach to a core network successfully.
  • Adding provider keys and provider specific setting (profile) is called provisioning .
  • the modem to UICC communication is done via wired serial interface which is standardized in ISO/IEC 7816-3.
  • Every UE 2.1 to 2.4 communicating with a base station 4 comprises a SIM card 3.1 to 3.4.
  • the UEs 2.1 to 2.4 communicate over 3GPP base cellular connection 6 with the base station 4, the connections are presented in dashed lines.
  • the UEs 2.1 to 2.4 which communicate among each other over a local area connection 5 form a local area network 1.
  • the local area connections 5 are presented by solid lines.
  • Local area connection technologies can be wired or wireless, like IEEE-802.3 (Ethernet) , IEEE-802.11 (WiFi) , IEEE-802.15.4 (WPAN) or BT/BLE (Bluetooth, Bluetooth Low Energy) .
  • UICC UICC
  • SIM card 3 a separated secure hardware element
  • the objective of the invention is to further reduce the cost per UE in a local area network or generally in a cellular network.
  • the ob ective of the present invention will be solved by a system comprising a plurality of user equipment (UEs) , a base station and a cellular network, whereas the UEs are connected via a 3GPP based cellular connection to the base station and the base station is connected via a 3GPP based cellular connection with the cellular network, wherein the UEs are configured without a universal integrated circuit card (UICC) and the system comprises a UICC service that is connected via a side channel to each UE or the side channel is established via said 3GPP based cellular connections over the cellular network and the base station with the UEs.
  • UEs user equipment
  • a base station and a cellular network
  • UICC universal integrated circuit card
  • the invention describes a side-channel between the UE and a UICC service, also called SIM card service.
  • a UICC service also called SIM card service.
  • SIM card service As described above, for 3gpp based cellular connections each UE requires a SIM card to authenticate against the network. Traditionally the SIM card has a wired connection to the UE . This physical connection is now replaced by a virtual connection via a side channel.
  • the SIM card functionality is now outsourced to a dedicated SIM card service that either can handle the connection with physical SIM cards or can provide virtual SIM card functionality.
  • the idea of the invention is to have a server which provides SIM functionality.
  • a side channel is used to transfer the SIM card communication between the UE and the SIM card service.
  • the inventive system saves cost and effort, centralizes the SIM card management, uses virtual SIM card profiles and can share subscription/SIM cards.
  • the side channel that connects each UE with the UICC service uses a separate connection technology .
  • the separate connection technology is IEEE-802.3 (Ethernet) and / or IEEE-802.11 (WiFi) and / or IEEE-802.15.4 (WPAN) .
  • the side channel can be realized in two different flavors:
  • the side channel uses a separate connection technology, like IEEE-802.3 (Ethernet) , IEEE-802.11 (WiFi) ,
  • IEEE-802 .15.4 (WPAN) .
  • the side channel is established via the 3gpp cellular connection .
  • IEEE-802.11 WiFi
  • IP protocol IP protocol based, wireless and for local networks.
  • IEEE-802.15.4 could be an option but might have a data rate bottleneck.
  • the second flavor would require an extension of the 3gpp cellular standard to allow communication to an external SIM service before the actual network authentication, which would require the SIM card.
  • the extension would lay in the NAS layer allowing communication to the UICC service prior to network authentication .
  • connection technologies for the interconnection between the plurality of UEs in the system according to the first flavor is that one can react to all circumstances and different UEs can be treated equally in the system.
  • the invention can be used independently of the connection technology.
  • the side channel is configured to transfer Application Protocol Data Units (APDUs) between the UE and the UICC service.
  • APDUs Application Protocol Data Units
  • a SIM card sharing protocol forwards the SIM card / UICC communication, so called Application Protocol Data Units (APDUs) from the UICC service to a UE that requires a SIM card.
  • a sharing protocol provides the structure and language for file requests between a SIM card and a base station. So, it contains a defined set of rules and regulations that determine how data is transmitted between a S IM card and a base station ( or generally in telecommunications and computer networking) . The use of the side channel is requested by the S IM card sharing protocol .
  • the side channel is encrypted .
  • the APDUs that are trans ferred between the UICC service and the UEs contain session key data in plain text . Therefore , the side channel must provide encryption, e . g . using TLS , to prevent eavesdropping .
  • the side channel is configured to provide mutual authentication between UE and UICC service .
  • the mutual authentication can be solved using TLS with pre-shared keys or certi ficates .
  • Fig . 1 Local area network with a plurality of UEs according to the prior art , each UE require a UICC ( S IM card) ;
  • FIG. 2 The inventive system according to a first embodiment ;
  • FIG. 3 The inventive system according to a second embodiment .
  • FIG. 2 discloses schematically the inventive system .
  • a UE 2 of the system communicate via a 3GPP based cellular connection 6 with the base station 4 .
  • the UE 2 obtains the needed session keys from a UICC service 8, also called SIM card service as part of the inventive system. Therefore, in a first embodiment, a side channel 9 is established between the UE and the SIM card service.
  • the side channel 9 uses a separate connection technology, like IEEE-802.3 (Ethernet) , IEEE-802.11 (WiFi) and/or IEEE-802.15.4 (WPAN) .
  • FIG 3 discloses schematically a second embodiment of the inventive system.
  • a UE 2 of the system communicate via a 3GPP based cellular connection 6 with the base station 4.
  • the UE 2 obtains the needed session keys from a UICC service 8, also called SIM card service as part of the inventive system.
  • the needed session keys are transferred over a side channel connection 10 that is established via the 3GGP based cellular connections 6 between the cellular network 7 and the base station 4 as well as between the base station 4 and the UE 2.
  • This embodiment requires an extension of the 3gpp cellular standard to allow communication to an external SIM card service 8 before the actual network authentication, which would require the SIM card.

Abstract

The invention discloses a system for providing a UICC communication between a UE and a UICC service. The objective of the invention to further reduce the cost per UE in a local area network or generally in a cellular network will be solved by a system comprising a plurality of user equipment (UEs), a base station and a cellular network, whereas the UEs are connected via a 3GPP based cellular connection to the base station and the base station is connected via a 3GPP based cellular connection with the cellular network, wherein the UEs are configured without a universal integrated circuit card (UICC) and the system comprises a UICC service that is connected via a side channel to each UE or the side channel is established via said 3GPP based cellular connections over the cellular network and the base station with the UEs.

Description

System for providing a UICC communication between a UE and a UICC service
Field of the invention
The invention relates to a system for providing a UICC communication between a UE and a UICC service.
Background art
All 3GPP based cellular user equipment (UE) , such as mobile phone, but also Internet of Things (loT) devices, require a mechanism to prove their identity against the cellular network and to exchange keys for a secure connection.
Therefore, the Universal Integrated Circuit Card (UICC - the hardware) also called SIM card, with a USIM application (the software) running on it, is used. The UICC is a high secure hardware module that is connected (wired) to the UE . The USIM application contains all secret keys and provider specific information. The USIM application is provisioned by the cellular operator .
The secret keys inside the USIM application stored on the UICC must not be read out. The keys are used to authenticate the UE against the cellular network with the help of a cryptographic algorithm. Furthermore, the USIM application generates the secret session keys for the UE .
Thus, each UE requires a USIM application (running on the UICC) to attach to a core network successfully. Adding provider keys and provider specific setting (profile) is called provisioning . The modem to UICC communication is done via wired serial interface which is standardized in ISO/IEC 7816-3.
Local area networks with multiple devices require a UICC (SIM) for each UE 2. This is exemplary shown in figure 1. Every UE 2.1 to 2.4 communicating with a base station 4 comprises a SIM card 3.1 to 3.4. The UEs 2.1 to 2.4 communicate over 3GPP base cellular connection 6 with the base station 4, the connections are presented in dashed lines. The UEs 2.1 to 2.4 which communicate among each other over a local area connection 5 form a local area network 1. The local area connections 5 are presented by solid lines. Local area connection technologies can be wired or wireless, like IEEE-802.3 (Ethernet) , IEEE-802.11 (WiFi) , IEEE-802.15.4 (WPAN) or BT/BLE (Bluetooth, Bluetooth Low Energy) .
The disadvantage of a UICC is that a separated secure hardware element, a SIM card 3, is required for each UE 2. This causes additional system costs. Especially for applications with a huge amount of devices, it is expensive to equip every device with a SIM-card.
The objective of the invention is to further reduce the cost per UE in a local area network or generally in a cellular network.
Summary of the invention
The ob ective of the present invention will be solved by a system comprising a plurality of user equipment (UEs) , a base station and a cellular network, whereas the UEs are connected via a 3GPP based cellular connection to the base station and the base station is connected via a 3GPP based cellular connection with the cellular network, wherein the UEs are configured without a universal integrated circuit card (UICC) and the system comprises a UICC service that is connected via a side channel to each UE or the side channel is established via said 3GPP based cellular connections over the cellular network and the base station with the UEs.
The invention describes a side-channel between the UE and a UICC service, also called SIM card service. As described above, for 3gpp based cellular connections each UE requires a SIM card to authenticate against the network. Traditionally the SIM card has a wired connection to the UE . This physical connection is now replaced by a virtual connection via a side channel. The SIM card functionality is now outsourced to a dedicated SIM card service that either can handle the connection with physical SIM cards or can provide virtual SIM card functionality.
So, the idea of the invention is to have a server which provides SIM functionality. A side channel is used to transfer the SIM card communication between the UE and the SIM card service.
The advantages of the invention can be summarized that the inventive system saves cost and effort, centralizes the SIM card management, uses virtual SIM card profiles and can share subscription/SIM cards.
In a variant of the inventive system, the side channel that connects each UE with the UICC service uses a separate connection technology .
According to a variant of the inventive system, the separate connection technology is IEEE-802.3 (Ethernet) and / or IEEE-802.11 (WiFi) and / or IEEE-802.15.4 (WPAN) .
So, the side channel can be realized in two different flavors:
1) The side channel uses a separate connection technology, like IEEE-802.3 (Ethernet) , IEEE-802.11 (WiFi) ,
IEEE-802 .15.4 (WPAN) .
2) The side channel is established via the 3gpp cellular connection .
In the first flavor, IEEE-802.11 (WiFi) is the preferred connection technology. It is IP protocol based, wireless and for local networks. For ultra-low power application IEEE-802.15.4 could be an option but might have a data rate bottleneck.
The second flavor would require an extension of the 3gpp cellular standard to allow communication to an external SIM service before the actual network authentication, which would require the SIM card. The extension would lay in the NAS layer allowing communication to the UICC service prior to network authentication .
The advantage of using different or separate connection technologies for the interconnection between the plurality of UEs in the system according to the first flavor is that one can react to all circumstances and different UEs can be treated equally in the system. The invention can be used independently of the connection technology.
In another variant of the inventive system, the side channel is configured to transfer Application Protocol Data Units (APDUs) between the UE and the UICC service.
A SIM card sharing protocol forwards the SIM card / UICC communication, so called Application Protocol Data Units (APDUs) from the UICC service to a UE that requires a SIM card. A sharing protocol provides the structure and language for file requests between a SIM card and a base station. So, it contains a defined set of rules and regulations that determine how data is transmitted between a S IM card and a base station ( or generally in telecommunications and computer networking) . The use of the side channel is requested by the S IM card sharing protocol .
In a further variant of the inventive system, the side channel is encrypted .
The APDUs that are trans ferred between the UICC service and the UEs contain session key data in plain text . Therefore , the side channel must provide encryption, e . g . using TLS , to prevent eavesdropping .
In another further variant of the present invention, the side channel is configured to provide mutual authentication between UE and UICC service . The mutual authentication can be solved using TLS with pre-shared keys or certi ficates .
The invention will be explained in more detail using exemplary embodiments .
Brief description of the drawings
The appended drawings show
Fig . 1 Local area network with a plurality of UEs according to the prior art , each UE require a UICC ( S IM card) ;
Fig . 2 The inventive system according to a first embodiment ;
Fig . 3 The inventive system according to a second embodiment .
Description of embodiments
Figure 2 discloses schematically the inventive system . A UE 2 of the system communicate via a 3GPP based cellular connection 6 with the base station 4 . To authenticate the UE 2 against the cellular network 7 to which the base station 4 is also connected via a 3GPP based cellular connection 6, the UE 2 obtains the needed session keys from a UICC service 8, also called SIM card service as part of the inventive system. Therefore, in a first embodiment, a side channel 9 is established between the UE and the SIM card service. The side channel 9 uses a separate connection technology, like IEEE-802.3 (Ethernet) , IEEE-802.11 (WiFi) and/or IEEE-802.15.4 (WPAN) .
Figure 3 discloses schematically a second embodiment of the inventive system. Again, a UE 2 of the system communicate via a 3GPP based cellular connection 6 with the base station 4. To authenticate the UE 2 against the cellular network 7 to which the base station 4 is also connected via a 3GPP based cellular connection 6, the UE 2 obtains the needed session keys from a UICC service 8, also called SIM card service as part of the inventive system. But in the second embodiment the needed session keys are transferred over a side channel connection 10 that is established via the 3GGP based cellular connections 6 between the cellular network 7 and the base station 4 as well as between the base station 4 and the UE 2. This embodiment requires an extension of the 3gpp cellular standard to allow communication to an external SIM card service 8 before the actual network authentication, which would require the SIM card.
System for providing a UICC communication between a UE and a UICC service
List of Reference Signs
1 Local area network
2 User equipment
2.1 - 2.4 plurality of UEs in the LAN 3.1 - 3.4 SIM card
4 Base station
5 local area connection
6 3GPP based cellular connection
7 core network, cellular network 8 UICC service
9 side channel using a separate connection technology
10 side channel using a 3GPP based cellular connection

Claims

8 System for providing a UICC communication between a UE and a UICC service Claims
1. A system comprising a plurality of user equipment (2) , UEs, a base station (4) and a cellular network (7) , whereas the UEs (2) are connected via a 3GPP based cellular connection (6) to the base station (4) and the base station (4) is connected via a 3GPP based cellular connection (6) with the cellular network (7) , wherein the UEs (2) are configured without a universal integrated circuit card, UICC, and the system comprises a UICC service (8) that is connected via a side channel (9) to each UE (2) or a side channel (10) is established via said 3GPP based cellular connections (6) over the cellular network (7) and the base station (4) with the UEs ( 2 ) .
2. The system according to claim 1, wherein the side channel (9, 10) that connects each UE (2) with the UICC service (8) uses a separate connection technology.
3. The system according to claim 2, wherein the separate connection technology is IEEE-802.3 - Ethernet and / or IEEE-802.11 - WiFi and / or IEEE-802.15.4 - WPAN.
4. The system according to one of the claims 1 to 3, wherein the side channel (9, 10) is configured to transfer Application Protocol Data Units, APDUs, between the UE (2) and the UICC service (8) .
5. The system according to one of the claims 1 to 4, wherein the side channel (9, 10) is encrypted.
6. The system according to one of the claims 1 to 5, wherein the side channel (9, 10) is configured to provide mutual authentication between UE (2) and UICC service (8) .
PCT/EP2021/082465 2020-12-04 2021-11-22 System for providing a uicc communication between a ue and a uicc service WO2022117384A1 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
EP20211989 2020-12-04
EP20211989.7 2020-12-04
EP21162379.8 2021-03-12
EP21162379.8A EP4009685A1 (en) 2020-12-04 2021-03-12 System for providing a uicc communication between a ue and a uicc service

Publications (1)

Publication Number Publication Date
WO2022117384A1 true WO2022117384A1 (en) 2022-06-09

Family

ID=78820568

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2021/082465 WO2022117384A1 (en) 2020-12-04 2021-11-22 System for providing a uicc communication between a ue and a uicc service

Country Status (1)

Country Link
WO (1) WO2022117384A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002019664A2 (en) * 2000-08-25 2002-03-07 Motorola, Inc. Method and apparatus for remote multiple access to subscriber identity module
US20160014127A1 (en) * 2013-01-16 2016-01-14 Behzad Mohebbi Methods and apparatus for hybrid access to a core network based on proxied authentication
US20180242138A1 (en) * 2015-08-21 2018-08-23 Huawei Technologies Co., Ltd. Communication Control Method and Apparatus, Terminal, and Network Platform
CN211063630U (en) * 2019-12-31 2020-07-21 深圳市橙智汇科技有限公司 4G full network router

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002019664A2 (en) * 2000-08-25 2002-03-07 Motorola, Inc. Method and apparatus for remote multiple access to subscriber identity module
US20160014127A1 (en) * 2013-01-16 2016-01-14 Behzad Mohebbi Methods and apparatus for hybrid access to a core network based on proxied authentication
US20180242138A1 (en) * 2015-08-21 2018-08-23 Huawei Technologies Co., Ltd. Communication Control Method and Apparatus, Terminal, and Network Platform
CN211063630U (en) * 2019-12-31 2020-07-21 深圳市橙智汇科技有限公司 4G full network router

Similar Documents

Publication Publication Date Title
US10965470B2 (en) Technique for managing profile in communication system
KR101097709B1 (en) Authenticating access to a wireless local area network based on security value(s) associated with a cellular system
EP1602194B1 (en) Methods and software program product for mutual authentication in a communications network
CA2819781C (en) Method for managing content on a secure element connected to an equipment
CA2793028C (en) Wireless network authentication apparatus and methods
CN101406021B (en) SIM based authentication
CN101183938B (en) Wireless network security transmission method, system and equipment
US20190289463A1 (en) Method and system for dual-network authentication of a communication device communicating with a server
JP5998286B2 (en) Smart card initial personalization with local key generation
CN108012264A (en) The scheme based on encrypted IMSI for 802.1x carriers hot spot and Wi-Fi call authorizations
KR102425273B1 (en) Methods and apparatuses for ensuring secure connection in size constrained authentication protocols
JP2016519873A (en) Establishing secure voice communication using a generic bootstrapping architecture
WO2014019978A1 (en) Method for accessing a service, corresponding first device, second device and system
EP2731309B1 (en) Secured authentication for community services
EP4009685A1 (en) System for providing a uicc communication between a ue and a uicc service
WO2022117384A1 (en) System for providing a uicc communication between a ue and a uicc service
CN110933670A (en) Security USIM card for realizing main authentication enhancement and main authentication method of terminal
CN109155775B (en) Mobile device, network node and method thereof
EP4009684A1 (en) System and method for sim card sharing in local area networks
KR20190044104A (en) A method for transmitting data to at least one device, a data transmission control server, a storage server, a processing server and a system
EP3982606A1 (en) Method, devices and computer program product for initial authentication of a mobile client communication device to a bootstrap server
EP2731370A1 (en) Secured authentication between a communication device and a server
Urien et al. Introducing Smartcard in Wireless LAN Security
EP1971103A1 (en) Wireless communications

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21819101

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21819101

Country of ref document: EP

Kind code of ref document: A1