Key Derivation For A Module Using An Embedded Universal Integrated Circuit Card

Patent No. US12166869 (titled "Key Derivation For A Module Using An Embedded Universal Integrated Circuit Card") was filed by Nix John A on Aug 3, 2023.

What is this patent about?

’869 is related to the field of secure wireless communication , specifically addressing challenges in authenticating devices with embedded universal integrated circuit cards (eUICCs) on wireless networks. Traditional methods rely on pre-shared secret keys, which pose security risks when distributed electronically, especially in machine-to-machine (M2M) applications where devices are often remotely located and difficult to physically access for key updates. The patent aims to provide a more secure and flexible approach to key management for eUICCs.

The underlying idea behind ’869 is to enable a mobile device with an eUICC to derive a shared secret key with a wireless network without relying on the pre-shared secret key K being directly transmitted. This is achieved by using elliptic curve Diffie-Hellman (ECDH) key exchange with a module private key and a network public key. The derived shared secret key is then used to decrypt a profile containing cryptographic parameters, which are subsequently used to generate a symmetric key for secure communication.

The claims of ’869 focus on a method performed by a mobile device with an eUICC, comprising storing keys in the eUICC, receiving an encrypted profile from a server, generating a shared secret key using ECDH, decrypting the profile, generating a second module public key and private key, sending the second module public key to a server, generating a symmetric key using ECDH, generating module encrypted data comprising the module identity, and sending the module encrypted data to the server. The claims cover the entire process of establishing secure communication using derived keys.

In practice, the invention allows a mobile device to securely connect to a wireless network by first establishing a shared secret key using ECDH. This key is then used to decrypt a profile containing cryptographic parameters, which are used to generate a symmetric key. The module then sends encrypted data, including its identity, to the network, ensuring secure communication. This approach eliminates the need to transmit the pre-shared secret key K , enhancing security and flexibility.

This method differs from prior approaches that rely on pre-shared secret keys or electronic distribution of encrypted keys. By deriving the shared secret key using ECDH, the invention avoids the vulnerabilities associated with key distribution . The use of a module private key and network public key ensures that only authorized devices can establish secure communication with the network. This approach is particularly beneficial for M2M applications where devices are often deployed in remote locations and require a high level of security.

How does this patent fit in bigger picture?

Technical landscape at the time

In the early 2010s when ’869 was filed, machine-to-machine (M2M) communication was an emerging field at a time when wireless wide area networking standards were designed and optimized for mobile phones. At that time, a core element of wireless WAN technologies included the use of a subscriber identity module (SIM) card within 2G networks and a related universal integrated circuit card (UICC) for 3G and 4G networks, including LTE networks. When systems commonly relied on physical media such as a UICC in order to provide data and parameters for a module's connectivity to a mobile network operator (MNO), hardware or software constraints made it non-trivial to securely and electronically transfer a new set of MNO network access credentials to a module in a secure and efficient manner.

Novelty and Inventive Step

The examiner allowed the claims because the applicant's arguments in their reply made the reasons for allowance evident. The examiner stated that the applicant's arguments were persuasive, and the reasons for allowance were evident from the record.

Claims

This patent contains 20 claims, with claim 1 being the only independent claim. Independent claim 1 is directed to a method for a mobile device with an embedded universal integrated circuit card (eUICC) to securely communicate with a wireless network. The dependent claims generally elaborate on and provide specific details or limitations to the method described in independent claim 1.

Key Claim Terms New

Definitions of key terms used in the patent claims.

Term (Source)Support for SpecificationInterpretation
Encrypted profile for the eUICC
(Claim 1)
“The module can receive eUICC profiles from an eUICC subscription manager. The module can use the module identity to identify the module with the eUICC subscription manager and also an initial private key to authenticate and/or cipher data with the eUICC subscription manager. After connecting with a first network, which could comprise a first wireless WAN, wireless LAN, or wired connection, the module can receive a eUICC profile for an eUICC in the module, where the eUICC profile includes a network module identity and a first key K.”Data for the eUICC that is protected using encryption, containing cryptographic parameters, a module identity, and a key K.
First elliptic curve Diffie-Hellman
(Claim 1)
“summary of ECDH is included in the Wikipedia article titled “Elliptic Curve Diffie-Hellman” (http://en.wikipedia.org/wiki/Elliptic_curve_Diffie % E2%80%93Hellman from Sep. 24, 2013, which is herein incorporated by reference. Other algorithms to derive a shared secret key 129b using public keys, private keys, and tokens may also be utilized in a key derivation function 141f, such as, but not limited to, the American National Standards Institute (ANSI) standard X-9.63 160.”A specific type of Diffie-Hellman key exchange algorithm that uses elliptic curve cryptography to generate a shared secret key.
Module encrypted data
(Claim 1)
“If module 101 generates shared symmetric key 127 for symmetric ciphering 141b within a cryptographic algorithms 141, then module 101 can send shared symmetric key 127 to server 105 using an asymmetric ciphering depicted and described in connection with”Data, including the module identity, that has been encrypted using a symmetric key generated with the second ECDH key exchange.
Second module public key
(Claim 1)
“The module can utilize the set of cryptographic algorithms and the set of cryptographic parameters to securely generate or derive module private keys and module public keys. A module private key and module public key can be generated either (i) upon manufacturing, distribution, installation, or an initial use of the module, or (ii) at subsequent times after initial use such as when a new set of key pairs are required or are useful for continued operation of the module.”A public key generated by the eUICC after decrypting the profile, corresponding to a second module private key.
Shared secret key
(Claim 1)
“In exemplary embodiments, the module can use a shared secret algorithm in order to derive a shared secret key without sending or receiving the shared secret key. A set of component parameters and an algorithm token can also be input into the shared secret algorithm. A server could record the same component parameters, the same shared secret algorithm, and also receive the algorithm token from the module. The server can derive the same shared secret key as the module.”A secret key generated using the first elliptic curve Diffie-Hellman key exchange, used to decrypt the encrypted profile.

Litigation Cases New

US Latest litigation cases involving this patent.

Case NumberFiling DateTitle
2:25-cv-00667Jun 27, 2025Network-1 Technologies, Inc. v. SAMSUNG ELECTRONICS CO., LTD. et al

Patent Family

Patent Family

File Wrapper

The dossier documents provide a comprehensive record of the patent's prosecution history - including filings, correspondence, and decisions made by patent offices - and are crucial for understanding the patent's legal journey and any challenges it may have faced during examination.

  • Date

    Description

  • Get instant alerts for new documents

US12166869

NIX JOHN A
Application Number
US18229907
Filing Date
Aug 3, 2023
Status
Granted
Expiry Date
Nov 19, 2033
External Links
Slate, USPTO, Google Patents