1. Field
Aspects relate to over-the-air (OTA) provisioning of 3GPP authentication credentials for a 3GPP and/or 3GPP2 capable access device.
2. Background
Wireless communication systems are widely deployed to provide various types of communication content such as voice, data, and so on. These systems may be multiple-access systems capable of supporting communication with multiple users by sharing the available system resources (e.g., bandwidth and transmit power). Examples of such multiple-access systems include code division multiple access (CDMA) systems, time division multiple access (TDMA) systems, frequency division multiple access (FDMA) systems, 3GPP Long Term Evolution (LTE) systems, Universal Mobile Telecommunications System (UMTS), Global Systems for Mobile Communications (GSM), and orthogonal frequency division multiple access (OFDMA) systems.
CDMA2000 systems (e.g., 1x, Evolution-Data Optimized “EVDO”/High-Rate-Packet-Date “HRPD”) use over-the-air-service-provisioning (OTASP) and Internet Protocol (IP) over-the-air (IOTA) for OTA provisioning of authentication parameters such as identities, keys, etc. that are used for authentication.
However, evolving access systems, such as eHPRD, LTE, and 3GPP access systems, such as Universal Mobile Telecommunications System (UMTS)/High Speed Packet Access (HSPA), and the newer GSM systems, use the 3GPP Core Network for authentication using 3GPP Authentication and Key Agreement (AKA) authentication methods. These 3GPP authentication methods, such as AKA, assume that the authentication credentials to be used in the authentication method are already pre-configured on the access device. Therefore, authentication currently requires the authentication credentials to be pre-configured on a device before the device can access services. Typically, the authentication credentials are preconfigured on an application, such as, for example, Universal Subscriber Identity Module (USIM) or CDMA Universal Subscriber Identity Module (CSIM) on a smartcard such as a Universal Integrated Circuit Card (UICC). However, the authentication credentials may also be securely stored on the device, for example, in a secure storage, and execution environment, or Trusted Environment (TrE) of the device itself. This may be used especially for devices using non-3GPP accesses, such as Evolved HRPD (eHPRD) or even some 3GPP access capable devices which may not support a smartcard such as the UICC for authentication.
As current methods for 3GPP authentication require that access devices be pre-configured with authentication credentials for connecting to 3GPP-compliant core networks, the operator often needs to be chosen at the time of device manufacturing and/or a smartcard needs to be acquired separately before service can be obtained. Furthermore, if the credentials are compromised at any point, it is almost impossible to change them with the current methods. Thus, once credentials are compromised, a new device must be purchased.
Therefore, there exists a need in the art for a way to provision or replace 3GPP authentication credentials on an existing device. As more machine-to-machine devices that use the wireless systems for communications are emerging, this capability will become even more important.