The Authentication and Key Agreement (AKA) procedure is used for establishing authentication and shared secret keys for a wireless transmit/receive unit (WTRU) in a 3rd Generation Partnership Project (3GPP) communication network. The AKA provides for secure mutual authentication between two parties. In addition, the application level generic bootstrapping architecture (GBA) with UICC-based enhancements (GBA_U), which is based on AKA procedures, provides a means to enable application security. However, the AKA and the application level generic bootstrapping architecture (GBA) with UICC-based enhancements (GBA_U) procedures do not protect the security of the interface connecting the Universal Integrated Circuit Card (UICC) and Terminal of the WTRU. Critical key related material passes from the UICC to the Terminal during the AKA and GBA_U processes. As a result, the session keys (for example CK/IK and Ks_ext_NAF), are exposed during initial provisioning of the Terminal at the point of sale, when a local key has not yet been established and when an established local key expires.
Existing protocols that are designed to protect the connection between the UICC and the Terminal cannot be initiated until the AKA and GBA_U processes are complete. As a result, these protocols allow for eavesdropping of the keys. Attempts to secure the link between the Terminal and the UICC, after the AKA and GBA_U process, for other application level processes through interactions with and participation by the wireless network components, do not resolve these deficiencies.
Therefore, there exists a need for an improved method and apparatus for securing communications between a Terminal and a UICC.