Mobile communications provides access by mobile phones, Personal Digital Assistant PDAs, portable computers and a variety of other user equipment to communicate via radio access networks (RANs) to core networks for connection to other mobile devices, the Internet, and conventional land-line phones. The RANs are distributed over a geographical area typically divided into cells that are served by a corresponding base station. Base stations communicate over an air interface with the user equipment, with several base stations being connected to a radio network controller (RNC) or base station controller (BSC) that is connected to one or more core networks. In the typical situation, secure communications for users of the system may be provided through encryption and decryption at the base station. Communications between the core network and the base station is encrypted and communications between the base station and the wireless user equipment is also encrypted.
Mobile Networks are using a strong authentication method based on a shared secret configured on the network side in the Authentication Center of the HLR or the HSS, and on the terminal side in the Universal Integrated Circuit Card (UICC) containing a SIM (Subscriber Identity Module) application for a GSM network or a USIM (Universal Subscriber Identity Module) in a UMTS network.
This shared secret is an authentication key and the action to configure a generic UICC card with a given authentication key is called personalization.
The authentication key is a 128 bit key used in the authentication and cipher key generation process. The authentication key is used to authenticate the UICC card on the mobile network. Each UICC contains this authentication key which is assigned to it by the operator during the personalization process.
So Mobile Network Operators (MNOs) are physically personalizing the UICC cards in their premises and once for all. Operators then send the personalized UICC card to the user, who will insert it in his mobile terminal to access the mobile network of the MNO. The personalization can also be outsourced to the UICC provider, but it is always configured physically and for ever.
When a user wants to change its MNO, the new MNO sends a new personalized UICC card and the user has to insert this new card into its mobile terminal to access the new network. This implies a problem for devices that should be sold with the UICC inside them (for e.g. security reasons), or devices that are difficult (or too costly) to access, like sensors, cars/trucks, vending machines . . . . For these devices, the manual replacement of the UICC card is too costly or even impossible.
Furthermore, given both new connected objects (eg. cars, smart meters, . . . ) and new strong mobile manufacturers actors, there is a move from the industry to have the UICC card welded inside the connected object, put once for all inside the object at the manufacturing stage and for the whole object's life (eg. the end-user that has the object will not be able to physically remove the UICC card to put another one).
There is need to allow easy reconfiguration of the UICC of the mobile terminal with a different set of credentials, in order to change the serving mobile network operator. There is also a need to allow the end user to change freely of telecommunication operator while maintaining the strength and level of trust put into the secrets stored inside the USSIM of a given object via a secured provisioning protocol.