In a cellular or other network, a device may securely communicate with the network using a subscriber key, typically encoded within a secure environment of a UICC, SIM or embedded SIM, for example. The subscriber key (K or Ki) is shared with the network and typically stored within an operator core network. The subscriber key is usually burned in to a UICC at manufacture by a SIM vendor and is provided to the operator before the UICC is distributed to an end user or device.
In the case of machine-to-machine (M2M) devices, UICCs may be integrated into a device by a device manufacturer (OEM).
The UICC is also provided with a subscription identity and the combination of subscription identity and subscriber key (e.g. International Mobile Subscriber Identity (IMSI)/Ki) may be the UICC profile. It is this profile that enables a device having the UICC, to connect to and communicate with a mobile network.
Additional security may be required when passing any key material relating to specific UICC or SIM cards from the manufacturer (or personaliser) to other parties. Weaknesses in this process are highlighted by https://theintercept.com/2015/02/19/great-sim-heist/retrieved 7 Apr. 2016). There are other points at which the keys may leak, e.g. hacking into the SIM vendor; hacking into the mobile operator; an insider attack at the SIM vendor; or an insider attack at the mobile operator.
Even in the case of the remotely programmable embedded SIM, where the key is delivered Over The Air from a subscription manager rather than burned in at manufacture, there remain multiple points (at the subscription manager, at the mobile operator or in transit between the two) at which keys could leak.
Therefore, there are required a method, system and apparatus that overcomes these problems.