In current wireless networks, wireless devices need to perform an attach procedure to initiate communication through a network. FIG. 6 shows an outline of the attach procedure in accordance with “General Packet Radio Service (GRPS) enhancement for Evolved Universal Terrestrial Radio Access Network (E-UTRAN) access (Release 9)”, 3GPP TS 23.401 V9.3.0. For simplification, a registration server is expressed as a single apparatus; however, it may be a plurality of apparatuses.
In step S21, a wireless device transmits an attach request signal including an subscriber identifier called International Mobile Subscriber Identifier (IMSI) assigned to the wireless device to a network apparatus such as Serving GRPS Support Node (SGSN). In step S22, the network apparatus transmits an authenticating data request signal to a registration server of a home network of the wireless device. The network apparatus determines the home network of the wireless device based on the IMSI included in the attach request signal.
In step S23, the registration server transmits an authentication data response signal including a random value RAND, two keys Ik and Ck, and an expected response value XRES to the network apparatus. Here, two keys Ik and Ck as well as the expected response value XRES are calculated based on the random value RAND and a shared key Kshare that is shared between the wireless device and the registration server in advance.
In step S24, the network apparatus transmits an authentication data response signal including the random value RAND to the wireless device. In step S25, the wireless device calculates a response value RES and the two keys Ik and Ck based on the random value RAND and the shared key Kshare. In step S26, the wireless device transmits the response value RES to the network apparatus. In step S27, the network apparatus compares whether the expected response value XRES is the same as the response values RES, and if they are the same, the attachment procedure successfully completes.
As explained above, the shared key Kshare for the wireless device needs to be predetermined, and stored in both the wireless device and the registration server before starting the attachment procedure. Further, the IMSI needs to be assigned to the wireless device from a home operator, which is an operator of the home network of the wireless device, and stored in the wireless device before starting the attachment procedure. Currently, the shared key Kshare and the IMSI are stored in a Subscriber Identifier Module (SIM) card, which can be inserted into the wireless device, and provided to a user of the wireless device when the user subscribes to the home network. Thus, a provisioning of the wireless device is performed on an off-line basis.
To enable a remote provisioning of wireless devices, “Feasibility study on the security aspects of remote provisioning and change of subscription for Machine to Machine (M2M) equipment (Release 9)”, 3GPP TR 33.812 V9.2.0, proposes usage of a registration operator.
However, to communicate with an apparatus in the registration operator, wireless devices need to have a shared key with the apparatus in the registration operator in advance. Furthermore, the wireless devices need to have a Provisional Connectivity Identification (PCID), which has the same format as the IMSI, in advance. If there are a number of registration operators for each country or area, manufacturers of wireless devices need to store a plurality of shared keys, each of which corresponds to a registration operator, in their wireless devices at production. Further, according to the current proposal, selecting and/or changing a home operator requires an off-line procedure, and it is not possible to select and change the home operator on an on-line basis.