Login| Sign Up| Help| Contact|

Patent Searching and Data


Title:
CREDENTIAL HANDLING OF AN IOT SAFE APPLET
Document Type and Number:
WIPO Patent Application WO/2022/073623
Kind Code:
A1
Abstract:
There is provided mechanisms for handling credentials of an IoT SAFE applet. A method is performed by a communication device. The communication device stores the IoT SAFE applet in a first security domain of a subscription module in the communication device. The first security domain is free from any subscription profile and is different from any security domain of the subscription module for storing subscription profiles. The IoT SAFE applet is independent from any MNO. The communication device is without credentials for the IoT SAFE applet for establishing secure communication for the communication device with a network node. The method comprises obtaining credentials for the IoT SAFE applet from the network node. The method comprises storing the credentials in the first security domain of the subscription module. The credentials are, after successful storage, accessible only from within the first security domain. The method comprises establishing, using the IoT SAFE applet and at least one of the credentials, secure communication for the communication device with the network node.

Inventors:
STÅHL PER (SE)
SÄÄSKILAHTI JUHA (FI)
SUIHKO TIMO (FI)
UOTILA TONI (FI)
Application Number:
PCT/EP2020/078503
Publication Date:
April 14, 2022
Filing Date:
October 09, 2020
Export Citation:
Click for automatic bibliography generation   Help
Assignee:
ERICSSON TELEFON AB L M (SE)
International Classes:
H04W12/0431; H04W4/70; H04W12/06; H04W12/069; H04W12/086; H04W12/40
Foreign References:
US20180121661A12018-05-03
Other References:
GSMA: "SAM.01 Secured Applications for Mobile - early draft for comment", vol. TC SCP Smart Card Platform, 22 July 2020 (2020-07-22), pages 1 - 18, XP014376743, Retrieved from the Internet [retrieved on 20200722]
BENEDEK KOVACS ET AL: "UICC Modules and the IoT", ERICSSON TECHNOLOGY REVIEW, 14 April 2020 (2020-04-14), pages 1 - 12, XP055807925, Retrieved from the Internet [retrieved on 20210526]
Attorney, Agent or Firm:
ERICSSON (SE)
Download PDF:
Claims:
26

CLAIMS

1. A method for handling credentials of an loT SAFE applet, the method being performed by a communication device (200), wherein the communication device (200) is storing the loT SAFE applet in a first security domain of a subscription module in the communication device (200), wherein the first security domain is free from any subscription profile and is different from any security domain of the subscription module for storing subscription profdes, and wherein the loT SAFE applet is independent from any MNO, and wherein the communication device (200) is without credentials for the loT SAFE applet for establishing secure communication for the communication device (200) with a network node (300), the method comprising: obtaining (S102) credentials for the loT SAFE applet from the network node (300); storing (SI 04) the credentials in the first security domain of the subscription module, wherein the credentials, after successful storage, are accessible only from within the first security domain; and establishing (SI 06), using the loT SAFE applet and at least one of the credentials, secure communication for the communication device (200) with the network node (300).

2. The method according to claim 1, wherein the communication device (200) is preconfigured with the loT SAFE applet.

3. The method according to any preceding claim, wherein the communication device (200) has a subscription profile, and wherein the loT SAFE applet is downloaded to the communication device (200) as part of the subscription profile being downloaded to the communication device (200), and wherein as part of installing the subscription profile into the subscription module, the subscription profile, except the loT SAFE applet, is stored in at least one other security domain of the subscription module, and the loT SAFE applet is stored in the first security domain.

4. The method according to any preceding claim, wherein the communication device (200) has a subscription profile, and wherein the credentials are obtained by being downloaded to the communication device (200) as part of the subscription profile being downloaded to the communication device (200).

5. The method according to claim 4, wherein obtaining the credentials comprises: parsing (S102a), using a Profile Package Interpreter, PPI, profile elements of the subscription profile for identifying the credentials.

6. The method according to claim 5, wherein the profile element carrying the credentials comprises an indicator of whether the credentials are limited to be used only when the subscription profile in which the credentials were downloaded is active or the credentials are usable independently of which subscription profile is currently active in the wireless device (200).

7. The method according to any preceding claim, wherein the credentials as obtained are encrypted, and before being stored in the first security domain of the subscription module, are decrypted inside the subscription module.

8. The method according to any preceding claim, wherein the communication device (200) has a subscription profile, and wherein the credentials are obtained after the subscription profile has been downloaded to the communication device (200).

9. The method according to claim 10, wherein the subscription profile is an active subscription profile, and wherein the credentials are obtained by being downloaded to the communication device (200) using an OTA mechanism of the subscription module for the active subscription profile.

10. The method according to claim 11, wherein the subscription profile comprises an indicator of whether the credentials are limited to be used only when the subscription profile in which the credentials were downloaded is active or the credentials are usable independently of which subscription profile is currently active in the wireless device (200), or said indicator is downloaded to the communication device (200) using the OTA mechanism.

11. The method according to claim 6 or 10, wherein storing the credentials into the first security domain comprises storing also the indicator into the first security domain.

12. The method according to any preceding claim, wherein the secure communication is based on any of: DTLS, TLS, OSCORE.

13. The method according to claim 6 or 10, wherein establishing, using at least one of the credentials, secure communication for the communication device (200) comprises verifying by the loT SAFE applet if usage of said at least one of the credentials is limited to be used when a particular subscription profile is active and, if so, verifying that said particular subscription profile is currently active.

14. The method according to any preceding claim, wherein the method further comprises: obtaining (SI 08) a trigger for establishment of further credentials.

15. The method according to claim 15, wherein the trigger is set by the network node (300) or an application in the communication device (200).

16. The method according to claim 15, wherein the further credentials are established by the loT SAFE applet and then stored inside the first security domain of the subscription module, and wherein the further credentials are, when stored in the first security domain, marked as usable independently of which subscription profile is active in the communication device (200).

17. The method according to claim 16, wherein the method further comprises: generating (SI 10) a proof of establishment in the first security domain of the subscription module that the further credentials have been established by the loT SAFE applet, wherein at least one of the credentials already stored in the first security domain of the subscription module is used in establishing the proof.

18. The method according to claim 17, wherein the method further comprises: providing (SI 12) the proof of establishment and any public part of the further credentials of the communication device (200) to the network node (300) for verification of the proof of establishment.

19. The method according to claim 18, wherein the credentials were obtained from a first MNO of the network node (300), and wherein the method further comprises: establishing (SI 14), using the further credentials, secure communication for the communication device (200) with an loT service provider of the network node (300), wherein a subscription profile in the subscription module of a second MNO is active.

20. The method according to claim 19, wherein establishing, using the further credentials, secure communication for the communication device (200) comprises verifying by the loT SAFE applet if usage of said further credentials is limited to be used when a particular subscription profile is active and, if so, verifying that said particular subscription profile is currently active.

21. A method for handling credentials of an loT SAFE applet, the method being performed by a network node (300), the method comprising: generating (S202) credentials for the loT SAFE applet; providing (S204) the credentials for the loT SAFE applet to a communication device (200); and establishing (S206), using at least one of the credentials, secure communication with the communication device (200).

22. The method according to claim 21, wherein the credentials are generated by any of: an MNO of the network node (300), a provisioning server of the network node (300), an loT service provider of the network node (300).

23. The method according to claim 21 or 22, wherein the communication device (200) has a subscription profile, and wherein the loT SAFE applet is provided to the communication device (200) as part of the network node (300) providing the subscription profile to the communication device (200). 29

24. The method according to any of claims 21 to 23, wherein the communication device (200) has a subscription profile, and wherein the credentials are provided to the communication device (200) as part of the network node (300) providing the subscription profile to the communication device (200).

25. The method according to claim 24, wherein the credentials are provided in a profile element of the subscription profile, and wherein the profile element carrying the credentials comprises an indicator of whether the credentials are bound to that the subscription profile is active or not bound to that the subscription profile is active.

26. The method according to any of claims 21 to 25, wherein the communication device (200) has a subscription profile, and wherein the credentials are provided to the communication device (200) by the network node (300) after having provided the subscription profile to the communication device (200).

27. The method according to any of claims 21 to 26, wherein the method further comprises: providing (S208) a trigger to the communication device (200) for establishment of further credentials.

28. The method according to claim 27, wherein the method further comprises: obtaining (S210) a proof of establishment of the further credentials by the loT SAFE applet of the communication device (200) and any public part of the further credentials; and verifying (S212), using the proof of establishment, at least one of the credentials, and said any public part of the further credentials, that the further credentials have been securely established inside a security domain of the loT SAFE applet.

29. The method according to claim 28, wherein the credentials were provided to the communication device (200) from a first MNO of the network node (300), and wherein the method further comprises: establishing (S214), using the further credentials, secure communication between the communication device (200) and an loT service provider of the network node (300), while the communication device (200) is connected to a network of a second MNO.

30. A communication device (200) for handling credentials of an loT SAFE applet, wherein the communication device (200) is storing the loT SAFE applet in a first security domain of a subscription module in the communication device (200), wherein the first security domain is free from any subscription profile and is different from any security domain of the subscription module for storing subscription profiles, and wherein the loT SAFE applet is independent from any MNO, and wherein the communication device (200) is without credentials for the loT SAFE applet for establishing secure communication for the communication device (200) with a network node (300), the communication 30 device (200) comprising processing circuitry (210), the processing circuitry being configured to cause the communication device (200) to: obtain credentials for the loT SAFE applet from the network node (300); store the credentials in the first security domain of the subscription module, wherein the credentials, after successful storage, are accessible only from within the first security domain; and establish, using the loT SAFE applet and at least one of the credentials, secure communication for the communication device (200) with the network node (300).

31. A communication device (200) for handling credentials of an loT SAFE applet, wherein the communication device (200) is storing the loT SAFE applet in a first security domain of a subscription module in the communication device (200), wherein the first security domain is free from any subscription profile and is different from any security domain of the subscription module for storing subscription profiles, and wherein the loT SAFE applet is independent from any MNO, and wherein the communication device (200) is without credentials for the loT SAFE applet for establishing secure communication for the communication device (200) with a network node (300), the communication device (200) comprising: an obtain module (210a) configured to obtain credentials for the loT SAFE applet from the network node (300); a store module (210c) configured to store the credentials in the first security domain of the subscription module, wherein the credentials, after successful storage, are accessible only from within the first security domain; and an establish module (210d) configured to establish, using the loT SAFE applet and at least one of the credentials, secure communication for the communication device (200) with the network node (300).

32. The communication device (200) according to claim 30 or 31, further being configured to perform the method according to any of claims 2 to 20.

33. A network node (300) for handling credentials of an loT SAFE applet, the network node (300) comprising processing circuitry (310), the processing circuitry being configured to cause the network node (300) to: generate credentials for the loT SAFE applet; provide the credentials for the loT SAFE applet to a communication device (200); and 31 establish, using at least one of the credentials, secure communication with the communication device (200).

34. A network node (300) for handling credentials of an loT SAFE applet, the network node (300) comprising: a generate module (310a) configured to generate credentials for the loT SAFE applet; a provide module (310b) configured to provide the credentials for the loT SAFE applet to a communication device (200); and an establish module (310c) configured to establish, using at least one of the credentials, secure communication with the communication device (200).

35. The network node (300) according to claim 33 or 34, further being configured to perform the method according to any of claims 22 to 29.

36. A computer program (1020a) for handling credentials of an loT SAFE applet, the computer program comprising computer code which, when run on processing circuitry (210) of a communication device (200), wherein the communication device (200) is storing the loT SAFE applet in a first security domain of a subscription module in the communication device (200), wherein the first security domain is free from any subscription profile and is different from any security domain of the subscription module for storing subscription profiles, and wherein the loT SAFE applet is independent from any MNO, and wherein the communication device (200) is without credentials for the loT SAFE applet for establishing secure communication for the communication device (200) with a network node (300), causes the communication device (200) to: obtain (S102) credentials for the loT SAFE applet from the network node (300); store (SI 04) the credentials in the first security domain of the subscription module, wherein the credentials, after successful storage, are accessible only from within the first security domain; and establish (SI 06), using the loT SAFE applet and at least one of the credentials, secure communication for the communication device (200) with the network node (300).

37. A computer program (1020b) for handling credentials of an loT SAFE applet, the computer program comprising computer code which, when run on processing circuitry (310) of a network node (300), causes the network node (300) to: generate (S202) credentials for the loT SAFE applet; provide (S204) the credentials for the loT SAFE applet to a communication device (200); and 32 establish (S206), using at least one of the credentials, secure communication with the communication device (200).

38. A computer program product (1010a, 1010b) comprising a computer program (1020a, 1020b) according to at least one of claims 36 and 37, and a computer readable storage medium (1030) on which the computer program is stored.

Description:
CREDENTIAL HANDLING OF AN IOT SAFE APPLET

TECHNICAL FIELD

Embodiments presented herein relate to methods, a communication device, a network node, computer programs, and a computer program product for handling credentials of an loT SAFE applet.

BACKGROUND

The loT SAFE applet, where loT is short for Intemet-of-Things, where SAFE is short for SIM Applet For End-to-end communication, and where SIM is short for Subscriber Identity Module, aims at leveraging the SIM to establish/provision long-term credentials on a communication device for use to establish secure communication between the communication device and an loT service. loT SAFE is also the name of the security applet running on the SIM card (such as the universal integrated circuit card (UICC), embedded UICC (eUICC), or integrated UICC (iUICC)), commonly referred to as UICC or subscription module hereinafter. As used hereinafter the term loT SAFE applet will refer to the applet. A first variant of the loT SAFE applet supports cryptographic operations that make use of both asymmetric and symmetric credentials whereas a second variant of the loT SAFE applet only supports cryptographic operations using symmetric credentials for use with very constrained devices.

The loT SAFE applet provides operations, involving the long-term credentials, for use by the communication device when establishing secure communication with the loT service and where the longterm credentials never leave the UICC. loT SAFE vl.O currently supports establishing secure communication based on the Datagram Transport Layer Security (DTLS) protocol and the Transport Layer Security (TLS) protocol, where both vl.2 and vl.3 of (D)TLS are supported. Hence, the operations currently defined for the loT SAFE applet are those needed for (D)TLS 1.2 and (D)TLS 1.3.

A UICC supports security domains for isolation of code and data owned and controlled by different parties such as the MNO and the UICC manufacturer. The loT SAFE applet is either provisioned to the UICC at manufacturing of the UICC or, in case of eUICC, the loT SAFE applet may alternatively be downloaded to the eUICC as part of the subscription profile. In the latter case the loT SAFE applet is part of the same security domain as the subscription profile, or a subdomain of this domain. In the first case the loT SAFE applet may belong to a security domain associated with a subscription profile or a separate security domain. The way to establish/provision credentials to the loT SAFE applet is either through the use of SIM over-the-air (OTA) mechanisms of the mobile network operator (MNO), or UICC vendor, or through pre-provisioning during manufacturing of the UICC. loT SAFE vl.O also specifies the option to allow a device application to use the interface to generate credentials (e.g. device private and public key pair where the private key is kept inside loT SAFE applet) and to store credentials (e.g. device certificate containing the public key). These credentials can then be used in operations similar to those established via SIM OTA. How the trust in these credentials is established with a potential remote entity is up to the device application. Only the first mentioned variant of the loT SAFE applet supports generation and storage of credentials triggered by a device application.

For constrained battery powered loT devices connecting over Low-Power Wide-Area (LPWA) networks such as Narrow-Band loT networks the subscription profile should be kept as small as possible in order to save power during the download of the subscription profile. In a subscription profile for constrained loT devices only network access authentication credentials, international mobile subscriber identity (IMSI), and a few other network configuration parameters might be required, resulting in a subscription profile of a few hundred bytes. For example, no SIM OTA is needed as part of such a profile. The second mentioned variant of the loT SAFE is several tens of kilobytes in size, which comparatively much with respect to the parts of the subscription profile necessary for gaining network access. The first mentioned variant is even bigger than that. Hence, for constrained battery powered loT devices, the loT SAFE applet needs to be pre-installed on the UICC not to ruin the power budget.

Some issues relating to having a pre-installed loT SAFE applet that have been discovered will now be disclosed.

The loT SAFE applet becomes specific per MNO when the SIM OTA mechanism is used by the loT SAFE applet. Although the SIM OTA secure channel is standardized, the set of commands, mechanisms, and message formats used for provisioning over the air are linked to provisioning infrastructure specific to each MNO. In case of a subscription module with pre-installed loT SAFE applet it must thus be known at manufacturing of the subscription module which MNO is to be used such that the proper subscription profile and loT SAFE applet are installed. This information might not be available at the time of manufacturing of the subscription module.

Having credential(s) pre-installed at manufacturing of the subscription module causes the credential(s) to be exposed to the manufacturer of the subscription module. This requires logistics for secure exchange of credential(s) between the MNO and the manufacturer of the subscription module.

Hence, there is a need for improved handling of credentials of an loT SAFE applet, for example in terms of how to reduce exposure of the credentials and/or how to handle situations where the MNO is unknown at at the time of manufacturing of the subscription module.

SUMMARY

An object of embodiments herein is to provide efficient handling of credentials of an loT SAFE applet whereby the issues noted above are resolved.

According to a first aspect there is presented a method for handling credentials of an loT SAFE applet. The method is performed by a communication device. The communication device stores the loT SAFE applet in a first security domain of a subscription module in the communication device. The first security domain is free from any subscription profile and is different from any security domain of the subscription module for storing subscription profdes. The loT SAFE applet is independent from any MNO. The communication device is without credentials for the loT SAFE applet for establishing secure communication for the communication device with a network node. The method comprises obtaining credentials for the loT SAFE applet from the network node. The method comprises storing the credentials in the first security domain of the subscription module. The credentials are, after successful storage, accessible only from within the first security domain. The method comprises establishing, using the loT SAFE applet and at least one of the credentials, secure communication for the communication device with the network node.

According to a second aspect there is presented a communication device for handling credentials of an loT SAFE applet. The communication device stores the loT SAFE applet in a first security domain of a subscription module in the communication device. The first security domain is free from any subscription profile and is different from any security domain of the subscription module for storing subscription profiles. The loT SAFE applet is independent from any MNO. The communication device is without credentials for the loT SAFE applet for establishing secure communication for the communication device with a network node. The communication device comprises processing circuitry. The processing circuitry is configured to cause the communication device to obtain credentials for the loT SAFE applet from the network node. The processing circuitry is configured to cause the communication device to store the credentials in the first security domain of the subscription module. The credentials are, after successful storage, accessible only from within the first security domain. The processing circuitry is configured to cause the communication device to establish, using the loT SAFE applet and at least one of the credentials, secure communication for the communication device with the network node.

According to a third aspect there is presented a communication device for handling credentials of an loT SAFE applet. The communication device stores the loT SAFE applet in a first security domain of a subscription module in the communication device. The first security domain is free from any subscription profile and is different from any security domain of the subscription module for storing subscription profiles. The loT SAFE applet is independent from any MNO. The communication device is without credentials for the loT SAFE applet for establishing secure communication for the communication device with a network node. The communication device comprises an obtain module configured to obtain credentials for the loT SAFE applet from the network node. The communication device comprises a store module configured to store the credentials in the first security domain of the subscription module. The credentials are, after successful storage, accessible only from within the first security domain. The communication device comprises an establish module configured to establish, using the loT SAFE applet and at least one of the credentials, secure communication for the communication device with the network node. According to a fourth aspect there is presented a computer program for handling credentials of an loT SAFE applet. The computer program comprises computer program code which, when run on processing circuitry of a communication device, causes the communication device to perform a method according to the first aspect.

According to a fifth aspect there is presented a method for handling credentials of an loT SAFE applet. The method is performed by a network node. The method comprises generating credentials for the loT SAFE applet. The method comprises providing the credentials for the loT SAFE applet to a communication device. The method comprises establishing, using at least one of the credentials, secure communication with the communication device.

According to a sixth aspect there is presented a network node for handling credentials of an loT SAFE applet. The network node comprises processing circuitry. The processing circuitry is configured to cause the network node to generate credentials for the loT SAFE applet. The processing circuitry is configured to cause the network node to provide the credentials for the loT SAFE applet to a communication device. The processing circuitry is configured to cause the network node to establish, using at least one of the credentials, secure communication with the communication device.

According to a seventh aspect there is presented a network node for handling credentials of an loT SAFE applet. The network node comprises a generate module configured to generate credentials for the loT SAFE applet. The network node comprises a provide module configured to provide the credentials for the loT SAFE applet to a communication device. The network node comprises an establish module configured to establish, using at least one of the credentials, secure communication with the communication device.

According to an eighth aspect there is presented a computer program for handling credentials of an loT SAFE applet, the computer program comprising computer program code which, when run on processing circuitry of a network node, causes the network node to perform a method according to the fifth aspect.

According to a ninth aspect there is presented a computer program product comprising a computer program according to at least one of the fourth aspect and the eighth aspect and a computer readable storage medium on which the computer program is stored. The computer readable storage medium could be a non-transitory computer readable storage medium.

Advantageously these methods, these communication devices, these network nodes, these computer programs, and this computer program product, provide efficient handling of credentials of an loT SAFE applet such that the above issues can be avoided.

Advantageously these methods, these communication devices, these network nodes, these computer programs, and this computer program product enable the loT SAFE technology for establishing and using credentials between a device application and an loT service to be used also on constrained battery powered loT devices.

Advantageously these methods, these communication devices, these network nodes, these computer programs, and this computer program product enable an MNO to offer a service to provide content, in terms of credential(s), to the loT SAFE applet in a secure way, through the standard subscription profde delivery mechanism.

Other objectives, features and advantages of the enclosed embodiments will be apparent from the following detailed disclosure, from the attached dependent claims as well as from the drawings.

Generally, all terms used in the claims are to be interpreted according to their ordinary meaning in the technical field, unless explicitly defined otherwise herein. All references to "a/an/the element, apparatus, component, means, module, step, etc." are to be interpreted openly as referring to at least one instance of the element, apparatus, component, means, module, step, etc., unless explicitly stated otherwise. The steps of any method disclosed herein do not have to be performed in the exact order disclosed, unless explicitly stated.

BRIEF DESCRIPTION OF THE DRAWINGS

The inventive concept is now described, by way of example, with reference to the accompanying drawings, in which:

Fig. 1 is a schematic diagram illustrating a communication system according to embodiments;

Figs. 2 and 3 are flowcharts of methods according to embodiments;

Figs. 4, 5 and 6 are signalling diagrams of methods according to embodiments;

Fig. 7 is a schematic diagram showing functional units of a communication device according to an embodiment;

Fig. 8 is a schematic diagram showing functional modules of a communication device according to an embodiment;

Fig. 9 is a schematic diagram showing functional units of a network node according to an embodiment;

Fig. 10 is a schematic diagram showing functional modules of a network node according to an embodiment; and

Fig. 11 shows one example of a computer program product comprising computer readable means according to an embodiment. DETAILED DESCRIPTION

The inventive concept will now be described more fully hereinafter with reference to the accompanying drawings, in which certain embodiments of the inventive concept are shown. This inventive concept may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein; rather, these embodiments are provided by way of example so that this disclosure will be thorough and complete, and will fully convey the scope of the inventive concept to those skilled in the art. Like numbers refer to like elements throughout the description. Any step or feature illustrated by dashed lines should be regarded as optional.

The wording that a certain data item or piece of information is obtained by a first device should be construed as that data item or piece of information being retrieved, fetched, received, or otherwise made available to the first device. For example, the data item or piece of information might either be pushed to the first device from a second device or pulled by the first device from a second device. Further, in order for the first device to obtain the data item or piece of information, the first device might be configured to perform a series of operations, possible including interaction with the second device. Such operations, or interactions, might involve a message exchange comprising any of a request message for the data item or piece of information, a response message comprising the data item or piece of information, and an acknowledge message of the data item or piece of information. The request message might be omitted if the data item or piece of information is neither explicitly nor implicitly requested by the first device.

The wording that a certain data item or piece of information is provided by a first device to a second device should be construed as that data item or piece of information being sent or otherwise made available to the second device by the first device. For example, the data item or piece of information might either be pushed to the second device from the first device or pulled by the second device from the second device. Further, in order for the first device to provide the data item or piece of information to the second device, the first device and the second device might be configured to perform a series of operations in order to interact with each other. Such operations, or interaction, might involve a message exchange comprising any of a request message for the data item or piece of information, a response message comprising the data item or piece of information, and an acknowledge message of the data item or piece of information. The request message might be omitted if the data item or piece of information is neither explicitly nor implicitly requested by the second device.

As disclosed above there is a need for improved handling of credentials of an loT SAFE applet, for example in terms of how to reduce exposure of the credentials and/or how to handle situations where the MNO is unknown at at the time of manufacturing of the subscription module. Further in this respect, it is envisioned that credential(s) can be downloaded as part of the subscription profile. However, since the credentials for the loT SAFE applet must not be readable by any device application, it becomes cumbersome for the loT SAFE applet residing in one security domain at the subscription module to make use of credential(s) being part of the subscription profile ending up in another security domain. Another issue concerns how to ensure that the credential(s) is/are only used with the MNO of the linked subscription profile and not usable at later stages in case the subscription profde is changed. Another issue concerns communication devices that are moved geographically and that uses different subscription profdes depending on their location and that would like to use the same credential(s) towards the loT service whilst being served by networks of different MNOs.

Fig. 1 is a schematic diagram illustrating a communication system 100 where embodiments presented herein can be applied. The communication system 100 comprises a communication device 200 and a network node 300 that are configmed to communicate with each other over a wireless link 400.

In turn, the communication device 200 comprises a device application 240, a modem 245, and a subscription module 250. In turn, the subscription module 250 comprises security domains, such as a Supplementary Security Domain (SSD) 252a, an Issuer Security Domain Root (ISD-R) 252b, a first Issuer Security Domain Profile (ISD-P) 252c, and a second ISD-P 252d. The SSD 252a stores an loT SAFE applet 254. The first ISD-P 252c stores a first subscription profile 256a, and the second ISD-P 252d stores a second subscription profile 256b.

The network node 300 might act as, fulfil the roles of, or implement the functionalities of, an loT service provider 340, a certificate authority (CA) 345, a provisioning server 340, a first MNO 355, and a second MNO 360. The entities 340:360 might be implemented separately, or be co-located and integrated together.

The communication device 200 might be an loT device and comprises a realization of a SIM functionality, provided by a subscription module, supporting remote SIM provisioning according the GSM Association (GSMA; where GSM is short for or Global System for Mobile communications), either the Machine-to-Machine (M2M) variant or the consumer variant. The subscription module might be an eUICC, iUICC, ieUICC, UICC, or a Smart Secure Platform (SSP) such as any of an integrated SSP (iSSP), an embedded SSP (eSSP) or a removable SSP (rSSP). The communication device 200 comprises a wireless modem supporting at least one cellular standard from the 3rd Generation Partnership Project (3GPP).

The subscription module comprises an loT SAFE applet that is pre-installed at manufacturing of the subscription module. The loT SAFE applet is meant to be common for use by any MNO and typically does not contain any SIM OTA mechanism support for credential provisioning/establishment. From a security point of view the loT SAFE applet might reside in a dedicated separate security domain on the subscription module. Such a security domain is referred to as Supplementary Security Domain (SSD). A third party might be the application provider of the loT SAFE applet. Alternatively, the loT SAFE applet resides in the Issuer Security Domain Root (ISD-R) security domain of the subscription module. At device installation/commissioning the subscription module may be configured with a provisioning/bootstrapping subscription profile such that the communication device 200 can get initial connectivity and download an operational subscription profile. The provisioning/bootstrapping subscription profile resides in a security domain separate from the security domain of the loT SAFE applet and typically separate from the ISD-R. As part of download and installation of a new subscription profile, such as an operational subscription profile, a new security domain is created where the subscription profile is stored. Such a security domain is referred to as Issuer Security Domain Profile (ISD-P). The communication device 200 might further comprise a further wireless modem which can be used to locally connect the communication device 200 to a primary device in order to get connectivity such that an operational subscription profile can be downloaded to the communication device 200.

The communication device 200 comprises an application that is configured to establish secure communication (e.g. based on the DTLS protocol) with a remote server of an loT service provider utilizing the loT SAFE applet of the subscription module according to the loT SAFE framework. The remote server may be a device and data management server and the protocol used for communication between the communication device 200 and the device and data management server might, for example, be the Open Mobile Alliance (OMA) LwM2M protocol, where LwM2M is short for Lightweight Machine -to -Machine .

The MNO provides cellular connectivity for the communication device 200. The MNO also assists the owner/manager (e.g. an enterprise) of the communication device 200 in establishing credentials for secure communication between a remote server of the loT service provider and the communication device 200 leveraging the subscription module, in particular the loT SAFE applet.

The loT service provider is a provider of an loT service and hosting a remote server to which a set of devices, such as communication device 200, would like to securely connect to using e.g. the DTLS protocol. One purpose is for the devices to report sensor data to the loT service provider. The loT service provider may be the owner of the devices or license the devices for its service.

The provisioning server handles profile download and may also handle profile management operations. Depending on the GSMA RSP variant used the provisioning server may either be a Subscription Manager - Data Preparation plus (SM-DP+) server (for the consumer variant), or a Subscription Manager - Data Preparation (SM-DP) server and a Subscription Manager - Secure Routing (SM-SR) server (for the M2M variant). The provisioning server is either operated by the MNO providing the operational subscription profile or a third party trusted by the MNO.

The embodiments disclosed herein relate to mechanisms for handling credentials of an loT SAFE applet. In order to obtain such mechanisms there is provided a communication device 200, a method performed by the communication device 200, a computer program product comprising code, for example in the form of a computer program, that when run on processing circuitry of the communication device 200, causes the communication device 200 to perform the method. In order to obtain such mechanisms there is further provided a network node 300, a method performed by the network node 300, and a computer program product comprising code, for example in the form of a computer program, that when run on processing circuitry of the network node 300, causes the network node 300 to perform the method.

Reference is now made to Fig. 2 illustrating a method for handling credentials of an loT SAFE applet as performed by the communication device 200 according to an embodiment. Parallel reference is made to the signalling diagram of Fig. 4. The communication device 200 is storing the loT SAFE applet in a first security domain of a subscription module in the communication device 200. The first security domain is free from any subscription profile and is different from any security domain of the subscription module for storing subscription profiles. The loT SAFE applet is independent from any MNO. The communication device 200 is without credentials for the loT SAFE applet for establishing secure communication for the communication device 200 with a network node 300.

SI 02: The communication device 200 obtains credentials for the loT SAFE applet from the network node 300.

SI 04: The communication device 200 stores the credentials in the first security domain of the subscription module. The credentials are, after successful storage, accessible only from within the first security domain.

SI 06: The communication device 200 establishes, using the loT SAFE applet and at least one of the credentials, secure communication for the communication device 200 with the network node 300.

Embodiments relating to further details of handling credentials of an loT SAFE applet as performed by the communication device 200 will now be disclosed.

Since further credentials will be introduced below, the above introduced credentials (i.e., the credentials as obtained in step SI 02, stored in step SI 04, and used in step SI 06) will hereinafter be referred to as first credentials.

As disclosed above, the communication device 200 is storing the loT SAFE applet. There could be different ways for the communication device 200 to obtain, or be provided with, the loT SAFE applet in the first place. Different embodiments relating thereto will now be described in turn.

In some aspects, the loT SAFE applet is provided to the communication device 200 as part of manufacturing of the communication device 200. According to a first embodiment, the communication device 200 is thus preconfigured with the loT SAFE applet.

In some aspects, the loT SAFE applet is downloaded to the communication device 200 as part of subscription profile download. That is the communication device 200 might have a subscription profile, and according to a second embodiment the loT SAFE applet is downloaded to the communication device 200 as part of the subscription profile being downloaded to the communication device 200. Then, as part of installing the subscription profile into the subscription module, the subscription profile, except the loT SAFE applet, is stored in at least one other security domain (such as a first ISD-P or a second ISD-P, etc.) of the subscription module, and the loT SAFE applet is stored in the first security domain.

In some aspects, the loT SAFE applet is prestored in the first security domain of the subscription module. According to a third embodiment, the first security domain of the subscription module is thus preconfigured with the loT SAFE applet.

As disclosed above, the communication device 200 in step SI 02 obtains first credentials for the loT SAFE applet. There could be different ways for the communication device 200 to obtain the first credentials. Different embodiments relating thereto will now be described in turn.

In some aspects, the first credentials are obtained as part of subscription profile download. That is, the communication device 200 might have a subscription profile, and in a first embodiment the first credentials are obtained by being downloaded to the communication device 200 as part of the subscription profile being downloaded to the communication device 200.

Upon having obtained, or downloaded, the subscription profile, the communication device 200 might parse profile elements of the subscription profile (e.g., using a Profile Package Interpreter; PPI) in order to identify the first credentials. That is, in some embodiments, the communication device 200 is configured to perform (optional) step SI 02a as part of step SI 02:

SI 02a: The communication device 200 parses, using a PPI, profile elements of the subscription profile for identifying the first credentials.

The PPI thus needs to be configured for identification of first credentials.

In some aspects, the profile element of the first credentials has a flag, or other type of indicator, as to whether the first credentials should be bound to an active subscription profile or not. That is, the flag is set when the first credentials are bound to an active subscription profile and the flag is not set when the first credentials are not bound to an active subscription profile. Hence, in some embodiments, the profile element carrying the first credentials comprises an indicator of whether (i) the first credentials are limited to be used only when the subscription profile in which the first credentials were downloaded is active or (ii) the first credentials are usable independently of which subscription profile is currently active in the wireless device 200. When the first credentials are stored into the first security domain also the indicator might be stored into the first security domain. If the first credentials are limited to be used only when the subscription profile in which the first credentials were downloaded is active, a subscription profile identifier such as the Integrated Circuit Card Identifier (ICCID) or ISD-P Application Identifier (AID) is also stored. Credentials downloaded from the subscription profile might thus be allowed to be permanent credentials usable independently of the active subscription profile. It could be the choice of the MNO whether this is allowed or not. The flag, or other type of indicator, can be introduced in the Profile Element (PE) carrying the first credentials to indicate whether the use of the first credentials is bound to the subscription profde being active or not. The PPI when parsing the subscription profile will act upon the flag. For example, the PPI either binds the first credentials to the subscription profile being active by assigning the subscription profile identifier according to the above as the subscription profile identifier to be stored along with the first credentials or marks the first credentials as always usable e.g. by assigning the all-zero ICCID or ISD-P AID as the subscription profile identifier to be stored along with the first credentials.

In further aspects, the first credentials are by the communication device 200 obtained after having downloaded the subscription profile. That is, the communication device 200 might have a subscription profile and in some embodiments the first credentials are obtained after the subscription profile has been downloaded to the communication device 200.

One way for the communication device 200 to obtain the first credentials after the communication device 200 has downloaded the subscription profile is for the communication device 200 to use the SIM OTA mechanism for the active subscription profile. That is, when the subscription profile is an active subscription profile, the first credentials are in some embodiments obtained by being downloaded to the communication device 200 using an OTA mechanism of the subscription module for the active subscription profile. The above-disclosed indicator, or flag, might then be downloaded to the communication device 200 using the OTA mechanism.

As disclosed above, the first credentials are, after successful storage, accessible only from within the first security domain. Further in this respect, the first credentials, when being obtained, might be encrypted. Thus, decryption might be required before use of the first credentials. Therefore, in some embodiments, the first credentials as obtained are encrypted, and before being stored in the first security domain of the subscription module, are decrypted inside the subscription module.

Aspects of the secure communication established in step SI 06 will now be disclosed.

The secure communication could be established using different communications and security protocols. In some non-limiting examples, the secure communication is based on any of: DTLS, TLS, OSCORE (short for Object Security for Constrained RESTful Environments).

In some aspects, it is verified that the subscription profile linked to the first credentials is active when the secure communication for the communication device 200 is established. In particular, in some embodiments, establishing, using at least one of the first credentials, secure communication for the communication device 200 as in step SI 06 comprises verifying by the loT SAFE applet if usage of the at least one of the first credentials is limited to be used when a particular subscription profile is active and, if so, verifying that this particular subscription profile is currently active. In some aspects, further credentials need to be established. Hence, in some embodiments, the communication device 200 is configured to perform (optional) step SI 08:

SI 08: The communication device 200 obtains a trigger for establishment of further credentials.

The trigger might be set by, and obtained from, the network node 300 or from an application (which in turn could be triggered by the network node 300) in the communication device 200.

In some embodiments, the further credentials are then established by the loT SAFE applet and then stored inside the first security domain of the subscription module. Both when the trigger is obtained from the network node 300 and when the trigger is obtained from an application, the establishment of the further credentials is triggered by an application via the loT SAFE applet interface. The further credentials are then, when stored in the first security domain, marked as usable independently of which subscription profile is active in the communication device 200.

In some aspects, the first credentials are used when further credentials of the communication device 200 are to be established. A proof of establishment of the further credentials can then be generated in the loT SAFE applet. Hence, in some embodiments, the communication device 200 is configured to perform (optional) step SI 10:

SI 10: The communication device 200 generates a proof of establishment in the first security domain of the subscription module that the further credentials have been established by the loT SAFE applet in the first security domain. At least one of the first credentials already stored in the first security domain of the subscription module is used in establishing the proof.

The proof of establishment (and potential public credentials) might then be sent to the network node 300. Hence, in some embodiments, the communication device 200 is configured to perform (optional) step S112:

SI 12: The communication device 200 provides the proof of establishment and any public part of the further credentials of the communication device 200 to the network node 300 for verification of the proof of establishment.

As disclosed above, the further credentials are usable independently of which subscription profile is active in the communication device 200. Hence, while being connected via the network of another MNO than the MNO to which the first credentials are bound, the further credentials can be used by the communication device 200 for establishing secure communication with an loT service provider. In particular, in some embodiments, the communication device 200 is configured to perform (optional) step SI 14 when the first credentials were obtained from a first MNO of the network node 300: SI 14: The communication device 200 establishes, using the further credentials, secure communication for the communication device 200 with an loT service provider of the network node 300, wherein a subscription profile in the subscription module of a second MNO is active.

As mentioned above, there are two variants of the loT SAFE applet; a first variant supporting cryptographic operations that make use of both asymmetric and symmetric credentials and a second variant only supporting cryptographic operations using symmetric credentials for use with very constrained devices. The loT SAFE applet disclosed herein might be any of these variants. For the first variant of the loT SAFE apple, the first credential(s) that is/are part of the subscription profile might be a symmetric key, a private key, a device certificate, and/or a CA certificate. For the second variant, the first credential(s) that is/are part of the subscription profile is a symmetric key, e.g. 128 bits, for use with TLS- PSK or DTLS-PSK based secure communication, where PSK is short for pre-shared key. A PSK identifier may also be included as part of the subscription profile or a device identifier already known to the loT service provider is used, e.g. International Mobile Equipment Identity (IMEI) or equipment identifier (EID).

In some examples the MNO provides temporary credential(s), e.g. a symmetric key, via the subscription profile, but the MNO never delivers this credential(s) to the loT service provider. Instead the MNO uses the device and data management protocol, e.g. the LwM2M protocol, to trigger establishment of further credential(s) not bound to a specific subscription profile. Then upon successful installation of the further credential(s) the MNO provides the necessary information about the further credentials to the loT service provider. The MNO may then trigger (via e.g. the LwM2M protocol) the device application to delete temporary credential(s).

Reference is now made to Fig. 3 illustrating a method for handling credentials of an loT SAFE applet as performed by the network node 300 according to an embodiment. Parallel reference is made to the signalling diagram of Fig. 4.

S202: The network node 300 generates credentials for the loT SAFE applet.

S204: The network node 200 provides the credentials for the loT SAFE applet to the communication device 200.

As disclosed above, the communication device 200 establishes secure communication with the network node 300. Hence, the network node 300 is configured to perform step S206:

S206: The network node 300 establishes, using at least one of the credentials, secure communication with the communication device 200. Here, the secure communication is established at the communication device 200 using the loT SAFE applet. Embodiments relating to further details of handling credentials of an loT SAFE applet as performed by the network node 300 will now be disclosed.

Since further credentials will be introduced below, the above introduced credentials (i.e., the credentials as generated in step S202, provided in step S204, and used in step S206) will hereinafter be referred to as first credentials.

There might be different ways for the network node 300 to generate the first credentials. In some nonlimiting examples, the first credentials are generated by any of: an MNO of the network node 300, a provisioning server of the network node 300, an loT service provider of the network node 300.

As disclosed above, in some aspects, the loT SAFE applet is downloaded to the communication device 200 as part of subscription profile download. That is, the communication device 200 might have a subscription profile, and in an embodiment the loT SAFE applet is provided to the communication device 200 as part of the network node 300 providing the subscription profile to the communication device 200.

As disclosed above, in some aspects, the first credentials are obtained as part of subscription profile download. That is, the communication device 200 might have a subscription profile, and in an embodiment the first credentials are provided to the communication device 200 as part of the network node 300 providing the subscription profile to the communication device 200.

As disclosed above, in some aspects, the profile element of the first credentials has a flag, or other type of indicator, as to whether the first credentials should be bound to an active subscription profile or not. Hence, in some embodiments, when the first credentials are provided in a profile element of the subscription profile, the profile element carrying the first credentials comprises an indicator of whether the first credentials are bound to that the subscription profile is active or not bound to that the subscription profile is active.

As disclosed above, in further aspects, the first credentials are by the communication device 200 obtained after having downloaded the subscription profile. That is, the communication device 200 might have a subscription profile and in some embodiments the first credentials are provided to the communication device 200 by the network node 300 after having provided the subscription profile to the communication device 200.

As disclosed above, the secure communication could be established using different communications and security protocols. In some non-limiting examples, the secure communication is based on any of: DTLS, TLS, OSCORE.

As disclosed above, in some aspects, the network node 300 triggers the communication device 200 to establish further credentials. Hence, according to some embodiments, the network node 300 is configured to perform (optional) step S208: S208: The network node 300 provides a trigger to the communication device 200 for establishment of further credentials.

As disclosed above, a proof of establishment (and potential public credentials) of the further credentials might be sent to the network node 300 from the communication device 200. Hence, in some embodiments, the network node 300 is configured to perform (optional) step S210:

S210: The network node 300 obtains a proof of establishment of the further credentials by the loT SAFE applet of the communication device 200 and any public part of the further credentials.

The network node 300 might then, using the received proof and any public credentials, verify that the further credentials were securely established inside the loT SAFE applet. That is, in some embodiments, the network node 300 is configured to perform (optional) step S212:

S212: The network node 300 verifies, using the proof of establishment, at least one of the first credentials, and any public part of the further credentials, that the further credentials have been securely established inside a security domain of the loT SAFE applet.

As disclosed above, the further credentials can be used by the communication device 200 for establishing secure communication with another MNO than the MNO to which the first credentials are bound. In particular, in some embodiments, the network node 300 is configured to perform (optional) step S214 when the first credentials were provided to the communication device 200 from a first MNO of the network node 300:

S214: The network node 300 establishes, using the further credentials, secure communication between the communication device 200 and an loT service provider of the network node 300, while the communication device 200 is connected to the network of the second MNO.

One particular embodiment for download of first credentials as part of the subscription profile based on at least some of the above disclosed embodiments will now be disclosed in detail with reference to the signalling diagram of Fig. 5 (where all the credentials are first credentials according to the above).

In this embodiment each MNO provides credentials for use with the loT SAFE applet through the subscription profile. In the GSMA Remote SIM Provisioning standards for M2M devices and consumer devices the download, parsing and installation of a subscription profile is split between one Issuer Security Domain Root (ISD-R) and one or more Issuer Security Domain Profiles (ISD-P), where the ISD- R is the security domain of the subscription module issuer and ISD-P is the security domain where a subscription profile is stored. Upon subscription profile download and installation, the ISD-R creates a new ISD-P in which the new subscription profile shall reside. It is in the ISD-P the encrypted subscription profile package is decrypted and parsed. The PPI of the operating system of the subscription module is invoked to parse the subscription profde package upon successful decryption. The PPI is configured to handle parsing of the credentials. The credentials may be stored in a dedicated Profile Element (PE) recognized by the PPI. Alternatively, an existing profile element, such as PE-NonStandard, is used with a dedicated issuer ID identifying loT SAFE credential provisioning. Upon successful parsing of the credentials the PPI is privileged to store the credentials into the security domain of the loT SAFE applet where the loT SAFE applet can retrieve the credentials.

The credentials delivered in a subscription profile of a given MNO should only be usable by device applications when that particular subscription profile is active. For this reason, the PPI associates each credential obtained via a subscription profile with the ICCID of the subscription profile. As an alternative to ICCID of the subscription profile the Application Identifier (AID) of the ISD-P in which the subscription profile is installed may be used. Generation or establishment of credentials may also be performed by the loT SAFE applet triggered by a device application via the loT SAFE applet. Credentials may also be provided to the loT SAFE applet for storage by a device application. In these two cases the credentials are always usable in operations independently of what subscription profile that is active. The credentials are then marked as always usable e.g. by assigning the all-zero ICCID or ISD-P AID.

For each loT SAFE operation involving the use of a credential the loT SAFE applet checks that the credential is usable by checking that the ICCID/ISD-P AID associated with the credential in the loT SAFE applet belongs to an active profile. For example, in the current case of only one active subscription profde at a time, the loT SAFE applet may read the EF ICCID file to obtain the ICCID of the active subscription profile and compare it to the ICCID is stored with the credential. The loT SAFE applet may perform this operation once and then cache the currently active ICCID internally as long as the application remains selected.

In the below it is for illustrative purposes assumed that an loT service provider owns or license a batch of communication devices for which the loT service provider orders subscription profdes.

S300: The eUICC is manufactured with eSIM support including credentials for subscription profde download. The eUICC is also configured with an loT SAFE applet common for all MNOs. The loT SAFE applet is stored in a dedicated security domain according to above. The loT SAFE applet does not contain any credentials.

S301: The loT service provider orders a subscription profde with credential(s) for loT SAFE from an MNO for the communication device 200. The credential(s) is/are to be used in establishing secure communication between the communication device 200 and an loT service.

S302: The MNO generates credential(s) for the communication device 200. S303: The MNO interacts with the provisioning server to prepare a subscription profile for the communication device 200. The generated credential(s) is/are transferred from the MNO to the provisioning server. Alternatively, the loT SAFE credentials are generated at the provisioning server and delivered to the MNO.

S304: The provisioning server prepares a subscription profile where the credential(s) is/are included.

S305: The MNO provides a response back to the loT service provider, where the response comprises the credential(s). The credential(s) is/are securely delivered based on established secure communication. The response may also comprise information needed for triggering subscription profile download (e.g. an Activation Code (AC)).

S306: (Optional) In case the eSIM consumer variant is used and an AC was received in step S305 the AC is delivered to the Local Profile Assistant (LPA) of the communication device 200.

S307: Subscription profile download, installation, and enabling of the downloaded subscription profile is performed. In case of the eSIM consumer variant the LPA triggers subscription profile download using information from the AC.

S308: During subscription profile installation the PPI (running in the ISD-P security domain) parses the subscription profile and extracts the credential(s) and stores the credential(s) in loT SAFE applet storage. The PPI associates each credential with the ICCID of the subscription profile.

S309: When the new subscription profile is activated the communication device 200 attaches to the MNO using the new subscription profile.

S310: The device application establishes secure communication based on DTLS with the loT service provider using the loT SAFE applet and the new credential(s).

S311 : When loT SAFE operations requested by the device application is accessing a credential stored in the loT SAFE applet, the loT SAFE applet checks that the subscription profile linked with the credential(s) (if any) is activated.

S312: The communication device 200 is registered with the loT service provider.

S313: The communication device 200, using the credential(s), securely communicates with the loT service provider.

Steps S301 - S305 may be performed once for a whole batch of communication devices 200 instead of for an individual communication device 200 as shown here. One particular embodiment for establishment of further credentials not linked to a specific subscription profde based on at least some of the above disclosed embodiments will now be disclosed in detail with reference to the signalling diagram of Fig. 6.

In the case of the first mentioned variant of the loT SAFE applet, a device application may utilize first credentials downloaded via a subscription profde (and bound to a specific subscription profile) to establish secure communication with a remote server controlled by the loT service provider in order to establish further credentials that are not bound to a specific MNO and allowing the further credentials to be used whilst the communication device 200 is connected to different networks. This is possible since these further credentials generated, or established, by the loT SAFE applet triggered by a device application via the loT SAFE applet, or first credentials provided to the loT SAFE applet for storage by a device application, are always usable in operations independently of what subscription profile that is active.

Credentials generated/established in the loT SAFE applet are not accessible by the device application. The loT SAFE applet ensures that these credentials are not accessed and when the OTA mechanism is used the MNO provides guarantees to the loT service provider that these credentials are generated/established in the loT SAFE applet. But the loT service provider must still trust the device application. When the device application is generating/establishing further credentials via the loT SAFE applet, even though the loT service provider trusts the device application, the loT service provider may want to have proof that the further credentials are generated/established in the loT SAFE applet and not outside the loT SAFE applet by the device application.

S400: The communication device 200 is attached to the network of MNO 1 for which the communication device 200 has previously downloaded a subscription profile and credential(s) bound to the subscription profile. The credential(s) has/have been securely delivered from MN01 to the loT service provider.

S401: The device application establishes secure communication based on DTLS with the loT service provider using the credential(s). In this example the credential(s) is a symmetric key and DTLS-PSK is used to secure the communication.

S402: When loT SAFE operations requested by the device application is accessing credential(s) stored in the loT SAFE applet (in this case the symmetric key) the loT SAFE applet checks that the subscription profile linked with the credential(s) (if any) is activated.

S403: The communication device 200 is registered with the loT service provider using the device and data management protocol. In this example the LwM2M protocol is used.

S404: Using the LwM2M protocol, the loT service provider sends a request to the device application to trigger the generation of further credential(s), in the form of a private -public key pair, in the loT SAFE applet. S405: The device application triggers the loT SAFE applet to generate the further credential(s). The further credential(s), in terms of the private -public key pair, is generated by the loT SAFE applet.

S406: The public key of the key pair is returned to the device application.

S407: The device application (or device middleware) generates a Certificate Signing Request (CSR) for the received public key.

S408: The device application uses the loT SAFE applet SignQ -operation to sign the CSR using the new private key.

S409: The device application uses the loT SAFE applet SignQ -operation to sign the first credential(s), for example a symmetric key, bound to the subscription profile. Further aspects relating to the signing will be disclosed below. The loT SAFE applet checks that the first credential(s) is/are allowed to be used by checking that the subscription profile bound to first credential(s) is active. The signature on the first credential(s) is then returned.

S410: Using the LwM2M protocol, the CSR (including its signature) and the credential signature is returned as a response to the request in step S404.

S411: The loT service provider verifies the received credential signature.

S412: Upon successful verification of the credential signature, the loT service provider requests a certificate from a CA. The CSR is provided as part of the request.

S413: Upon examining the CSR (e.g. verifying the CSR signature), the CA generates a certificate for the communication device 200.

S414: The device certificate is returned to the loT service provider.

S415: The loT service provider uses the LwM2M protocol to send the certificate to the communication device 200.

S416: The loT service provider stores the further credentials.

S417: The device application stores the new device certificate in the loT SAFE applet.

S418: (Optional) The communication device 200 continues to communicate securely using the first credential(s). Alternatively, the communication device 200 is rebooted to start using the further credential(s).

S419: A new subscription profile is downloaded and installed to the communication device 200 from a second MNO, denoted MN02. This may be due to that the communication device 200 is moved to new area where the new subscription profile is more suitable to be used. The new subscription profile is enabled.

S420: The communication device 200 attaches to the network of MN02.

S421: The device application establishes secure communication based on DTLS with the loT service provider using the further credential(s).

S422: When loT SAFE operations requested by the device application is accessing credential(s) stored in the loT SAFE applet the loT SAFE applet checks that the subscription profile linked with the credential(s) (if any) is activated. In this case there is no subscription profde linked to the further credential(s).

S423: The communication device 200, using the further credential(s), securely communicates with the loT service provider.

For steps S410 - S416 the communication device 200 might as an alternative on its own connect to a CA using Enrollment over Secure Transport (EST) over the CoAP protocol, deliver the CSR, and obtain a device certificate. The device certificate might then either be obtained by the loT service provider from the communication device 200 or from the CA.

Further aspects of providing proof that the further credentials are generated/established in the loT SAFE applet will now be disclosed. As disclosed above, the loT service provider may want to have proof that the further credentials are generated/established in the loT SAFE applet and not outside the loT SAFE applet by a rogue device application.

Further aspects of how the first credential(s) and the further credential(s) impact how proof of the that the further credentials are generated/established in the loT SAFE applet can be provided will now be disclosed for different examples of first credential(s) and further credential(s).

In some examples the first credential(s) is a symmetric key and the further credential(s) is a private-public key pair. Comparing to loT SAFE vl.O, one way to provide proof that the thus new key pair is generated in the loT SAFE applet is to have the applet Sign()-operation extended to sign an internal loT SAFE secret credential, such as a symmetric key. The device application can call this function and request the new private key to be used to sign the old symmetric key. The signature is then delivered to the loT service provider along with the public key (e.g. as in Fig. 6). The loT service provider has the symmetric key and may then verily the signature using the received public key. The loT service provider is convinced that the private key was generated in the loT SAFE applet since only private keys internal to the loT SAFE applet can be used to sign keys internal to the loT SAFE applet. An alternative approach is to extend the Sign() -operation allowing a symmetric key and encryption algorithm to be specified and where the signature is encrypted before it is delivered to the device application. The device application can use this operation when signing the CSR. The loT service provider can then decrypt the signature using the first credential(s) such that the loT service provider can obtain the signature in plain in order to provide it to the CA for issuing a certificate.

In some examples the first credential(s) and the further credential(s) are private-public key pairs. One way to provide proof that the new key pair is generated in the loT SAFE applet is for the loT service provider to generate and wrap a symmetric key using the old public key of the loT SAFE applet and send the wrapped key as part of the request to generate a new key pair (as in step S405 of Fig. 6). The loT SAFE applet then unwraps the thus wrapped key and store the thus unwrapped key as an internal key in the loT SAFE applet. The extended SignQ -operation described above is then used to sign the symmetric key using the new private key and provide the signature back to the loT service provider for verification similar to what was described above.

In some examples the first credential(s) is a private-public key pair and the further credential(s) is a symmetric key. In the case the further credential(s) is a symmetric key it is typically generated by the loT service provider and sent to the communication device 200. The same wrapping mechanism as described above can be used to transfer the symmetric into the loT SAFE internal storage. A proof may be provided to the loT service provider that the symmetric key was successfully installed. For example, the applet extended Sign()-operation described above can be used to sign the new symmetric key using the old private key and provide the signature back to the loT service provider for verification. Another example is to use the Compute pseudorandom function family (PRF) operation or the Compute Hash-based key derivation function (HKDF) operation with the new symmetric key on some agreed data to provide some footprint data that can be provided to the loT service provider for verification and that proves the symmetric key was successfully installed.

In some examples the first credential(s) is a symmetric key and the further credential(s) is a symmetric key. The further credential(s) is a symmetric key generated by the loT service provider. The new key is wrapped (i.e. encrypted) using e.g. the Advanced Encryption Standard (AES) with the old symmetric key and is then sent to the communication device 200. An AES unwrap operation is used by the loT SAFE applet to decrypt and install the new symmetric key. A proof may be provided to the loT service provider that the symmetric key was successfully installed. For example, the Compute PRF operation or the Compute HKDF operation may be used with the new symmetric key on some agreed data to provide some footprint data that can be provided to the loT service provider for verification and that proves the symmetric key was successfully installed.

Fig. 7 schematically illustrates, in terms of a number of functional units, the components of a communication device 200 according to an embodiment. Processing circuitry 210 is provided using any combination of one or more of a suitable central processing unit (CPU), multiprocessor, microcontroller, digital signal processor (DSP), etc., capable of executing software instructions stored in a computer program product 1010a (as in Fig. 11), e.g. in the form of a storage medium 230. The processing circuitry 210 may further be provided as at least one application specific integrated circuit (ASIC), or field programmable gate array (FPGA).

Particularly, the processing circuitry 210 is configured to cause the communication device 200 to perform a set of operations, or steps, as disclosed above. For example, the storage medium 230 may store the set of operations, and the processing circuitry 210 may be configured to retrieve the set of operations from the storage medium 230 to cause the communication device 200 to perform the set of operations. The set of operations may be provided as a set of executable instructions. Thus the processing circuitry 210 is thereby arranged to execute methods as herein disclosed.

The storage medium 230 may also comprise persistent storage, which, for example, can be any single one or combination of magnetic memory, optical memory, solid state memory or even remotely mounted memory.

The communication device 200 may further comprise a communications interface 220 for communications with other entities, functions, nodes, and devices. As such the communications interface 220 may comprise one or more transmitters and receivers, comprising analogue and digital components.

The processing circuitry 210 controls the general operation of the communication device 200 e.g. by sending data and control signals to the communications interface 220 and the storage medium 230, by receiving data and reports from the communications interface 220, and by retrieving data and instructions from the storage medium 230. Other components, as well as the related functionality, of the communication device 200 are omitted in order not to obscure the concepts presented herein.

Fig. 8 schematically illustrates, in terms of a number of functional modules, the components of a communication device 200 according to an embodiment. The communication device 200 of Fig. 8 comprises a number of functional modules; an obtain module 210a configmed to perform step S102, a store module 210c configmed to perform step SI 04, and an establish module 210d configured to perform step SI 06. The communication device 200 of Fig. 8 may further comprise a number of optional functional modules, such as any of a parse module 210b configured to perform step SI 02a, an obtain module 210e configured to perform step SI 08, a generate module 21 Of configured to perform step SI 10, a provide module 210g configured to perform step SI 12, and an establish module 21 Oh configmed to perform step S114.

In general terms, each functional module 210a-210f may be implemented in hardware or in software. Preferably, one or more or all functional modules 210a-210f may be implemented by the processing circuitry 210, possibly in cooperation with the communications interface 220 and/or the storage medium 230. The processing circuitry 210 may thus be arranged to from the storage medium 230 fetch instructions as provided by a functional module 210a-210f and to execute these instructions, thereby performing any steps of the communication device 200 as disclosed herein. Fig. 9 schematically illustrates, in terms of a number of functional units, the components of a network node 300 according to an embodiment. Processing circuitry 310 is provided using any combination of one or more of a suitable central processing unit (CPU), multiprocessor, microcontroller, digital signal processor (DSP), etc., capable of executing software instructions stored in a computer program product 1010b (as in Fig. 11), e.g. in the form of a storage medium 330. The processing circuitry 310 may further be provided as at least one application specific integrated circuit (ASIC), or field programmable gate array (FPGA).

Particularly, the processing circuitry 310 is configured to cause the network node 300 to perform a set of operations, or steps, as disclosed above. For example, the storage medium 330 may store the set of operations, and the processing circuitry 310 may be configured to retrieve the set of operations from the storage medium 330 to cause the network node 300 to perform the set of operations. The set of operations may be provided as a set of executable instructions. Thus the processing circuitry 310 is thereby arranged to execute methods as herein disclosed.

The storage medium 330 may also comprise persistent storage, which, for example, can be any single one or combination of magnetic memory, optical memory, solid state memory or even remotely mounted memory.

The network node 300 may further comprise a communications interface 320 for communications with other entities, functions, nodes, and devices. As such the communications interface 320 may comprise one or more transmitters and receivers, comprising analogue and digital components.

The processing circuitry 310 controls the general operation of the network node 300 e.g. by sending data and control signals to the communications interface 320 and the storage medium 330, by receiving data and reports from the communications interface 320, and by retrieving data and instructions from the storage medium 330. Other components, as well as the related functionality, of the network node 300 are omitted in order not to obscure the concepts presented herein.

Fig. 10 schematically illustrates, in terms of a number of functional modules, the components of a network node 300 according to an embodiment. The network node 300 of Fig. 10 comprises a number of functional modules; a generate module 310a configured to perform step S202, a provide module 310b configured to perform step S204, and an establish module 310c configured to perform step S206. The network node 300 of Fig. 10 may further comprise a number of optional functional modules, such as any of a provide module 310d configured to perform step S208, an obtain module 310e configured to perform step S210, a verily module 31 Of configured to perform step S212, and an establish module 310g configured to perform step S214.

In general terms, each functional module 310a-310g may be implemented in hardware or in software. Preferably, one or more or all functional modules 310a-310g may be implemented by the processing circuitry 310, possibly in cooperation with the communications interface 320 and/or the storage medium 330. The processing circuitry 310 may thus be arranged to from the storage medium 330 fetch instructions as provided by a functional module 310a-310g and to execute these instructions, thereby performing any steps of the network node 300 as disclosed herein.

The network node 300 may be provided as a standalone device or as a part of at least one further device. For example, the network node 300 may be provided in a node of the radio access network or in a node of the core network. Alternatively, functionality of the network node 300 may be distributed between at least two devices, or nodes. These at least two nodes, or devices, may either be part of the same network part (such as the radio access network or the core network) or may be spread between at least two such network parts. In general terms, instructions that are required to be performed in real time may be performed in a device, or node, operatively closer to the cell than instructions that are not required to be performed in real time.

Thus, a first portion of the instructions performed by the network node 300 may be executed in a first device, and a second portion of the instructions performed by the network node 300 may be executed in a second device; the herein disclosed embodiments are not limited to any particular number of devices on which the instructions performed by the network node 300 may be executed. Hence, the methods according to the herein disclosed embodiments are suitable to be performed by a network node 300 residing in a cloud computational environment. Therefore, although a single processing circuitry 210, 310 is illustrated in Fig. 9 the processing circuitry 310 may be distributed among a plurality of devices, or nodes. The same applies to the functional modules 310a-310g of Fig. 10 and the computer program 1020b of Fig. 11.

Fig. 11 shows one example of a computer program product 1010a, 1010b comprising computer readable means 1030. On this computer readable means 1030, a computer program 1020a can be stored, which computer program 1020a can cause the processing circuitry 210 and thereto operatively coupled entities and devices, such as the communications interface 220 and the storage medium 230, to execute methods according to embodiments described herein. The computer program 1020a and/or computer program product 1010a may thus provide means for performing any steps of the communication device 200 as herein disclosed. On this computer readable means 1030, a computer program 1020b can be stored, which computer program 1020b can cause the processing circuitry 310 and thereto operatively coupled entities and devices, such as the communications interface 320 and the storage medium 330, to execute methods according to embodiments described herein. The computer program 1020b and/or computer program product 1010b may thus provide means for performing any steps of the network node 300 as herein disclosed.

In the example of Fig. 11, the computer program product 1010a, 1010b is illustrated as an optical disc, such as a CD (compact disc) or a DVD (digital versatile disc) or a Blu-Ray disc. The computer program product 1010a, 1010b could also be embodied as a memory, such as a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM), or an electrically erasable programmable read-only memory (EEPROM) and more particularly as a non-volatile storage medium of a device in an external memory such as a USB (Universal Serial Bus) memory or a Flash memory, such as a compact Flash memory. Thus, while the computer program 1020a, 1020b is here schematically shown as a track on the depicted optical disk, the computer program 1020a, 1020b can be stored in any way which is suitable for the computer program product 1010a, 1010b.

The inventive concept has mainly been described above with reference to a few embodiments. However, as is readily appreciated by a person skilled in the art, other embodiments than the ones disclosed above are equally possible within the scope of the inventive concept, as defined by the appended patent claims.