Search

CN-122003897-A - Security device and method for communication

CN122003897ACN 122003897 ACN122003897 ACN 122003897ACN-122003897-A

Abstract

The exemplary embodiments relate to an apparatus, method, device, system, and computer-readable storage medium for communication. In one aspect, the first device includes at least one of a first module to generate a gear module for the second device, wherein the gear module is to provide one or more security functions in the second device, a second module to perform a download of the gear module from the first device to the second device, or a third module to associate the gear module with the second device prior to the download of the gear module to the second device. In this way, the gear module may be generated and stored in the first module, associated with the second device, and downloaded to the second device, thereby flexibly implementing the security functions in the second device.

Inventors

  • Peculiar Jiawali
  • LIU FEI

Assignees

  • 华为技术有限公司

Dates

Publication Date
20260508
Application Date
20241028
Priority Date
20231027

Claims (20)

  1. 1. A first device, characterized in that, comprising at least one of the following: a first module to generate a gear module for a second device, wherein the gear module is to provide one or more security functions in the second device; A second module for performing a download of the gear module from the first device to the second device, or And a third module for associating the gear module with the second device prior to downloading the gear module to the second device.
  2. 2. The first apparatus of claim 1, further comprising at least one of: A fourth module for storing the gear module prior to downloading the gear module to the second device, or And a fifth module for performing at least one operation on the gear module after the gear module is downloaded to the second device.
  3. 3. The first device of claim 1 or 2, wherein the second device is one of: Terminal equipment or A security device in the terminal device.
  4. 4. A first device according to claim 3, wherein the security device comprises at least one of: A universal integrated circuit card UICC; An embedded universal integrated circuit card eUICC; A Subscriber Identity Module (SIM); Embedded subscriber identity module eSIM, or A smart card.
  5. 5. A method, comprising: Receiving, at a first device, a request from a third device that the first device generate a gear module for a second device, wherein the gear module is to provide one or more security functions in the second device; generating the gear module for the second device according to the request; A response to the request is sent to the third device.
  6. 6. The method as recited in claim 5, further comprising: after generating the gear module, associating the generated gear module with an identifier of the second device.
  7. 7. The method according to claim 5 or 6, further comprising: and storing the generated gear module in the first device.
  8. 8. A method, comprising: Transmitting, at a third device, a request to a first device to generate a gear module for a second device by the first device, wherein the gear module is to provide one or more security functions in the second device; a response to the request is received from the first device.
  9. 9. The method according to any one of claims 5 to 8, wherein the request comprises at least one of: at least one requirement information of the gear module; The number of at least one gear module, or An identifier of the second device.
  10. 10. The method of any one of claims 5 to 9, wherein the response comprises at least one of: an indication of success or failure of the generation of the gear module, or The cause of the failure.
  11. 11. A method, comprising: Receiving, at a first device, a request from a terminal device to download a gear module from the first device to a second device; binding the gear module with a session key generated for the second device; And sending the gear module to the second device, wherein the gear module is used for providing one or more safety functions in the second device.
  12. 12. The method as recited in claim 11, further comprising: A mutual authentication is performed between the first device and the second device, wherein the session key is generated during the mutual authentication.
  13. 13. The method according to claim 11 or 12, further comprising: obtaining at least one parameter for generating the session key from the second device during the mutual authentication; the session key is generated from the at least one parameter obtained during the mutual authentication.
  14. 14. The method of any one of claims 11 to 13, wherein the gear module is associated with the second device.
  15. 15. The method according to any one of claims 11 to 14, wherein the second device is one of: Terminal equipment or A security device in the terminal device.
  16. 16. The method of claim 15, wherein the second apparatus is a terminal device, the method further comprising: a request is received from the terminal device to download the gear module from the first apparatus to the terminal device.
  17. 17. The method according to any one of claims 11 to 16, further comprising: searching for the gear module in the first device according to an identifier of the second device before binding the gear module and the session key.
  18. 18. The method according to any one of claims 11 to 17, further comprising: an indication of success or failure of the download of the gear module is received from the second device.
  19. 19. The method as recited in claim 18, further comprising: and sending an indication of downloading the gear module to the second device to a third device according to the received indication of successful downloading of the gear module.
  20. 20. A method, comprising: transmitting, at a second device, to a first device, a request to download a gear module from the first device to the second device; Performing mutual authentication between the first device and the second device; receiving the gear module from the first device, Wherein the gear module is bound to a session key generated for the second device, wherein the gear module is configured to provide one or more security functions in the second device.

Description

Security device and method for communication Cross Reference to Related Applications The present application claims priority from indian patent application number 202331073120 filed on 10/27 of 2023, the entire contents of which are incorporated herein by reference. Technical Field Example implementations of the present disclosure relate generally to the field of communications and, more particularly, to security devices and methods for communications, such as wireless communications. Background An apparatus, such as a subscriber identity module (subscriber identity module, SIM) card, is capable of authenticating a mobile device to a cellular network. Since its evolution, the functionality of SIM cards has increased from basic authentication to secure mobile payments. Although the Java card provides a security function, it can provide only a limited security function related to a password service. Since a plurality of security applications are being implemented in the SIM card, the security functions of the SIM card should also be enhanced. Disclosure of Invention In general, the exemplary implementations of the present disclosure provide a solution for communication security. In a first aspect, a first apparatus is provided. The first device includes at least one of a first module to generate a gear module for a second device, wherein the gear module is to provide one or more security functions in the second device, a second module to perform a download of the gear module from the first device to the second device, or a third module to associate the gear module with the second device prior to the download of the gear module to the second device. In this way, the gear module may be generated and transmitted from the first device, e.g., an engine, to the second device, e.g., a device or an embedded universal integrated circuit card (embedded universal integrated circuit card, eUICC) in the device, for providing security functionality in the second device. In one implementation, the first device further includes at least one of a fourth module to store the gear module prior to downloading the gear module to the second device, or a fifth module to perform at least one operation on the gear module after downloading the gear module to the second device. In this way, the first device can flexibly manage the security functions in the second device. In a certain implementation, the second device is a terminal device, or a security device in the terminal device. In this way, the security function can be flexibly implemented in the terminal device or in the security means, e.g., the eUICC, in the terminal device. In one implementation, the security device includes at least one of a universal integrated circuit card (universal integrated circuit card, UICC), an embedded universal integrated circuit card (embedded universal integrated circuit card, eUICC), a subscriber identity module (subscriber identity module, SIM), an embedded subscriber identity module (embedded subscriber identity module, eSIM), or a smart card. In this way, security can be flexibly implemented in different formats. In a second aspect, a method performed by a first apparatus is provided. The method includes receiving a request from a third device that the first device generates a gear module for a second device, wherein the gear module is used for providing one or more security functions in the second device, generating the gear module for the second device according to the request, and sending a response to the request to the third device. In this way, the first device, e.g. an engine, can generate the gear module on demand, thereby flexibly providing security functions in the second device. In one implementation, the method further includes, after generating the gear module, associating the generated gear module with an identifier of the second device. In this way, the generated gear modules may be associated with separate second devices to distinguish between different gear modules having different second devices. In one implementation, the method further includes storing the generated gear module in the first device. In this way, the gear module need not be regenerated after the first generation and can be conveniently transmitted to the second device. In a third aspect, a method performed by a third apparatus is provided. The method includes sending a request to a first device to the first device to generate a gear module for a second device, wherein the gear module is configured to provide one or more security functions in the second device, and receiving a response to the request from the first device. In this way, a third device, such as an operator device, may cause the first device to generate the gear module for flexibly providing a safety function in the second device. In one implementation, the request includes at least one of at least one requirement information of the gear module, a number of at least one gear module, or an identif