| CPC H04L 9/0866 (2013.01) [H04L 9/0825 (2013.01); H04L 9/3242 (2013.01); H04L 9/3263 (2013.01)] | 19 Claims |
|
1. A method for securing a communication between a remote server and a device equipped with a secure element, device side profile data being stored in at least one of the device or the secure element, device side secure element data being stored in the secure element, wherein image data includes server side profile data being stored in the remote server, and server side secure element data being stored in the remote server, or being retrievable from the remote server, the method comprising:
associating the device with the secure element,
generating device key material based on the device side profile data and the device side secure element data, wherein the device side profile data includes device side profile public data and the device side secure element data includes device side secure element public data and device side secure element private data, the device side profile public data consists essentially of at least one of a profile public ID, a profile public key or a profile public certificate, and the device side secure element public data consists essentially of at least one of a secure element public ID, a secure element public key or a secure element public key certificate,
reporting the association to the remote server, by sending, to the remote server, only a part of the device side profile public data and only a part of the device side secure element public data,
generating server key material based on the server side profile data and the server side secure element data, retrieved from the image data from the reported association, and
authorizing a communication between the device and the remote server, after an authentication based at least on a comparison between the device key material and the server key material,
wherein the server side profile data is stored in the remote server before the association of the device and the secure element, and
the server side secure element data is stored in the remote server before the association of the device and the secure element or is retrievable from the remote server before the association of the device and the secure element.
|