Over the air service provisioning

Abstract

Mobile users should be able to buy their handsets and then get service from any service provider without physically taking the handset to the provider’s location or manually entering long keys and parameters into the handset. This capability to activate and provision the handset remotely is part of the current North American wireless standards and is referred to as ‘over the air service provisioning’ (OTASP). We examine current proposals and point out some of their limitations. Often the knowledge shared between the mobile user and the network is not fully specified and hence not exploited. We depart from this norm by first providing a classification of various sharing of secrets and secondly we make explicit the assumed shared knowledge and use it to construct various schemes for OTASP. We present a different OTASP scheme for each of the following assumptions: 1) availability of a land line, 2) public key of a CA in the handset, 3) weak secret shared by the mobile user and the network, and 4) secret of the mobile user which can only be verified by the network.