WO2002017655A2 - Method and apparatus for generating an unique encryption key stream for each data block in a frame - Google Patents

Method and apparatus for generating an unique encryption key stream for each data block in a frame Download PDF

Info

Publication number
WO2002017655A2
WO2002017655A2 PCT/US2001/025368 US0125368W WO0217655A2 WO 2002017655 A2 WO2002017655 A2 WO 2002017655A2 US 0125368 W US0125368 W US 0125368W WO 0217655 A2 WO0217655 A2 WO 0217655A2
Authority
WO
WIPO (PCT)
Prior art keywords
private key
key
dynamic system
frame
mobile station
Prior art date
Application number
PCT/US2001/025368
Other languages
French (fr)
Other versions
WO2002017655A3 (en
Inventor
John P. Monson
Mark S. Nowak
Original Assignee
Motorola, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Motorola, Inc. filed Critical Motorola, Inc.
Priority to AU2001284870A priority Critical patent/AU2001284870A1/en
Publication of WO2002017655A2 publication Critical patent/WO2002017655A2/en
Publication of WO2002017655A3 publication Critical patent/WO2002017655A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0457Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply dynamic encryption, e.g. stream encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/033Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic

Definitions

  • the present invention relates generally to wireless communication systems, and more particularly, to a method and an apparatus for generating an unique encryption key stream for each data block in a frame.
  • a cellular communication system is a complex network of systems and elements.
  • Typical elements include a radio link to the mobile stations (cellular telephones), which is usually provided by at least one and typically several base stations, (2) communication links between the base stations, (3) a controller, typically one or more base station controllers or centralized base station controllers (BSC/CBSC), to control communication between and to manage the operation and interaction of the base stations, (4) a call controller or switch, typically a mobile switching center (MSC), for routing calls within the system, and (5) a link to the land line or public switch telephone system (PSTN), which is usually also provided by the MSC.
  • MSC mobile switching center
  • PSTN public switch telephone system
  • digitized voice without encryption in wireless communication systems may be demodulated and decoded by a suitable receiver.
  • Such eavesdropping capability endangers the privacy of members in the system and the security of the information exchanged through the over-the-air interface.
  • Wireless communication systems may be improved by a suitable encryption scheme to protect the information exchanged between mobile stations and base stations.
  • Current communication systems require intricate end-to-end synchronization schemes to encrypt or decrypt information exchanged through an over-the-air interface during a transmission.
  • communication systems provide encryption synchronization to mobile stations and base stations by using over-the-air signaling and additional decoding. However, such systems may inefficiently use valuable radio frequency (RF) resources and may cause audio distortion in receivers until synchronization information is sent again to synchronize the mobile stations and the base stations.
  • RF radio frequency
  • Some encryption methods use historical information, i.e., encryption histories, to encrypt or decrypt information for transmission through an over-the-air interface.
  • Such methods use a session key repeatedly for multiple transmissions, which may lead to error multiplication if an RF fade is encountered. Consequently, the transmission cannot be decoded and is severely distorted until encryption is reset or re- synchronized because the mobile station and the base station are out of sync.
  • To reset or re-synchronize the encryption current communication systems require additional logic and complexity, and in some cases, RF bandwidth to keep the mobile station and the base station in sync.
  • FIG. 1 is a block diagram representation of a wireless communication system that may be adapted to operate in accordance with the preferred embodiments of the present invention.
  • FIG. 2 is a block diagram representation of an apparatus that may be adapted to operate in accordance with preferred embodiments of the present invention.
  • FIG. 3 is a block diagram representation of a session key for generating an unique encryption key stream that may be adapted to operate in accordance with the preferred embodiments of the present invention.
  • FIG. 4 is a flow diagram representation of a method of generating an unique encryption key stream for each data block in a frame that may be adapted to operate in accordance with the preferred embodiments of the present invention.
  • the present invention provides a method and an apparatus for generating an unique encryption key stream for each data block of a frame in a wireless communication system to encrypt and decrypt information. Synchronizing an encryption algorithm on boundaries of a data block, such as a time slot in a TDMA based communication system, alleviates the problem of synchronizing multiple mobile stations as in cellular call handover, and also eliminates the complexity required to keep mobile stations and base stations in sync.
  • a private key is shared between a mobile station and a base station servicing the mobile station.
  • the source, the location, the time, the method, and the type of a transmission are factors to derive a plurality of dynamic system parameters that combine with the private key to generate a session key.
  • Each data block in a frame has a different session key that is used to generate an unique encryption key stream to encrypt and decrypt information exchanged through an over-the-air interface.
  • Data block-based synchronization eliminates the problem of the mobile station and the base station being out of sync because errors encountered due to RF fades would not multiply. Only the data blocks in the frame that could not be decoded may cause audio distortion.
  • the present invention generates an unique encryption key stream for each data block in a frame to avoid inefficient use of RF resources, distortion, and synchronization problems.
  • the present invention is described in terms of several preferred embodiments, and particularly, in terms of a wireless communication system operating in accordance with at least one of several communication standards.
  • These standards include analog, digital or dual-mode communication system protocols such as, but not limited to, the Advanced Mobile Phone System (AMPS), the Narrowband Advanced Mobile Phone System (NAMPS), the Global System for Mobile Communications (GSM), the IS-55 Time Division Multiple Access (TDMA) digital cellular, the IS-95 Code Division Multiple Access (CDMA) digital cellular, the Personal Communications
  • AMPS Advanced Mobile Phone System
  • NAMPS Narrowband Advanced Mobile Phone System
  • GSM Global System for Mobile Communications
  • TDMA Time Division Multiple Access
  • CDMA Code Division Multiple Access
  • a wireless communication system 100 includes a mobile switching center (MSC) 110, and a plurality of base station controllers (BSC), 120 and 125, servicing a total service area 130.
  • MSC mobile switching center
  • BSC base station controllers
  • each BSC 120 and 125 has associated therewith a plurality of base stations (BS), generally shown as 140, 145, 150, and 155, servicing communication cells, generally shown as 160, 165, 170, and 175, respectively.
  • BS base stations
  • servicing communication cells generally shown as 160, 165, 170, and 175, respectively.
  • MSC 110, BSCs 120 and 125, and base stations 140, 145, 150, 155 are specified and operate in accordance with the applicable standard or standards for providing wireless communication services to mobile stations (MS), generally shown as 180 and 185, operating in cells 160, 165, 170, 175 and each of these elements are commercially available from Motorola, Inc. of Schaumburg, Illinois.
  • mobile stations 180 and 185 exchange information with base stations 145 and 155, respectively, through an over- the-air interface.
  • the wireless communication system may be, but is not limited to, a time division multiple access (TDMA) based communication system, a code division multiple access (CDMA) based communication system, and a packet data system.
  • TDMA time division multiple access
  • CDMA code division multiple access
  • the present invention provides security to information exchanged between mobile stations 180, 185 and base stations 145, 155 servicing the mobile stations, respectively.
  • the information is encrypted or decrypted with an unique encryption key stream based on a private key and a plurality of dynamic system parameters for each data block in a frame.
  • the unique encryption key stream may be logically combined with plaintext to generate ciphertext.
  • Plaintext is the information to be encrypted
  • ciphertext is the logical combination of the plaintext and the unique encryption key stream.
  • the plaintext may be, but is not limited to, voice or data that is desired to be encrypted.
  • the unique encryption key stream is XOR'ed with the plaintext to generate the ciphertext, which enhances security for transmission of the information between a mobile station 180, 185 and a base station 145, 155 servicing the mobile station, respectively, through the over-the-air interface in the wireless communication system 100.
  • an encryption device 200 generally includes a private key source 210, a parameters source 220, a logic circuit 230, and a key stream generator 240.
  • the encryption device 200 may be integrated into or adapted to a mobile station or a base station as a standalone unit.
  • the private key source 210 and the parameters source 220 are coupled to the logic circuit 230.
  • the output of the logic circuit 230 is coupled to the key stream generator 240 to generate an unique encryption key stream for each data block in a frame.
  • the data block may be, but is not limited to, a TDMA time slot, a CDMA power control group, and a data packet.
  • the private key source 210 provides a private key, which is a code shared by a mobile station and a base station servicing the mobile station in a wireless communication system. Sharing the private key by the mobile station and the base station allows a session key to be generated without interaction between the two network elements.
  • the private key may change by resetting the encryption device 200.
  • the private key source 210 may be, but is not limited to, a memory that stores the private key.
  • the parameters source 220 provides a plurality of dynamic system parameters including a transaction direction, a receiver frequency, a color code, and a slot number, which are further discussed below.
  • the plurality of dynamic system parameters may include other parameters based on information of a transmission such as, but not limited to, the source, the location, the time, the method, and the type, i.e., who, where, when, how, and what of the transmission.
  • the logic circuit 230 logically combines the private key and the plurality of dynamic system parameters to generate a session key.
  • the logic circuit 230 may be, but is not limited to, an exclusive-OR (XOR) combinational logic circuit.
  • XOR exclusive-OR
  • the private key and the plurality of dynamic system parameters is modulo-two summed by the XOR combinational logic circuit to generate the session key.
  • the key stream generator 240 generates an unique encryption key stream for each data block in a frame with the session key generated from the logic circuit 230.
  • the key stream generator 240 includes an encryption algorithm, which may be, but is not limited to, a stream cipher algorithm that one of ordinary skill in the art will readily recognize.
  • the plurality of dynamic system parameters are based on information relating to a transmission, i.e., who, where, when, how, and what of the transmission.
  • the plurality of dynamic system parameters may include a code that indicates the modulation technique of a transmission.
  • the modulation technique may be, but is not limited to, quadrature amplitude modulation (QAM), phase shift keying modulation (PSK), differential phase shift keying (DPSK) modulation, quadrature phase shift keying (QPSK) modulation, Gaussian minimum shift keying (GMSK) modulation, and frequency shift keying (FSK) modulation.
  • the plurality of dynamic system parameters may include a code that indicates the type of call such as dispatch, telephone interconnect, and packet data.
  • a processor with a control program directs the encryption device 200 to generate an unique encryption key stream for each data block in a frame.
  • the private key source 210, the parameters source 220, the logic circuit 230, and the key stream generator 240 operate in accordance with the commands from the processor.
  • the processor is integrated into or adapted to the mobile station or the base station having the encryption device 200.
  • the processor may be integrated into or adapted to the encryption device 200.
  • the processor may be replaced by an application specific integrated circuit (ASIC) to operate the encryption device 200.
  • ASIC application specific integrated circuit
  • a private key and a plurality of dynamic system parameters may be logically combined to generate a session key for generating an unique encryption key stream. Referring to FIG.
  • the private key 310 and the plurality of dynamic system parameters 320 is modulo-two summed by an XOR combinational logic circuit to generate the session key 330.
  • the private key 310 may be, but is not limited to, a 64-bit code in a TDMA system that a mobile station and a base station servicing the mobile station have stored prior to a transmission.
  • the plurality of dynamic system parameters 320 is a 64-bit code that carries a transaction direction 340, a receiver frequency 342, a color code 344, a slot number 346, and a first and second 16-bit of zeros 348, 350.
  • the transaction direction 340 is a 1-bit code that identifies whether a fixed network element (FNE) or a mobile station (MS) is transmitting information. For example, when the direction bit is "1" then a FNE, such as a base station, is transmitting information. When the direction bit is "0" then a mobile station is transmitting information.
  • the transaction direction 340 is shifted by 31 -bits from the first 16-bits of zeros 348.
  • the receiver frequency 342 is a 12-bit code that indicates a frequency in which a mobile station and a base station servicing the mobile station are tuned.
  • the receiver frequency 342 may change at handovers, which are changes of channels.
  • the receiver frequency 342 is shifted left by 19-bits from the first 16-bits of zeros 348.
  • the color code 344 is a 4-bit code that identifies a reused frequency pattern to reduce interference and to distinguish interference signals from another cell.
  • the color code 344 is based on the location of a transmission so it may change at handovers.
  • the color code 344 is shifted left by 15-bits from the first 16-bits of zeros 348.
  • the slot number 346 is a 15-bit code that identifies a fifteen micro-seconds (15 msec) time slot for a physical channel in a time division multiple access (TDMA) based communication system.
  • the slot number 346 may change for every time slot in a frame.
  • the slot number 348 is shifted left by the first 16-bits of zeros 348.
  • method 400 for generating an encryption key stream for each data block in a frame is illustrated.
  • method 400 synchronizes an encryption algorithm by providing a different session key for each data block in a frame so that end-to-end synchronization is unnecessary.
  • method 400 begins at step 410 with providing a private key.
  • the private key is shared by a mobile station and a base station servicing the mobile station.
  • the private key may be stored in the memories of the mobile station and the base station.
  • a plurality of dynamic system parameters are provided.
  • the plurality of dynamic system parameters is based on information relating to a transmission such as the source, the location, the time, the method, and the type of the transmission.
  • a session key is generated by a logical combination of the private key and the plurality of dynamic parameters.
  • the private key and the plurality of dynamic parameters may be XOR'ed to generate the session key.
  • the session key initializes an encryption algorithm to generate an unique encryption key stream for each data block in a frame. In a TDMA based communication system, for example, the encryption key stream changes from time slot to time slot.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Time-Division Multiplex Systems (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present invention provides a method and an apparatus for generating an unique encryption key stream for each data block in a frame during a transmission through an over-the-air interface. A private key (310) and a dynamic system parameter (320) are combined to generate a session key (330). The dynamic system parameter (320) is based on information relating to the transmission such as the source, the location, the time, the method, and the type of the transmission. An unique encryption key stream is generated from the session key (320) for each data block in a frame. Information is encrypted with the unique encryption key stream to enhance security for transmissions through an over-the-air interface.

Description

METHOD AND APPARATUS FORGENERATING AN UNIQUE ENCRYPTION KEY STREAM FOREACH DATA BLOCKIN A FRAME
Field of the Invention The present invention relates generally to wireless communication systems, and more particularly, to a method and an apparatus for generating an unique encryption key stream for each data block in a frame.
Background of the Invention A cellular communication system is a complex network of systems and elements. Typical elements include a radio link to the mobile stations (cellular telephones), which is usually provided by at least one and typically several base stations, (2) communication links between the base stations, (3) a controller, typically one or more base station controllers or centralized base station controllers (BSC/CBSC), to control communication between and to manage the operation and interaction of the base stations, (4) a call controller or switch, typically a mobile switching center (MSC), for routing calls within the system, and (5) a link to the land line or public switch telephone system (PSTN), which is usually also provided by the MSC. One aspect of designing a wireless communication system is to provide security to information exchanged between network elements operating within the system. At times, it may be desirable to encrypt information exchanged through an over-the-air interface between a mobile station and a base station during a transmission. In particular, digitized voice without encryption in wireless communication systems may be demodulated and decoded by a suitable receiver. Such eavesdropping capability endangers the privacy of members in the system and the security of the information exchanged through the over-the-air interface. Wireless communication systems may be improved by a suitable encryption scheme to protect the information exchanged between mobile stations and base stations. Current communication systems require intricate end-to-end synchronization schemes to encrypt or decrypt information exchanged through an over-the-air interface during a transmission. In particular, communication systems provide encryption synchronization to mobile stations and base stations by using over-the-air signaling and additional decoding. However, such systems may inefficiently use valuable radio frequency (RF) resources and may cause audio distortion in receivers until synchronization information is sent again to synchronize the mobile stations and the base stations.
Some encryption methods use historical information, i.e., encryption histories, to encrypt or decrypt information for transmission through an over-the-air interface.
Such methods use a session key repeatedly for multiple transmissions, which may lead to error multiplication if an RF fade is encountered. Consequently, the transmission cannot be decoded and is severely distorted until encryption is reset or re- synchronized because the mobile station and the base station are out of sync. To reset or re-synchronize the encryption, current communication systems require additional logic and complexity, and in some cases, RF bandwidth to keep the mobile station and the base station in sync.
Encryption of information exchanged between network elements over a network link is described and disclosed in the commonly assigned United States patent application serial no. __/ , filed on , 2000, entitled "Method and
Apparatus for Providing Encryption for Information Exchanged Over a Network Link," the disclosure of which is hereby expressly incorporated by reference. However, information exchanged between a mobile station and a base station through an over-the-air interface is not encrypted with an unique key stream for each data block in a frame and therefore, is not secure.
Therefore, a need exists for a method and an apparatus that provides a wireless communication system with good security for information exchanged between a mobile station and a base station while easy to synchronize without inefficiently using valuable radio frequency resources. Brief Description of the Drawings
FIG. 1 is a block diagram representation of a wireless communication system that may be adapted to operate in accordance with the preferred embodiments of the present invention. FIG. 2 is a block diagram representation of an apparatus that may be adapted to operate in accordance with preferred embodiments of the present invention.
FIG. 3 is a block diagram representation of a session key for generating an unique encryption key stream that may be adapted to operate in accordance with the preferred embodiments of the present invention. FIG. 4 is a flow diagram representation of a method of generating an unique encryption key stream for each data block in a frame that may be adapted to operate in accordance with the preferred embodiments of the present invention.
Detailed Description of the Preferred Embodiments The present invention provides a method and an apparatus for generating an unique encryption key stream for each data block of a frame in a wireless communication system to encrypt and decrypt information. Synchronizing an encryption algorithm on boundaries of a data block, such as a time slot in a TDMA based communication system, alleviates the problem of synchronizing multiple mobile stations as in cellular call handover, and also eliminates the complexity required to keep mobile stations and base stations in sync. A private key is shared between a mobile station and a base station servicing the mobile station. The source, the location, the time, the method, and the type of a transmission are factors to derive a plurality of dynamic system parameters that combine with the private key to generate a session key. Each data block in a frame has a different session key that is used to generate an unique encryption key stream to encrypt and decrypt information exchanged through an over-the-air interface.
Data block-based synchronization eliminates the problem of the mobile station and the base station being out of sync because errors encountered due to RF fades would not multiply. Only the data blocks in the frame that could not be decoded may cause audio distortion. The present invention generates an unique encryption key stream for each data block in a frame to avoid inefficient use of RF resources, distortion, and synchronization problems.
The present invention is described in terms of several preferred embodiments, and particularly, in terms of a wireless communication system operating in accordance with at least one of several communication standards. These standards include analog, digital or dual-mode communication system protocols such as, but not limited to, the Advanced Mobile Phone System (AMPS), the Narrowband Advanced Mobile Phone System (NAMPS), the Global System for Mobile Communications (GSM), the IS-55 Time Division Multiple Access (TDMA) digital cellular, the IS-95 Code Division Multiple Access (CDMA) digital cellular, the Personal Communications
System (PCS) and variations and evolutions of these protocols. As shown in FIG. 1, a wireless communication system 100 includes a mobile switching center (MSC) 110, and a plurality of base station controllers (BSC), 120 and 125, servicing a total service area 130. As is known for such systems, each BSC 120 and 125 has associated therewith a plurality of base stations (BS), generally shown as 140, 145, 150, and 155, servicing communication cells, generally shown as 160, 165, 170, and 175, respectively. It will be appreciated that additional or fewer cells may be implemented as required and without departing from the fair scope of the present invention. MSC 110, BSCs 120 and 125, and base stations 140, 145, 150, 155 are specified and operate in accordance with the applicable standard or standards for providing wireless communication services to mobile stations (MS), generally shown as 180 and 185, operating in cells 160, 165, 170, 175 and each of these elements are commercially available from Motorola, Inc. of Schaumburg, Illinois.
In the wireless communication system 100, mobile stations 180 and 185 exchange information with base stations 145 and 155, respectively, through an over- the-air interface. The wireless communication system may be, but is not limited to, a time division multiple access (TDMA) based communication system, a code division multiple access (CDMA) based communication system, and a packet data system. The present invention provides security to information exchanged between mobile stations 180, 185 and base stations 145, 155 servicing the mobile stations, respectively. The information is encrypted or decrypted with an unique encryption key stream based on a private key and a plurality of dynamic system parameters for each data block in a frame.
The unique encryption key stream may be logically combined with plaintext to generate ciphertext. Plaintext is the information to be encrypted, and ciphertext is the logical combination of the plaintext and the unique encryption key stream. For example, the plaintext may be, but is not limited to, voice or data that is desired to be encrypted. The unique encryption key stream is XOR'ed with the plaintext to generate the ciphertext, which enhances security for transmission of the information between a mobile station 180, 185 and a base station 145, 155 servicing the mobile station, respectively, through the over-the-air interface in the wireless communication system 100.
As illustrated in FIG. 2, an encryption device 200 generally includes a private key source 210, a parameters source 220, a logic circuit 230, and a key stream generator 240. The encryption device 200 may be integrated into or adapted to a mobile station or a base station as a standalone unit. The private key source 210 and the parameters source 220 are coupled to the logic circuit 230. The output of the logic circuit 230 is coupled to the key stream generator 240 to generate an unique encryption key stream for each data block in a frame. The data block may be, but is not limited to, a TDMA time slot, a CDMA power control group, and a data packet. The private key source 210 provides a private key, which is a code shared by a mobile station and a base station servicing the mobile station in a wireless communication system. Sharing the private key by the mobile station and the base station allows a session key to be generated without interaction between the two network elements. The private key may change by resetting the encryption device 200. The private key source 210 may be, but is not limited to, a memory that stores the private key. The parameters source 220 provides a plurality of dynamic system parameters including a transaction direction, a receiver frequency, a color code, and a slot number, which are further discussed below. However, the plurality of dynamic system parameters may include other parameters based on information of a transmission such as, but not limited to, the source, the location, the time, the method, and the type, i.e., who, where, when, how, and what of the transmission. The logic circuit 230 logically combines the private key and the plurality of dynamic system parameters to generate a session key. The logic circuit 230 may be, but is not limited to, an exclusive-OR (XOR) combinational logic circuit. For example, the private key and the plurality of dynamic system parameters is modulo-two summed by the XOR combinational logic circuit to generate the session key. The key stream generator 240 generates an unique encryption key stream for each data block in a frame with the session key generated from the logic circuit 230. The key stream generator 240 includes an encryption algorithm, which may be, but is not limited to, a stream cipher algorithm that one of ordinary skill in the art will readily recognize. As noted above, the plurality of dynamic system parameters are based on information relating to a transmission, i.e., who, where, when, how, and what of the transmission. In an alternate embodiment, the plurality of dynamic system parameters may include a code that indicates the modulation technique of a transmission. The modulation technique may be, but is not limited to, quadrature amplitude modulation (QAM), phase shift keying modulation (PSK), differential phase shift keying (DPSK) modulation, quadrature phase shift keying (QPSK) modulation, Gaussian minimum shift keying (GMSK) modulation, and frequency shift keying (FSK) modulation. In another alternate embodiment, the plurality of dynamic system parameters may include a code that indicates the type of call such as dispatch, telephone interconnect, and packet data.
A processor with a control program directs the encryption device 200 to generate an unique encryption key stream for each data block in a frame. In particular, the private key source 210, the parameters source 220, the logic circuit 230, and the key stream generator 240 operate in accordance with the commands from the processor. The processor is integrated into or adapted to the mobile station or the base station having the encryption device 200. In an alternate embodiment, the processor may be integrated into or adapted to the encryption device 200. In another alternate embodiment, the processor may be replaced by an application specific integrated circuit (ASIC) to operate the encryption device 200. As mentioned above, a private key and a plurality of dynamic system parameters may be logically combined to generate a session key for generating an unique encryption key stream. Referring to FIG. 3, the private key 310 and the plurality of dynamic system parameters 320 is modulo-two summed by an XOR combinational logic circuit to generate the session key 330. The private key 310 may be, but is not limited to, a 64-bit code in a TDMA system that a mobile station and a base station servicing the mobile station have stored prior to a transmission. The plurality of dynamic system parameters 320 is a 64-bit code that carries a transaction direction 340, a receiver frequency 342, a color code 344, a slot number 346, and a first and second 16-bit of zeros 348, 350. However, the plurality of dynamic system parameters may include other parameters based on factors such as, but not limited to, the source, the location, the time, the method, and the type of transmission. The transaction direction 340 is a 1-bit code that identifies whether a fixed network element (FNE) or a mobile station (MS) is transmitting information. For example, when the direction bit is "1" then a FNE, such as a base station, is transmitting information. When the direction bit is "0" then a mobile station is transmitting information. The transaction direction 340 is shifted by 31 -bits from the first 16-bits of zeros 348. The receiver frequency 342 is a 12-bit code that indicates a frequency in which a mobile station and a base station servicing the mobile station are tuned. The receiver frequency 342 may change at handovers, which are changes of channels. The receiver frequency 342 is shifted left by 19-bits from the first 16-bits of zeros 348. The color code 344 is a 4-bit code that identifies a reused frequency pattern to reduce interference and to distinguish interference signals from another cell. The color code 344 is based on the location of a transmission so it may change at handovers. The color code 344 is shifted left by 15-bits from the first 16-bits of zeros 348. The slot number 346 is a 15-bit code that identifies a fifteen micro-seconds (15 msec) time slot for a physical channel in a time division multiple access (TDMA) based communication system. The slot number 346 may change for every time slot in a frame. The slot number 348 is shifted left by the first 16-bits of zeros 348.
In accordance with the preferred embodiments of the present invention, and with references to FIG. 4, a method 400 for generating an encryption key stream for each data block in a frame is illustrated. In a wireless communication system, method 400 synchronizes an encryption algorithm by providing a different session key for each data block in a frame so that end-to-end synchronization is unnecessary. As shown in FIG. 4, method 400 begins at step 410 with providing a private key. As noted above, the private key is shared by a mobile station and a base station servicing the mobile station. The private key may be stored in the memories of the mobile station and the base station. At step 420, a plurality of dynamic system parameters are provided. As discussed above, the plurality of dynamic system parameters is based on information relating to a transmission such as the source, the location, the time, the method, and the type of the transmission. At step 430, a session key is generated by a logical combination of the private key and the plurality of dynamic parameters. As noted above, the private key and the plurality of dynamic parameters may be XOR'ed to generate the session key. At step 440, the session key initializes an encryption algorithm to generate an unique encryption key stream for each data block in a frame. In a TDMA based communication system, for example, the encryption key stream changes from time slot to time slot.
Many changes and modifications could be made to the invention without departing from the fair scope and spirit thereof. The scope of some changes is discussed above. The scope of others will become apparent from the appended claims.

Claims

What is Claimed:
1. In a wireless communication system providing communication services between a mobile station having a private key and a base station sharing the private key with the mobile station, wherein a communication link to the mobile station is a wireless communication link, and wherein a frame comprises a plurality of data blocks, a method for generating an encryption key stream for each data block in the frame, the method comprising the steps of: providing a private key; providing a dynamic system parameter; generating a session key with the private key and the dynamic system parameter; and generating an encryption key stream with the session key, wherein the encryption key stream is unique for each data block in the frame.
2. The method of claim 1 further comprising the step of encrypting information with the unique encryption key stream.
3. The method of claim 1 further comprising the step of decrypting information with the unique encryption key stream.
4. The method of claim 1, wherein the step of generating a session key comprises the step of logically combining the private key and the dynamic system parameter.
5. The method of claim 4, wherein the step of logically combining the private key and the dynamic system parameter comprises the step of XORing the private key and the dynamic system parameter.
6. In a wireless communication system providing communication services between a mobile station having a private key and a base station sharing the private key with the mobile station, wherein a communication link to the mobile station is a wireless communication link, and wherein a frame comprises a plurality of data blocks, an apparatus for generating an encryption key stream for each data block in the frame, the apparatus comprising: a private key source adapted to provide a private key; a parameters source adapted to provide a dynamic system parameter; a logic circuit adapted to generate a session key, wherein the session key is a logical combination of the private key and the dynamic system parameter; and a key stream generator adapted to generate an unique encryption key stream with the session key, wherein the encryption key stream is unique for each data block in the frame.
7. The apparatus of claim 6, wherein the logic circuit comprises an XOR combinational logic circuit.
8. The apparatus of claim 6, wherein the dynamic system parameter comprises one of a transaction direction, a color code, a receiver frequency, and a slot number.
9. In a wireless communication system providing communication services between a mobile station having a private key and a base station sharing the private key with the mobile station, wherein a communication link to the mobile station is a wireless communication link, wherein a frame comprises a plurality of data block, and wherein a processor operates in accordance to a computer program embodied on a computer-readable medium for generating an encryption key stream for a plurality of data block in the frame, the computer program comprising: a first routine that directs the processor to obtain a private key; a second routine that directs the processor to obtain a dynamic system parameter; a third routine that directs the processor to generate a session key with the private key and the dynamic system parameter; and a fourth routine that directs the processor to generate the encryption key stream with the session key, wherein the encryption key stream is unique for each data block in the frame.
10. The computer program of claim 9, wherein the third routine that directs the processor to generate a session key comprises a routine that directs the processor to logically combine the private key and the plurality of dynamic system parameters and wherein the routine that directs the processor to logically combine the private key and the dynamic system parameter comprises a routine that directs the processor to XOR the private key and the plurality of dynamic system parameters.
PCT/US2001/025368 2000-08-23 2001-08-13 Method and apparatus for generating an unique encryption key stream for each data block in a frame WO2002017655A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2001284870A AU2001284870A1 (en) 2000-08-23 2001-08-13 Method and apparatus for generating an unique encryption key stream for each data block in a frame

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US64492200A 2000-08-23 2000-08-23
US09/644,922 2000-08-23

Publications (2)

Publication Number Publication Date
WO2002017655A2 true WO2002017655A2 (en) 2002-02-28
WO2002017655A3 WO2002017655A3 (en) 2002-05-16

Family

ID=24586902

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2001/025368 WO2002017655A2 (en) 2000-08-23 2001-08-13 Method and apparatus for generating an unique encryption key stream for each data block in a frame

Country Status (2)

Country Link
AU (1) AU2001284870A1 (en)
WO (1) WO2002017655A2 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011067876A1 (en) * 2009-12-04 2011-06-09 Panasonic Corporation Decrypting apparatus, encrypting apparatus, decrypting method, encrypting method, and communication system
US9042301B2 (en) 2005-12-22 2015-05-26 Interdigital Technology Corporation Method and apparatus for data security and automatic repeat request implementation in a wireless communication system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5987139A (en) * 1995-09-27 1999-11-16 Telefonaktiebolaget Lm Ericsson Method for encryption of information
WO2000054456A1 (en) * 1999-03-08 2000-09-14 Nokia Mobile Phones Ltd. Method of ciphering data transmission in a radio system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5987139A (en) * 1995-09-27 1999-11-16 Telefonaktiebolaget Lm Ericsson Method for encryption of information
WO2000054456A1 (en) * 1999-03-08 2000-09-14 Nokia Mobile Phones Ltd. Method of ciphering data transmission in a radio system

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
LO C-C ET AL: "SECURE COMMUNICATION MECHANISMS FOR GSM NETWORKS" , IEEE TRANSACTIONS ON CONSUMER ELECTRONICS, IEEE INC. NEW YORK, US, VOL. 45, NR. 4, PAGE(S) 1074-1080 XP000928090 ISSN: 0098-3063 Sections 1., 2.1, 2.2, 5.1 *
MEHROTRA A ET AL: "MOBILITY AND SECURITY MANAGEMENT IN THE GSM SYSTEM AND SOME PROPOSED FUTURE IMPROVEMENTS" , PROCEEDINGS OF THE IEEE, IEEE. NEW YORK, US, VOL. 86, NR. 7, PAGE(S) 1480-1497 XP000854168 ISSN: 0018-9219 Section V, Figs.10-14 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9042301B2 (en) 2005-12-22 2015-05-26 Interdigital Technology Corporation Method and apparatus for data security and automatic repeat request implementation in a wireless communication system
US9312992B2 (en) 2005-12-22 2016-04-12 Interdigital Technology Corporation Method and apparatus for data security and automatic repeat request implementation in a wireless communication system
WO2011067876A1 (en) * 2009-12-04 2011-06-09 Panasonic Corporation Decrypting apparatus, encrypting apparatus, decrypting method, encrypting method, and communication system
US8731196B2 (en) 2009-12-04 2014-05-20 Panasonic Corporation Decrypting apparatus, encrypting apparatus, decrypting method, encrypting method, and communication system

Also Published As

Publication number Publication date
AU2001284870A1 (en) 2002-03-04
WO2002017655A3 (en) 2002-05-16

Similar Documents

Publication Publication Date Title
US5081679A (en) Resynchronization of encryption systems upon handoff
US5060266A (en) Continuous cipher synchronization for cellular communication system
EP0446194B1 (en) Continous cipher synchronization for cellular communication system
JP4555261B2 (en) Method for cryptographic processing of data transmission and cellular radio system using the method
US5546464A (en) Method of and apparatus for selective resynchronization in a digital cellular communications system
EP1213943B1 (en) Key conversion system and method
US7620184B2 (en) Method for transmitting encrypted data, associated decrypting method, device for carrying out said methods and a mobile terminal for the incorporation thereof
US9326135B2 (en) Method and apparatus for secure communication in a digital two way radio protocol
EP1973370B1 (en) Method in a mobile station
WO1996009725A9 (en) Selective resynchronization in a digital cellular communications system during handover
US6813355B1 (en) Method and arrangement for ciphering information transfer
EP1428403B1 (en) Communications methods, systems and terminals
WO2002017655A2 (en) Method and apparatus for generating an unique encryption key stream for each data block in a frame
EP1627490B1 (en) Processor and method for end-to-end encryption synchronisation
GB2402025A (en) Keystream synchronisation by associating a single synchronisation indicator with a plurality of encryption portions

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
AK Designated states

Kind code of ref document: A3

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A3

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP