GB2417173A - Encryption in communications systems - Google Patents

Encryption in communications systems Download PDF

Info

Publication number
GB2417173A
GB2417173A GB0516646A GB0516646A GB2417173A GB 2417173 A GB2417173 A GB 2417173A GB 0516646 A GB0516646 A GB 0516646A GB 0516646 A GB0516646 A GB 0516646A GB 2417173 A GB2417173 A GB 2417173A
Authority
GB
United Kingdom
Prior art keywords
communications terminal
key
communications
encryption
encryption module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
GB0516646A
Other versions
GB2417173B (en
GB0516646D0 (en
Inventor
Mark Wentworth Rayne
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sepura Ltd
Original Assignee
Sepura Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sepura Ltd filed Critical Sepura Ltd
Publication of GB0516646D0 publication Critical patent/GB0516646D0/en
Publication of GB2417173A publication Critical patent/GB2417173A/en
Application granted granted Critical
Publication of GB2417173B publication Critical patent/GB2417173B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • H04L9/0897Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
    • H04L9/0802
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • H04L9/0833Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • H04Q7/3881
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/065Network architectures or network communication protocols for network security for supporting key management in a packet data network for group communications

Abstract

A communications terminal 1 is equipped with a separate, removable encryption module 3 in the form of a smart card that is inserted into the standard SIM socket 2 of the communications terminal 1. Sealed copies of encryption keys that have been delivered to the communications terminal 1 are stored in an internal memory 4 of the communications terminal 1. When a new traffic encryption key is required by the encryption module 3, the encryption module 3 first looks to retrieve that key from the memory 4 of the communications terminal 1. If a key is not available in the terminal, it is requested via the communications network, e.g. using over the air rekeying (OTAR). This procedure reduces signalling activity. The keys are sent encrypted with a sealing key, a copy of which is located on the smart card.

Description

ENCRYPTION IN COMMUNICATIONS SYSTEMS
The present invention relates to arrangements for providing encryption in communications systems and in particular to arrangements where a removable encryption unit or module is used to provide encryption services for a communications unit of a communications system.
Many communications systems, and in particular mobile communications systems, support so-called end-to end encryption, i.e. communications in which the transmitted voice and/or data signal is encrypted for its entire transmission from the source communications terminal to the end recipient.
It is well-known to provide end-to-end encryption in communications terminals and equipment by the addition of an external "applique" or encryption (or cryptographic) unit or module that performs the desired encryption and decryption. An example of such an encryption module is a so-called "smart" card that can be fitted into the SIM card socket of a communications terminal and that contains the microprocessors and other electrical components necessary to encrypt and decrypt voice and data being transmitted or received by the communications terminal.
As is known in the art, in order to perform its encryption and decryption functions, an encryption module, such as a smart card, will store and use encryption (cryptographic) keys. These keys are retained and protected inside the encryption module, such that no secret material is exposed inside the communications terminal itself. This makes it possible to produce less expensive communications terminals.
It is common for a communications terminal to need to have access to and use many encryption keys at the same time. For example, different keys may be used for different correspondents (e.g. for different call groups in a mobile communications system). Also each "key" may be used or stored in multiple versions, such as a "current" version of the key, a it future'' version of the key (for use at some time in the future), and a "past" version of the key (for use, e. g., to communicate with a communications terminal that has failed to update its key correctly).
In principle, a given encryption module, such as a smart card, can therefore be required to use and store a large number of different encryption keys, depending on the anticipated communications needs of the communications terminal. However, storing a large number of encryption keys may not always be possible or desirable, given the typically limited storage capacity of encryption modules, such as smart cards.
It is also known to deliver encryption keys to communications terminals in use, for example over the air interface (in mobile communications systems), using a technique known as "over the air rekeying'' (OTAR). In these arrangements, encryption keys to be transmitted to a communications terminal are "sealed" using a special, sealing encryption key (and typically are also fitted with an integrity indication before they are transmitted). The encryption module of the communications terminal has an appropriate version of the sealing key to allow it to "unseal'' and then use the transmitted encryption key. The "sealing" key is either never transmitted or is only transmitted when sealed with a yet more fundamental key that is never transmitted. In this way, the sealing key (or the more fundamental key) is never exposed outside the encryption module, and the transmitted keys are protected by being sealed with the sealing key whilst they are outside the encryption module. t
When an encryption key or keys is needed for immediate use, and/or, e.g., whenever a traffic encryption key change occurs, it would be possible to use OTAR techniques to supply encryption keys to an encryption module, such as a smart card, of a communications terminal in use. This could be used to reduce the number of keys that may need to be stored at any one time by the encryption module. However, such arrangements would have an increased OTAR signalling overhead, and may, e.g. lead to communications delays while a communications terminal waits to receive a key it needs for immediate use.
The Applicants believe therefore that there remains scope for improvement to the use and operation of encryption modules in communications systems.
According to a first aspect of the present invention, there is provided an encryption module for a communications terminal of a communications system, the encryption module comprising: means for performing encryption and decryption of communications to be made or received by the communications terminal; means for storing encryption keys, including an unsealing encryption key to be used to unseal sealed encryption keys received by the communications terminal; means for using the stored unsealing encryption key to unseal encryption keys; and means for receiving from the communications terminal a sealed key that has been stored in a memory unit of the communications terminal that is external to the encryption module and for using that key to encrypt or decrypt communications of the communications terminal.
According to a second aspect of the present invention, there is provided a method of operating an encryption module for performing encryption and 1 ' decryption of communications to be made or received by a communications terminal, the method comprising; storing in the encryption module, encryption keys, including an unsealing encryption key to be used to unseal sealed encryption keys received by the communications terminal; the encryption module using the stored unsealing encryption key to unseal encryption keys; and the encryption module receiving from the communications terminal a sealed key that has been stored in a memory unit of the communications terminal that is external to the encryption module and using that key to encrypt or decrypt communications of the communications terminal.
According to a third aspect of the present invention, there is provided a method of operating a communications terminal of a communications system that includes an encryption module for unsealing sealed keys received by the communications terminal and for encrypting and decrypting communications of the communications terminal, the method comprising: storing in a memory of the communications terminal that is external to the encryption module a sealed encryption key or keys; and the encryption module receiving from the communications terminal a sealed key or keys that is stored in the memory of the communications terminal and using that key or keys to encrypt or decrypt communications of the communications terminal.
According to a fourth aspect of the present invention, there is provided a communications terminal of a communications system, comprising: an encryption module for unsealing sealed keys received by the communications terminal and for encrypting and decrypting communications of the communications terminal; - s - the communications terminal further comprising: means for storing in a memory of the communications terminal that is external to the encryption module a sealed encryption key or keys; and the encryption module further comprising: means for receiving from the communications terminal a sealed key or keys that is stored in the memory of the communications terminal and using that key or keys to encrypt or decrypt communications of the communications terminal.
In the present invention, encryption keys for use by an encryption module of a communications terminal are stored in a memory of the communications terminal in a sealed form for subsequent use by the encryption module.
This means that the keys that can be stored for use by the encryption module are not limited by the capacity of any memory provided in the encryption module itself (thereby, e.g., facilitating a reduced requirement for OTAR signalling when a different key is to be used).
However, as the keys are stored in a sealed form, their storage outside the encryption module does not compromise key security.
As well as storing sealed keys in the memory of the communications terminal, an encryption key or keys will, as discussed above, also be stored in the encryption module itself. These keys can be selected as desired, and will include at least the necessary unsealing key for use by the encryption module. The encryption module should also be able to and store at least the key (the traffic key) that it is using for the current communications of the communications terminal.
In a preferred embodiment, the encryption module can store three keys, a key unsealing key, a current traffic key and a key for OTAR messages. In another preferred embodiment, the encryption module can store two keys, a key unsealing key and a current traffic key.
In this case, any OTAR messages could, e.g., be sent unencrypted but with any key(s) therein sealed, or could be sent encrypted (with any keys then sealed or not, as desired) using the key unsealing key or current traffic key to encrypt the message. Thus, in a particularly preferred embodiment, the encryption module stores three or less, and preferably only three or only two, keys (preferably the three or two keys discussed above, respectively).
The encryption module will, as is known in the art, need to be provided with the necessary encryption keys that it will need to use (and that can then be stored in the communications terminal in accordance with the present invention if desired). The encryption key or keys can be sent to the encryption module and/or memory of the communications terminal in any suitable manner.
For example, they could be loaded directly into the encryption module (and thence into the memory of the communications terminal), and/or into the memory of the communications terminal by a wired and/or local connection, e.g. when the encryption module is first installed in the communications terminal.
Alternatively and preferably, the encryption keys can be and are provided to the encryption module over the air, i.e. via OTAR transmission. This could be, e.g., either at the request of the encryption module itself, or instigated by an, e.g., key management centre of the communications system.
In such OTAR arrangements, either all of the anticipated keys could be provided at the same time (e.g. when the encryption module is first installed in the communications terminal), or they could be provided as and when they are first needed in use of the communications terminal (e.g. upon request of the encryption module or communications terminal in use, for example, when the user wishes to communicate with a new call group using a different key that is not already available to the encryption module). The latter arrangement may be preferable where, e.g., the communications terminal has to work in a communications system that includes communications terminals that do not employ the present invention.
As will be appreciated by those skilled in the art, any encryption keys that are sent to the communications terminal using OTAR signalling should be sent in an appropriate sealed form (that can be unsealed using the sealing key that is stored by the encryption module) and preferably include an integrity check that can be tested to determine whether the key is valid (e.g., has been corrupted or tampered with). The sealed key (and OTAR message) will be received by the communications terminal and then passed by the communications terminal to the encryption module still in its sealed form for unsealing, etc. The encryption module can process the sealed key in any desired manner. Most preferably the encryption module will, upon first receipt of the key, unseal the key (using its stored unsealing key) and test its integrity (using, e.g., the integrity check included in the sealed key). If the unsealed key is found to be valid, the encryption module can then, e.g., confirm its storage in the communications terminal. The encryption module may also, e.g., instruct the communications terminal to acknowledge safe receipt of the key.
The sealed versions of the encryption keys can be stored in the memory of the communications terminal in any suitable manner. For example, the communications terminal could be arranged simply to store a copy of every encrypted OTAR message that it receives for its encryption module.
In a particularly preferred embodiment, the encryption module can control the storage of OTAR messages by the communications terminal and, most preferably, can instruct the communications terminal to retain and/or discard stored OTAR messages. Thus the encryption module preferably includes means for storing in a memory of the communications terminal that is external to the encryption module an encryption key in a sealed form.
All OTAR messages received by the communications terminal could be stored in the memory of the communications terminal. However, this may be wasteful of storage space, since many OTAR messages may not contain keys at all, or may contain keys that are or have become invalid. Thus in a particularly preferred embodiment only those OTAR messages that contain keys, and most preferably only those messages that contain valid keys, are stored in the communications terminal's memory.
Where the communications terminal can itself identify OTAR messages that do or do not contain encryption keys, then the communications terminal preferably itself identifies and stores only those messages that contain encryption keys. However, as the OTAR messages will typically be encrypted, this may not always be possible.
Similarly, where the encryption module can control the storage of OTAR messages in the communications terminal, then most preferably the encryption module controls the communications terminal such that it only stores OTAR messages that contain valid keys.
Each stored message (or key) is preferably associated with an identifier, such that the stored message can be identified in the future by the encryption module and/or communications terminal. This storage identifier could, e.g., be provided by the communications terminal tagging each stored message with a suitable reference identifier that it then sends to - 9 - the encryption module with the OTAR message when it sends the OTAR message to the communications terminal.
Alternatively, an identifiable and suitably unique characteristic of the OTAR message itself could be used S as the message's identifier (it need not matter in this regard if the true meaning of the characteristic is not determinable by the communications terminal (e.g., because it is encrypted)), so long as the characteristic can function as an identifier for the message).
The entire OTAR message (e.g. that contains a valid key) could be stored in the memory of the communications terminal. However, in a particularly preferred embodiment only the information necessary to use the key, such as the sealed encryption key itself, together with its identifier (if provided) and additional information, such as an initialization vector (but not the secret unsealing key) that would be necessary to unseal the stored key, is stored, as that again makes more efficient use of the communication terminal's memory capacity.
In such an arrangement, the communications terminal could, e.g., send any received OTAR messages to the encryption module without storing a copy of them, and the encryption module then extract and test the integrity of any keys included in the messages, and then send the sealed key or keys (without the rest of the OTAR message), if valid, back to the communications terminal, together with an identifier (if any) and any additional unsealing information, for storage. In this arrangement, the encryption module preferably sends the original sealed key or keys back to the communications terminal for storage, although it could alternatively unseal the received key and then reseal it (using the same or a different sealing key and/or sealing algorithm) before sending it back to the communications terminal for storage.
The encryption module preferably maintains a record of the encryption keys it has received and that are stored in the memory of the communications terminal, so as to, e.g., facilitate retrieval and use of those keys.
Such a record can take any suitable form, such as a table of identifiers for stored encryption keys associated with the communications (e.g. correspondents) that the encryption key is to be used for. Thus, for example, the encryption module preferably maintains a list of expected correspondent addresses, their associated encryption key numbers (or encryption key sets, e.g., of current, past and future encryption keys), and the storage identifier used for the key or keys in question. A default storage identifier, such as "0", could be used to indicate that no encryption key is yet stored for that correspondent address.
This encryption key record is again preferably stored in a memory of the communications terminal, rather than in the encryption module, so as to reduce the storage requirements of the encryption module.
When it is desired to use a stored key (e.g. because the user of the communications terminal has selected a different call group), then either the encryption module or the communications terminal could recognise the need for a new key and determine whether that key is stored in the communications terminal. If the key is stored, then either the communications terminal could provide the sealed key to the encryption module, or the encryption module could, e.g., request the stored key itself. In a preferred embodiment, the communications terminal determines whether it stores the desired key and informs the encryption module accordingly.
Thus in a preferred embodiment, the communications terminal and/or the encryption module includes means for determining whether a particular encryption key is stored by the communications terminal. Similarly, the encryption module preferably includes means for retrieving from the memory of the communications terminal a sealed key (and means for then using that key to encrypt or decrypt communications of the communications terminal), and/or the communications terminal preferably includes means for providing a sealed key that it has stored to the encryption module.
Where neither the communications terminal nor the encryption module stores the desired key, then it may be necessary for the encryption module to obtain the new key from an external source, e.g. by OTAR signalling.
Thus the encryption module preferably includes means for preparing an OTAR message for requesting delivery of an tS encryption key (which message it will then forward to the communications terminal for onward transmission to the communications system infrastructure (e.g. a key management unit of the communications system),as is known in the art).
The encryption module of the present invention can taken any suitable form. It is preferably removable or detachable from the communications terminal. It is preferably embodied as a physically separate component, such as a board or card, although this is not essential and it could, e.g. , also be part of or combined with another component, such as a particular area of a printed circuit board of the communications terminal.
The encryption module can be an external or internal encryption module. It should, as discussed above, be able both to unseal received encryption keys, and to use the unsealed key or keys to encrypt or decrypt communications of the communications terminal. In a particularly preferred embodiment, the encryption module is in the form of a smart card, preferably for installation in the SIM card socket of a communications terminal.
The memory of the communications terminal that the sealed encryption keys are stored in can be any suitable such memory, such as a memory that is already provided for other data storage purposes. It is preferably a nonvolatile memory.
As discussed above, this memory is external to the encryption module and most preferably is external to any encryption security boundary that is provided in the communications terminal. As is known in the art, communications terminals may include a security boundary that is protected by physical security measures, such as tamper detection switches, encapsulation, etc., designed to prevent removal of data such as encryption keys, etc. from the communications terminal. Typically such a security boundary may be the physical boundary defined by the encryption module (particularly where it is a distinct, removable component), but in some instances the security boundary extends beyond the encryption module to protect other elements (e.g. memory units) of the communications terminal as well.
The present invention is particularly, albeit not exclusively, applicable to mobile communications systems, such as the TETRA (Terrestrial Trunked RAdio) system. Thus the present invention also extends to a communications terminal and to a method of operating a communications terminal of a mobile communications system, preferably of a TETRA system.
It will be appreciated from the above that in use the present invention, when a user of the communications terminal wishes to communicate with a new correspondent (e.g. a call group) that requires an encryption key that is not currently stored by the encryption module, it will first be determined whether the appropriate key is stored in the communications terminal's memory, and if it is, that key will be retrieved and unsealed for use for the communication. If the necessary key is not stored by the communications terminal, only then will the key be requested via OTAR signalling.
Thus, according to a fifth aspect of the present invention, there is provided a method of operating a communications terminal that includes an encryption module for encrypting or decrypting communications of the communications terminal, the method comprising: when a different encryption key is required for use to encrypt or decrypt communications of the communications terminal, the encryption module or the communications terminal determining whether the communications terminal stores the new key; the encryption module, if it is determined that the communications terminal stores the new key, receiving that key from the communications terminal and using it to encrypt or decrypt communications of the communications terminal; or if it is determined that the communications terminal does not store the new key, the communications terminal or encryption module requesting the new key from the communications system infrastructure.
According to a sixth aspect of the present invention, there is provided a communications terminal, comprising: an encryption module for encrypting or decrypting communications of the communications terminal; and wherein: the encryption module and/or communications terminal comprises: means for when a different encryption key is required for use to encrypt or decrypt communications of the communications terminal, determining whether the communications terminal stores the new key; the encryption module comprises: means for, if it is determined that the communications terminal stores the new key, receiving that key from the communications terminal and using it to encrypt or decrypt communications of the communications terminal; and the communications terminal and/or the encryption module comprises: means for, if it is determined that the communications terminal does not store the new key, requesting the new key from the communications system infrastructure.
As will be appreciated by those skilled in the art, these aspects of the present invention can include, as appropriate, any one or more or all of the preferred and optional features of the invention described herein.
For example, they preferably comprise a first step of or means for (preferably in the encryption module) determining whether the encryption module stores the new key, and if it does not, the system then determines if the communications terminal stores the new key, as discussed above.
Indeed, as will be appreciated by those skilled in the art, all of the aspects of the present invention discussed herein can and preferably do include, as appropriate, any one or more or all of the preferred and optional features of the invention described herein.
The methods in accordance with the present invention may be implemented at least partially using software e.g. computer programs. It will thus be seen that when viewed from further aspects the present invention provides computer software specifically adapted to carry out the methods hereinabove described when installed on data processing means, and a computer program element comprising computer software code portions for performing the methods hereinabove described when the program element is run on data processing means. The invention also extends to a computer software carrier comprising such software which when used to operate a communications terminal or encryption module, comprising data processing means causes in conjunction with said data processing means said terminal or module to carry out the steps of the methods of the present invention. Such a computer software carrier could be a physical storage medium such as a ROM chip, CD ROM or disk, or could be a signal such as an electronic signal over wires, an optical signal or a radio signal such as to a satellite or the like.
It will further be appreciated that not all steps of the methods of the invention need be carried out by computer software and thus from a further broad aspect the present invention provides computer software and such software installed on a computer software carrier for carrying out at least one of the steps of the methods set out hereinabove.
The present invention may accordingly suitably be embodied as a computer program product for use with a computer system. Such an implementation may comprise a series of computer readable instructions either fixed on a tangible medium, such as a computer readable medium, for example, diskette, CD-ROM, ROM, or hard disk, or transmittable to a computer system, via a modem or other interface device, over either a tangible medium, including but not limited to optical or analogue communications lines, or intangibly using wireless techniques, including but not limited to microwave, infrared or other transmission techniques. The series of computer readable instructions embodies all or part of the functionality previously described herein.
Those skilled in the art will appreciate that such computer readable instructions can be written in a number of programming languages for use with many computer architectures or operating systems. Further, such instructions may be stored using any memory technology, present or future, including but not limited to, semiconductor, magnetic, or optical, or transmitted using any communications technology, present or future, including but not limited to optical, infrared, or microwave. It is contemplated that such a computer program product may be distributed as a removable medium with accompanying printed or electronic documentation, for example, shrink-wrapped software, pre-loaded with a computer system, for example, on a system ROM or fixed disk, or distributed from a server or electronic bulletin board over a network, for example, the Internet or World Wide Web.
A number of preferred embodiments of the present invention will now be described by way of example only and with reference to the accompanying drawings, in which: Figure l shows schematically a communications terminal of a communications system; and Figure 2 shows schematically the operation of the communications terminal of Figure l in accordance with the present invention.
Figure l shows schematically a communications terminal l that is equipped with a separate, removable encryption (cryptographic) module 3, and that can be used in accordance with the present invention.
The communications terminal l includes a radio antenna 8, a radio receiver and transmitter 7, a processing unit 5, and a rotary control 9, for, for example, selecting the communications correspondent (e.g. call group) that is to be communicated with, in addition to the encryption module 3. The communications terminal l also includes an internal memory 4 that can
be used to store data relevant to the operation of the communications terminal l. In the present embodiment, as will be explained further below, the memory 4 is also used, in accordance with the present invention, to store sealed copies of encryption keys that have been or may need to be used by the encryption module 3. These keys are stored in a sealed form, together with an identifier for allowing the communications terminal l and the encryption module 3 to identify the stored key, and any other information, such as an initialization vector, necessary to unseal the stored key (apart from the secret unsealing key that will remain, as is known in the art, stored only in the encryption module 3).
In this embodiment, the encryption module 3 takes the form of a smart card that is inserted into the standard SIM socket 2 of the communications terminal 1.
The encryption module 3 is therefore outside the body the communications terminal l, but is protected by the communications terminal's battery. It communicates with the radio terminal's internal processing unit 5 using a serial link 6 connected to the SIM socket 2.
The encryption (cryptographic) module 3 is self- contained, in that it can operate both to unseal sealed encryption keys, and then use those keys internally to itself to encrypt and decrypt communications of the communications terminal 1.
In this embodiment, the encryption module 3 has space to store three encryption keys (cryptographic keys) securely inside itself. These keys are the current "traffic key" (i.e. the key that is to be used for the current communications of the communications terminal l), a key for OTAR messages, and a key unsealing key to be used to unseal sealed encryption keys that are received, e.g., via OTAR messages. The key unsealing key is installed locally for security purposes, but the other encryption keys may be delivered to the encryption module 3 by OTAR signalling.
As discussed above, a drawback of this form of encryption module arrangement is that because the encryption module 3 can only store a single traffic key, if the communications terminal l wishes to communicate with a different group of users that uses a different encryption key (e.g. to provide isolation from other users), the encryption module 3 must obtain a new traffic key before it can begin that communication. The encryption module 3 must therefore request a new traffic key for the new user group via OTAR signalling. This can naturally lead to communications delays and an OTAR signalling overhead. Without the present invention, such signalling and obtaining of a new traffic key would have take place every time the user switched to a new communications correspondent that required a new traffic key. However, as will be explained below, the present invention helps to alleviate this situation, and thereby reduce the amount of additional OTAR signalling, etc., that is required when a user switches communications correspondents.
In the present embodiment, as discussed above, in accordance with the present invention, sealed copies of encryption keys that have been delivered to the communications terminal l are stored in the internal memory 4 of the communications terminal 1. This means that when a new traffic encryption key is required by the encryption module 3, the encryption module 3 can first look to retrieve that key from the memory 4 of the communications terminal 1. In this way, when the new key is needed, there may be no need to request a new key to be transmitted by OTAR from the communications system, rather the sealed copy stored in the communications terminal l can be used instead. (It will be appreciated that even with this operation of the present invention, it may still be necessary for the communications terminal l to request new keys by OTAR signalling where the required keys are not already stored in the memory 4 of the communications terminal 1.
However, the extent of such OTAR signalling should be reduced by virtue of the fact that some, even if not all, of the necessary encryption keys will be stored in the communications terminal 1.) The encryption module 3 also maintains a record of the keys that are stored in the memory 4 of the communications terminal 1. In the present embodiment, this record is in the form of a table of key numbers against correspondent addresses (or, where appropriate, a set of key numbers (e.g. past, present and future) per correspondent address)), together with an identifier to be used by the communications terminal 1 and the encryption module 3 for identifying the key in question.
A default key storage identifier "0" is used if there is no key for that correspondent address stored in the memory 4 of the communications terminal 1. This table is itself stored in the memory 4 of the communications terminal 1, so as to again reduce the storage requirements of the encryption module 3.
An example of the operation of the communications terminal of Figure 1, showing how encryption keys may be stored and retrieved from the memory 4 of the communications terminal 1 for use by the encryption module 3 will now be described with reference to Figure 2.
Figure 2 shows the operations at each stage of the process of the encryption module 3, the radio terminal 1, the radio infrastructure of the communications system, and of the key management unit of the radio system infrastructure. It will be assumed that at the beginning of this operation, the user of the communications terminal 1 wishes to communicate with and receive messages from call group 1 (step 20 of Figure 2).
Once call group 1 has been selected, the communications terminal 1 informs the encryption module 3 that call group 1 has been selected and also that it does not possess a stored sealed key for that call group (for the purpose of this example it is assumed that the communications terminal l does not store the correct key for call group l) (step 21).
The smart card (encryption module) 3 accordingly prepares and passes to the radio terminal l an encrypted OTAR message requesting provision of the traffic encryption key for call group l (step 22), which OTAR request is then transmitted by the radio terminal l to the radio infrastructure (step 23), and then delivered by the radio infrastructure to the key management unit (step 24).
Upon receipt of the OTAR request message, the key management unit seals the requested key, places it in an encrypted OTAR message, and sends an OTAR message containing the sealed key to the radio infrastructure (step 25). The radio infrastructure then sends the encrypted OTAR key delivery message to the radio terminal (step 26), and the radio terminal delivers the encrypted OTAR key delivery message to the encryption module 3 (step 27).
Upon receipt of the OTAR key delivery message, the encryption module 3 decrypts the OTAR key delivery message, unseals the traffic key included in the message using the key unsealing key that is stored by the encryption module 3, checks the integrity of the received traffic key, and if it finds the traffic key to be valid, stores that key internally for use for message encryption and decryption of the communications with the call group l (replacing any previous traffic key that encryption module had stored) (step 28). (If the encryption module 3 finds the received traffic key to be invalid, the sequence of OTAR messages requesting that key will be repeated until a valid key is received).
In accordance with the present invention, the encryption module 3 also sends the sealed version of the traffic key for call group l that it received in the OTAR key delivery message, together with any necessary unsealing information (such as an initialization vector, identity of the unsealing key, etc., (but not the unsealing key itself)), and an identity tag for the key, to the communications terminal l (step 29), together with an instruction to the communications terminal l to store that sealed key and additional information in its memory 4. The communications terminal l then stores the sealed key and sealing information and identity tag in its internal memory 4 (step 30).
Thus it can be seen that, in effect, upon receipt of the OTAR message, the communications terminal l sends the OTAR message directly to the encryption module 3, and the encryption module then extracts the sealed key or keys and tests their integrity. If it finds the key or keys to be valid, the encryption module then sends the original sealed key or keys (without the rest of the OTAR message) back to the communications terminal for storage, together with an identifier and any other information, such as an initialization vector, necessary to unseal the stored sealed key (apart from the secret unsealing key).
Encrypted communications with the call group l can then proceed, using the unsealed traffic key stored in the encryption module 3. Thus, for example, the communications terminal l will receive an encrypted message from the radio infrastructure (this could be a portion of speech or some other data message, for example) (step 31), which encrypted message will then be sent to the encryption module 3 (step 32). The encryption module 3 will then decrypt the message using its internally stored unsealed key for call group l (step 33) and send the decrypted speech or data, etc., back to the communications terminal for broadcast or display or storage, etc. (step 34).
It will be assumed that the user of the communications terminal l now wishes to communicate with call group 2 (step 35). The communications terminal l accordingly informs the encryption module 3 that call group 2 has now been selected, but that it does not possess a stored key for call group 2 (step 36)(it is again assumed for the purposes of this example that the communications terminal l does not have stored already an encryption key for call group 2).
The encryption module accordingly prepares and passes to the communications terminal l, an encrypted OTAR message requesting provision of the traffic key for call group 2 (step 37). This message is accordingly transmitted via the radio terminal and the radio infrastructure to the key management unit, which key management unit then seals the requested key, places it in an encrypted OTAR message and sends the OTAR message to the radio terminal l via the radio infrastructure, as before (steps 38, 39, 40 and 41).
The communications terminal l then delivers the encrypted OTAR key delivery message to the encryption module 3 (step 42), and, as before, the encryption module 3 decrypts the OTAR key delivery message, unseals and checks the integrity of the new traffic key, and if valid, stores it internally for message encryption and decryption, in this case replacing the traffic key for call group l that it currently has stored (step 43).
The encryption module 3 then again sends the sealed version of the traffic encryption key for call group 2, together with any necessary unsealing information and an identity tag to the communications terminal l for storage in the internal memory 4 of the communications terminal l (step 44). The communications terminal l accordingly stores the sealed key, unsealing information and an identity tag in its internal memory 4 (step 45).
Communications with call group 2 can then proceed.
It is then assumed that the user of the communications terminal l selects group l again (step 46). In response to the selection of group l, the communications terminal l examines the identity tags in its store of sealed keys in its internal memory 4, and in this case will find that it has stored a sealed traffic key for call group l (step 46).
The communications terminal l accordingly informs the encryption module 3 that call group l has now been selected, and provides in addition the sealed traffic key for call group l plus the stored unsealing information from its internal memory 4 (step 47).
The encryption module 3 then unseals the traffic key for group l that it received from the communications terminal, checks its integrity, and, if it is found to be valid, replaces the previously internally stored group 2 traffic key with the traffic key for group l (step 48). The communications terminal l and encryption module 3 are now ready to send and receive group l messages.
In the above embodiment, encryption keys are stored in the local memory 4 of the communications terminal l as they are received for the first time in use.
However, it would alternatively be possible for all keys to be delivered to the communications terminal (and hence the encryption module 3) by OTAR signalling or local connection at one time (e.g. when the encryption module 3 is first installed within the communications terminal l), and then appropriately stored in the memory 4 of the communications terminal 1. This would avoid any delay in signalling overhead when a call group is selected for the first time by a user radio of the communications terminal 1.
As can be seen from the above, the present invention can be used to avoid the need for a new traffic key to be delivered by OTAR signalling every time the user switches call groups. In particular, once the communications terminal has stored the sealed key for a particular call group, communications with that call group can be established more rapidly, and without the need for OTAR signalling, by virtue of the communications terminal providing the stored sealed key to the encryption module. This allows an encryption module with limited internal key storage space to be prepared rapidly for transmitting and receiving messages for a particular call group, without the need for a large OTAR signalling overhead.
The present invention also facilitates the radio infrastructure sending keys to many terminals at once (e.g. in a group-addressed fashion), since more keys can be stored by each terminal. This avoids, e.g., having to send an individually addressed key each time a radio terminal needs to change key (e.g. because it changes call group), and can thereby again reduce the OTAR signalling overhead.
Thus the present invention, in its preferred embodiments at least, provides a method of reducing the quantity of over the air rekeying messages for an encryption unit.
This is achieved by storing in the communications terminal copies of sealed keys that have been delivered to the encryption module. Then, when the encryption module needs to obtain a new key (e.g., because of a key change, because the selected call address has been changed by the user, or because a message arrives from an unselected address, because a call or message is received that requires the use of a key not currently available inside the encryption module 3, because the encryption module 3 receives an OTAR message instructing it to change to a future key which has already been delivered to the communications terminal l, because the communications terminal receives a call from a correspondent using an old version of a key, or because the communications terminal has received an encrypted data message, such as an SDS or SMS message that needs to be decrypted with a special key (an OTAR message would be an example of this, etc.), the communications terminal does not need to request the new keys to be transmitted by OTAR from the radio system infrastructure a second time, but rather can obtain the sealed copy of the key stored in the communications terminal.

Claims (26)

1. An encryption module for a communications terminal of a communications system, the encryption module comprising: means for performing encryption and decryption of communications to be made or received by the communications terminal; means for storing encryption keys, including an unsealing encryption key to be used to unseal sealed encryption keys received by the communications terminal; means for using the stored unsealing encryption key to unseal encryption keys; and means for receiving from the communications terminal a sealed key that has been stored in a memory unit of the communications terminal that is external to the encryption module and for using that key to encrypt or decrypt communications of the communications terminal.
2. A communications terminal of a communications system, comprising: an encryption module for unsealing sealed keys received by the communications terminal and for encrypting and decrypting communications of the communications terminal; the communications terminal further comprising: means for storing in a memory of the communications terminal that is external to the encryption module a sealed encryption key or keys; and the encryption module further comprising: means for receiving from the communications terminal a sealed key or keys that is stored in the memory of the communications terminal and using that key or keys to encrypt or decrypt communications of the communications terminal.
3. The encryption module of claim l or the communications terminal of claim 2, wherein the encryption module can store two or three keys, a key unsealing key, a current traffic key and/or a key for OTAR messages.
4. The encryption module or communications terminal of any one of the preceding claims, wherein the encryption keys are provided to the encryption module over the air.
5. The encryption module or communications terminal of any one of the preceding claims, wherein the encryption module includes means for storing in the memory of the communications terminal that is external to the encryption module an encryption key in a sealed form.
6. The encryption module or communications terminal of any one of the preceding claims, where each stored key is associated with an identifier for that key.
7. The encryption module or communications terminal of any one of the preceding claims, wherein the encryption module includes means for maintaining a record of the encryption keys that it has received and that are stored in the memory of the communications terminal.
8. The encryption module or communications terminal of claim 7, wherein the encryption key record is stored in a memory of the communications terminal.
9. The encryption module or communications terminal of any one of the preceding claims, wherein the encryption module is in the form of a smart card for installation in the SIM card socket of a communications terminal.
10. The communications terminal of any one of the preceding claims, wherein: the encryption module and/or communications terminal comprises: means for when a different encryption key is required for use to encrypt or decrypt communications of the communications terminal, determining whether the communications terminal stores the new key; the encryption module comprises: means for, if it is determined that the communications terminal stores the new key, receiving that key from the communications terminal and using it to encrypt or decrypt communications of the communications terminal; and the communications terminal and/or the encryption module comprises: means for, if it is determined that the communications terminal does not store the new key, requesting the new key from the communications system infrastructure.
11. A communications terminal, comprising: an encryption module for encrypting or decrypting communications of the communications terminal; and wherein: the encryption module and/or communications terminal comprises: means for when a different encryption key is required for use to encrypt or decrypt communications of the communications terminal, determining whether the communications terminal stores the new key; the encryption module comprises: means for, if it is determined that the communications terminal stores the new key, receiving that key from the communications terminal and using it to encrypt or decrypt communications of the communications terminal; and the communications terminal and/or the encryption module comprises: means for, if it is determined that the communications terminal does not store the new key, requesting the new key from the communications system infrastructure.
12. A method of operating an encryption module for performing encryption and decryption of communications to be made or received by a communications terminal, the method comprising; storing in the encryption module, encryption keys, including an unsealing encryption key to be used to unseal sealed encryption keys received by the communications terminal; the encryption module using the stored unsealing encryption key to unseal encryption keys; and the encryption module receiving from a communications terminal a sealed key that has been stored in a memory unit of the communications terminal that is external to the encryption module and using that key to encrypt or decrypt communications of the communications terminal.
13. A method of operating a communications terminal of a communications system that includes an encryption module for unsealing sealed keys received by the communications terminal and for encrypting and decrypting communications of the communications terminal, the method comprising: storing in a memory of the communications terminal that is external to the encryption module a sealed encryption key or keys; and the encryption module receiving from the communications terminal a sealed key or keys that is stored in the memory of the communications terminal and using that key or keys to encrypt or decrypt communications of the communications terminal.
14. The method of claim 12 or 13, comprising storing in the encryption module two or three keys, a key unsealing key, a current traffic key and/or a key for OTAR messages.
15. The method of claim 12, 13, or 14, comprising providing the encryption keys to the encryption module over the air. l5
16. The method of any one of claims 12 to 15, comprising the encryption module storing in the memory of the communications terminal that is external to the encryption module an encryption key in a sealed form.
17. The method of any one of claims 12 to 16, comprising associating each stored key with an identifier for that key.
18. The method of any one of claims 12 to 17, comprising the encryption module maintaining a record of the encryption keys that it has received and that are stored in the memory of the communications terminal.
19. The method of claim 18, comprising storing the encryption key record in a memory of the communications terminal.
20. The method of any one of claims 12 to 19, comprising: when a different encryption key is required for use to encrypt or decrypt communications of the communications terminal, the encryption module or communications terminal determining whether the communications terminal stores the new key; the encryption module, if it is determined that the communications terminal stores the new key, receiving that key from the communications terminal and using it to encrypt or decrypt communications of the communications terminal; or if it is determined that the communications terminal does not store the new key, the communications terminal or the encryption module requesting the new key from the communications system infrastructure.
21. A method of operating a communications terminal that includes an encryption module for encrypting or decrypting communications of the communications terminal, the method comprising: when a different encryption key is required for use to encrypt or decrypt communications of the communications terminal, the encryption module or the communications terminal determining whether the communications terminal stores the new key; the encryption module, if it is determined that the communications terminal stores the new key, receiving that key from the communications terminal and using it to encrypt or decrypt communications of the communications terminal; or if it is determined that the communications terminal does not store the new key, the communications terminal or encryption module requesting the new key from the communications system infrastructure.
22. A computer program element comprising computer software code portions for performing the method of any one of claims 12 to 21 when the program element is run on data processing means.
23. An encryption module substantially as hereinbefore described with reference to any one of the accompanying drawings.
24. A communications terminal substantially as hereinbefore described with reference to any one of the accompanying drawings.
25. A method of operating an encryption module substantially as hereinbefore described with reference to any one of the accompanying drawings.
26. A method of operating a communications terminal substantially as hereinbefore described with reference to any one of the accompanying drawings.
GB0516646A 2004-08-12 2005-08-12 Encryption in communications systems Expired - Fee Related GB2417173B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GBGB0418024.6A GB0418024D0 (en) 2004-08-12 2004-08-12 Encryption in communication systems

Publications (3)

Publication Number Publication Date
GB0516646D0 GB0516646D0 (en) 2005-09-21
GB2417173A true GB2417173A (en) 2006-02-15
GB2417173B GB2417173B (en) 2007-05-23

Family

ID=33017417

Family Applications (2)

Application Number Title Priority Date Filing Date
GBGB0418024.6A Ceased GB0418024D0 (en) 2004-08-12 2004-08-12 Encryption in communication systems
GB0516646A Expired - Fee Related GB2417173B (en) 2004-08-12 2005-08-12 Encryption in communications systems

Family Applications Before (1)

Application Number Title Priority Date Filing Date
GBGB0418024.6A Ceased GB0418024D0 (en) 2004-08-12 2004-08-12 Encryption in communication systems

Country Status (3)

Country Link
EP (1) EP1779585A1 (en)
GB (2) GB0418024D0 (en)
WO (1) WO2006016181A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009142785A2 (en) * 2008-02-13 2009-11-26 Motorola, Inc. Method to allow secure communications among communication units

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE602006004699D1 (en) * 2006-04-04 2009-02-26 Research In Motion Ltd Method and apparatus for updating the cryptographic keys in a mobile communication device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6160890A (en) * 1996-10-31 2000-12-12 Matsushita Electric Industrial Co., Ltd. Secret key transfer method which is highly secure and can restrict the damage caused when the secret key is leaked or decoded
SE515224C2 (en) * 1999-06-18 2001-07-02 Sectra Comm Ab Mobile or cordless phone with device for encrypting or decrypting speech and data, can store and transmit encryption keys via short range link
GB2388282A (en) * 2002-05-03 2003-11-05 Motorola Inc Secure communication between mobile terminals using private public key pairs stored on contactless smartcards
US20030236983A1 (en) * 2002-06-21 2003-12-25 Mihm Thomas J. Secure data transfer in mobile terminals and methods therefor

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5832086A (en) * 1995-09-27 1998-11-03 Motorola, Inc. Method for updating a communication unit parameter in a wireless communication system
WO2001031837A1 (en) * 1999-10-22 2001-05-03 Motorola Inc. Communication protocol for secure communications systems
US7123719B2 (en) * 2001-02-16 2006-10-17 Motorola, Inc. Method and apparatus for providing authentication in a communication system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6160890A (en) * 1996-10-31 2000-12-12 Matsushita Electric Industrial Co., Ltd. Secret key transfer method which is highly secure and can restrict the damage caused when the secret key is leaked or decoded
SE515224C2 (en) * 1999-06-18 2001-07-02 Sectra Comm Ab Mobile or cordless phone with device for encrypting or decrypting speech and data, can store and transmit encryption keys via short range link
GB2388282A (en) * 2002-05-03 2003-11-05 Motorola Inc Secure communication between mobile terminals using private public key pairs stored on contactless smartcards
US20030236983A1 (en) * 2002-06-21 2003-12-25 Mihm Thomas J. Secure data transfer in mobile terminals and methods therefor

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009142785A2 (en) * 2008-02-13 2009-11-26 Motorola, Inc. Method to allow secure communications among communication units
US20100031038A1 (en) * 2008-02-13 2010-02-04 Motorola, Inc. Method to allow secure communications among communication units
WO2009142785A3 (en) * 2008-02-13 2010-03-04 Motorola, Inc. Method to allow secure communications among communication units
US8422680B2 (en) * 2008-02-13 2013-04-16 Motorola Solutions, Inc. Method for validating encrypted communications via selection and comparison of source transmitter and destination receiver associated encryption keys

Also Published As

Publication number Publication date
WO2006016181A1 (en) 2006-02-16
EP1779585A1 (en) 2007-05-02
GB2417173B (en) 2007-05-23
GB0418024D0 (en) 2004-09-15
GB0516646D0 (en) 2005-09-21

Similar Documents

Publication Publication Date Title
KR100380125B1 (en) Encryption and decryption method and apparatus
CN1592307B (en) System and method for distributing data
CN101667240B (en) Intelligent card and card writing method, equipment and system thereof
JP4816161B2 (en) Wireless communication apparatus, MAC address management system, wireless communication method, and wireless communication program
US20060136898A1 (en) Method of providing patches for software
EP2249510A1 (en) Key management server, terminal, key sharing system, key distribution program, key reception program, key distribution method, and key reception method
EP1894145B1 (en) Method and device for increased rfid transmission security
US20070015589A1 (en) Communication card, confidential information processing system, and confidential information transfer method and program
US20070112680A1 (en) System and method for processing digital media content in a mobile device
KR19990045057A (en) Encryption information access method, decryption module and communication system
US9349018B1 (en) Preventing content data leak on mobile devices
CN101223798B (en) Retrospective implementation of SIM capabilities in a security module
CN106685981B (en) Multi-system data encryption transmission method and device
EP1495576A1 (en) System and method for key distribution and network connectivity
CN108848413B (en) System, method and device for preventing video from replay attack and storage medium
CN101171860B (en) Security method and device for managing access to multimedia contents
CN112883388A (en) File encryption method and device, storage medium and electronic device
EP1376924B1 (en) End-to-end encryption key management in a mobile communications system
JP2001103045A (en) Storage device for backing up cryptographic key
JPH0637750A (en) Information transfer system
EP1310115A1 (en) Short data messages in mobile communications systems
KR20070089027A (en) Method and system for protecting broadcasting service/content, encryption key and message generation method thereof
CN101369296A (en) Method and system for implementing off-line printing limitation
GB2417173A (en) Encryption in communications systems
CN114844860B (en) WeChat enterprise signal processing method, device, equipment and medium

Legal Events

Date Code Title Description
PCNP Patent ceased through non-payment of renewal fee

Effective date: 20100812