JP4875679B2 - Method and device for establishing security associations and performing handoff authentication in a communication system - Google Patents

Description

[priority]
This application includes US Provisional Patent Application No. 60 / 969,773, filed Sep. 4, 2007, US Provisional Patent Application No. 60 / 981,767, filed Oct. 22, 2007, and 2007. Which claims the benefit of priority of US Provisional Patent Application No. 60 / 985,538, filed November 5, 2005, all of which are hereby incorporated by reference in their entirety for all purposes. Is taken in as.

[Technical field]
The present disclosure relates to the field of communications, and more particularly to systems and methods for establishing security associations and performing handoff authentication in a communication system.

  In a typical wireless network environment, the portable electronic device is connected to a service provider. More specifically, in a WiMAX (Worldwide Interoperability for Microwave Access) network environment, a client device is connected to, for example, the Internet via an intermediate connection. WiMAX is a wireless network technology that allows wireless devices to communicate over considerable distances. However, delays in authentication and re-authentication can reduce the speed of communication with client devices and reduce the efficiency of the WiMAX environment.

  FIG. 1 is a block diagram of an exemplary prior art wireless communication system for use in an IEEE 802.16d / 802.16e WiMAX wireless communication system. At least one connectivity service network (CSN) 102 is provided access to the Internet 100 by at least one authentication, authorization, and accounting (AAA) server 104. CSN 102 is connected to gateways (GWs) 106 and 108. Gateways 106 and 108 are typically connected to several base stations (BS) 110-115, the number of such BSs depending on the network demand of a given area, but only to a single base station Sometimes connected. Although only two gateways 106 and 108 are shown, there may be more or fewer gateways depending on the number of base stations required.

  Although FIG. 1 shows six base stations as an exemplary WiMAX environment, more or fewer base stations are provided depending on the number of available gateways and network demands in the WiMAX environment. Also good. Base stations, eg, base station 110 and base station 114, communicate with one or more client devices. Client devices are mobile stations (MS), for example, mobile stations 120, 122 and 124 for which the base station provides wireless network services, and eg subscriber stations 126 and 128, for which the base stations provide wired or wireless network services. Subscriber stations (SS). Several client device network requirements are satisfied by a single base station, and a single base station can satisfy both mobile station and subscriber station network requirements.

  In a typical WiMAX environment as shown in FIG. 1, every time a mobile station 120 is first serviced to a gateway, eg, gateway 106, via an associated base station, eg, base station 110, the mobile It is required to authenticate the station 120. After such authentication, as long as the mobile station 120 is moving in an area where continuous service by the original authentication gateway is possible, no further gateway authentication is required. However, if the mobile station 120 moves to an area served by a different gateway, eg, the gateway 108, the mobile station 120 is handed over to the different gateway, so that as part of the handoff process before service is provided A different gateway needs to re-authenticate the mobile station 120. Once the client device is authenticated or re-authenticated, a security association or sharing of security information between two network entities, eg, mobile station 120 and base station 110, is established, and communication between the two entities is secure Is ensured.

  Authentication protocol standards were created to standardize advanced authentication technologies. These standardized protocols include, for example, IEEE 802.1X authentication, global system for mobile communications (GSM) subscriber identity, extensible authentication protocol (EAP) method (EAP-SIM) and universal mobile telephony. Communication system (UMTS) authentication and key agreement extended authentication protocol method (EAP-AKA) and / or a combination of extended authentication protocol (EAP) and remote authentication dial-in user service (RADIUS) protocol may be included. In addition, standardized handshake protocols such as security association and traffic encryption key (SA-TEK) three-way handshake, and security association signaling protocols such as traffic encryption key (TEK) three-way handshake are Can be used to establish security associations.

  In an IEEE 802.16d / 802.16e WiMAX wireless communication system, these standardization techniques are performed between a base station and a mobile station. Each standardized authentication technique requires multiplex transmission, which requires authentication time and processing overhead.

  FIG. 2 is an exemplary prior art authentication and authorization signaling diagram in an IEEE 802.16d and 802.16e WiMAX wireless communication system. The initialization process 200 ensures that a mobile station requesting network services is allowed access to the network and provides a secure association between the mobile station and the base station for secure message transmission. Used to make For example, the initialization process 200 provides a security association with the mobile station 120 immediately after moving within the range of the base station 110 and then moving within the range of the base station 111. Used for.

  In the first step of the initialization process 200, the mobile station 120 includes, for example, a link up including a signaling message, eg, a ranging request 202 and a signaling message, eg, a ranging response 204. ) Wireless connection to the base station 111 by the process. The mobile station 120 then needs to perform a multi-step authentication process, such as IEEE 802.1X full authentication 206, with the AAA server 104 via the gateway 106. Then, the AAA server 104 calculates a master session key (MSK) (not shown) of the mobile station 120 and then forwards the MSK to the gateway 106, which stores the MSK in its cache. . For example, as a result of authentication by the EAP method or other authentication methods, the transfer of the MSK known to the AAA server 104, the gateway 106, and the mobile station 120 is performed. The gateway 106 generates a pair-wise master key 210 and an authentication key (AK) 212 for the mobile station 120 and forwards the AK 212 to the base station 111.

  The mobile station 120 can independently hold and store the MSK in its memory and can also generate the AK 212. Subsequently, the base station 111 executes the SA-TEK three-way handshake procedure 214 to confirm that the AK held in the mobile station 120 is the same AK 212 held in the base station 111. To do. By using the AK 212 that is commonly held by the base station 111 and the mobile station 120, both the base station 111 and the mobile station 120, for example, have a common message authentication code key (MACK) 215 that identifies the mobile station 120. And a verification key, such as a common key encryption key (KEK) 218, respectively. The MACK 215 can identify an authenticated message generated by the mobile station 120 and the base station 111. The KEK 218 can protect the traffic key delivery from the base station 111 to the mobile station 120. The base station 111 and the mobile station 120 can authenticate each other by performing the SA-TEK three-way handshake procedure 214 using the MACK 215. When the SA-TEK three-way handshake procedure 214 is successfully completed, the base station 111 generates a traffic key, such as a traffic encryption key (TEK) 220, and then uses the KEK 218 to generate the TEK. A three-way handshake procedure 216 can be performed to establish a security association with the mobile station 120. TEK 220 is typically randomly generated by base station 111 to encrypt data transmitted between mobile station 120 and base station 111 after mobile station 120 is authenticated and allowed access to the network. Used. The SA-TEK three-way handshake 214 and the TEK three-way handshake 216 are well known in the art and will not be discussed further.

  In the initialization process 200 used in the IEEE 802.16d and 802.16e WiMAX wireless communication systems as shown in FIG. 2, the base station 111 and the mobile station 120 all have the same TEK 220, KEK 218, MACK 215, and AK 212. Therefore, the base station 111 controls whether data transmission is performed on the channel between the base station 111 and the mobile station 120. TEK is used between the mobile station and the base station after the mobile station establishes a security association with the base station, or in other words, after the mobile station is allowed to communicate over the network. Thus, encrypted data transmission is performed.

  Referring again to FIG. 1, in operation, as the network signal moves from the gateway 106 or gateway 108 to the base stations 110-115 and to the client devices 120, 122, 124, 126, and 128, the signal strength and transmission quality is May decrease. In addition, as the mobile station moves further away from its serving base station, the signal and transmission quality decreases. Signal quality and coverage may be affected by factors such as physical structure, signal interference, weather and transmission conditions and format. Thus, coverage gaps or holes may exist, and users may be restricted or unable to access network in those areas.

  One solution to avoid or reduce the coverage gap is to provide more base stations, but this solution is costly. Alternatively, the network avoids coverage gaps by utilizing relay stations (RS), eg, implementing the multi-hop relaying (MR) concept shown in IEEE 802.16j. Or it may be reduced and / or its network coverage may be expanded. Usually, the base stations communicate with these relay stations, which augment and relay signals to and from the mobile station and base station, but otherwise authentication and / or Not involved in establishing security associations.

  FIG. 3 is a block diagram of an exemplary prior art wireless communication system for use in an IEEE 802.16j WiMAX wireless communication system having an MR architecture. Similar to the IEEE 802.16d and 802.16e WiMAX wireless communication systems, access to the Internet 100 is achieved by at least one AAA server, eg, AAA server 104, via at least one gateway, eg, gateway 106. Is done. For convenience, the Internet 100, CSN 102, AAA server 104 and gateway 106 are referred to as a core network 300. Network 300, specifically gateway 106, communicates with base stations 310-313 primarily over wired connections.

  Although four base stations 310-313 are shown in FIG. 3, more or fewer base stations may be provided. A base station, eg, base station 310, can communicate directly with one or more mobile stations, eg, mobile station 320, via wireless transmission. Base stations, eg, base station 311 and base station 312, can communicate indirectly with one or more mobile stations, eg, mobile stations 322, 324, and 326. A base station typically communicates with one or more relay stations, eg, relay stations 328, 330, and 332, by wireless transmission, but they can also communicate over a wired connection. Relay stations 328, 330, and 332 augment and relay signals to / from mobile station 322 via wireless transmission. As shown, relay stations 328, 330, and 332 are fixed relay stations. However, the base station can also communicate with a mobile relay station (MRS), for example a mobile relay station 334. A mobile relay station, for example on a train, an airplane or a car, can provide its passengers with mobile stations with mobile network access to different base stations and / or relay stations according to the movement of the mobile relay station . As shown in FIG. 3, mobile relay station 334 provides wireless services to mobile stations 324 and 326, but a network request of only one mobile station or several mobile stations is a single mobile relay station. Can be satisfied by. Although not shown, a base station, eg, base stations 310-313, can also communicate with one or more subscriber stations. The network requirements of several client devices can be met by a single base station, either directly or via one or more relay stations. Relay stations 328, 330, and 332 may also provide wireless services to additional relay stations, additional mobile relay stations, and / or additional mobile stations.

  In some applications, the use of relay stations increases the need for station-to-station (base / relay) handoffs and for each relay station (including mobile relay stations). Due to the limited coverage area, such handoff processing overhead may be required to increase. In addition, when secure communication is involved, the handoff process from one base / relay station to another base / relay station requires additional overhead, reducing the efficiency, bandwidth or quality of the communication connection. obtain.

  The disclosed embodiments are directed to overcoming one or more of the problems as set forth above.

  In one aspect, the present disclosure relates to a method for providing secure communication between a base station, a relay station, and a mobile station in a communication network. In the method, the relay station receives an unsolicited security key from the base station, and the relay station receives a signaling message from the mobile station. In this method, the relay station authenticates the mobile station using the security key.

  In another aspect, the present disclosure relates to a method for providing secure communication between a base station, a relay station, and a mobile station in a communication network. In the method, the relay station receives a signaling message from the mobile station, and the relay station transmits a security key request to the base station after receiving the signaling message. Further, in this method, the relay station receives a security key from the base station corresponding to the security key request sent earlier, and the relay station authenticates the mobile station using the received security key.

  In another aspect, the present disclosure is directed to a method for providing secure communication between a target base station, a mobile relay station, and at least one mobile station in a communication network. In the method, a mobile relay station transmits a signaling message to a target base station, the signaling message including a message authentication code (MAC) corresponding to at least one mobile station. In the method, the mobile relay station receives a responsive signaling message from the target base station, and the mobile relay station receives at least one security corresponding to at least one mobile station from the target base station. Receive key. Furthermore, in this method, the mobile relay station authenticates at least one mobile station using a corresponding security key.

  In yet another aspect, the present disclosure relates to a relay station for providing secure communication in a communication network. The relay station includes at least one storage device that stores data and instructions and at least one processor configured to access the storage device. At least one processor is configured to authenticate the mobile station using an unsolicited security key received from the base station in response to a signaling message received from the mobile station when executing the instructions.

  In another aspect, the present disclosure is directed to a relay station for providing secure communication in a communication network. The relay station includes at least one storage device that stores data and instructions and at least one processor configured to access the storage device. When at least one processor executes the instruction, it receives a signaling message from the mobile station, then transmits a security key request to the base station and receives from the base station in response to the previously transmitted security key request. The mobile station is configured to authenticate using the security key.

  In yet another aspect, the present disclosure relates to a base station for providing secure communication in a communication network. The base station includes at least one storage device that stores data and instructions, and at least one processor configured to access the storage device. When the at least one processor executes the instructions, an unsolicited authentication key (AK) received from the authentication, authorization, and accounting server in response to an indication that the mobile station has entered the coverage area of the base station Is configured to generate a transmission to the relay station.

  In yet another aspect, the present disclosure relates to a base station for providing secure communication in a communication network. The base station includes at least one storage device that stores data and instructions, and at least one processor configured to access the storage device. The at least one processor is configured to generate a transmission of the security key to the relay station in response to the security key request received from the relay station when executing the instructions.

  In yet another aspect, the present disclosure is directed to a system that provides secure communication. The system is configured to provide access to a communication network, authenticate a mobile station on the network, receive at least one security key, and pre-distribute at least one security key Includes base stations. The system further includes a relay station that communicates with the base station to receive the pre-distributed at least one unsolicited security key and to provide secure data transmission to the mobile station authenticated using the security key. Including. The security key includes at least one of an authentication key (AK) and a verification key.

  In another aspect, the present disclosure is directed to a system that provides secure communication. The system provides access to a communication network, authenticates a mobile station on the network, receives at least one security key, receives at least one security key request, and at least one in response to the security key request. Including a base station configured to transmit one security key. The system further communicates with the base station, transmits at least one security key request to the base station, receives at least one security key from the base station in response to the security key request, and uses the security key. Includes a relay station that provides secure data transmission to the mobile station. The security key includes at least one of an authentication key (AK) and a verification key.

  In another aspect, the present disclosure relates to a method for providing secure communication between a base station, a relay station, and a mobile station in a communication network. In this method, after receiving a key request from a relay station, key distribution is performed, a verification key corresponding to the mobile station is distributed to the relay station, and the relay station performs key verification to identify the mobile station .

  In another aspect, the present disclosure relates to a method for providing secure communication between a base station, a relay station, and a mobile station in a communication network. In this method, key pre-distribution is performed to distribute an unsolicited verification key corresponding to the mobile station to the relay station, and the relay station performs key verification to identify the mobile station.

  In yet another aspect, the present disclosure relates to a method for providing secure communication between a base station, a relay station, and a mobile station in a communication network. In the method, the relay station performs key verification to identify the mobile station, and the mobile station performs key verification to identify the relay station.

[Brief description of drawings]
FIG. 1 is a block diagram of an exemplary prior art wireless communication system for use in an IEEE 802.16d / 802.16e WiMAX wireless communication system.

  FIG. 2 is an exemplary prior art authentication and authorization signaling diagram in an IEEE 802.16d and 802.16e WiMAX wireless communication system.

  FIG. 3 is a block diagram of an exemplary prior art wireless communication system used in an IEEE 802.16j wireless communication system with a multi-hop relay architecture.

  FIG. 4 is a block diagram of an exemplary wireless communication system used in an IEEE 802.16j wireless communication system in which the selected relay station functions as an authenticator relay-relay station.

  FIG. 5A is a block diagram illustrating an exemplary structure of a base station.

  FIG. 5B is a block diagram illustrating an exemplary structure of a mobile station.

  FIG. 5C is a block diagram illustrating an exemplary structure of a relay station or mobile relay station.

  FIG. 6 is an exemplary authentication and authorization signaling diagram in an IEEE 802.16j wireless communication system in which a selected relay station functions as a relay station for authentication relay.

  FIG. 7 is a signaling diagram of an exemplary mobile station handoff between a current authentication relay relay station and a target authentication relay relay station connected to the same base station, where the target authentication relay relay station is currently You do not have the required authentication key.

  FIG. 8 is a signaling diagram of an exemplary mobile station handoff between a current authentication relay relay station and a target authentication relay relay station connected to the same base station, where the target authentication relay relay station is unsolicited. An authentication key is received by unsolicited key pre-distribution.

  FIG. 9 is a signaling diagram of an exemplary mobile station handoff between a current authentication relay relay station and a target authentication relay relay station connected to the same base station, where the target authentication relay relay station is on demand. (On-demand) An authentication key is received by key distribution.

  FIG. 10 is a signaling diagram of an exemplary mobile station handoff between a current authentication relay relay station and a target authentication relay relay station connected to the same base station, where the target authentication relay relay station is currently It has an authentication key corresponding to the mobile station that is being handed off.

  FIG. 11 is a signaling diagram of an exemplary mobile station handoff between a current authentication relay relay station and a target authentication relay relay station connected to the same base station, where the target authentication relay relay station is currently It has an authentication key AK corresponding to the mobile station that is handing off.

  FIG. 12 is a signaling diagram of an exemplary mobile station handoff between a current authentication relay relay station and a target authentication relay relay station connected to the same base station, where the target authentication relay relay station is currently It has an authentication key that is not compatible with the mobile station that is handing off.

  FIG. 13 is a signaling diagram of an exemplary mobile station handoff between a current authentication relay relay station and a target authentication relay relay station connected to the same base station, where the target authentication relay relay station is currently It has an authentication key that is not compatible with the mobile station that is handing off.

  FIG. 14 is a signaling diagram of an exemplary mobile station handoff between a current authentication relay relay station and a target authentication relay relay station connected to different base stations.

  FIG. 15 is a signaling diagram of an exemplary mobile relay station handoff between a current base station and a target base station.

  FIG. 16 is a signaling diagram of an exemplary mobile relay station handoff between the current base station and the target base station, where the target base station communicates with a different gateway and the mobile relay station receives the authentication key and moves It can function as a station authentication device (authenticator).

  FIG. 17 is a signaling diagram of an exemplary mobile relay station handoff between a current base station and a target base station, which are connected to the same gateway.

  FIG. 18 is a signaling diagram of an exemplary mobile relay station handoff between a current base station and a target base station, which are connected to the same gateway.

[Detailed description]
Embodiments of the present disclosure can provide the above-described security association in an IEEE 802.16j WiMAX wireless communication system or other wireless communication network system employing a relay station. By providing the relay station (RS) with the ability to establish a secure connection with the mobile station and provide the mobile station with access to the network, processing overhead can be significantly reduced. Specifically, by providing the relay station with security material corresponding to the mobile station seeking access to the network, the relay station can quickly secure with the mobile station when the mobile station is handed off. As well as establishing the association, the mobile station can be authenticated and authorized.

  FIG. 4 is a block diagram of an exemplary wireless communication system used in an IEEE 802.16j WiMAX wireless communication system in which the selected relay station functions as an authenticator relay-relay station (AR-RS). is there. In FIG. 4, base station 400 is connected to network 300 over a wire and communicates wirelessly with one or more relay stations 402 and 404 that augment the received signal and relay it to AR-RSs 406-409. As shown in FIG. 4, AR-RS 408 is a mobile relay station. After the relay stations 402 and 404, and the AR-RSs 406-409 are authenticated at their initialization to the network 300, the base station 400 selects selected relay stations within the coverage area of the base station 400, eg, the relay stations 402 and The relay key (RK) 410 is distributed to the 404 and the AR-RSs 406 to 409. The relay key (RK) 410 is used to provide data and signal protection, and data of communication channels between relay stations and / or between relay stations and base stations in the IEEE 802.16j network and / or Can be used to protect management messages. The network coverage area provided by base station 400, relay stations 402 and 404, and AR-RSs 406-409, which hold a common specific type of relay key 410, referred to as a security zone key, is a secure relay zone (SRZ). 412. In FIG. 4, a single mobile station 414 served by AR-RS 406 and two mobile stations 416 and 418 served by AR-RS 408 are shown, but the network requirements of several mobile stations are Can be satisfied by a single AR-RS. Furthermore, although only AR-RS 408 is shown as a mobile relay station, additional AR-RSs within SRZ 412 may be mobile relay stations.

  Each time the mobile station 414 is serviced by the base station 400 for the first time, the mobile station 414 needs to establish a security association with the network 300. As long as the mobile station 414 is moving within the SRZ 412, further security association establishment and authentication can be omitted. However, when the mobile station 414 moves to an area served by a different base station, the mobile station 414 is handed over to the different base station, so that the different base station establishes another security association with the mobile station 414. Depending on whether the different base stations are connected via the gateway 106, it may be necessary to authenticate the mobile station 414 as part of the handoff process. Such re-authentication and / or establishment of a security association delays the provision of service to the mobile station 414.

  FIG. 5 a is a block diagram illustrating an exemplary structure of a base station, eg, base station 400. Base station 400 can transmit data and / or information communicated in a wireless communication system to one or more mobile stations, eg, mobile stations 414, eg, relay stations, eg, relay stations 402 and 404, and / or Or any type of communication device configured to transmit and / or receive to and from AR-RS, eg, AR-RSs 406-409. As shown in FIG. 5a, each base station 400 may include one or more of the following components. At least one central processing unit (CPU) 500 configured to execute various processes and methods by executing computer program instructions, and random configured to access and store information and computer program instructions An access memory (RAM) 502 and a read only memory (ROM) 504; a storage device 506 for storing data and information; a database 508 for storing tables, lists or other data structures; an I / O device 510; An interface 512, an antenna 514, and the like. Each of these components is well known in the art and will not be discussed further.

  FIG. 5 b is a block diagram illustrating an exemplary structure of a mobile station, eg, mobile station 414. As shown in FIG. 5b, each mobile station 414 may include one or more of the following components. At least one CPU 520 configured to execute various processes and methods by executing computer program instructions, RAM 522 and ROM 524 configured to access and store information and computer program instructions, data and A storage device 526 for storing information, a database 528 for storing tables, lists, or other data structures, an I / O device 530, an interface 532, an antenna 534, and the like. Each of these components is well known in the art and will not be discussed further.

FIG. 5 c is a block diagram illustrating an exemplary structure of a relay station or mobile relay station, eg, AR-RS / mobile relay station 406. As shown in FIG. 5c, each relay station / mobile relay station 406 may include one or more of the following components. At least one CPU 540 configured to execute various processes and methods by executing computer program instructions, and random access memory RAM 542 and read only memory configured to access and store information and computer program instructions ROM 544, storage device 546 for storing data and information, database 548 for storing tables, lists, or other data structures, I / O device 550, interface 552, antenna 554, and the like. Each of these components is well known in the art and will not be discussed further.
I. Initialization

  FIG. 6 is an exemplary authentication and authorization signaling diagram in an IEEE 802.16j WiMAX wireless communication system in which a selected relay station functions as a relay station for authentication relay. The initialization process 600 ensures that a mobile station requesting network service is allowed access to the network, and a security association between the mobile station, base station and AR-RS for secure message transmission. Used to provide For example, the process 600 may include the mobile station 414 immediately after the mobile station 414 is turned on or after moving from the coverage area provided by the base station connected to the gateway 108 into the coverage area provided by the AR-RS 406. It can be used to authenticate and establish security associations. First, in accordance with the IEEE 802.16 protocol, the mobile station 414 transmits a signaling message, for example, a ranging request 602, to the AR-RS 406, and the mobile station 414 is located within the range of the AR-RS 406. Indicates that Next, in accordance with the IEEE 802.16 protocol, the AR-RS 406 requests authentication of the base station 400 by the mobile station authentication request 604 and transmits a ranging response 606 to the mobile station 414 to transmit the mobile station 414. The reception of the signal range and the ranging request 602 is confirmed. Since the mobile station 414 has not been connected to the network 300 first or recently via the base station 400 and the gateway 106, the mobile station 414 is connected to the AAA server 104 and the IEEE 802.1X full authentication 206. Execute. As a result of the IEEE 802.1X full authentication protocol 206, the gateway 106 receives the MSK from the AAA server 104 and then derives and stores the PMK 608 and master key, eg, AK 610, from the MSK of the mobile station 414. A master key, such as AK 610, is a key from which other security materials and / or security keys can be derived. Subsequently, the gateway 106 securely transfers the AK 610 to the base station 400. After receiving AK 610 from gateway 106, base station 400 can forward AK 610 directly to AR-RS 406 to establish a security association between mobile station 414 and relay station 406. The mobile station 414 can calculate MSK, PMK608 and AK610 independently.

  In one exemplary embodiment, base station 400 may include a key response 614 that includes AK 610 to allow AR-R 406 to perform future authentication protocols and establish a security association with mobile station 414. Is transmitted to the AR-RS 406. The AR-RS 406 can first derive a verification key from AK 610, such as KEK 218 and, for example, MACK 618. The AR-RS 406 can then perform locally the mobile station 414 and the SA-TEK three-way handshake procedure 214 protected by the MACK 618. When the SA-TEK three-way handshake procedure 214 is successfully completed, the AR-RS 406 generates a random number for use as the TEK 616 and securely sends the traffic key, eg, TEK 616, protected by the KEK 218 to the mobile station 414. Can be transferred. Eventually, AR-RS 406 and mobile station 414 will be able to protect data transmission between them using TEK 616 and authenticate each other using MACK 618.

FIG. 6 illustrates exemplary authentication and authorization in an IEEE 802.16j wireless communication system in which a selected relay station functions as an AR-RS. One skilled in the art will appreciate that the AR-RS of FIG. 6 may be a mobile relay station, eg, AR-RS408. One skilled in the art will also appreciate that instead of sending AK 610 to AR-RS 406, base station 400 can send different security materials to a relay station, eg, AR-RS 406. For example, after receiving AK 610, base station 400 can generate MACK 618 using AK 610 and transmit MACK 618 to relay station 406 instead of transmitting AK 610. The relay station 406 can authenticate or verify the identity of the mobile station using the MACK 618. The mobile station 414 and the AR-RS 406 can check each other in the payload of the MAC packet or the MAC in the data component to authenticate each other and thereby identify each other.
II. Intra-Base Station Handoffs

  FIG. 7 is a signaling diagram of an exemplary mobile station handoff between a current AR-RS and a target AR-RS connected to the same base station, where the target AR-RS currently holds the required AK. Absent. The handoff process 700 ensures that the mobile station requesting network service from the target AR-RS is allowed access to the network and provides a security association between the mobile station and the AR-RS. Used to enable secure message transmission. For example, the handoff process 700 can be used to handoff a mobile station 414 that has already been authenticated by the AR-RS 406 from the AR-RS 406 to the AR-RS 407 through the process described above in FIG. AR-RS 407 currently does not have AK associated with mobile station 414, ie AK 610, in its memory (eg, storage 546, ROM 544, RAM 542 or database 548), but neither AR-RS 406 nor AR-RS 407 It is connected to the network 300 via the base station 400.

  In the handoff process 700, the mobile station 414 first transmits a signaling message, eg, a ranging request 602, to the AR-RS 407, indicating that the mobile station 414 is within the coverage area of the AR-RS 407. Ranging request 602 includes security material identification, eg, mobile station message authentication code, HMAC and / or CMAC, identifying mobile station 414 as the requesting mobile station. May be. Alternatively, the ranging request 602 may include, for example, AKID. Each of AKID, MS MAC, HMAC, and / or CMAC provides mobile station 414 identification information to AR-RS 407 and requests AK 610 from base station 400 when AR-RS 407 does not hold AK 610. Can be used. For example, if an AKID is included and the AR-RS 407 holds an active AK, the AR-RS 407 may decide to authenticate the corresponding mobile station, or the AR-RS 407 is active AK , It is possible to request an active AK from the base station 400. If the AKID is not included in the ranging request 602, other security material identification can be used to verify the AK held in the mobile station 414. Since AR-RS 407 currently does not have AK 610 in its memory (eg, storage device 546, ROM 544, RAM 542 or database 548), AR-RS 407 transmits key request 704 to base station 400. Key request 704 includes MAC / HMAC / CMAC corresponding to mobile station 414. The AR-RS 407 transmits a ranging response 606 to the mobile station 414 to confirm the presence of the mobile station 414 and reception of the ranging request 602.

  Upon receiving the key request 704, the base station 400 verifies the mobile station 414 credentials. Base station 400 retrieves AK 610 from its memory (eg, storage device 506, ROM 504, RAM 502 or database 508), and gateway 106 is already in communication with mobile station 414 and IEEE when mobile station 414 is connected to AR-RS 406. Since the AK 610 is obtained by performing the 802.1X full authentication 206, the base station 400 and the mobile station 414 do not need to perform this process again. Thus, the base station 400 transmits the key response 612 including the AK 610 to the AR-RS 407, which gives the AR-RS 407 the right to perform further authentication and secure communication with the mobile station 414.

  Upon receipt of the ranging response 606, the mobile station 414 can initiate authentication using Extensible Authentication Protocol (EAP) and attempt to initiate IEEE 802.1X full authentication 206. AR-RS 407 initiates such a request, such as a privacy key management extended authentication protocol (PKM-EAP) that supports IEEE 802.16d, or a PKMv2-EAP start request 708 that supports IEEE 802.16e. , The AR-RS 407 indicates to the mobile station 414 that the IEEE 802.1X full authentication 206 has succeeded without actually performing the IEEE 802.1X full authentication 206, and the PKMv2-EAP completion message to the mobile station 414. 710 can be transmitted.

  After having the AK 610, the AR-RS 407 can perform a SA-TEK three-way handshake 214 and / or a TEK three-way handshake 216 with the mobile station 414 to establish a secure connection with the mobile station 414. In the TEK three-way handshake 216, the AR-RS 407 can transmit a new traffic key, eg, TEK 712, generated by the AR-RS 407 and encrypted using the KEK 218 to the mobile station 414. As a result, the AR-RS 407 and the mobile station 414 can communicate on a secure communication channel.

  FIG. 8 is a signaling diagram of an exemplary mobile station handoff between a current AR-RS and a target AR-RS connected to the same base station, where the target AR-RS is an unsolicited key pre-distribution (unsolicited AK is received by key pre-distribution). As shown in FIG. 8, the base station 400 receives an indication that the mobile station 414 is about to enter or has recently entered the AR-RS 407 coverage area. The base station 400 uses an additional signaling message or a prediction technique such as Global Positioning System (GPS) to send this indication from another base station or gateway 106 via BS-BS or BS-gateway communication. Can be received. Since the mobile station 414 has already obtained the AK610 by performing the IEEE 802.1X full authentication 206 when the mobile station 414 was connected to the AR-RS 406, the base station 400 and the mobile station 414 repeat this process again. There is no need to do it. Thus, the base station 400 transmits an unsolicited key pre-distribution signal 802 including AK 610 and optionally TEK 616 to the AR-RS 407, thereby authenticating and securely communicating with the mobile station 414 to the AR-RS 407. The right to do is given. This may be done before or instead of mobile station 414 sending a signaling message and AR-RS 407 transmitting the key request. When the mobile station 414 transmits the ranging request 602, the AR-RS 407 already holds the AK 610, performs only the MAC check 804, verifies the key held in the mobile station 414, and moves The identity of the station 414 may be verified. AR-RS 407 may then send a ranging response 806 that includes HMAC or CMAC.

  In the exemplary embodiment as shown in FIG. 8, handoff between the current AR-RS and the target AR-RS is not only IEEE 802.1X full authentication, but also SA-TEK three-way handshake 214 and TEK three-way. By eliminating the handshake 216, the efficiency increased. SA-TEK three-way handshake 214 and TEK three-way handshake 216 can be omitted for already authenticated mobile stations by providing the AR-RS with these already-authenticated mobile station TEKs. . Specifically, in one embodiment, the target AR-RS can receive a TEK from a current AR-RS that has already generated a TEK for transmission with the mobile station 414, in another embodiment. The target AR-RS can receive the TEK from a base station that has already generated the TEK through direct transmission with the mobile station or has received the TEK from the previous AR-RS. Thus, as shown in FIG. 8, base station 400 can send TEK 616 to AR-RS 407 as part of unsolicited key pre-distribution 802 or by separate transmission. Alternatively, AR-RS 407 can receive TEK 616 from AR-RS 406. When the AR-RS 407 holds the TEK 616, the SA-TEK three-way handshake 214 and the TEK three-way handshake 216 can be omitted, thereby increasing the efficiency of handoff from the AR-RS 407. . When the AR-RS 407 obtains a TEK from the AR-RS 406, the base station 400, or by generating a new TEK by itself, through the SA-TEK three-way handshake 214 and the TEK three-way handshake 216, the AR- The RS can perform secure communication with the mobile station 414 in which data is encrypted using the TEK.

  FIG. 9 is a signaling diagram of an exemplary mobile station handoff between a current AR-RS and a target AR-RS connected to the same base station, where the target AR-RS is an on-demand key distribution (on-demand key distribution). AK is received by key distribution). As shown in FIG. 9, the mobile station 414 transmits a signaling message, for example, a ranging request 602 to the AR-RS 407, and when the base station 400 receives the key request 704, the mobile station 414 verifies the credentials of the mobile station 414. Since the mobile station 414 has already performed the IEEE 802.1X full authentication 206 to obtain the AK 610, the base station 400 and the mobile station 414 do not need to perform this process again. Thus, the base station 400 transmits an AK 610 and optionally a key response 612 including TEK 616 to the AR-RS 407, which gives the AR-RS 407 the authority to authenticate and securely communicate with the mobile station 414. Then, the AR-RS 407 performs only the MAC check 804 to verify the key held in the mobile station 414, thereby verifying the identity of the mobile station 414. Subsequently, the AR-RS 407 can transmit a ranging response 806 including HMAC or CMAC to the mobile station 414.

  As described above with respect to FIG. 8, if AR-RS 407 receives TEK 616 from base station 400 or instead receives TEK 616 from AR-RS 406, AR-RS 407 may receive SA-TEK three-way handshake 214 and TEK three. The way handshake 216 can be omitted, which can increase the efficiency of handoff from the AR-RS 407.

  FIG. 10 is a signaling diagram of an exemplary mobile station handoff between a current AR-RS and a target AR-RS connected to the same base station, where the target AR-RS is currently undergoing handoff. AK corresponding to the mobile station. For example, the mobile station 414 authenticates with the AR-RS 406 as described with reference to FIG. 6, leaves the AR-RS 406 coverage area, enters the AR-RS 407 coverage area, and then returns to the AR-RS 406 coverage area. In this case, the AR-RS 406 may keep the AK 610 in its memory (eg, the storage device 546, the ROM 544, the RAM 542, or the database 548). Therefore, when the mobile station 414 transmits a signaling message that includes an authentication key identification (AKID) corresponding to the AK 610, for example, the ranging request 1002, the AR-RS 406 checks the AKID verification request (Verify request). ) 1004 is transmitted to the base station 400 to confirm the position of the mobile station 414.

  When receiving the AKID verification request 1004, the base station 400 confirms the position of the mobile station 414. Since the mobile station 414 has already performed the IEEE 802.1X full authentication 206 to obtain the AK 610, the base station 400 and the mobile station 414 do not need to perform this process again. Therefore, when the AR-RS 406 holds the AK 610, the base station 400 transmits the key response 1006 including the AK 610 to the AR-RS 407, thereby authenticating the AR-RS 407 with the mobile station 414 and security. Authorized to establish associations. If the AR-RS 406 does not hold the AK 610 or if it is necessary to verify that the AR-RS 406 holds the correct AK 610, after receiving the key response 1006 from the base station 400, the AR-RS 406 An RNG response 606 can be sent.

  Upon receipt of the ranging response 1008, the mobile station 414 can attempt to initiate an IEEE 802.1X full authentication by initiating an extended authorization protocol, as described above with respect to FIG. As described above, since the AR-RS 407 already has the AK 610, the AR-RS 407 transmits the extended permission protocol completion message to the mobile station 414 without actually performing the process for the IEEE 802.1X authentication. can do.

  When the AR-RS 407 has an AK 610, it can perform one or both of the mobile station 414, the SA-TEK three-way handshake 214 and the TEK three-way handshake 216 in preparation for data transmission. As shown in FIG. 10, after the mobile station 414 is authenticated, the AR-RS 407 generates a new TEK 1010 to encrypt data transmitted between the AR-RS 407 and the mobile station 414. it can. As described above, if AR-RS 406 already has TEK 616, AR-RS 406 can omit SA-TEK three-way handshake 214 and TEK three-way handshake 216, which allows AR-RS 407 to In addition, it is possible to establish a secure association between the AR-RS 406 and the mobile station 414.

  FIG. 11 is a signaling diagram of an exemplary mobile station handoff between a current AR-RS and a target AR-RS connected to the same base station, where the target AR-RS is currently undergoing handoff. AK corresponding to the mobile station. In such an increased efficiency handoff, when the mobile station 414 sends a ranging request 602, the AR-RS 406 already holds the AK 610 and performs only the MAC check 804 to hold the key held in the mobile station 414. Thus, the identity of the mobile station 414 may be verified. AR-RS 406 can then send a ranging response 806 that includes HMAC or CMAC.

  FIG. 12 is a signaling diagram of an exemplary mobile station handoff between a current AR-RS and a target AR-RS connected to the same base station, where the target AR-RS is currently undergoing handoff. Has an AK that does not support mobile stations. For example, when the AR-RS 408 holds not the AK 610 corresponding to the mobile station 414 but the AK 1202 corresponding to a mobile station other than the mobile station 414 in its memory (for example, the storage device 546, ROM 544, RAM 542, or database 548). The mobile station 414 can enter the AR-RS 408 coverage area. Therefore, when the AR-RS 408 transmits an AKID verification request 1004 to the base station 400 and confirms the position of the mobile station 414, the base station 400 responds with a correct AK corresponding to the mobile station 414, that is, AK610.

  Upon receipt of the ranging response 1008, the mobile station 414 can attempt to initiate the IEEE 802.1X full authentication by initiating the extended authorization protocol, as described above with respect to FIG. As described above, since the AR-RS 408 now has the AK 610, the AR-RS 408 transmits the extended permission protocol completion message to the mobile station 414 without actually performing the process for the IEEE 802.1X authentication. can do.

  When the AR-RS 408 has an AK 610, it can perform one or both of the mobile station 414, the SA-TEK three-way handshake 214 and the TEK three-way handshake 216 in preparation for data transmission. As shown in FIG. 12, after the mobile station 414 is authenticated, the AR-RS 408 generates a new traffic key, for example, TEK 1204, and is transmitted between the AR-RS 408 and the mobile station 414. Can be encrypted.

  FIG. 13 is a signaling diagram of an exemplary mobile station handoff between a current AR-RS and a target AR-RS connected to the same base station, where the target AR-RS is currently undergoing handoff. Has an AK that does not support mobile stations. When the mobile station 414 transmits a signaling message, for example, a ranging request 602, the AR-RS 408 holds the AK 1202, and the AR-RS 408 executes the MAC check 804 to obtain the key held in the mobile station 414. When verifying the identity of the mobile station 414 by verifying, the MAC check is unsuccessful. When the AR-RS 408 transmits an AKID verification request 1004 to the base station 400 to confirm the position of the mobile station 414, the base station 400 responds with a correct AK, that is, AK610. As a result, the AR-RS 408 can transmit a ranging response 806 including HMAC or CMAC. If AR-RS 408 already has TEK 616, AR-RS 408 may omit SA-TEK three-way handshake 214 and TEK three-way handshake 216.

  7-13 illustrate an exemplary mobile station handoff between a current AR-RS and a target AR-RS connected to the same base station. Although the scenario described above with respect to FIGS. 12 and 13 has been described in connection with a relay station, ie, AR-RS 408, those skilled in the art will recognize that the current AR-RS or target AR-RS in FIGS. 12 and 13 is a fixed relay station. It will be understood that it may be. One skilled in the art will also appreciate that the current AR-RS or target AR-RS in each scenario described above with respect to FIGS. 7-11 may be a mobile relay station, such as AR-RS 408, for example. .

  Also, those skilled in the art will note that, in each scenario described above with respect to FIGS. 7-13, instead of transmitting AK 610 to AR-RS 406-409, base station 400 may transmit different security materials to the relay station. Will understand. As an example, base station 400 uses AK 610 to generate a verification key, eg, MACK 618, and a traffic key, eg, TEK 616, and sends the verification key and traffic key to relay station 407 instead of transmitting AK 610. Can be distributed in advance.

  Similarly, upon receiving key request 704, base station 400 uses AK 610 to generate a verification key, eg, MACK 618, and passes the MACK to AR-RS 407 in key response 612 for use in MAC check 804. Can be sent. Further, if AR-RS 406 already has a MACK 618 corresponding to mobile station 414 in its memory (eg, storage device 546, ROM 544, RAM 542 or database 548), upon receipt of a signaling message such as ranging request 602, for example. , AR-RS 406 can perform MAC check 804, and if relay station 406 has an incorrect MACK 1206 in its memory, AR-RS 408 receives a signaling message, such as ranging request 602, for example. While transmitting the AKID verification signal 1004, the MACK 618 can be received in the key transfer 1008 from the base station 400.

The AR-RSs 406-409 can authenticate using the MACK 618 or verify the identity of the mobile station as part of the MAC check 804. The mobile station 414 and the AR-RSs 405 to 409 can authenticate each other by checking the MAC packet payload or MAC in the data component, or in other words, can identify each other.
III. Inter-Base Station Handoffs

  FIG. 14 is a signaling diagram of an exemplary mobile station handoff between a current AR-RS and a target AR-RS connected to different base stations. The initialization process 1400 ensures that a mobile station requesting network services is allowed access to the network 300 and provides a secure message between the mobile station and the AR-RS by providing a security association. Used to enable transmission. For example, process 1400 may authenticate and authorize mobile station 414 immediately after mobile station 414 moves from AR-RS 408 into the coverage area provided to target base station 1402 relayed by target AR-RS 1404. It can be used. The AK 610 is currently stored in the mobile station 414, while the target base station 1402 and the target AR-RS 1404 each have AK 1406 stored in their storage devices. As shown in FIG. 14, the target base station 1402 is connected to the same gateway as the AR-RS 408 that hands off the mobile station 414, but the target base station 1402 is connected to a different gateway from the AR-RS 408. However, the initialization process 1400 does not change.

  The mobile station 414 transmits a signaling message including, for example, a ranging request 1002 including the authentication key identification to the target AR-RS 1404 to confirm that the mobile station 414 is within the range of the target AR-RS 1404. Show. The target AR-RS 1404 transmits a mobile station authentication request 1407 including an authentication key identification to the target base station 1402. The target base station 1402 receives the mobile station authentication request 1407, but the target base station 1402 does not recognize the AK 610, and therefore cannot verify the mobile station 414. Accordingly, the target base station 1402 can transmit the authentication failure response 1408 to the target AR-RS 1404, whereby the ranging response 1409 is transmitted to the mobile station 414. The target base station 1402 can then request the mobile station 414 to authenticate with the AAA server 104 using the IEEE 802.1X full authentication protocol 206. As a result of the IEEE 802.1X full authentication protocol 206, the gateway 106 distributes the PMK 1410 to the mobile station 414. The gateway 106 also transmits the AK 1412 to the target base station 1402 by the AK transfer 612. The mobile station 414 independently calculates AK1412 from PMK1410.

  In one exemplary embodiment, to allow the target AR-RS 1404 to perform additional authentication steps to provide additional security for the network connection with the mobile station 414, the base station 400 includes a key that includes the AK 1412. A response 614 is transmitted to the target AR-RS 1404. When the target AR-RS 1404 has the AK 1412, the target AR-RS 1404 performs one or both of the mobile station 414 and the SA-TEK three-way handshake 214 and the TEK three-way handshake 216 to further establish a network connection with the mobile station 414. Security can be provided. In the TEK three-way handshake 216, the AR-RS 1404 transmits a traffic key, for example, TEK 1414 encrypted using the KEK 1416, to the mobile station 414. The TEK 1414 may be randomly generated by the target AR-RS 1404.

  FIG. 14 illustrates an exemplary mobile station handoff between a current AR-RS and a target AR-RS connected to different base stations. One skilled in the art will appreciate that the current AR-RS or target AR-RS may be a mobile relay station, such as AR-RS 408, for example.

Those skilled in the art also understand that, in the scenario described above with respect to FIG. 14, instead of transmitting AK 610 to AR-RS 406-409, base station 400 may transmit different security materials to relay stations 406-409. Will do. As an example, upon receiving AK 1412, base station 1402 can use AK 610 to generate a verification key, eg, MACK 618, and can transmit the verification key to AR-RS 1404 instead of transmitting AK 1412.
IV. Mobile relay station handoff

  The process described above for initialization and handoff applies equally to mobile relay stations, but mobile stations that access the network from within the mobile relay stations and mobile relay stations must also be prepared for changing base stations. Here, AR-RS (specifically, mobile relay station) does not change.

  FIG. 15 is a signaling diagram of an exemplary mobile relay station handoff between a current base station and a target base station. In FIG. 15, the mobile relay station AR-RS 408 can connect to the target base station 1502 when the AR-RS 408 enters or is about to enter the coverage area of the target base station 1502. Mobile stations 416 and 418 are connected to AR-RS 408, and preferably these AR-RS 408 connections are maintained throughout the transition to target base station 1502. In order to update the AK of mobile stations 416 and 418, AR-RS 408 is ranging to target base station 1502 that indicates to base station 1502 that AR-RS 408 is in or near the coverage area of target base station 1502. A message 1504 can be issued. After receiving the ranging message 1504, the AR-RS 408 receives one or several of the gateway 106 and the AAA server 104, the IEEE 802.1X authentication 206, the SA-TEK three-way handshake 214, and the TEK three-way handshake 216. Do something. Thus, AR-RS 408 must receive AK and be authenticated in the same way as mobile station authentication. The gateway 106 can transfer the AK of the mobile relay station in the AK transfer 1506.

  The AR-RS 408 transmits a re-authentication trigger message 1508 to the mobile stations 416 and 418. Upon receiving re-authentication trigger message 1508, mobile stations 416 and 418 perform IEEE 802.1X full authentication 206 with gateway 106 and AAA server 104. The gateway 106 can calculate a new AK obtained from the existing PMK in the gateway for the target base station 1502. The gateway 106 transfers all AKs of the mobile stations connected to the AR-RS 408 in the AK transfer 1510, and all parameters (for example, AK) of all the mobile stations connected to the AR-RS 408 are transmitted at a time. It is also possible to do so in tunnel mode. In tunnel mode, the logical connection between two nodes, eg, AR-RS 408 and gateway 106 is dedicated, and an intermediate node (eg, target base station 1502) forwards them without processing the tunnel packets. Just do it. Mobile stations 416 and 418 then perform SA-TEK three-way handshake 214 with target base station 1502. The target base station 1502 will provide each mobile station's traffic key and AK to the AR-RS 408 in the TEK transfer 1512, or may use tunnel mode. In one embodiment, AK is received at base station 1502 and mobile stations 416 and 418 prior to inter-base station handoff to avoid disconnection of service to mobile stations 416 and 418.

  Those skilled in the art will appreciate that FIG. 15 shows a target base station 1502 that communicates with the network and AAA server 104 via the gateway 106, but the target base station 1502 may perform the same processing as described in FIG. It will be understood that the network and AAA server 104 may be communicated via another gateway.

  FIG. 16 is a signaling diagram of an exemplary mobile relay station handoff between the current base station and the target base station, where the target base station 1600 communicates with a different gateway, ie gateway 1602, and the AR-RS 408 communicates AK. It can receive and function as an authenticator for mobile stations 416 and 418. In order to update the AKs of mobile stations 416 and 418, AR-RS 408 determines the ranging for target base station 1600 that indicates to base station 1600 that AR-RS 408 is in or near the coverage area of target base station 1600. A message 1504 can be issued. After the AR-RS 408 performs the 802.1X authentication 206 with the gateway 1602, the gateway 1602 transfers the AK of the mobile relay station in the AK transfer 1606. AR-RS 408 may perform SA-TEK-Three-way handshake 214 to obtain a traffic key for further data transmission of, for example, a tunnel packet, or relay a mobile station message.

  The AR-RS 408 transmits a re-authentication trigger message 1508 to the mobile stations 416 and 418. Upon receipt of re-authentication trigger message 1508, mobile stations 416 and 418 perform 802.1X authentication with gateway 1602 and AAA server 104. Gateway 1602 calculates a new AK for each of mobile stations 416 and 418 and forwards all AKs of those mobile stations connected to AR-RS 408 to AR-RS 408 at AK transfer 1608. In one embodiment, the AR-RS 408 operates as an AR-RS and has the ability to authenticate the mobile station directly. The gateway 1602 can transmit the AK corresponding to the mobile stations 416 and 418 in the tunnel mode. The mobile stations 416 and 418 perform AR-RS 408 and SA-TEK three-way handshake 214. The AR-RS 408 will provide the mobile station 416 and 418 with a traffic key for each of the mobile stations using SA-TEK three-way transfer. Alternatively, if AR-RS 408 receives a traffic key from another AR-RS or target base station 1600, it may optionally not generate new traffic keys for mobile stations 416 and 418. .

  FIG. 17 is a signaling diagram of an exemplary mobile relay station handoff between a current base station and a target base station, which are connected to the same gateway. In FIG. 17, AR-RS 408 has entered or is about to enter the coverage area of target base station 1702 from the coverage area of base station 1502 (FIG. 15). Target base station 1702 is served by the same gateway 106 as current base station 1502. The AR-RS 408 issues a ranging message 1504 to the target base station 1702 that indicates to the base station 1702 that the AR-RS 408 is in or near the coverage area of the target base station 1702. The AR-RS 408 must authenticate with the gateway 106 and execute an authentication protocol, for example, the SA-TEK three-way handshake 214. After the AR-RS 408 is authenticated, the gateway 106 transmits the AK of the mobile stations 416 and 418 to the AR-RS 408 in the AK transfer 1706. When multiple AKs are sent from the gateway 106 to the AR-RS 408, the gateway 106 can transmit them in tunnel mode at the AK transfer 1706. The AR-RS 408 transmits a re-authentication trigger message 1508 to the mobile stations 416 and 418. Upon receipt of re-authentication trigger message 1508, mobile stations 416 and 418 perform AR-RS 408 and SA-TEK three-way handshake 214 to update their respective AKs and also update their respective traffic keys. You can do this with or without updates. In one embodiment, AK is received at AR-RS 408 prior to inter-base station handoff to avoid disconnection of service to mobile stations 416 and 418.

  FIG. 18 is a signaling diagram of an exemplary mobile relay station handoff between a current base station and a target base station, which are connected to the same gateway. In FIG. 18, AR-RS 408 has entered or is about to enter the coverage area of target base station 1702 from the coverage area of base station 1502. The AR-RS 408 issues a ranging message 1504 to the target base station 1702 that indicates to the base station 1702 that the AR-RS 408 is in or near the coverage area of the target base station 1702. Upon receiving the ranging message 1504, the target base station 1702 transmits the AK of each of the mobile stations 416 and 418 to the AR-RS 408. This is possible because the base station 1702 is accessing the AKs of the mobile stations 416 and 418 for their further authentication with the base station 1502 within the gateway 106. When multiple AKs are transmitted from the target base station 1702 to the AR-RS 408, the target base station 1702 can transmit the AKs in the tunnel mode in the AK transfer 1802. The AR-RS 408 transmits a re-authentication trigger message 1508 to the mobile stations 416 and 418. Upon receipt of the re-authentication trigger message 1508, the mobile stations 416 and 418 perform AR-RS 408 and SA-TEK three-way handshake 214 to update their respective AKs, and also update their respective traffic keys. Or you can do so without updating. In one embodiment, AK is received at AR-RS 408 prior to inter-base station handoff to avoid disconnection of service to mobile stations 416 and 418.

In each scenario described above with respect to FIGS. 15-18, one of ordinary skill in the art may send a different security material, such as a verification key corresponding to AR-RS 408, instead of the gateway 106 sending AK to the target base station 1502. You will understand that. Similarly, instead of transmitting AKs of mobile stations 416 and 418 to AR-RS 408, target base station 1502 may transmit different security materials, such as verification keys corresponding to mobile stations 416 and 418.
VI. Conclusion

  The systems and methods disclosed herein may be implemented by digital electronic circuitry, or computer hardware, firmware, software, or combinations thereof. An apparatus embodying the invention can be implemented by a computer program product that is clearly embodied in a machine-readable storage device for execution by a programmable processor processor. Method steps consistent with the present invention may be performed by a programmable processor that executes a program of instructions to perform the functions of the present invention by operating on input data and generating output data. . An embodiment consistent with the present invention includes at least one programmable processor connected to receive data from and transmit data to a storage system, at least one input device, and at least one output device; Can be implemented by one or several computer programs that can be executed in a programmable system. The computer program can be implemented by a high level or object oriented programming language and / or by assembly or machine code. These languages or codes may be compiled or interpreted languages or codes. Processors can include general purpose and special purpose microprocessors. The processor receives instructions and data from the memory. Storage devices suitable for unequivocally embodying computer program instructions and data include, by way of example, semiconductor storage devices such as EPROM, EEPROM, and flash memory devices, magnetic disks such as internal hard disks and removable disks, magnetic All types of non-volatile memory are included, such as optical discs, as well as CD-ROM discs. Any of the foregoing may be supplemented or incorporated into an ASIC (Application Specific Integrated Circuit).

  It will be apparent to those skilled in the art that various modifications and variations can be made in the system and method for establishing a security association in a wireless communication system. For example, those skilled in the art will understand that ranging requests and responses are a type of signaling message, and that other signaling messages can be used. Further, those skilled in the art can use a traffic encryption key as a type of traffic key and other traffic keys, and can also use a MACK as a type of verification key and other verification keys. You will understand that. Those skilled in the art will also understand that the communication between the base station and the relay station may be wireless or wired. The above standards and examples are intended to be considered as examples only, with the true scope of the disclosed embodiments being indicated by the following claims and their equivalents.

FIG. 1 is a block diagram of an exemplary prior art wireless communication system for use in an IEEE 802.16d / 802.16e WiMAX wireless communication system. FIG. 2 is an exemplary prior art authentication and authorization signaling diagram in an IEEE 802.16d and 802.16e WiMAX wireless communication system. FIG. 3 is a block diagram of an exemplary prior art wireless communication system used in an IEEE 802.16j wireless communication system with a multi-hop relay architecture. FIG. 4 is a block diagram of an exemplary wireless communication system used in an IEEE 802.16j wireless communication system in which the selected relay station functions as an authenticator relay-relay station. FIG. 5A is a block diagram illustrating an exemplary structure of a base station. FIG. 5B is a block diagram illustrating an exemplary structure of a mobile station. FIG. 5C is a block diagram illustrating an exemplary structure of a relay station or mobile relay station. FIG. 6 is an exemplary authentication and authorization signaling diagram in an IEEE 802.16j wireless communication system in which a selected relay station functions as a relay station for authentication relay. FIG. 7 is a signaling diagram of an exemplary mobile station handoff between a current authentication relay relay station and a target authentication relay relay station connected to the same base station, where the target authentication relay relay station is currently You do not have the required authentication key. FIG. 8 is a signaling diagram of an exemplary mobile station handoff between a current authentication relay relay station and a target authentication relay relay station connected to the same base station, where the target authentication relay relay station is unsolicited. An authentication key is received by unsolicited key pre-distribution. FIG. 9 is a signaling diagram of an exemplary mobile station handoff between a current authentication relay relay station and a target authentication relay relay station connected to the same base station, where the target authentication relay relay station is on demand. (On-demand) An authentication key is received by key distribution. FIG. 10 is a signaling diagram of an exemplary mobile station handoff between a current authentication relay relay station and a target authentication relay relay station connected to the same base station, where the target authentication relay relay station is currently It has an authentication key corresponding to the mobile station that is being handed off. FIG. 11 is a signaling diagram of an exemplary mobile station handoff between a current authentication relay relay station and a target authentication relay relay station connected to the same base station, where the target authentication relay relay station is currently It has an authentication key AK corresponding to the mobile station that is handing off. FIG. 12 is a signaling diagram of an exemplary mobile station handoff between a current authentication relay relay station and a target authentication relay relay station connected to the same base station, where the target authentication relay relay station is currently It has an authentication key that is not compatible with the mobile station that is handing off. FIG. 13 is a signaling diagram of an exemplary mobile station handoff between a current authentication relay relay station and a target authentication relay relay station connected to the same base station, where the target authentication relay relay station is currently It has an authentication key that is not compatible with the mobile station that is handing off. FIG. 14 is a signaling diagram of an exemplary mobile station handoff between a current authentication relay relay station and a target authentication relay relay station connected to different base stations. FIG. 15 is a signaling diagram of an exemplary mobile relay station handoff between a current base station and a target base station. FIG. 16 is a signaling diagram of an exemplary mobile relay station handoff between the current base station and the target base station, where the target base station communicates with a different gateway and the mobile relay station receives the authentication key and moves It can function as a station authentication device (authenticator). FIG. 17 is a signaling diagram of an exemplary mobile relay station handoff between a current base station and a target base station, which are connected to the same gateway. FIG. 18 is a signaling diagram of an exemplary mobile relay station handoff between a current base station and a target base station, which are connected to the same gateway.

Explanation of sign

100 Internet 102 Connectivity Service Network (CSN)
104 AAA server 106, 108 Gateway 110, 111, 112, 113, 114, 115 Base station 120, 122, 124 Mobile station 126, 128 Subscriber station 200 Initialization process 202 Ranging request 204 Ranging response 206 IEEE 802.1X full authentication 210 Pairwise Master Key 211 AK Transfer 212 Authentication Key 214 SA-TEK Three Way Handshake 215 Message Authentication Code Key 216 TEK Three Way Handshake 218 Key Encryption Key 220 Traffic Encryption Key 300 Network 310, 311, 312, 313 Base Station 320 322, 324, 326 Mobile station 328, 330, 332 Relay station 334 Mobile relay station 400 Base station 402, 404 Relay station 06,407,409 authentication relay of the relay station 408 authentication relay of the relay station (mobile relay station)
410 Relay key 412 Safety relay zone 414, 416, 418 Mobile station 500, 520, 540 Central processing unit 502, 522, 542 Random access memory 504, 524, 544 Read only memory 506, 526, 546 Storage device 508, 528, 548 Database 510, 530, 550 I / O device 512, 532, 552 Interface 514, 534, 554 Antenna 600 Initialization process 602 Ranging request 604 Mobile station authentication request 606 Ranging response 608 Pairwise master key 610 Authentication key 612 AK transfer 614 Key response 616 Traffic encryption key 618 Message authentication code key 700 Handoff process 704 Key request 708 PKMv2-EAP start request 10 PKMv2-EAP completion message 712 Traffic encryption key 802 Unapproved key pre-distribution signal 804 MAC check 806 Ranging response 1002 Ranging request 1004 Verification request 1006 Key response 1010 Traffic encryption key 1202 Authentication key 1204 Traffic encryption key 1206 Message authentication Code key 1400 Initialization process 1402 Base station 1404 Relay station for authentication relay 1406 Authentication key 1407 Mobile station authentication request 1408 Authentication failure response 1409 Ranging response 1410 Pairwise master key 1412 Authentication key 1414 Traffic encryption key 1416 Key encryption key 1502 Base station 1504 Ranging message 1506 AK transfer 1508 Re-authentication 1510 AK Lance Fur 1512 TEK / AK Transfer 1600 base station 1602 Gateway 1606 AK Transfer 1608 AK Transfer 1702 base station 1706 AK Transfer

Claims (41)

A method for providing secure communication between a base station, a relay station, and a mobile station in a communication network, comprising:
The relay station receives an unsolicited security key from the base station;
The relay station receiving a signaling message from the mobile station , and
The mobile station that has transmitted the signaling message has already obtained a security key from the AAA server by performing authentication with the AAA server (authentication, authorization and accounting server), and the relay station that has received the signaling message If you do not have a security key to authenticate the mobile station,
The relay station, wherein the authenticating the mobile station by using a security key of the unsolicited. A method for providing secure communication between a base station, a relay station, and a mobile station in a communication network, comprising:
Said relay station comprises a receiving child a signaling message from the mobile station,
The mobile station that has transmitted the signaling message has already obtained a security key from the AAA server by performing authentication with the AAA server (authentication, authorization and accounting server), and the relay station that has received the signaling message If you do not have a security key to authenticate the mobile station,
After the relay station has received the signaling message receives the signaling message and transmits the security key request to authenticate the mobile station to the base station,
The relay station receives the security key for authenticating the mobile station from the base station in accordance with the security key request sent earlier,
Wherein said relay station, and wherein the authenticating the mobile station by using a security key for authenticating the received said mobile station.   The method according to claim 1 or 2, wherein the receiving of the signaling message comprises receiving a ranging request.   4. The method according to any one of claims 1 to 3, further comprising receiving the security key as a master key.   The method of claim 4, further comprising receiving the master key as an authentication key (AK).   6. The method of claim 1, further comprising receiving the signaling message including a message authentication code (MAC) corresponding to the mobile station, wherein the authentication includes verifying the MAC using the security key. The method according to claim 1.   The relay station according to any one of claims 1 to 6, further comprising the relay station performing at least one of a security association signaling protocol and a traffic encryption key (TEK) three-way handshake with the mobile station. Method. The relay station generates a traffic key;
The relay station transmits encrypted data to the mobile station using the traffic key;
The method according to any one of claims 1 to 7, further comprising:   The method according to any one of claims 1 to 8, further comprising moving the relay station to a service area of a different base station. The relay station performs at least one of a security association signaling protocol and a TEK three-way handshake with the mobile station, and the mobile station and a security association-traffic encryption key (SA-TEK) three-way handshake and method of claim 7, comprising performing the TEK three-way handshake. The method of claim 1, further comprising receiving the security key as a verification key. The method of claim 11 , wherein receiving the security key as a verification key comprises receiving the security key as a message authentication code key (MACK). A method for providing secure communication between a base station, a relay station, and a mobile station in a communication network, comprising:
The relay station receives a signaling message from the mobile station, and
The mobile station that has transmitted the signaling message has already obtained a security key from the AAA server by performing authentication with the AAA server (authentication, authorization and accounting server), and the relay station that has received the signaling message If you do not have a security key to authenticate the mobile station,
The relay station sends a key request to the base station;
In response to the key request, the base station generates a verification key corresponding to the mobile station based on a security key for authenticating the mobile station, and sends the verification key corresponding to the mobile station to the relay station. Send
The relay station, wherein said using the verification key corresponding to the mobile station, characterized by identifying the mobile station to perform a key verification. A method for providing secure communication between a base station, a relay station, and a mobile station in a communication network, comprising:
Performing a key pre-distribution to distribute an unsolicited verification key corresponding to the mobile station to the relay station;
The relay station receives a signaling message from the mobile station, and
The mobile station that has transmitted the signaling message has already obtained a security key from the AAA server by performing authentication with the AAA server (authentication, authorization and accounting server), and the relay station that has received the signaling message If you do not have a security key to authenticate the mobile station,
The relay station, wherein said using the verification key of unsolicited corresponding to the mobile station, characterized by the this identifies the mobile station to perform a key verification. The method according to claim 13 or 14 , wherein performing the key distribution to distribute the verification key comprises distributing a message authentication code key (MACK). 15. The method according to claim 13 or 14 , further comprising the mobile station performing key verification to identify the relay station. A method for providing secure communication between a base station, a relay station, and a mobile station in a communication network, comprising:
The relay station receives a signaling message from the mobile station, and
The mobile station that has transmitted the signaling message has already obtained a security key from the AAA server by performing authentication with the AAA server (authentication, authorization and accounting server), and the relay station that has received the signaling message If you do not have a security key to authenticate the mobile station,
The relay station sends a key request to the base station;
In response to the key request, the base station generates a verification key corresponding to the mobile station based on a security key for authenticating the mobile station, and sends the verification key corresponding to the mobile station to the relay station. Send
The relay station identifies the mobile station by performing key verification using a verification key corresponding to the mobile station ;
The mobile station uses the verification key which the mobile station is provided, wherein the identifying the relay station to perform a key verification. The method according to any one of claims 1 to 17 , wherein communication between the base station and the relay station is wireless. A relay station for providing secure communication in a communication network,
At least one storage device for storing data and instructions;
The mobile station is configured to access the storage device and authenticates the mobile station using a security key for authenticating the mobile station in response to a signaling message received from the mobile station when executing the command at least one processor is configured to include a,
The processor has already acquired a security key from the AAA server by authenticating with the AAA server (authentication, authorization and accounting server) by the mobile station that has transmitted the signaling message, and in the storage device, When a security key for authenticating the mobile station is not stored, the relay station authenticates the mobile station using an unapproved security key received from a base station. A relay station for providing secure communication in a communication network,
At least one storage device for storing data and instructions;
The mobile station is configured to access the storage device and authenticates the mobile station using a security key for authenticating the mobile station in response to a signaling message received from the mobile station when executing the command And at least one processor configured to:
The processor has already acquired a security key from the AAA server by authenticating with the AAA server (authentication, authorization and accounting server) by the mobile station that has transmitted the signaling message, and in the storage device, When a security key for authenticating the mobile station is not stored, a security key request is transmitted to the base station, a security key for authenticating the mobile station is acquired from the base, and the acquired mobile station A relay station that authenticates the mobile station using a security key for authenticating the mobile station. The relay station according to claim 19 or 20 , wherein the signaling message is a ranging request. The relay station according to any one of claims 19 to 21 , wherein the security key is a master key. The relay station according to any one of claims 19 to 22 , wherein the security key is a verification key. 24. A method according to any one of claims 19 to 23 , wherein the signaling message includes a message authentication code (MAC) corresponding to the mobile station, and wherein the authentication includes verifying the MAC using the security key. Relay station. When the processor further executes the instruction,
25. A relay station according to any one of claims 19 to 24 , configured to perform at least one of the mobile station and a security association signaling protocol and a traffic encryption key (TEK) three-way handshake. 26. The relay station of claim 25, wherein the security association signaling protocol is a security association-traffic encryption key (SA-TEK) three-way handshake. The relay station performs at least one of a security association signaling protocol and a TEK three-way handshake with the mobile station, and the mobile station and a security association-traffic encryption key (SA-TEK) three-way handshake 26. The relay station of claim 25 , comprising performing at least one of: and a TEK three-way handshake. When the processor further executes the instruction,
The relay station according to any one of claims 19 to 27 , configured to generate a traffic key and generate transmission of encrypted data to the mobile station using the traffic key. The relay station according to any one of claims 19 to 28 , wherein the relay station is a mobile relay station. A base station for providing secure communication in a communication network,
At least one storage device for storing data and instructions;
Received from an authentication, authorization, and accounting server in response to an indication that the mobile station has entered the coverage area of the base station when executing the instructions, and configured to access the storage device At least one processor configured to generate transmission of an unsolicited master key to a relay station ;
The relay station authenticates with an AAA server (authentication, authorization and accounting server) to receive a signaling message from a mobile station that has already obtained a security key from the AAA server, and the relay station A base station characterized in that, when a security key for authenticating a mobile station is not provided, the relay station uses the unsolicited master key to authenticate the mobile station. The base station according to claim 30, wherein the unsolicited master key is an authentication key (AK). A base station for providing secure communication in a communication network,
At least one storage device for storing data and instructions;
When configured to access the storage device and execute the instructions,
At least one processor configured to generate a transmission of the security key to the relay station in response to a security key request received from the relay station ;
The relay station authenticates with an AAA server (authentication, authorization and accounting server) to receive a signaling message from a mobile station that has already obtained a security key from the AAA server, and the relay station When the mobile station is not provided with a security key for authenticating the mobile station, the relay station is made to authenticate the mobile station using a security key transmitted in response to the security key request. base station. A system that provides secure communication,
A base station configured to provide access to a communication network, authenticate a mobile station on the network, receive at least one security key, and pre-distribute the at least one security key When,
Communicating with the base station, comprising: a relay station for receiving a security key unsolicited which is pre-distributed and,
The relay station authenticates with an AAA server (authentication, authorization and accounting server) to receive a signaling message from a mobile station that has already obtained a security key from the AAA server, and the relay station If the security key for authenticating the mobile station is not provided, the unauthenticated security key is used to authenticate the mobile station and perform secure data transmission to the mobile station,
A system in which the security key includes a master key. The relay station according to claim 22 , wherein the master key is an authentication key (AK). 34. The system of claim 33 , wherein the master key is an authentication key (AK). A system that provides secure communication,
Providing access to a communication network, authenticating a mobile station on the network, receiving at least one security key, receiving at least one security key request, and in response to the security key request, the at least one one A base station configured to transmit a security key;
By performing authentication with an AAA server (authentication, authorization and accounting server), a signaling message is received from a mobile station that has already obtained a security key from the AAA server, and a security key for authenticating the mobile station is obtained. If not , communicating with the base station, transmitting the at least one security key request to the base station, and receiving the at least one security key from the base station in response to the security key request. A relay station that provides secure data transmission to the mobile station using a security key for authenticating the received mobile station, and
The system wherein the security key includes at least one of an authentication key (AK) and a verification key. The relay station according to claim 23 , wherein the verification key is a message authentication code key (MACK). The system according to claim 33 or 36, wherein the verification key is a message authentication code key (MACK). The relay station according to any one of claims 19 to 29 , wherein communication between the base station and the relay station is wireless. The base station according to any one of claims 30 to 32 , wherein communication between the base station and the relay station is wireless. The system according to claim 33, 35 , 36 or 38 , wherein communication between the base station and the relay station is wireless.

Images