AU2010212432A1 - Secure registration for a multicast-broadcast-multimedia system (MBMS) - Google Patents
Secure registration for a multicast-broadcast-multimedia system (MBMS) Download PDFInfo
- Publication number
- AU2010212432A1 AU2010212432A1 AU2010212432A AU2010212432A AU2010212432A1 AU 2010212432 A1 AU2010212432 A1 AU 2010212432A1 AU 2010212432 A AU2010212432 A AU 2010212432A AU 2010212432 A AU2010212432 A AU 2010212432A AU 2010212432 A1 AU2010212432 A1 AU 2010212432A1
- Authority
- AU
- Australia
- Prior art keywords
- key
- function
- rgk
- rak
- broadcast
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
A method and an apparatus for secure registration for a multicast-broadcast-multimedia system (MBMS) are disclosed. A random number is generated by a broadcast-multicast-service center 5 (BM-SC) and broadcast to user equipment in the coverage area of a radio access network (RAN). A memory module or smart card (UICC) in the user equipment generates a radio access network key (RAK) which is a function of the random number and a key selected from the group consisting of a public land mobile network key (PK) and a broadcast access key (BAK), and then generates a temporary registration key (RGK) as a function of the RAK, a service identification number and a user 0 identification number, for example, P-TM\lSI, which may be extracted by the RAN to authenticate the registration as legitimate. C>l A - 8
Description
Regulation 3.2 AUSTRALIA PATENTS ACT 1990 COMPLETE SPECIFICATION FOR A STANDARD PATENT ORIGINAL Name of Applicant: Qualcomm Incorporated Actual Inventors: Parag Arun Agashe Lorenzo Casaccia Francesco Grilli James Semple Address for Service: C/- MADDERNS, GPO Box 2752, Adelaide, South Australia, Australia Invention title: SECURE REGISTRATION FOR A MULTICAST-BROADCAST MULTIMEDIA SYSTEM (MBMS) The following statement is a full description of this invention, including the best method of performing it known to us.
la SECURE REGISTRATION FOR A MULTICAST-BROADCAST-MULTIMEDIA SYSTEM (MBMS) BACKGROUND Field of the Invention The present invention relates generally to telecommunications, and more specifically, to security in 5 communication systems. Background In a wireless communication system which carries non-voice traffic, such as video, data, multimedia, or other types of traffic in addition to voice traffic, a 10 typical cellular base station may broadcast a multimedia traffic service if the number of users demanding the service exceeds a predetermined threshold number within the coverage area of the base station. The multimedia traffic service may be a video stream of an event such as a 15 sporting event or a highlighted portion of a sporting event, for example. If there are not enough users demanding the service in the coverage area, the base station may transmit the service only to the specific users who have demanded the service through dedicated channels 20 instead of broadcasting the service to all users in the coverage area. Sometimes a rogue or illegitimate user may attempt to force the base station to broadcast the service to all 2 users in the coverage area by registering multiple times in an idle mode, for example, by assuming a number of different identities. If one or more rogue users use mobile telephones in the idle mode to register multiple times in a coverage area to receive the contents of an event, the base station may count the number of registrations as legitimate user registrations for the event and broadcast the event to all users in the coverage area. Therefore, there is a need in the art for a network operator or content provider to have reliable means to verify that only legitimate registrations for a multimedia event be counted in a coverage area and not be forced to broadcast the event to all users in the coverage area due to fake registrations. SUMMARY In a first aspect of the present invention, there is provided a method of obtaining secure registration by a memory module (UICC) in a multicast-broadcast 5 multimedia system (MBMS), the method including: receiving a random number; generating a radio access network key (RAK) as a function of the random number and a key selected from the group consisting of a public land mobile network key (PK) and a broadcast access key (BAK); and J generating a temporary registration key (RGK) as a function of the RAK. In a second aspect of the present invention, there is provided a method of obtaining secure registration by a mobile station in a multicast-broadcast-multimedia system (MBMS), the method including: receiving a random number from a radio access network; 25 transmitting the random number to a memory module (UICC); and receiving from the UICC a temporary registration key (RGK) based on the random number. In a third aspect of the present invention, there is provided a memory module, including: 30 means for receiving a random number; 2a means for generating a radio access network key (RAK) as a function of the random number and a key selected from the group consisting of a public land mobile network key (PK) and a broadcast access key (BAK); and means for generating a temporary registration key (RGK) as a function of the 5 RAK. In a fourth aspect of the present invention, there is provided a mobile station apparatus, including: means for receiving a random number from a radio access network; means for transmitting the random number to a memory module (UICC); and D means for receiving from the UICC a temporary registration key (RGK) based on the random number. In a fifth aspect of the present invention, there is provided a computer readable medium embodying a method of obtaining secure registration by a memory module (UICC) in a multicast-broadcast-multimedia system (MBMS), the method 5 including: receiving a random number; generating a radio access network key (RAK) as a function of the random number and a key selected from the group consisting of a public land mobile network key (PK) and a broadcast access key (BAK); and 0 generating a temporary registration key (RGK) as a function of the RAK. In a sixth aspect of the present invention, there is provided a computer readable medium embodying a method of obtaining secure registration by a mobile station in a multicast-broadcast-multimedia system (MBMS), the method including: receiving a random number from a radio access network; 25 transmitting the random number to a memory module (UICC); and receiving from the UICC a temporary registration key (RGK) based on the random number.
3 BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is an exemplary block diagram illustrating a multicast-broadcast-multimedia system (MBMS) communication link; 5 FIG. 2 is a diagram illustrating an embodiment of secure registration in the MBMS; and FIG. 3 is a diagram illustrating another embodiment of secure registration in the MBMS. 10 DETAILED DESCRIPTION The word "exemplary" is used herein to mean "serving as an example, instance, or illustration." Any embodiment described herein as "exemplary" is not necessarily to be construed as preferred or advantageous 15 over other embodiments. All of the embodiments described in this Detailed Description are exemplary embodiments provided to enable persons skilled in the art to make or use the invention and not to limit the scope of the invention which is defined by the claims. 20 A mobile station, also called user equipment (UE) , may communicate with one or more base stations. A mobile station transmits and receives data packets through one or more base stations to a base station controller. Base stations and base station controllers are parts of a 25 network called an access network. An access network 4 transports data packets between multiple mobile stations. The access network may be further connected to additional networks outside the access network, such as a corporate intranet or the Internet, and may transport data packets 5 between each mobile station and such outside networks. A mobile station that has established an active traffic channel connection with one or more base stations is called an active mobile station, and is said to be in a traffic state. A mobile station that is in the process of 10 establishing an active traffic channel connection with one or more base stations is said to be in a connection setup state. A mobile station that is powered on and capable of receiving signals from a base station but is not in a traffic state or in a connection setup state is said to be 15 in an idle state. A communication link through which a mobile station sends signals to a base station is called a reverse link. A communication link through which a base station sends signals to a mobile station is called a forward link. A 20 mobile station or user equipment (UE) may be a mobile telephone which includes a mobile telephone handset, also called mobile equipment (ME), and a memory module, such as a physically secure integrated circuit card or smart card called UICC, which may be removable or permanently attached 25 to the ME. In a Global System for Mobile communication 5 (GSM) telephone, the UICC is typically a subscriber identity module (SIM). In a code division multiple access (CDMA) telephone, the UICC is typically a removable user identity module (RUIM). 5 FIG. 1 is an exemplary block diagram illustrating a communication link between user equipment (UE) 2, a serving network 4, a home network 6 and a content provider (CP) 8 in a multicast-broadcast-multimedia system (MBMS). The user equipment 2 may be a mobile station which includes 10 mobile equipment (ME) 10 and a memory module or UICC 12. The UICC 12 may be either a removable memory module attached to the mobile equipment 10 or a permanent part of the mobile equipment 10. The physical implementation of the UICC 12 in the user equipment 2 is not critical to the 15 present invention. The serving network 4 may either be owned by the wireless carrier which provides subscription service to the user equipment 2, or be a visited network owned by another carrier which provides service to the user equipment 2 20 while the user equipment 2 is roaming. The serving network 4 typically includes a radio access network (RAN) 14 and a serving general packet radio service (GPRS) support node (SGSN) 16. The radio access network 14, also known as a base station (BS), a base transceiver station (BTS), or an 25 access point (AP), transmits radio signals to and receives 6 radio signals from the user equipment 2. The SGSN 16 is a core network node which may be part of a public land mobile network (PLMN), for example. The home network 6 is the network owned by the 5 wireless carrier which provides subscription service to the user equipment 2, and may or may not be owned by the same carrier as that of the serving network 4 depending upon whether the user equipment 2 is roaming outside the service area of the carrier. The home network 6 typically includes 10 a gateway GPRS support node (GGSN) 18, a broadcast multicast-service center (BM-SC) 20 and a home subscriber server (HSS) 22. The solid line 22 in FIG. 1 represents a bearer path on which information-bearing signals are carried from the content provider 8 through the home 15 network 6 and the serving network 4 to the mobile equipment 10. The dashed line 24 in FIG. 1 represents a key/authorization path on which encryption and decryption keys are passed between the UICC 12, the serving network 4 and the home network 6. 20 The content provider 8 may be a third-party content source that is owned by neither the home network carrier nor the serving network carrier. The home subscriber server 22 in the home network 6 may include a database for holding mobile telephone subscription and collecting 25 billing data for multicast services. In the embodiment 7 shown in FIG. 1, the home network 6 also includes the broadcast-multicast-service center (BM-SC) 20 which schedules multicasting of the multimedia event and performs at least some security functions for the MBMS. The serving 5 network 4 is the network that transmits the content to a single user through a dedicated channel, multicasts the content to a plurality of users through dedicated channels if the number of users demanding the service does not justify broadcasting the service to all users in -the 10 coverage area, or broadcasts the content to all users in the coverage area if the number of users demanding the service exceeds a predetermined threshold. In an embodiment, the content of the multimedia event is encrypted and decrypted in the multicast 15 broadcast-multimedia system through several levels of encryption and decryption to provide at least some level of assurance that unauthorized users will not be able to decrypt the data and watch the multimedia event. For example, a permanent, user-specific registration key (RK) 20 may be provided to generate temporary key (TK) values and to authenticate the UICC in the user's mobile telephone. The TK is a single use, user-specific key used to encrypt broadcast access key (BAK) values. The TK is also used by the UICC to decrypt the BAK values. The BAK is a medium 25 term, shared key which is used for deriving multiple short- 8 term keys (SK) and distributed to UICCs of subscribed users on a per-user basis. The SK is a frequently changing, shared key which is used to encrypt and decrypt the content. The SK may be generated using a random number (SKRAND) which is sent in the clear with the encrypted content and the BAK. The UICC 12 regenerates the SK 5 from the BAK and SKRAND, and passes the SK to the mobile equipment 10. Examples of schemes for encryption and decryption of data contents in a multicast broadcast-multimedia system are described in U. S. Patent Application Publication Serial No. 20020141591, entitled "Method and Apparatus for Security in a Data Processing System", published October 3, 2002, incorporated herein by reference. D Various other embodiments of using public keys or shared-secret keys for encryption and decryption may also be implemented within the scope of the invention. For example, in an alternate embodiment, secure delivery or provisioning of BAK to the UICC may be provided by using public key mechanisms such as RSA or ElGamal, which are known to persons skilled in the art. 5 FIG. 2 illustrates an embodiment of secure registration in a multicast broadcast-multimedia system. In this embodiment, the broadcast-multicast-service center (BM-SC) 20 transmits a provisioning message, which is a function of a public land mobile network (PLMN) key 9 referred to as PK, and the permanent, user-specific registration key referred to as RK. The PK is a temporary, home PLMN specific key used to generate a radio access network (RAN) key referred to as RAK, and to authenticate 5 the UICC 12. The provisioning message is transmitted from the BM-SC 20 to the UICC 12 along a path 26 as illustrated in FIG. 2. The provisioning message, which is a function with arguments PK and RK, may be represented as cl(PK, RK). Upon receiving the provisioning message, the UICC 12 10 extracts the PK from the provisioning message and stores the PK value. Other embodiments for implementing the secure delivery or provisioning of PK to the UICC may be provided within the scope of the invention by using public key mechanisms including but not limited to RSA and 15 ElGamal. The radio access network (RAN) 14 transmits a request for the RAK and a random number (RAND) along a path 28 to the BM-SC 20, which in response generates the RAK which is a function with arguments PK and RAND. The RAK, 20 which may be represented as c2(PK, RAND), is transmitted by the BM-SC 20 to the RAN 14 along a path 30. The RAK is a temporary, RAN specific key used to generate temporary, user-specific registration key (RGK) values and to hide the PK from the RAN 14 which is visited by the UE 2. The RAK 25 is also used to cipher the MBMS service identification 10 number (ServID) and a user identification number such as P-TMSI, IMSI, electronic serial number (ESN) , MIN, or any permanent or temporary user identification number used in the system in which an embodiment of the present invention 5 is implemented. In the embodiments shown in FIGs. 2 and 3, P-TMSI is used as an exemplary user identification number known to a person skilled in the art. The RAN may store the RAK and broadcast the RAND to all users including UE 2 within the coverage area of the 10 RAN along a path 32. The UE 2, upon receiving the RAND, sends the RAND as well as the P-TMSI and the ServID to the UICC 12 along a path 34. The UICC 12 generates the RAK which is an exact copy of the RAK generated by the BM-SC 20. After receiving the Serv_ID and the P-TMSI, the UICC 15 12 concatenates the Serv_ID and the P-TMSI to obtain a concatenated result denoted as [ServIDIIP-TMSI], and computes a cyclic redundancy code (CRC) based on the Serv_ID and P-TMSI. The CRC is appended to [ServIDI |P TMSI) to generate [ServID| |P-TMSII ICRC]. The UICC 12 then 20 generates the RGK which is a function of the Serv_ID, P TMSI, CRC and RAK represented as c3([ServIDIIP-TMSIIICRC], RAK) . The RGK is a temporary, user-specific key used to authenticate registration messages. After the RGK is generated, the UICC 12 sends the 25 RGK along a path 36 to the UE 2, which in turn transmits a 11 registration/connection request including the RGK to the RAN 14 along a path 38. The RAN 14, upon receiving the registration/connection request, extracts the [ServIDI IP TMSI), verifies the CRC, and counts the user identified by 5 the P-TMSI as a legitimate user who has sent a valid registration message to request the multimedia service. If the registration/connection message transmitted by the user is not verified by the RAN 14, then the RAN may regard the user as a rogue or illegitimate user and does not count the 10 request as legitimate. FIG. 3 illustrates another embodiment of secure registration in a multicast-broadcast-multimedia system. In this embodiment, no provisioning message is transmitted by the broadcast-multicast-service center (BM-SC) 20. 15 Instead, the radio access network (RAN) 14 transmits a request for the RAK and a random number (RAND) along a path 40 to the BM-SC 20, which in response generates the RAK and the RAND. The RAK is a function with arguments BAK and RAND represented as c2 (BAK, RAND). The BAK is the same 20 broadcast access key used as part of the encryption scheme to encrypt the data contents described above. The RAND and RAK are transmitted by the BM-SC 20 to the RAN 14 along a path 42. The RAK is a temporary, RAN specific key used to generate temporary, user-specific registration key (RGK) 25 values. The RAK is also used to cipher the MBMS service 12 identification number (Serv-ID) and a user identification number referred to as P-TMSI. The RAN may store the RAK and broadcast the RAND to all users including UE 2 within the coverage area of the 5 RAN along a path 44. The UE 2, upon receiving the RAND, sends the RAND as well as the P-TMSI and the Serv_ID to the UICC 12 along a path 46. The UICC 12 generates the RAK which is an exact copy of the RAK generated by the BM-SC 20. After receiving the ServID and the P-TMSI, the UICC 10 12 concatenates the Serv_ID and the P-TMSI to obtain a concatenated result denoted as [ServID||P-TMSI], and computes a cyclic redundancy code (CRC) based on the Serv_ID and P-TMSI. The CRC is appended to [ServIDI IP TMSI] to generate (Serv_ID||P-TMSIICRC]. The UICC 12 then 15 generates the RGK which is a function of the ServID, P TMSI, CRC and RAK, represented as c3([Serv_IDIIP TMSI||CRC], RAK). The RGK is a temporary, user-specific key used to authenticate registration messages. After the RGK is generated, the UICC 12 sends the 20 RGK along a path 48 to the UE 2, which in turn transmits a registration/connection request including the RGK to the RAN 14 along a path 50. The RAN 14, upon receiving the registration/connection request, extracts the [ServIDI |P TMSI], verifies the CRC, and counts the user identified by 25 the P-TMSI as a legitimate user who has sent a valid 13 registration message to request the multimedia service. If the registration/connection message transmitted by the user is not verified by the RAN 14, then the RAN may regard the user as a rogue or illegitimate user and does not count the 5 request as legitimate. The RAN 14 may receive a plurality of registration/connection requests from a plurality of users within the coverage area and decide which requests are valid ones transmitted by legitimate users by verifying the 10 CRC computed from the ServID and P-TMSI of each user. The RAN may ignore those requests with RGKS which include unverifiable CRCs. In this manner, the RAN has a highly reliable means of determining how many registration requests for a certain multimedia event are valid, and 15 would not be forced to broadcast the event if the number of legitimate users is not enough to justify broadcasting the event. Various other features may also be added to the temporary registration message (RGK) within the scope of 20 the present invention. For example, a time stamp for system time may be added to the RGK. The RAN 14 may use the P-TMSI extracted from the RGK to determine whether the user who is attempting to register is actually a subscriber, if the RAN has the P-TMSIs of all subscribed 25 users in the coverage area. In a typical GSM system, the 14 P-TMSI may be allocated at the logical link control (LLC) level in the GSM/GPRS, that is, in the core network (CN). In another embodiment, a public key may be used in forming the RGK to avoid replay attacks by rogue users. For 5 example, if each UICC has a private key used for provisioning PK or BAK, the RGK may include a reference to the public key or certificate and a signature of the BAK hash or PK-hash. Replay attacks by rogue users may be prevented or at least limited by using techniques such as 10 sequence numbers or digital signatures based on public key cryptography. The sequence of the text in any of the claims does not imply that process steps must be performed in a temporal or logical order according to such sequence unless 15 it is specifically defined by the language of the claim. The process steps may be interchanged in any order without departing from the scope of the invention as long as such an interchange does not contradict the claim language and is not logically nonsensical. Furthermore, numerical 20 ordinals such as "first," "second," "third," etc. simply denote different singles of a plurality and do not imply any order or sequence unless specifically defined by the claim language. Furthermore, words such as "connect," "connected 25 to" and "connection" used in describing a relationship 15 between different elements do not imply that a direct physical connection must be made between these elements. For example, two elements may be connected to each other physically, electronically, logically, or in any other 5 manner, through one or more additional elements, without departing from the scope of the invention. Those of skill in the art would understand that information and signals may be represented using any of a variety of different technologies and techniques. For 10 example, data, instructions, commands, information, signals, bits, symbols, and chips that may be referenced throughout the above description may be represented by voltages, currents, electromagnetic waves, magnetic fields or particles, optical fields or particles, or any 15 combination thereof. Those of skill would further appreciate that the various illustrative logical blocks, modules, circuits, and algorithm steps described in connection with the embodiments disclosed herein may be implemented as 20 electronic hardware, computer software, or combinations of both. To clearly illustrate this interchangeability of hardware and software, various illustrative components, blocks, modules, circuits, and steps have been described above generally in terms of their functionality. Whether 25 such functionality is implemented as hardware or software 16 depends upon the particular application and design constraints imposed on the overall system. Skilled artisans may implement the described functionality in varying ways for each particular application, but such 5 implementation decisions should not be interpreted as causing a departure from the scope of the present invention. The various illustrative logical blocks, modules, and circuits described in connection with the embodiments 10 disclosed herein may be implemented or performed with a general purpose processor, a digital signal processor (DSP), an application specific integrated circuit (ASIC), a field programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete 15 hardware components, or any combination thereof designed to perform the functions described herein. A general purpose processor may be a microprocessor, but in the alternative, the processor may be any conventional processor, controller, microcontroller, or state machine. A processor 20 may also be implemented as a combination of computing devices, e.g., a combination of a DSP and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a DSP core, or any other such configuration.
17 The steps of a method or algorithm described in connection with the embodiments disclosed. herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A 5 software module may reside in random access memory (RAM), flash memory, read only memory (ROM), erasable programmable read only memory (EPROM), electrically erasable programmable read only memory (EEPROM), registers, a hard disk, a removable disk, a compact disc-read only memory 10 (CD-ROM), or any other form of storage medium known in the art. An exemplary storage medium is coupled to the processor such that the processor can read information from, and write information to, the storage medium. Alternatively, the storage medium may be integral to the 15 processor. The processor and the storage medium may reside in a single ASIC or as separate components in a base station, for example. The previous description of the disclosed embodiments is provided to enable any person skilled in the 20 art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, 25 the present invention is not intended to be limited to the 18 embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein. Throughout the specification and the claims that follow, unless the context requires otherwise, the words "comprise" and "include" and variations such as 5 "comprising" and "including" will be understood to imply the inclusion of a stated integer or group of integers, but not the exclusion of any other integer or group of integers. The reference to any prior art in this specification is not, and should not be taken as, an acknowledgement of any form of suggestion that such prior art forms 0 part of the common general knowledge.
Claims (69)
1. A method of obtaining secure registration by a memory module (UICC) in a multicast-broadcast-multimedia system (MBMS), the method including: 5 receiving a random number; generating a radio access network key (RAK) as a function of the random number and a key selected from the group consisting of a public land mobile network key (PK) and a broadcast access key (BAK); and generating a temporary registration key (RGK) as a function of the RAK.
2. The method of claim 1, further including transmitting the RGK to a mobile telephone.
3. The method of claim 1 or 2, further including receiving a provisioning 5 message from a broadcast-multicast service center.
4. The method of claim 3, wherein the provisioning message is a function of the PK and a permanent registration key (RK). 0
5. The method of claim 3 or 4, further including extracting the PK from the provisioning message.
6. The method of any preceding claim, wherein the RGK is a function of the RAK, a service identification number and a user identification number. 25
7. The method of claim 6, wherein the RGK is a function of the RAK and a cyclic redundancy code (CRC) computed from the service identification number and the user identification number. 30
8. The method of any preceding claim, wherein the UICC includes a subscriber identity module (SIM) in a Global System for Mobile communication (GSM) system. 20
9. The method of any one of claims 1 to 7, wherein the UICC includes a removable user identity module (RUIM) in a code division multiple access (CDMA) system. 5
10. The method of any preceding claim, wherein the PK is provisioned by using a public key.
11. The method of any preceding claim, wherein the BAK is provisioned by using a public key. 0
12. A method of obtaining secure registration by a mobile station in a multicast broadcast-multimedia system (MBMS), the method including: receiving a random number from a radio access network; transmitting the random number to a memory module (UICC); and 5 receiving from the UICC a temporary registration key (RGK) based on the random number.
13. The method of claim 12, wherein the RGK is a function of a radio access network key (RAK) which is a function of the random number and a key selected !0 from the group consisting of a public land mobile network key (PK) and a broadcast access key (BAK).
14. The method of claim 13, wherein the PK is extracted from a provisioning message received from a broadcast-multicast service center. 25
15. The method of claim 14, wherein the provisioning message is a function of the PK and a permanent registration key (RK).
16. The method of claim 13, wherein the RGK is a function of the RAK, a service 30 identification number and a user identification number.
17. The method of claim 16, wherein the RGK is a function of the RAK and a 21 cyclic redundancy code (CRC) computed from the service identification number and the user identification number.
18. The method of any one of claims 12 to 17, wherein the UICC includes a 5 subscriber identity module (SIM) in a Global System for Mobile communication (GSM) system.
19. The method of any one of claims 12 to 17, wherein the UICC includes a removable user identity module (RUIM) in a code division multiple access (CDMA) 3 system.
20. The method of any one of claims 12 to 19, wherein the PK is provisioned by using a public key. 5
21. The method of any one of claims 12 to 20, wherein the BAK is provisioned by using a public key.
22. A memory module, including: means for receiving a random number; 0 means for generating a radio access network key (RAK) as a function of the random number and a key selected from the group consisting of a public land mobile network key (PK) and a broadcast access key (BAK); and means for generating a temporary registration key (RGK) as a function of the RAK. 25
23. The memory module of claim 22, further including means for transmitting the RGK to a mobile telephone.
24. The memory module of claim 22 or 23, further including means for receiving a 30 provisioning message from a broadcast-multicast service center.
25. The memory module of claim 24, wherein the provisioning message is a 22 function of the PK and a permanent registration key (RK).
26. The memory module of claim 24 or 25, further including means for extracting the PK from the provisioning message.
27. The memory module of any one of claims 22 to 26, wherein the RGK is a function of the RAK, a service identification number and a user identification number. J
28. The memory module of claim 27, wherein the RGK is a function of the RAK and a cyclic redundancy code (CRC) computed from the service identification number and the user identification number.
29. The memory module of any one of claims 22 to 28, wherein the PK is 5 provisioned by using a public key.
30. The memory module of any one of claims 22 to 29, wherein the BAK is provisioned by using a public key. 0
31. A mobile station apparatus, including: means for receiving a random number from a radio access network; means for transmitting the random number to a memory module (UICC); and means for receiving from the UICC a temporary registration key (RGK) based on the random number. 25
32. The apparatus of claim 31, wherein the RGK is a function of a radio access network key (RAK) which is a function of the random number and a key selected from the group consisting of a public land mobile network key (PK) and a broadcast access key (BAK). 30
33. The apparatus of claim 32, wherein the PK is extracted from a provisioning message received from a broadcast-multicast service center. 23
34. The apparatus of claim 33, wherein the provisioning message is a function of the PK and a permanent registration key (RK). 5
35. The apparatus of any one cf claims 32 to 34, wherein the RGK is a function of the RAK, a service identification number and a user identification number.
36. The apparatus of claim 35, wherein the RGK is a function of the RAK and a cyclic redundancy code (CRC) computed from the service identification number and 3 the user identification number.
37. The apparatus of any one of claims 31 to 36, wherein the UICC comprises a subscriber identity module (SIM) in a Global System for Mobile communication (GSM) system. 5
38. The apparatus of any one of claims 31 to 36, wherein the UICC comprises a removable user identity module (RUIM) in a code division multiple access (CDMA) system. 0
39. The apparatus of any one of claims 31 to 38, wherein the PK is provisioned by using a public key.
40. The apparatus of any one of claims 31 to 39, wherein the BAK is provisioned by using a public key. 25
41. A computer readable medium embodying a method of obtaining secure registration by a memory module (UICC) in a multicast-broadcast-multimedia system (MBMS), the method including: receiving a random number; 30 generating a radio access network key (RAK) as a function of the random number and a key selected from the group consisting of a public land mobile network key (PK) and a broadcast access key (BAK); and 24 generating a temporary registration key (RGK) as a function of the RAK.
42. The computer readable medium of claim 41, wherein the method further includes transmitting the RGK to a mobile telephone.
43. The computer readable medium of claim 41 or 42, wherein the method further includes receiving a provisioning message from a broadcast-multicast service center.
44. The computer readable medium of claim 43, wherein the provisioning ) message is a function of the PK and a permanent registration key (RK).
45. The computer readable mEdium of claim 43 or 44, wherein the method further includes extracting the PK from the provisioning message. 5
46. The computer readable medium of any one of claims 41 to 45, wherein the RGK is a function of the RAK, a service identification number and a user identification number.
47. The computer readable medium of claim 46, wherein the RGK is a function of 0 the RAK and a cyclic redundancy code (CRC) computed from the service identification number and the user identification number.
48. The computer readable medium of any one of claims 41 to 47, wherein the UICC includes a subscriber identity module (SIM) in a Global System for Mobile 25 communication (GSM) system.
49. The computer readable medium of any one of claims 41 to 47, wherein the UICC includes a removable user identity module (RUIM) in a code division multiple access (CDMA) system. 30
50. The computer readable medium of any one of claims 41 to 49, wherein the PK is provisioned by using a public key. 25
51. The computer readable medium of any one of claims 41 to 50, wherein the BAK is provisioned by using a public key. 5
52. A computer readable medium embodying a method of obtaining secure registration by a mobile station in a multicast-broadcast-multimedia system (MBMS), the method including: receiving a random numbEr from a radio access network; transmitting the random number to a memory module (UICC); and 3 receiving from the UICC a temporary registration key (RGK) based on the random number.
53. The computer readable medium of claim 52, wherein the RGK is a function of a radio access network key (RAK) which is a function of the random number and a 5 key selected from the group con isting of a public land mobile network key (PK) and a broadcast access key (BAK).
54. The computer readable medium of claim 53, wherein the PK is extracted from a provisioning message received from a broadcast-multicast service center. 0
55. The computer readable Medium of claim 54, wherein the provisioning message is a function of the PK and a permanent registration key (RK).
56. The computer readable medium of any one of claims 53 to 55, wherein the 25 RGK is a function of the RAK, a service identification number and a user identification number.
57. The computer readable medium of claim 56, wherein the RGK is a function of the RAK and a cyclic redundancy code (CRC) computed from the service 30 identification number and the user identification number.
58. The computer readable medium of any one of claims 52 to 57, wherein the 26 UICC includes a subscriber identity module (SIM) in a Global System for Mobile communication (GSM) system.
59. The computer readable medium of any one of claims 52 to 57, wherein the 5 UICC includes a removable user identity module (RUIM) in a code division multiple access (CDMA) system.
60. The computer readable medium of any one of claims 52 to 59, wherein the PK is provisioned by using a public key.
61. The computer readable mEdium of any one of claims 52 to 60, wherein the BAK is provisioned by using a public key.
62. A method as claimed in claim 1, substantially as herein described with 5 reference to the accompanying drawings.
63. A method as claimed in claim 12, substantially as herein described with reference to the accompanying d drawings. 0
64. A memory module as claimed in claim 22, substantially as herein described with reference to the accompanying drawings.
65. A mobile station apparatus as claimed in claim 31, substantially as herein described with reference to the accompanying drawings. 25
66. A computer readable medium as claimed in claim 41, substantially as herein described with reference to the accompanying drawings.
67. A computer readable medium as claimed in claim 52, substantially as herein 30 described with reference to the accompanying drawings. 27
68. A memory module substantially as herein described with reference to any one of the embodiments of the invention illustrated in the accompanying drawings.
69. A mobile station apparatus substantially as herein described with reference to any one of the embodiments of the invention illustrated in the accompanying drawings.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| AU2010212432A AU2010212432A1 (en) | 2003-07-07 | 2010-08-19 | Secure registration for a multicast-broadcast-multimedia system (MBMS) |
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US10/617,215 | 2003-07-07 | ||
| AU2010212432A AU2010212432A1 (en) | 2003-07-07 | 2010-08-19 | Secure registration for a multicast-broadcast-multimedia system (MBMS) |
Related Parent Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| AU2004301386A Division AU2004301386A1 (en) | 2003-07-07 | 2004-07-01 | Secure registration for a multicast-broadcast-multimedia system (MBMS) |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| AU2010212432A1 true AU2010212432A1 (en) | 2012-03-08 |
Family
ID=45812600
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| AU2010212432A Abandoned AU2010212432A1 (en) | 2003-07-07 | 2010-08-19 | Secure registration for a multicast-broadcast-multimedia system (MBMS) |
Country Status (1)
| Country | Link |
|---|---|
| AU (1) | AU2010212432A1 (en) |
-
2010
- 2010-08-19 AU AU2010212432A patent/AU2010212432A1/en not_active Abandoned
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8098818B2 (en) | Secure registration for a multicast-broadcast-multimedia system (MBMS) | |
| KR101217681B1 (en) | - method and apparatus for providing authenticated challenges for broadcast-multicast communications in a communication system | |
| US9520996B2 (en) | Ciphering data for transmission in a network | |
| JP5296124B2 (en) | Method and apparatus for time-based billing for broadcast-multicast service (BCMCS) in a wireless communication system | |
| EP2127154B1 (en) | Verification of system information in wireless communication system | |
| AU2004258561C1 (en) | Apparatus and method for a secure broadcast system | |
| AU2010212432A1 (en) | Secure registration for a multicast-broadcast-multimedia system (MBMS) | |
| WO2006136280A1 (en) | Sim/uicc based broadcast protection | |
| TW200524334A (en) | Method and apparatus for time-based charging for broadcast-multicast services (BCMCs) in a wireless communication system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| MK4 | Application lapsed section 142(2)(d) - no continuation fee paid for the application |