CN2785271Y - Transmitting/receiving unit using radio communication warrant/key - Google Patents
Transmitting/receiving unit using radio communication warrant/key Download PDFInfo
- Publication number
- CN2785271Y CN2785271Y CN 200420057350 CN200420057350U CN2785271Y CN 2785271 Y CN2785271 Y CN 2785271Y CN 200420057350 CN200420057350 CN 200420057350 CN 200420057350 U CN200420057350 U CN 200420057350U CN 2785271 Y CN2785271 Y CN 2785271Y
- Authority
- CN
- China
- Prior art keywords
- voucher
- key
- tru
- information
- watermark
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Lifetime
Links
Images
Abstract
The utility model relates to a transmitting/receiving unit (TRU) which comprises a device for generating specific credentials / keys of the transmitting/receiving unit (TRU), wherein the device for generating specific credentials / keys of the TRU is configured to generate credentials/keys deduced from information associated with the TRU; a watermark / signature/encryption code generating device is provided with one input end configured to receive credentials / keys and generating watermark/signature/encryption code; a watermark inserting/signature inserting/encrypting device is provided with one input end configured to receive a communication signal and one output end configured to generate watermark inserting /signature inserting /encrypting signals for wireless transmission.
Description
Technical field
The utility model briefly relates to a kind of radio communication.More specifically, the utility model is to be applied in to use radio communication voucher/key in the above-mentioned radio communication.
Background technology
Wireless system is responsive in many aspects.When new wireless technology when developing widely, this susceptibility just increases thereupon.In with Italian type networking (Ad-hoc), under the network node of individual consumer in the middle of not using, and directly communication each other, and user and network are produced new susceptibility with Italian type networking (Ad-hoc).Can be these susceptibility classification as " trust ", " right ", " identity ", " privacy " and " fail safe " relevant issues.
" trust " is associated with and guarantees that the information of communicating by letter in these systems can share.For instance, a wireless user may want to know, a communication is by trusted source, and communication node trusty and be sent to the wireless user.In one with the user in Italian type networking (Ad-hoc), may not know that this is in communication in one has on hacker's wireless device that grouping checks and be transferred.Moreover by the use of passage, for the wireless user, perhaps the intermediate node of call forwarding is transparent.
" right " (" managing entitlement ") is associated with the control of data.For instance, one wireless user may have limited right in a wireless system, yet, if described this user has a mind to or by mistake gangs up with a Section Point with higher right, described this user can obtain to be higher than the right that described this user can be allowed to have.
" identity " be associated be connected to wireless user's status control.For instance, the wireless device of a swindle may be attempted by pretending into a user through this network authorization, and by the identity of using described this authorized user, removes access one wireless network." privacy " is associated with to be connected to and keeps individuality, data and contextual privacy.One wireless user may not want to allow other users know the website that he visited, and especially, is sent to the information of described these websites, for example property medicine or the like." safely " be associated with data and contextual safety, for example prevent a unwarranted individuality, go access one wireless user's data.
Be to reduce the susceptibility of wireless network, correlation technique is to be used, (but the WPA extended authentication agreement (EAP) and based on the encryption of GSM of for example wired reciprocity privacy (WEP), Wi-Fi protection access.Though described these technology provide some protections, they are still for described these " trusts ", " right ", " identity ", " privacy " and " safety " relevant issues sensitivity.For instance, though a special wireless communication node may have correct wired reciprocity privacy (WEP) key with a wireless subscriber communication, described this user possibly can't know whether that he can " trust " described this node.
Moreover, described this user uses the authentication of these keys to occur in the communication stack of higher level level, accordingly, even when described these are controlled all in suitable place, the wireless user or a hacker of one swindle, though limited, may do access for the communication stack of described this higher level level.And described this produces also impaired injury, for example Denial of Service attack in the middle of being accessed in remaining.
Watermark/stamped signature is with annotation data or unique information, adds the technology of mediator to, as signaling and/or purpose of safety.For reducing these susceptibilitys described in the wireless network, it is desirable to produce the different voucher/keys that are applied in watermark, stamped signature and the encryption.
The utility model content
A kind of transmission/receiving element (TRU) that comprises TRU specific credential/key generation apparatus, TRU specific credential/key generation apparatus are to be configured to produce a voucher/key that information was derived from being associated with TRU; One watermark/stamped signature/encrypted code generation device, it has an input that is configured to receive voucher/key and to produce watermark/stamped signature/encrypted code; And a watermark insertion/stamped signature insertion/encryption device has and is configured to the input that receives a signal of communication and is configured to produce an output that is used for the watermark insertion/stamped signature insertion/coded signal of wireless transmission.
Description of drawings
Fig. 1 is for producing the simplified flow chart of TRU specific credential/key.
Fig. 2 is the simplified flow chart of voucher/key generation standard for a change.
Fig. 3 is the reduced graph of the transmission/receiving element of two exchange voucher/keys.
Fig. 4 is the reduced graph of watermarking device.
Fig. 5 inserts the reduced graph of device for stamped signature.
Fig. 6 is the reduced graph of encryption device.
Fig. 7 is that explanation has a plurality of secure networks of trusting the area.
Fig. 8 is at the interval simplified flow chart that carries out handover unsuspectingly.
Fig. 9 is for illustrating with the embodiment of two light demonstrations as safety/trusted indicator.
Figure 10 is with the embodiment of strip demonstration as safety/trusted indicator.
Figure 11 is as the embodiment that is safety/trusted indicator with various dimensions figure.
Embodiment
After this, a wireless transmission/receive unit (WTRU) comprises but any type of device that is not limited to a subscriber equipment, mobile radio station, fixing or moving user unit, calling set, platform (STA) or can operates in a wireless environment.Mention a base station when after this, it comprises but is not limited to a B node, site controller, access point or any type of interface arrangement under a wireless environment.Mention a transmission unit (TRU) when after this, it comprises a WTRU, base station or a radio communication device.
Fig. 1 is the simplified flow chart that produces for TRU adhoc basis voucher/key.At first, TRU adhoc basis information is to produce in step 20, and the TRU customizing messages is to be the information specific to this TRU, for example physical layer information, performance, contextual information, equipment/performance information, TRU identifying information or the like.In step 22, be to use this TRU adhoc basis information to obtain TRU adhoc basis voucher/key, this TRU customizing messages can with other information (comprise other TRU customizing messages and non-TRU customizing messages, for example public affairs/private key, when Time of Day, position or the like) combination, in order to produce voucher.
In one embodiment, this TRU customizing messages independent or that combine with other information is to be converted into a N-bit vector, this vectorial number of cells N is preferably the application-specific based on this voucher/key, it also can produce vector with different technology, this information can directly be converted into this voucher, or available any different coding techniques becomes voucher/key with this information translation.In step 24, the voucher/key of these generations is in order to produce a watermark, stamped signature insertion, to encrypt or other purposes.
In order to the specific implementations that produces a vector is to comprise hash (hashing)/compression, voucher/the key of a regular length if desired, if and do not change into a number format as yet, then will be converted into a number format in order to this information that produces a voucher, bit for example, some information may need to be converted into digital information, cans be compared to the analogue value (for example hardware non-linear value).One hash algorithm is to receive this bit and change the vector that this bit becomes a regular length, and for example length is N, in addition, also can use other compress techniques.In one embodiment, after all vouchers/key generation information was converted into number format, this information was to be connected to a tandem, and carried out by a speeds match (rate matching) device, so that can finish the Len req or the scope of a length.
Some voucher/key produces information must change its form in the preceding possibility that this key/voucher produces, for instance, image or hypertext just may must use a format conversion mode to change, concerning hypertext, it can be converted into ASC, or concerning image, can use the value of an archive file (for example GIF, JPEG, TIF), or can obtain a check the value by this special image data, a cyclic redundancy code for example.
Other forms of TRU customizing messages is to be the information relevant for the user of this TRU, one user can input a code name, password or PIN(Personal Identification Number) as this TRU customizing messages, otherwise is that voucher itself can be combined by the voucher that the user selects with other after a while.The exchange of information of the interchange group network that is subordinate to relevant for this user also can be used as this TRU customizing messages, this information comprises this user's hobby and detest, and about the information of this AC network, this information can or exist within this TRU or the network by user's input.Individual's biological information reads also can be in order to as this TRU customizing messages, this user's context environmental also can be crawled, and for example distance, the user of this user's mood, this user travelling control the favorite and the quick information of browser (cookie) of the custom of TRU operation and pattern, world-wide web priority, website.The external object of this TRU device also can be used to produce this TRU customizing messages, these devices comprise wireless frequency (RF) label, credit/sign the bill/smart card, global serial bus (USB) device or other external device (ED)s, and the use of user's specific credential makes that the decision that exceeds personage's behavior is more easy.
The form of another kind of TRU customizing messages is the hardware/software information for relevant this TRU, this hardware/software information comprises the hardware element identity, the non-linear stamped signature of software identity hardware element, information of relevant SIM/USIM card (for example being stored in the information of a SIM/USIM) and the information that comes from safety chip, it also can comprise the software operating system, software version number, keep idle memory body (RAM and ROM), chip produces merchant's identity and chip is integrated identity, this information also can comprise wireless frequency (wireless frequency channel quantity and frequency band), automatic gain control (AGC), automatic frequency control (AFC), analog-to-digital converter, digital to analog converter and demodulation relevant information can be undressed value by the information that these parameters obtained, mean value, standard deviation, variance, minimum value, peak value and peak value are to mean value.Other are coincident with the hardware/software information of this TRU algorithm and machine intimate state information.The power information provision can be in order to produce voucher, and for example the electric current by this power supply flows or the electric charge in this electric current, and in time or the current measurement of the function of time.The remaining power of battery, no matter be absolute value or percentage, also can be in order to produce voucher.
This hardware/software information can comprise the information of synthesizer, for example in conjunction with wired and wireless device.Which device to be connected, to be connected to the hardware/software of these devices, the information of communication protocol between these devices about, also can be used as key and produce.In addition, about the information of virtual TRUs, for example TRUs of a combination and/or device also can be in order to produce information as voucher/key.
Another kind of TRU customizing messages form be for the information of time correlation.This temporal information be contained in local generation time in this TRU, NIS acquisition time, network acquisition time, external time with reference to (for example coming from a satellite), the daytime/night information, morning/noon/dusk/night information, time zone and be embedded in atomic clock among this TRU at present.This temporal information can be relatively, for example the time or the high/low interference time of express network use.Date and time information comprises month, day, year, should over several days, this year also remain several days, the leap year whether, what day, working day or weekend or holiday.
Another kind of TRU specific credential/key form is the measurement of being carried out by this TRU.These technology comprise non-linear (for example non-linear index of received signal), other non-linear (for example energy overflows), out-of-band damage leakage signal feature, the distortion characteristic by frequency band, the temperature (outside or TRU) of multipath analysis, antenna relevant information, TRU transmit power level, received power grade (for example for a beacon or broadcasting channel), path loss, transmitting/receiving signal and absorb variation in the stamped signature.In order to measure some value, another TRU can send a reference signal (beacon, guiding, broadcasting channel, preceding segment encode or middle segment encode), in order to allow these measure to such an extent that be performed.This reference signal can be the signal (for example a beacon, guiding or broadcasting channel) that is present in this wireless system, or can specifically be transmitted (for example one special preceding segment encode) for these measurements, about measurement, comprised the indicating device when block errors/bit mistake generation in order to the information that produces voucher/key.
Can be used for the generation of voucher/key about the information of multipath.This multipath information can comprise the phase/amplitude in distance, number of paths and path between multipath position, these multipath positions.Another is a change rate for multipath information about voucher/key, and the significantly variation of any these parameter demonstrates potential problems, similarly is to take advantage of puppet (spoofing).Other multipath information are for signal interference/noise to be measured than (SINR), for example total path or each path, based on the SINR of the SINR of the SINR of gross energy, data channel, guiding channel, in this multipath mark sheet, whether have distance between the visual multipath element of row, root-mean-square value (RMS) multipath launch, multipath is gathered together (length, energy etc.), multipath is gathered together, between first and interelement distance of last multipath and channel response length.The change of multipath criterion also is possible effractor's indication, and the flip-flop of multipath and/or interference may demonstrate effractor's existence and need to increase defensive measure.
The characteristic that comprises delay, antenna spacing, antenna hardware information, antenna condition (pointing to or omnidirectional), antenna configurations, antenna transposing rate, antenna guiding stability, the staggered correlation of antenna and spatial distribution between antenna kenel (bundle), antenna weight, antenna element about the information of antenna.Other antenna relevant informations comprise arrive at or the stamped signature that the angle of received signal, several antennas are observed between similar/distinctiveness ratio (an already present stamped signature/preceding segment encode or the specific stamped signature that produces in order to voucher/key), and the rate of change of any of these parameter.
Positional information comprises the GPS coordinate, with distance, step-out time and the arrival information time of another TRU, distance, internetwork distance, lat/longitude with network, highly, about logical place, the RSSI of connectedness obtain position measurement, distance and inductor applications position measurement when arriving angle, the time of advent, arrival.The correspondence of measuring position (via network or other non-TRU devices) with circulated a notice of via a TRU corresponding also can be an authentication indication.What be similar to positional information is speed applications information, for example source/purpose, bearing, relative velocity (comprise Doppler average with multipath/sign extended), reach motion-vector.Speed can TRU itself the speed of speed, the relative velocity between two or more TRUs or another TRU or object.This positional information also can be the zone at TRU place, for example ON/OFF one campus, urban/suburban environment, city/small towns, state/province, and postal delivery address.This location/velocity information can be provided by this TRU, or by being connected in this TRU or providing with device that this TRU communicates.
On behalf of the technology of this TRU physical environment, another be to use a model.Model is to select according to multiple physical context information and possible other information.Observation is with the parameter that decides this model.Use this model, can obtain a voucher/key.In addition, other physical context information are to perceive the presenting of TRUs/ device of this TRU for other TRUs in this TRU adjacent domain or device and other.Other physical context information can be the Additional Services of phase negative lap coverage area, for example for a multi-modal TRU device.
In addition, this TRU customizing messages can comprise being sent to another TRU Useful Information, for example control, signal and other information.This information comprises the decryption that piles up from higher level, agreement parameter, delivering power control information, transformat in conjunction with indicating device (TFCI), Streaming Video parameter, resource allocation information, selection approach information, unexpected data, and other signal controlling information.
In the one side of control, the generation of one voucher/more voucher/keys of key may command.One voucher/key even can be a function of another voucher/key.But a switch of the voucher/key of one voucher/key identification one a new voucher/key or a higher/lower-security should be used.This control voucher/key can be used to the more voucher/keys of indication and how to produce, for example the combination of a level of indication group's voucher/set of cipher key, group or intersection, and the relation and the structure of group.
This voucher/key can be used to distinguish TRUs or user's group and other persons.This group can be the group under this user, or based on the group of wireless network attribute or parameter, for example a TRUs group with similar hardware, radio characteristics or position/orientation/height.This voucher/key is to be obtained from this group information.
In order to quicken the authentication of a whole TRUs group, a TRU can play the part of the role of a gateway.This TRU authenticates whole group effectively, rather than does not authenticate by each TRU.
The use of TRU specific credential/key is desirable.Since this voucher/key be to about the information of a specific T RU, the value of this voucher/key itself can be used as the added security measure.In order to illustrate, one uses the obtained voucher/key of a hardware numerical value to verify via a network or TRU, and whether this hardware numerical value is consistent with a specific T RU with decision.Also in order to illustrate, information obtained voucher/key in use location can over and over again be inspected, do not move to verify this user, and kilometer/hundred milliseconds for example, it indicates someone cheating this user.The use of this voucher/key also allows seamless delivery, control signal, context awareness, and the selection approach information of position.The increase fail safe is detected, reached to the use permission improvement invasion of this voucher/key, abnormal behaviour.
The preferably, though concerning minimum safety stability, do not have a single source of voucher/key or voucher/key to be used, the multiple source that voucher/key produces information is that combination is to form this voucher/key.In conjunction with this information with the technology that forms key be for synthetic, data in conjunction with, break up, filtration, reprocessing, similar shape combine, reach model parameter estimation with multiform.According to this combination technology, desire to reach a desirable voucher/key length or a length range, the ratio pairing may be necessary.
In order to obtain criterion, can use different technology in conjunction with voucher/key.One of them is to be a technique for fixing, and wherein some combination or combination group are determined under a given safety grades.Another technology is to be the algorithm application technology.In these technology, one is predetermined or algorithm that one group is predetermined is to use and obtains voucher/key.Another technology is to be the rule application criterion.In the rule application criterion, one group of rule is to be used for setting up in order to obtain the information combination of this voucher/key.Another technology is to be an interior TRU voucher/key signal selection criterion.TRU signal in using, two or more TRUs agree in conjunction with criterion.Should interior TRU signal be desirable, because it allows TRU to obtain the information that its hope is verified/authenticated.In order to illustrate, one the one TRU may wish to verify that one the 2nd TRU has a specific hardware numerical value, to verify its reliability.The one TRU can require the 2nd TRU generation one to comprise the voucher of the sequence number of this hardware element.
In order to improve fail safe, crossing level of abstraction, to come combining information be desirable.In order to illustrate, one voucher/key can get self information related software, hardware, reach the physical layer measurement.Such voucher will be difficult to deception, and can carry out the part checking in network, or carry out the part checking via another TRU.For the reproducible correct hardware numerical value once the user who authorizes of the voucher of a deception TRU is described.Yet this deception TRU can't duplicate this authorized user's a software version numerical value.Also, can be used to produce a voucher or key from the safe location of this TRU and the information at dangerous position in order to improve fail safe.In addition, result from the voucher/key of an external device (ED), for example result from the third party of a neutrality, can be used to produce a part of voucher/key.This information will be difficult to be set up by a unwarranted individual.
Can utilize to trigger and link with these technology, when these triggering energy indications need combined information to remove to form voucher/key and when can change combination standard, and further specify, as a TRU during, need additional safety in required combination standard, to change at high flow regional.
Overtime voucher/key and the watermark/stamped signature of changing is quite to be worth so that the relevant information of difficulty is detected and decoded.Yet, between the change speed of voucher/key and watermark/stamped signature and overhead, be to have a kind of exchange (trade-off) characteristic.Changing these numerical value need communicate with suitable TRU, wherein a kind of mode that alleviates required expense is to change the part that is used for driving these information of a voucher (inferior voucher) under different rates, further specify, an action user can upgrade the multi-path orientation of this voucher/key continually, and the hardware serial number sign indicating number then may never or seldom be updated.
The length of this voucher/key is to come enciphered data according to required fail safe/complexity exchange degree.In the maximum amount of fail safe, be the key that needs the data equal length, in order to reach degree like this, may need a kind of form of rate-matched.A shortcoming of this technology is the exchange of a large amount of voucher/key information usually to take place reaching the voucher/key of length like this, and short voucher/key can provide less fail safe.
The use of voucher/key and watermark/stamped signature is to also have its advantage except reducing visibility in multiple level of abstraction, be the quick detecting (particularly in lower level of abstraction) of incorrect voucher/key and watermark/stamped signature can reduce unnecessary processing with so that improve fail safe, and further specify, the detecting of an incorrect voucher/key can avoid data to be sent in the higher level of abstraction in physical layer.So denial of service starts and can be stopped in this physical layer and be not always to have in the higher level that successfully starts.So detecting can make and effectively be turned off from the channel of unauthorized user, to avoid their arbitrary access wireless network.In addition, if this physical layer is blocked, Base-Band Processing can be switched off with extending battery life or discharge these resources to be used on other purposes.
In another explanation, packet header can be examined for some voucher/key information, if this information does not exist, just abandons this grouping.Therefore, when detecting the information of not wishing to obtain, thereby particularly all higher levels are blocked and handle this information waste frequency range and processing power.So signal can be blocked in various level of abstraction.
When judging that change at voucher/key is that the embodiment of required purposes has three main standard: key space, randomness and time change.This standard is to be used in to judge that voucher/key produces standard and whether needs also can use checking one initial voucher/whether the key generating technique is appropriate.In the explanation of Fig. 2, will use the length of voucher/key that present standard derived and the length/length range of wanting of these keys to compare (step 70).If at present length with can accept voucher/key length numerical value/scope and can not meet, then carry out the change (step 78) that voucher/key produces standard.Use the randomness of present voucher/key that standard produced to be examined to understand the randomness that is suitable for present voucher/key that standard was produced whether have enough randomness (step 72).The technology of measuring randomness include encrypt assessment, level compression (level zip, LZ), Wheeler assessment (Wheeler estimation), the composition chain with some states, Huffman/blocking-up huffman coding, the histogram based on technology, Hamming distance and moment assess (moment estimation).If there is not enough randomness, new standard (step 78) will be adopted.
The time variation of voucher/key is examined to judge whether to arrive a variability threshold value (step 74).If standard continues to keep present standard (step 76) by these three kinds of tests at present, and, then change standard (step 78) if can't test one of them by these.Further specify, a TRU can for example in train driving, change to an inactive state from a mobile status, for example at a network cafe.When train driving, the voucher/key that uses Doppler frequency shift (Doppler shift), GPS coordinate and hardware information to derive can produce the voucher/key with enough randomness.Yet in the network cafe, these information are changeable considerably less, cause similar or identical voucher/key to produce, and therefore, change for the change standard of the time stamp that increases power supply unit electric current and/or blocking-up error can be used to reach the time.
Other reasons that change voucher/key generation standard also might produce, when the level of required case power property changes, this voucher/key produces standard and also may change, further specify, when fail safe increases, voucher/key produces standard can be mixed with more level of abstractions from other sources, and this voucher/key produces standard and also can change because of the purpose that adapts to and/or mix.
In addition, voucher/key can be derived for the group of TRU, and this voucher can have the voucher of set with indivedual TRU voucher combinations or this group.When other characteristic changings of wherein group membership and this group, this group credentials/key changes to keep the fail safe of new group.
Though voucher/key not necessarily can exchange between TRU, Fig. 3 is the simple block diagram of two TRU 26,28, and these TRU 26,28 can exchange voucher/key.Though yet for brief description only shows two TRU 26,28, just not only two can exchange board/key.One of them of these TRU can be a WTRU, base station or non-wireless means.Although show these elements individually, these elements can be resolution element or its combination and the resolution element of an application specific integrated circuit (ASIC), multiple IC, IC for example on single IC for both (IC).
Specific voucher/the key generator 32 of the TRU of one TRU 26 produces the specific voucher/key of TRU.These voucher/keys and potential other information are preferably by an encryption device 34 encrypts.Though this case preferred embodiment is encrypted credentials/key, also can use in some application enciphers.The voucher of encrypting is by the use antenna or the wave point 30 of aerial array 40 transmits.
Antenna/aerial array 50 of the 2nd TRU 50 receives the encrypted credentials/key that is transmitted, and an encryption device 48 is encrypted the signal and the TRU specific credential/key recovery device 46 that are received and recovered this voucher/key 46.Voucher/key generator 42 of the 2nd TRU 28 produces voucher/key subsequently, and these voucher/keys can be also can not be the specific voucher/key of TRU.And these voucher/keys can optionally be encrypted by an encryption device 44, and transmit by this antenna/aerial array.
The voucher of these encryptions is to use the antenna of a TRU 26 or aerial array 44 to receive, and uses if desired when encrypting, and an encryption device 38 can be encrypted the voucher/key of this encryption, and a voucher recovery device 36 then is to be used for recovering these voucher/keys.The exchange of voucher can repeat, so that multiple assessment can relatively receive correct voucher with checking.In order to point out the successful reception of voucher,, approve that voucher also can each user of mat and transmit even without designator that receives or the designator that can be transmitted/receive.
For further tightening security property, can be in different abstract concept layers, the exchange voucher.One TRU can transmit one a voucher/key or a cover voucher/key on one deck, and one the 2nd TRU can transmit one a voucher/key or a cover voucher/key on another different layer.Therefore, eavesdropping TRU is difficult to obtain two voucher/keys or two cover voucher/keys.
When communicating by letter between a TRU and a TRU the unknown or more incredible began, described TRU used a believable entity (network node or believable TRU) to confirm voucher exchange (as the go-between).In fact, described believable entity is the credible observer as a neutrality, up to the trust that reaches between two TRU.
Can carry out the exchange of voucher/key at the initial setting of communication link, it is periodically to exchange or based on the exchange of certain standard.In one embodiment, the exchange of voucher/key and the variation of voucher/key are the positions based on wireless user's number or TRU.The user further specifies, if in the family in suburb, then can accept the fail safe of lower-order.In this environment, voucher/key can not need to be exchanged, only in exchange of initial setting step or rare exchange.The detecting of suburban environment can come from the minority wireless user in neighbouring area or the ad-hoc location.The exchange of voucher/key even can not comprise TRU specific credential/key.
Yet,, need the fail safe of higher-order if described wireless user is in the Wi-Fi in suburb coffee shop.May need the frequent exchange of encrypted credentials/key.In addition, can use a plurality of voucher/keys with tightening security property.
Fig. 4 is the simple general diagrammatic sketch of a watermarking device.One watermark generation device 52 receives voucher/key, and produces a watermark signal.One watermark insertion apparatus 54 is inserted into watermark in one signal, and generation one has the signal of watermark.
Fig. 5 is the simple general diagrammatic sketch that a stamped signature inserts device.One stamped signature let-off gear(stand) 56 receives voucher/key, and produces stamped signature order.One stamped signature inserts device 58 stamped signature is inserted in the signal, and produces a stamped signature and signal.
Fig. 6 is the simple general diagrammatic sketch of encryption device.One encrypted code generation device 60 receives voucher/key and produces an encrypted code.One encryption device 62 is a signal encryption, and produces a coded signal.
Fig. 4,5 and 6 device can be used among the TRU, and it comprises a WTRU, base station or non-wireless means.Though the element during these are graphic is to show respectively, described element can for example one be used specific integrated circuit (ASIC), multiple IC, resolution element or the combination of IC and resolution element on single IC for both (IC).In order to detect described watermark/stamped signature or the signal that encryption produced, then use the opposite program among Fig. 4,5 and 6.
It is to be used for inductor communication that one of described voucher/key generating technique is used.Because inductor tends to have low hardware complexity, so need simple security technique in order to protect this device.This technology is to use the inductor characteristic and wireless/physical layer watermark of obtaining.Further specify one of its characteristic of sensor measurement and/or one or more proximity sensing device characteristic.With this value insert described wireless/the inductor communication of physical layer between, for example by using inductor hardware, the hardware of modification or extra hardware element.
Use the inductor characteristic can make the given inductor of other inductors identification easily.This is similar to human conversational communication, and wherein the evaluation of information conveyer is to determine by its facial characteristics.A technology that reaches this identification is adaptation training.In adaptation training, each inductor is learnt the characteristic of other inductors, and can adapt in time.Therefore, if an inductor suffers damage, then other inductors can be sensed its infringement, and strengthen the fail safe of inductor.In order to measure the inductor characteristic of other inductors.One given inductor can be measured the information of other inductors, obtains to require other inductors of information or obtain other inductors, and makes to have feature measurement.
Though total energy uses voucher/key to produce and the high security technology of watermark, so between this technology and cost, still there is a transaction, complicated voucher/key and the watermark that is produced need more to handle, higher power consumption, and possible acting in conjunction between the TRUs, this generally needs extra post a letter and reduce usable radio resources; Same, along with the voucher/key/watermark/stamped signature of complexity,, transmission information improved because producing wrong probability during with this information of processing, thereby the situation of the TRUs that will more normal generation refusal have authenticated.In addition, in order to improve fail safe, just need be on the multilayer level or cross over watermark/stamped signature/voucher/key management between the level, such multilayer level acting in conjunction has also increased whole cost.
Yet owing to extremely do not wish to take place the data access situation, particularly confidential information of unauthenticated, therefore low excessively fail safe will have decisive influence; Same, the data mat TRUs of unauthenticated and transmit also to have reduced free system resources and increased fail safe and divide and destroy.
In one embodiment, different watermark/stamped signature/encrypted codes are to use in various fail safe levels; When lower fail safe level, use simple watermark/stamped signature/encrypted code, for example only use WEP or GSM basis; When higher fail safe level, use complicated a little watermark/stamped signature/encrypted code, for example utilize TRU specific credential/key and produce; And when the highest fail safe level, then use complicated watermark/stamped signature/encrypted code, for example on multiple level of abstraction and other information, utilize specific credential/key of multiple TRU.In addition, the wireless user in the highest security level can require to repeat to authenticate itself often.
Fig. 7 is the schematic diagram for a security network 92; As shown in Figure 7, this security network has multiple trust area 90
1To 90
5(90), these are trusted area 90 and can be present in jointly in the same zone and (for example trust area 90
2With 90
3), or separately (for example trust area 90
1With 90
5).
Fig. 8 is the process chart of trusting between the area 90.At first, the position in area, i.e. step 94 are trusted in this TRU identification one recently; This trust area can be by a fail safe channel in addition identification, this fail safe channel is the position that the area is trusted in indication recently.In the time need communicating with the outside node in the trust area of institute identification, during keeping and trusting recently voucher/key (or voucher/cipher key change) between the area, this TRU is with Initiation one and new voucher/cipher key change of trusting between the regional node, i.e. step 96.Trust after the area finishes with the voucher/cipher key change of other relevant authentications agreements new, this TRU then serves and is connected to old trust region, i.e. step 98; Have the newcomer to leave or add fashionablely at trust region, will promote or reduce its desired fail safe level, it can cause the change of instruction equally in voucher/key; When such situation will be left the company with various passwords with general employee, it was similar that all passwords all can change after he leaves.
Though be not absolute demand, the user in order to provide TRU safety/trust to ensure can use one safety/trusted indicator; Fig. 9 has described an embodiment of such designator.As shown in Figure 9, be to use a pair of light to show that (for example ruddiness or green glow) indicates whether to reach a specific safety/trust level; For example, green glow represents to reach a specific safety/trust level, and ruddiness then represents also not reach such level; The user can select not transmit a credit card and buy information when seeing the ruddiness designator, till the green glow designator occurring.
Another kind of designator as shown in figure 10 is to be a strip designator, its Length Indication the level of safety/trust; For example, in the embodiment of Figure 10, long strip designator is represented higher safety/trust level.Another kind of designator as shown in figure 11 then has one and trusts an axle (T) and a safety axle (S), also can use varying number and more the more options kind axially.
The designator of another kind of form can be integrated in TRU and/or the hardware/software, when not reaching particular safety/trust level, can avoid carrying out specific function; For example, when fail safe and degree of belief are lower than a certain level, just can't carry out the exchange of Financial Information.In addition, also can to select an instant process symbol to indicate the exchange of some information of user be unsafe or carry out on un-trusted node, and the suggestion user does not temporarily carry out such information exchange; Yet the user also can ignore this suggestion by examination one suitable input, for example click a button or import a fail safe and force sign indicating number, in such circumstances, issuable consequence during the user must bear and transmit.
Another kind can with the aforementioned techniques while or the safety of several applications/trust level identification technique be the fail safe map, this map has been indicated specific region and the fail safe level relevant with this zone, and this fail safe level can be indicated by color, safety code, secure digital or other technologies; Therefore, the user can select to move or wait for, is arranged in a zone with higher safety/trust level up to this user and just begins transaction.
Though voucher/key transmits information and can transmit in the Wireless/wired channel that exists, signal or broadcasting, so it must transmit such information in safe lane.Preferably, these channels have low-level detecting, are better than existing information unless the user has one.In addition, the maltilevel security channel can be present in the various abstract levels, and for example a safe lane can be present in first group that is arranged on one or more built-in channel, and as a wireless frequency mark, level-0, waveform or symbol level; Or be stored in second group that is arranged in one or more physical channel (level-1), bit level; Or be stored in the 3rd group of level 2-7, bit grouping level and media access control (MAC) header.
In order to make the more difficult detecting of safe lane, use multiple technology and/or utilize multiple level to produce safe lane to make us wishing.Detailed says, a safe lane that is present in physical layer level and application level is difficult to detect if lack the prior knowledge of its structure and existence in it is all.That is to say that a safe lane that utilizes the correction of a pair of error coding and waveform to derive is difficult to be detected in combination.In addition, perhaps the data that spread on the safe lane to be transmitted can divide and transmit at different time points.Because safe lane is not the present that is constant, so its detecting is difficult, only allows and recovers from the data of these channels.
The data that spread on the safe lane to be transmitted also may transmit via different service quality (QoS).Detailed says, the safe lane control data also may transmit with a QoS higher than other data.
Safe lane transports security credence/key, watermark, stamped signature and other security information.This channel and transport the relevant data of institutional framework, control, signal, translation data and other non-safeties.The quantity that data are transported on this channel is the execution according to safe lane.General, the data volume of on such channel, being transported, because its desired transparency, therefore the data upwards of movement compared to pairing channel in their extraction layer is quite few.
The use of specific safe lane considers that multiple TRUs collectively exchanges as data such as voucher/keys.Detailed says, one the one TRU can embed one first voucher in a safe lane, one the 2nd TRU also can the rest may be inferred ground embed one second voucher.Therefore, these vouchers can be combined and also can be relatively in the consistency of different communication voucher/key, watermark and stamped signature etc.In addition, by each TRU add a voucher, audit trail in the TRUs data that transmitted can be utilized.Such technology has reduced that passage is opened and the possibility of unwarranted user access data.This safe lane can be that a point-to-point channel, is shared a channel or a conventional channel.
Can be specified by voucher/key that each TRU added via a control loop.Described control loop can calculate via a cognition that transmits control signal and drive.Described control signal provides the user to be used for the rule of safe lane input.
The safe lane type can be selected according to performance standard (for example transporting the easness of quantity, visual degree, detecting and the intensity of watermark/stamped signature).Detailed says, different digital watermarks has different frequency ranges.Therefore, can spread over the data of transporting in the channel is to be subject to this frequency range.Compromise being present between the easness of visual degree and detecting.One easily detecting and the watermark that can change accordingly is general that unwarranted user is had more visuality.In addition, the intensity in fail safe road (difficulty of damage) also is associated with the type of employed watermark/stamped signature.A kind of mechanism in order to control watermark grade is to be a control loop.Along with the increase of safety/trust demand, the intensity of watermark/stamped signature also increases.This loop also can be defined as the more needs of the safe lane of multidata, extra voucher/key and a multiple level of voucher/key increase.
In some cases, when the primary channel of a safe lane is not when being present, keep its safe lane and make us wishing.Detailed says, for a delayed data, a channel can be non-present in some period.If described safe lane or its some are to embed in the described channel, the data of incorrect (but effective) may transmit in described channel so that can there be (if possible) in described safe lane or have the minuent property detected.
In order to increase the easness of the data recovery that spreads on the safe lane, identical data can be uploaded in multiple level and send.Detailed says, a Simulated Water that is embedded in a waveform is imprinted under the situation of some channel may be difficult to decoding.Yet,,, still might be decodable because data transmit different person's characters in the data that application level transmitted.Therefore, the channel of specific TRU possible loss one safe lane or part and still can keep its fail safe.Under these circumstances, this TRU who suffers a calamity or disaster may require a change on the safe lane type to improve the QoS of its whole safe lane.
Channel safe in utilization can quicken the notion of common TRU peer assessment.Each TRU in group may go to verify the problem of specific authentication/fail safe/degree of belief.In order more to clearly demonstrate, the TRU of a swindle can produce and its hardware, position, outside relevant vouchers such as interference level.And a network node can authenticate the hardware data that may be taken advantage of puppet by the TRU of this swindle.Yet other TRUs can verify the position of TRUs in group, similarly be one near not sensing the TRU of swindle and measuring the TRU of that position that complete different dry disturbs.Therefore, network may stop this TRU or force it to authenticate again.
The responding communication definition list (response scenario) that uses collaborative TRUs also can quicken to query, if a node is thought when a TRU is not the TRU of an authentication, node can send to query gives this TRU, this query may be the request of the relevant cryptographic key context of request, and the TRUs of other trusts may be used to judge whether response is correct and whether has unverified TRU to exist.For instance, node may ask to comprise the voucher/key of interferometry and positional information.If when the TRU of the trust in similar position had an inconsistent interferometry, the TRU that is queried may not can be authorized to access or is interrupted access by wireless network.
Though being the preferred embodiments with particular combinations, feature of this case and element describe, each feature or element all can be used alone (not having other features or element in the preferred embodiment), or use to have or not have other the sharp features of preferable enforcement and the various combination of element.
Claims (2)
1. a transmission/receiving element (TRU) comprises:
One TRU specific credential/key generation apparatus, in order to produce one voucher/key, described voucher/key is to derive from the information that is associated with described TRU;
One watermark/stamped signature/encrypted code generation device has and is configured to receive described voucher/key and to produce an input of one watermark/stamped signature/encrypted code; And
One watermark insertion/stamped signature insertion/encryption device has and is configured to the input that receives a signal of communication and is configured to produce an output that is used for the watermark insertion/stamped signature insertion/coded signal of wireless transmission.
2. transmission/receiving element according to claim 1 (TRU) more comprises:
One voucher/key recovery device is in order to recover one voucher/key from wireless the sending that receives.
Applications Claiming Priority (4)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US52495903P | 2003-11-24 | 2003-11-24 | |
| US60/524,959 | 2003-11-24 | ||
| US60/536,133 | 2004-01-13 | ||
| US60/545,678 | 2004-02-18 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN2785271Y true CN2785271Y (en) | 2006-05-31 |
Family
ID=36772232
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200420057350 Expired - Lifetime CN2785271Y (en) | 2003-11-24 | 2004-11-24 | Transmitting/receiving unit using radio communication warrant/key |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN2785271Y (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101980558A (en) * | 2010-11-16 | 2011-02-23 | 北京航空航天大学 | Method for encryption authentication on Ad hoc network transmission layer protocol |
| CN102546090A (en) * | 2010-12-27 | 2012-07-04 | 财团法人工业技术研究院 | Digital information encoding method, digital information decoding method, information transmission device, and information management device |
-
2004
- 2004-11-24 CN CN 200420057350 patent/CN2785271Y/en not_active Expired - Lifetime
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101980558A (en) * | 2010-11-16 | 2011-02-23 | 北京航空航天大学 | Method for encryption authentication on Ad hoc network transmission layer protocol |
| CN101980558B (en) * | 2010-11-16 | 2012-07-11 | 北京航空航天大学 | Method for encryption authentication on Ad hoc network transmission layer protocol |
| CN102546090A (en) * | 2010-12-27 | 2012-07-04 | 财团法人工业技术研究院 | Digital information encoding method, digital information decoding method, information transmission device, and information management device |
| US8909544B2 (en) | 2010-12-27 | 2014-12-09 | Industrial Technology Research Institute | Method for encoding or decoding digital data, data disseminating device and data managing device |
| US9088401B2 (en) | 2010-12-27 | 2015-07-21 | Industrial Technology Research Institute | Method for decoding digital data and data managing device |
| CN102546090B (en) * | 2010-12-27 | 2015-11-25 | 财团法人工业技术研究院 | Digital information encoding method, digital information decoding method, information transmission device, and information management device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7532723B2 (en) | Tokens/keys for wireless communications | |
| RU2428808C2 (en) | Method and device to arrange protection of location information and to control access with application of location information | |
| US8726022B2 (en) | Method for the access of the mobile terminal to the WLAN and for the data communication via the wireless link securely | |
| CN102098670B (en) | Method and system for securing wireless communications | |
| CN101136748B (en) | Identification authentication method and system | |
| US20130089200A1 (en) | Secure data transfer on a handheld communications device | |
| CN103368954B (en) | A kind of smart card registration entry based on password and biological characteristic | |
| US20050226421A1 (en) | Method and system for using watermarks in communication systems | |
| CN1399490A (en) | Safe access method of mobile terminal to radio local area network | |
| CN101645899A (en) | Bidirectional authentication method and system based on symmetric encipherment algorithm | |
| CN105873042A (en) | Lightweight class 5G access authentication method | |
| WO2014177938A2 (en) | Digital credential with embedded authentication instructions | |
| CN1855809A (en) | Securely using a display to exchange information | |
| Karimi et al. | Enhancing security and confidentiality on mobile devices by location-based data encryption | |
| Zheng et al. | Trusted computing-based security architecture for 4G mobile networks | |
| CN108966232B (en) | Service network-based wireless Internet of things physical layer hybrid authentication method and system | |
| CN2785271Y (en) | Transmitting/receiving unit using radio communication warrant/key | |
| CN106412897A (en) | WiFi authentication method based on server | |
| CN1848725A (en) | Securing a communicaton link between devices | |
| CN109995531A (en) | The anti-deception measures of Beidou II system protected based on domestic password and spread spectrum information | |
| CN106911789A (en) | A kind of data transmission method based on user collaborative environment, Transmission system and device | |
| CN114827998A (en) | Satellite terminal network access authentication device based on encryption chip | |
| CN1848134B (en) | Gathering randomness in a wireless smart card reader | |
| CN114980089A (en) | Security protection method and device for multicast or broadcast service data | |
| KR200377246Y1 (en) | Transmit/receive unit using tokens/keys for wireless communications |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CX01 | Expiry of patent term |
Expiration termination date: 20141124 Granted publication date: 20060531 |