JP2007527178A - Traffic encryption key management method and protocol configuration method in wireless portable Internet system, and operation method of traffic encryption key state machine in subscriber terminal - Google Patents

Abstract

The automatically generated traffic encryption key (TEK) periodically updates the TEK used by the subscriber terminal for multicast or broadcast services by the base station. The base station updates the first key update command message to update the group key encryption key (GKEK) for TEK encryption and the second key update command message to update the TEK. Send to the terminal to update the TEK. The base station sets the M & B TEK Grace Time, which is different from the TEK Grace Time set at the subscriber terminal, and the first message including the new GKEK is sent to the subscriber terminal through the M & B TEK Grace Time through the primary management connection. A second message containing a new TEK that was sent earlier and encrypted with the new GKEK is sent further over the broadcast connection after the M & B TEK Grace Time.

Description

 The present invention relates to a traffic encryption key (TEK) management method in a wireless portable Internet system, and more specifically, an encryption key management method for multicast service and broadcast service in a wireless portable Internet system and its protocol. It relates to a configuration method and a method of operation of a traffic encryption key state machine at a subscriber terminal.

 The wireless mobile Internet is a next-generation communication system that further supports mobility to a short-range data communication system that uses a fixed access point (AP) like a conventional wireless LAN. Various standards have been proposed for such a wireless mobile Internet, and international standardization of the mobile Internet is currently being promoted centering on IEEE 802.16. Here, IEEE 802.16 is a standard that basically supports Metropolitan Area Network (MAN), covering the middle area between local information communication network (LAN) and wide area communication network (WAN). Means an information communication network.

In such an IEEE 802.16 wireless MAN system, an encryption function for traffic data is defined in order to provide a service safely. The encryption function for traffic data has emerged as a basic requirement necessary for service stability and network stability.
Currently, in the IEEE 802.16 wireless MAN system, a method for generating and distributing a traffic encryption key is defined in order to encrypt such traffic data. In addition, this traffic encryption key is also updated after a certain period of time in order to maintain security, and a new traffic encryption key is generated and distributed. Through this, the subscriber terminal and the base station share the same traffic encryption key.

 In order to perform authentication and security-related functions, the terminal and the base station use a PKM (Privacy Key Management) -REQ (REQuest) message and a PKM-RSP (ReSPonse) message, which are security key management protocols. The terminal requests assignment of a new traffic encryption key by transmitting a Key Request message, which is one of the PKM-REQ messages, to the base station, or requests a traffic encryption key update. On the other hand, the base station that has received such a message from the terminal transmits a Key Reply message, which is one of the PKM-RSP messages, in response to the successful assignment or update of the traffic encryption key. However, if it fails, a Key Reject message or an Auth Invalid message is transmitted to the terminal. Through such a series of traffic encryption key assignment and update procedures, using the traffic encryption key shared between the terminal and the base station, the traffic data of the wireless section is encrypted and decrypted and transmitted / received To do.

 On the other hand, the multicast encryption and broadcast service traffic encryption key update method in the IEEE 802.16 wireless MAN system is processed in the same manner as the unicast service traffic encryption key update method as described above. That is, when updating and distributing the traffic encryption key for multicast service or broadcast service, all subscribers request the traffic encryption key update, and the base station sends the same traffic encryption key to all Since the traffic encryption key is updated and distributed by individually responding to the subscriber, the usage load of the radio section signal channel becomes very large. Therefore, updating the traffic encryption key for the multicast service or the broadcast service by the same procedure as the traffic encryption key update method for the unicast service causes a problem that the radio channel resource is used unnecessarily. Therefore, a procedure for effectively reducing the radio channel resource by updating the traffic encryption key for the multicast service or the broadcast service is required.

 Accordingly, an object of the present invention is to solve the above-mentioned problem, and when a traffic encryption key for a multicast service and a broadcast service is updated in a wireless mobile Internet system, the traffic encryption key is automatically generated by a base station. Encryption key management in a wireless mobile Internet system that reduces the usage load of the radio section signal channel when updating the traffic encryption key for multicast service and broadcast service by updating It is an object of the present invention to provide a method and protocol configuration method thereof, and a method of operating a traffic encryption key state machine at a subscriber terminal.

In order to achieve the above object, a traffic encryption key management method in a wireless portable Internet system according to one aspect of the present invention comprises:
A method of managing a traffic encryption key used for encrypting or decrypting traffic data transmitted and received by a base station in a wireless portable Internet system for multicast or broadcast services to wirelessly connected subscriber terminals. And
a) when the specified time has elapsed from the start of the valid time of the current traffic encryption key used to encrypt or decrypt the traffic data currently transmitted to and received from the subscriber terminal, the current traffic encryption Generating a new traffic encryption key to renew the key; and b) the generated new traffic encryption over a broadcast connection to all of the subscriber terminals being provided with the multicast or broadcast service. Sending a key so that the traffic encryption key used at the subscriber terminal is updated.

A traffic encryption key management method in a wireless portable Internet system according to another aspect of the present invention is as follows:
A method of managing a traffic encryption key used for encrypting or decrypting traffic data transmitted and received by a base station in a wireless portable Internet system for multicast or broadcast services to wirelessly connected subscriber terminals. And
a) before a specific time elapses from the start of the valid time of the current traffic encryption key used to encrypt or decrypt the traffic data currently transmitted to and received from the subscriber terminal; Generating a specific key to be used for encryption or decryption; b) all of the subscriber terminals being provided with the multicast or broadcast service, through the primary management connection, the generated key Each transmitting a specific key; c) a new traffic encryption to update the current traffic encryption key when the specific time has elapsed since the beginning of the validity time of the current traffic encryption key; Generating a key; and d) said multicast or broadcast service Send the generated new traffic encryption key to all of the provided subscriber terminals through a broadcast connection-where the transmitted traffic encryption key is the new traffic encryption key sent in step b). Encrypted to a specific key-so that the traffic encryption key used at the subscriber terminal is updated.

A traffic encryption key management method in a subscriber terminal of a wireless portable Internet system according to still another aspect of the present invention is as follows.
A subscriber terminal wirelessly connected to a base station in a wireless portable Internet system manages a traffic encryption key used to encrypt or decrypt traffic data transmitted to and received from the base station for multicast or broadcast services. A method,
a) receiving a new traffic encryption key from the base station through a broadcast connection; and b) updating the current traffic encryption key to the received new traffic encryption key, and thereafter Using the updated new traffic encryption key when encrypting or decrypting traffic data to and from the station.

A traffic encryption key management method in a subscriber terminal of a wireless portable Internet system according to still another aspect of the present invention is as follows.
A subscriber terminal wirelessly connected to a base station in a wireless portable Internet system manages a traffic encryption key used to encrypt or decrypt traffic data transmitted to and received from the base station for multicast or broadcast services. A method,
a) receiving a new specific key used to decrypt a traffic encryption key from the base station over a primary management connection; b) receiving a current specific key from the received new specific key C) a new traffic encryption key over the broadcast connection from the base station-where the new traffic encryption key is encrypted into the new specific key received in step b) And d) decrypting the received new traffic encryption key into the new specific key received in step b) to update the current traffic encryption key. When the traffic data to be transmitted / received to / from the base station is encrypted or decrypted thereafter, the updated new traffic is transmitted. Including; step of using the encryption key.

A protocol configuration method for traffic encryption key management in a wireless portable Internet system according to still another aspect of the present invention includes:
To perform management of a traffic encryption key used for encrypting or decrypting traffic data transmitted and received for a multicast or broadcast service between a subscriber terminal and a base station in a wireless portable Internet system A method for configuring a protocol, comprising:
a) a step of transmitting to the base station using a key request message (Key Request), which is a MAC message, in order for the subscriber station to first request a traffic encryption key; b) receiving by the base station Sending a key reply message to convey the traffic encryption key in response to the key request message; and c) the base station automatically updating the traffic encryption key Using a reply message to transmit to all terminals through a broadcast channel.

A protocol configuration method for traffic encryption key management in a wireless portable Internet system according to still another aspect of the present invention includes:
To perform management of a traffic encryption key used for encrypting or decrypting traffic data transmitted and received for a multicast or broadcast service between a subscriber terminal and a base station in a wireless portable Internet system A method for configuring a protocol, comprising:
a) the subscriber terminal transmitting to the base station using a key request message, which is a MAC message, in order to initially request a traffic encryption key; b) receiving by the base station A MAC message to convey a traffic encryption key and a specific key, where the specific key is used to encrypt the traffic encryption key, in response to the key request message Sending a Key Reply message to the subscriber terminal; c) In order to update the specific key, the base station sends a first key update command message including a new specific key to the MAC Transmitting to the subscriber terminal using a message; and d) the base station sends a new traffic to update the traffic encryption key. A second key update command message including an encryption key, where a new traffic encryption key is encrypted by the new specific key, is transmitted to the subscriber terminal using a MAC message A stage.

A method of operating a traffic encryption key state machine of a terminal in a wireless portable Internet system according to still another aspect of the present invention includes:
A subscriber terminal provided in a subscriber terminal in a wireless portable Internet system and wirelessly connected to the base station encrypts or decrypts traffic data transmitted and received with the base station for multicast or broadcast services. A method of operating a terminal traffic encryption key state machine for managing the traffic encryption key used, comprising:
The terminal transmits a key request message by a key request message transmission event that first requests a traffic encryption key to the base station and waits for an operation (Op Wait); normal operation with the base station A traffic encryption key state machine of the terminal, and in the operation step, the base station automatically generates a traffic encryption key, and A key reply message is transmitted to the terminal through a broadcast channel, and the terminal receives the message and remains in the operation stage again.

A method of operating a traffic encryption key state machine of a terminal in a wireless portable Internet system according to still another aspect of the present invention includes:
A subscriber terminal provided in a subscriber terminal in a wireless portable Internet system and wirelessly connected to the base station encrypts or decrypts traffic data transmitted and received with the base station for multicast or broadcast services. A method of operating a terminal traffic encryption key state machine for managing the traffic encryption key used, comprising:
The terminal transmits a key request message by a key request message transmission event that first requests a traffic encryption key to the base station and waits for an operation (Op Wait); normal operation with the base station An operation stage for performing transmission / reception of traffic data (Operational), and an M & B rekey interim waiting stage for updating a new traffic encryption key automatically generated and transmitted by the base station (M & B Rekey Interim) Wait);
The traffic encryption key state machine includes a first key update that includes a specific key used by the terminal in the operational phase to encrypt and decrypt a traffic encryption key from the base station. Due to the occurrence of an event that a command message has been received, a transition is made to the M & B update provisional standby stage, and in this M & B update provisional standby stage, a second key update instruction message including a traffic encryption key from the base station. In response to the occurrence of an event that the message has been received, the operation is performed again by transitioning to the operation stage.

 Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings so that those skilled in the art can easily implement the embodiments of the present invention. However, the present invention can be realized in various different forms and is not limited to the embodiment described here. In the drawings, parts unnecessary for the description are omitted in order to clearly describe the present invention. Throughout the specification, similar parts are denoted by the same reference numerals.

Hereinafter, a traffic encryption key management method in a wireless portable Internet system according to an embodiment of the present invention will be described in detail with reference to the accompanying drawings.
FIG. 1 is a schematic diagram showing an outline of a wireless portable Internet to which the present invention is applied.
As shown in FIG. 1, a wireless mobile Internet system is basically a subscriber terminal 10, a base station 20, 21 that performs wireless communication with the subscriber terminal 10, and a gateway connected to the base station 20, 21. And an authentication server (AAA server) 40 that is connected to the routers 30 and 31 and performs authentication for the subscriber terminals 20 and 21.
The conventional wireless LAN system such as IEEE 802.11 provides a data communication system capable of wireless communication within a short distance centering on a fixed access point, which provides the mobility of the subscriber terminal. Rather, it has the limitation of supporting short-range data communication simply by non-wired radio.
On the other hand, the wireless portable Internet system being promoted by the IEEE 802.16 group or the like is used even when the subscriber terminal 10 shown in FIG. 1 moves from the cell in charge of the base station 20 to the cell in charge of the base station 21. It guarantees its mobility and provides uninterrupted data communication services.
Therefore, the wireless mobile Internet system supports handover of the subscriber terminal 10 like a mobile communication service, and can also dynamically assign an IP address as the subscriber terminal moves.
Here, the wireless portable Internet subscriber terminal 10 and the base stations 20 and 21 communicate with each other by an orthogonal frequency division multiplexing (hereinafter referred to as OFDMA) method. The OFDMA method is a multiplexing method in which a frequency division method using a plurality of subcarriers of orthogonal frequencies for a plurality of subchannels and a time division method (TDM) are combined. Such an OFDMA scheme is inherently resistant to fading that occurs in multiple paths and has a high data transmission rate.

FIG. 2 is a hierarchical diagram showing a hierarchical structure of the wireless portable Internet system shown in FIG.
As shown in FIG. 2, the hierarchical structure of the IEEE 802.16 wireless portable Internet system is roughly divided into a physical layer (Physical Layer, L10) and a medium access control (Media Access Control; hereinafter referred to as “MAC”) layer (L21). , L22, L23).
The physical layer (L10) is responsible for wireless communication functions performed in the normal physical layer, such as modulation / demodulation and coding.
On the other hand, the wireless portable Internet system does not have a layer that is subdivided according to its function like the wired Internet system, and handles various functions in one MAC layer.
Looking at the sub-layers by function, the MAC layer is divided into a privacy sub-layer (Privacy Sublayer, L21), a MAC common part sub-layer (MAC Common Part Sublayer, L22), a service-specific convergence sub-layer (Service Specific Convergence Sublayer, L23).
The privacy sub-layer (L21) performs device authentication, security key exchange, and encryption functions. Only the device authentication is performed in the privacy sub-layer (L21), and the user authentication is performed in an upper layer (not shown) of the MAC.
The MAC common part sub-layer (L22) is responsible for functions related to system access, bandwidth allocation, traffic connection setting and maintenance, and QoS management as the core part of the MAC layer.
The service-dependent convergence sub-layer (L23) is responsible for the payload header suppression and QoS mapping functions in continuous data communication.

FIG. 3 is a schematic diagram showing a connection structure between the base stations 20 and 21 and the subscriber terminal 10 in the wireless portable Internet system shown in FIG.
As shown in FIG. 3, there is a concept of connection (Connection, C1) between the MAC layer of the subscriber terminal 10 and the MAC layers of the base stations 20 and 21.
Here, the term “concatenation (C1)” means not a physical connection relationship but a logical connection relationship, and transmits and receives traffic for transmitting / receiving a signaling message or for one service flow. Therefore, it is defined as a mapping relationship between the subscriber terminal 10 and the MAC peer hierarchy of the base stations 20 and 21.
Therefore, the various connections set are managed through an arbitrary message and parameters included in the message, and each function is performed by a signal message or traffic data transmitted through the connection.
In addition, the MAC message includes various messages for performing a request (REQ), a response (RSP), and a confirmation (ACK) function for various operations.

FIG. 4 is a flowchart for setting up a connection between a subscriber terminal and a base station in the wireless mobile Internet system shown in FIG.
Referring to FIG. 4, when the subscriber terminal 10 enters the area of the base station 20 (S10), the subscriber terminal 10 first sets up downlink synchronization with the base station 20 and acquires uplink parameters. (S20). For example, the parameter is A channel descriptor message according to characteristics of the physical layer (eg, signal to noise ratio) may be included.
Thereafter, the subscriber terminal 10 and the base station 20 perform a ranging procedure (S30).
Here, the ranging is to correct and match the timing, power, and frequency information between the subscriber terminal 10 and the base station 20, and the initial ranging is performed first, and then the CDMA code is used. Period ranging is performed.
When such a ranging procedure (S30) is completed, negotiations regarding terminal basic functions for connection setting between the subscriber terminal 10 and the base station 20 are performed (S40). If the negotiation for the basic function is completed, the subscriber terminal authentication is performed using the certificate of the subscriber terminal of the base station (S50).
When the authentication of the subscriber terminal 10 is completed and the right to use the wireless mobile Internet is confirmed, the terminal and the base station share the traffic encryption key for each set connection (C1). An encryption key is generated and distributed (S60). After the authentication and traffic encryption key procedure for the subscriber terminal 10 is completed, the base station 20 negotiates and registers the function related to the MAC layer of the subscriber terminal 10 (S70). Thereafter, the base station 20 provides an IP address to the subscriber terminal 20 through the DHCP server or the MIP server, and performs IP connection setting (S80).
In order to provide a full-fledged traffic service to a subscriber terminal given an IP address, the terminal 10 and the base station 20 perform traffic connection setting for each of the service flows (S90).

 As described above, in the wireless portable Internet system through the above steps, since the subscriber terminals 10 and 20 are substantially provided with any multicast service or broadcast service, it is necessary to first encrypt the traffic data. Traffic encryption keys must be distributed. Here, every multicast service or broadcast service has an individual traffic encryption key for encrypting each service traffic data. In other words, all multicast service traffic encryption keys must be different from each other and broadcast service traffic encryption keys. This is to prevent the subscriber terminal from being provided with another multicast service if the subscriber terminal knows the traffic encryption key for one multicast service, and the broadcast service provided through the other service provider. It is to prevent being provided.

FIG. 5 is a flowchart of a traffic encryption key management method in a general wireless portable Internet system.
Referring to FIG. 5, first, the subscriber terminal 10 is first assigned a traffic encryption key for a multicast service or a broadcast service, so that a key request message that is a PKM-REQ message is sent to the base station 20. Is transmitted (S100).
Here, a set including parameters indicating a traffic encryption key, a traffic encryption key sequence number, a traffic encryption key valid time, an encryption algorithm, and the like is expressed as one SA (Security Association), and this SA includes an identifier. SA-ID (Security Association-IDentification) that performs the function is also included. The multicast service and the broadcast service are associated with one different SA. In other words, terminals that are provided with any identical multicast service have the same single SA information, and terminals that are provided with the broadcast service also have the same single SA information. Since SAs related to services and broadcast services are independent of each other, it can be considered that one of these individual services is associated with one SA. Therefore, the key request message includes the SA-ID that is the identifier of the SA related to the service, and as shown in FIG. 5, the traffic encryption key corresponding to the nth SA-ID and the traffic encryption key. This is to request the accompanying information from the base station 20.
The primary management CID for the primary management connection is used in the MAC header of the key request message transmitted from the subscriber terminal 10 to the base station 20. The primary management CID is a CID that is uniquely assigned to each terminal when the base station 20 is initially connected to the subscriber terminal 10, and can distinguish between terminals.

The base station 20 that has received a Key Request message for requesting generation of a traffic encryption key for a multicast service or broadcast service from the subscriber terminal 10 uses a traffic encryption key generation mechanism based on all field values of the received message. After the xth traffic encryption key (TEK _x ) to be assigned to the subscriber terminal 10 is generated, it is transmitted to the subscriber terminal 10 through a Key Reply message that is a key response message (S110). At this time, since the subscriber terminal 10 requests the nth SA, the base station 20 transmits the nth SA included in the key response message. Since the MAC header of the key response message at this time must be transmitted only to the subscriber terminal 10 that has requested the traffic encryption key, the primary management CID included in the MAC header of the Key Request message is used as it is. To do. Thus, the procedure in which the subscriber terminal 10 first distributes the traffic encryption key for any multicast service or broadcast service is completed.
In this way, the subscriber terminal 10 decrypts the traffic data of the service with the xth traffic encryption key for the nth SA generated by the base station. Also, as soon as the subscriber terminal 10 receives the traffic encryption key from the base station 20 through the Key Reply message, the effective lifetime (TEK Active Lifetime) of the traffic encryption key is as shown in FIG. (S120).

Thereafter, the subscriber terminal 10 must periodically update the traffic encryption key in order to be provided with traffic service in a continuous and secure manner. For this purpose, the subscriber terminal 10 internally manages the TEK Grace Time. The TEK Grace Time means a time when the subscriber terminal 10 induces a request for updating the traffic encryption key before the previously assigned traffic encryption key expires. That is, when the TEK Grace Time is activated (S130), the subscriber terminal 10 generates a TEK Refresh Timeout event (S140). In the subscriber terminal 10, a traffic encryption key state machine that performs such a TEK Refresh Timeout event is implemented in software.
By such a TEK Refresh Timeout event (S140), the subscriber terminal 10 transmits a Key Request message, which is a key request message for updating and distributing the traffic encryption key, to the base station 20 (S150). At this time, the transmitted Key Request message includes the same SA-ID, primary management CID, and the like as the Key Request message that first requested the traffic encryption key in the step (S100).

Similarly, the base station 20 that has received the Key Request message requesting to update the traffic encryption key generates an x + 1-th traffic encryption key (TEK _{x + 1} ) as a response message, and uses this traffic encryption key as a Key Reply message. And transmitted to the subscriber terminal 10 (S160). At this time, the MAC header of the Key Reply message also includes the primary management CID used in the MAC header of the Key Reply message in which the traffic encryption key is first distributed in the step (S110), and the Key Request message (S150). Since the SA-ID value of n is n, the Key Reply message similarly includes the nth SA. However, unlike the step (S110), the SA has a traffic encryption key (TEK _{x + 1} ) generated by the base station x + 1th.
Thereafter, as soon as the subscriber terminal 10 receives the x + 1th traffic encryption key generated from the base station 20 as a Key Reply message, the effective lifetime of the x + 1th traffic encryption key is started (S170). The service data provided thereafter is decrypted with the (x + 1) th traffic encryption key. Therefore, the procedure for updating and distributing the traffic encryption key for the multicast service or the broadcast service is completed, and is repeated continuously.

 As described above, in order to update the traffic encryption key supported by the wireless portable Internet system such as the IEEE 802.16 wireless MAN system, the 26-byte Key Request message transmitted from the subscriber terminal 10 to the base station 20; A Key Reply message of up to 84 bytes transmitted by the base station 20 to the subscriber terminal 10 is used, resulting in the subscriber terminal 10 and the key for updating and distributing keys for maintaining the traffic encryption key. A total of 110 bytes of signaling messages are used with the base station 20.

FIG. 6 is a flowchart of a traffic encryption key updating method between a plurality of subscriber terminals and a base station in a general wireless mobile Internet system.
The terminals (10-1, 10-2, 10-3,..., 10-z) shown in FIG. 6 are currently provided with one identical multicast service or identical broadcast service from the base station 20. It is. Here, it is assumed that one multicast service or broadcast service is associated with the nth SA.
All terminals (10-1, 10-2, 10-3,..., 10-z) that have already received the encryption key distribution through the initial key generation process or the previous key update process, each internally A TEK Refresh Timeout event is generated by the same stored TEK Grace Time, and the traffic encryption key of each nth SA is updated by such a TEK Refresh Timeout. 10-2, 10-3,..., 10-z) each transmits a Key Request message to the base station 20 (S150-1, S150-2, S150-3,..., S150-z).
At this time, since the TEK Grace Time point corresponding to the n-th SA of all terminals (10-1, 10-2, 10-3,..., 10-z) is the same, all terminals (10-1 10-2, 10-3,..., 10-z) are transmitted to the base station 20 almost simultaneously. At this time, the Key Request message transmitted by all terminals (10-1, 10-2, 10-3,..., 10-z) includes an SA-ID whose value is n. However, different primary management CIDs that are uniquely assigned to each terminal from the base station at the time of initial connection are used for the MAC header of this Key Request message.
In this way, z terminals (10-1, 10-2, 10-3,..., 10-z) transmit the update request message for the multicast encryption service or broadcast service traffic encryption key currently being serviced. In order to do so, 26 × z bytes are used for each service in the radio channel section at the same time.

Next, each of the base stations 20 that received the nth SA traffic encryption key update request message from the z terminals (10-1, 10-2, 10-3,..., 10-z) , The traffic encryption key of the nth SA is updated, and a Key Reply message including the nth SA is sent as a response message to all terminals (10-1, 10-2, 10-3,..., 10 -Z) at the same time (S160-1, S160-2, S160-3, ..., S160-z). The primary management CID assigned to each terminal (10-1, 10-2, 10-3,..., 10-z) is used for the MAC header of the Key Reply message transmitted at this time. The base station 20 distributes a specific multicast service or broadcast service traffic encryption key to all terminals (10-1, 10-2, 10-3,..., 10-z) one by one. Since a message has to be transmitted, 84 × z bytes are used in the radio channel interval.
In other words, all terminals (10-1, 10-2, 10-3,..., 10-z) provided with a specific multicast service or broadcast service use the same single traffic encryption key as the base station 20. Are used for decrypting the service traffic data. However, in updating the same traffic encryption key, all the terminals (10-1, 10-2, 10-3,..., 10-z) request the update, and the base station as a response thereto The scheme in which 20 distributes the updated traffic encryption key to all the terminals (10-1, 10-2, 10-3,..., 10-z) is inefficient. For example, if z terminals are provided with one multicast service or broadcast service as described above, a total of 110 × z bytes is required to update the traffic encryption key for the service. This results in excessive waste of radio channel signal resources.
That is, in this way, in updating the traffic encryption key for the multicast service or the broadcast service, all the terminals (10-1, 10-2, 10-3,..., 10-z) induces and requests a traffic encryption key update of the service, and the base station 20 responds to this request by the base station 20 to all terminals (10-1, 10-2, 10-3) ,..., 10-z) is to waste a lot of radio channel signal resources at an arbitrary short moment and to cause unnecessary processing amount of the base station 20.

 Therefore, in the embodiment of the present invention, in order to solve the above problem, before the multicast encryption or broadcast service traffic encryption key generated and distributed by the base station to the subscriber terminal expires, the base station The service traffic encryption key is automatically updated and transmitted to a corresponding subscriber terminal through a broadcast signal channel and distributed.

For this purpose, the base station defines and uses a specific time according to an embodiment of the present invention, as shown in FIG.
FIG. 7 is a table showing an operation range of encryption-related PKM parameters for updating a traffic encryption key in the wireless portable Internet system according to the embodiment of the present invention.
M & B (Multicast & Broadcast) TEK Grace Time is added to such a PKM parameter table, and such M & B TEK Grace Time is a parameter stored internally by the base station for multicast service and broadcast service. It means the time when the base station starts updating the traffic encryption key of the service before the traffic encryption key expires. This M & B TEK Grace Time must have a value larger than TEK Grace Time, which means the time when the terminal starts updating before the traffic encryption key expires. The reason for this is that the TEK Grace Time operation at the terminal must update the traffic encryption key for the service at the base station before transmitting the key update message to the base station and transmit it to the terminal. Because it must.

FIG. 8 is a flowchart of a traffic encryption key management method in the wireless portable Internet system according to the first embodiment of the present invention.
Referring to FIG. 8, before a subscriber terminal substantially receives any multicast service or broadcast service, it first receives a distribution of a traffic encryption key necessary for decrypting the service traffic data. There must be. As described above, the process of receiving the traffic encryption key of the service from the base station first from the base station (S200, S210) is the same as that described with reference to FIG. Since it is the same as the key request and process (S100, S110), detailed description is omitted here.
As described above, since the subscriber terminal receives the Key Reply message including the traffic encryption key of the service generated x-th for the n-th SA from the base station, the x-th traffic cipher is received. The valid lifetime of the encryption key is started (S220). During this valid time, the subscriber terminal decrypts and uses the traffic data with the xth traffic encryption key when the service is provided. .

On the other hand, the traffic encryption key of the nth SA must be periodically updated in order for the base station to provide the traffic data of the service to the subscriber terminal continuously and securely.
However, in the first embodiment of the present invention, as described with reference to FIG. 5, the subscriber terminal does not induce the traffic encryption key update by the TEK Grace Time as in the general wireless mobile Internet system. The base station periodically updates the service traffic encryption key. For this purpose, the base station internally manages the M & B TEK Grace Time parameter as described with reference to FIG. 7, but if this M & B TEK Grace Time point is started for each multicast service or broadcast service, (S230) The base station generates an M & B TEK Refresh Timeout event (S240). In the base station, a traffic encryption key state machine that performs such an M & B TEK Refresh Timeout event is implemented in software. Therefore, the base station newly updates the traffic encryption key for the multicast service or the broadcast service through the traffic encryption key state machine according to the M & B TEK Refresh Timeout event. The traffic encryption key updated at this time is the (x + 1) th traffic encryption key.
Thereafter, the base station transmits a Key Reply message including the (x + 1) th traffic encryption key updated for the nth SA to the terminal (S250).
As described above, the TEK Grace Time that is internally managed does not operate for the subscriber terminal that has received the Key Reply message including the traffic encryption key from the base station. That is, unlike a unicast service, a subscriber terminal that is provided with a multicast service or a broadcast service receives a traffic encryption key without requesting a special traffic encryption key for the service.
Thereafter, as soon as the subscriber terminal receives the x + 1th traffic encryption key from the base station through the Key Reply message, the effective lifetime of the x + 1th traffic encryption key is started (S260). Thereafter, the subscriber terminal and the base station encrypt and decrypt the provided service data with the (x + 1) th traffic encryption key.

On the other hand, a broadcast CID is used in the MAC header of the Key Reply message transmitted from the base station to the subscriber terminal, so that an updated traffic encryption is transmitted to all terminals performing the service with a single Key Reply message. The activation key can be made efficient through the broadcast connection. In particular, a traffic encryption key included in a Key Reply message transmitted through a broadcast connection is a traffic encryption key necessary for encrypting any multicast service data, or encrypting any broadcast service data. Although it is necessary to distinguish whether the traffic encryption key is necessary, this is distinguished by the SA-ID of the SA identifier included in the Key Reply message. For example, in FIG. 8, the (x + 1) th traffic encryption key included in the Key Reply message updated and distributed from the base station is used as the nth SA to encrypt the service related to this SA. Only the subscriber terminal using the service related to the SA receives and uses the x + 1-th traffic encryption key.
Here, the key reply message used in a system in which the base station automatically updates the traffic encryption key for the multicast service or the broadcast service has a maximum length of 55 bytes.

FIG. 9 shows a Key Reply message including an updated traffic encryption key, which is updated by the base station and transmitted through the broadcast connection by the subscriber terminal in the wireless portable Internet system according to the first embodiment of the present invention. It is a flowchart of the traffic encryption key management method in a radio | wireless portable internet system when it cannot receive correctly.
From the process in which the subscriber terminal first requests and distributes the traffic encryption key for the multicast service or the broadcast service (S200, S210), the base station starts M & B TEK Grace Time, and the base station automatically performs traffic encryption. The subscriber terminal receives the distribution of the traffic encryption key updated by the base station through the process of updating the encryption key and transmitting the broadcast terminal through the broadcast connection (S220 to S250). However, if the message cannot be normally received from the base station, that is, the terminal that has not received the traffic encryption key distribution abnormally, as described with reference to FIG. The process of requesting renewal of the traffic encryption key and receiving distribution from the base station is performed. That is, the subscriber terminal that has not received the traffic encryption key distribution abnormally starts to operate the TEK Grace Time managed internally (S270). A TEK Refresh Timeout event occurs in the internal traffic encryption key state machine (S280). The subscriber terminal that has not received the traffic encryption key distribution abnormally due to such an event requests the base station for a traffic encryption key of the next period (S285). Accordingly, the subscriber terminal completes the traffic encryption key update by exchanging the Key Request message and the Key Reply message with the base station through the primary management connection, as in the first traffic encryption key procedure. S285, S290). Thereafter, when the valid time of the xth traffic encryption key expires, the valid lifetime of the x + 1th traffic encryption key is started (S295). The service data provided thereafter is decrypted with the (x + 1) th traffic encryption key.

FIG. 10 is a flowchart of a method for updating a traffic encryption key between a plurality of subscriber terminals and a base station in the wireless portable Internet system according to the first embodiment of the present invention.
The subscriber terminals (100-1, 100-2, 100-3,..., 100-z) shown in FIG. 10 are terminals that are currently provided with one identical multicast service or broadcast service. Here, it is assumed that one multicast service or broadcast service is associated with the nth SA.
At this time, the base station 200 internally manages the M & B TEK Grace Time as mentioned in FIG. 7 in order to automatically update the traffic encryption key for the multicast service or the broadcast service. M & B TEK Refresh Timeout event occurs at TEK Grace Time.
When such an M & B TEK Refresh Timeout event occurs, the base station 200 automatically updates the service traffic encryption key, and updates it to all the subscriber terminals (100-1, 100-2, 100-3, .., 100-z), a traffic encryption key is distributed by transmitting one Key Reply message through a broadcast connection (S250-1, S250-2, S250-3,..., S250-z). At this time, in the MAC header of the Key Reply message transmitted to the base station, a broadcast CID that can be transmitted to all the subscriber terminals (100-1, 100-2, 100-3,..., 100-z) at one time. used.

 Therefore, in the method according to the first embodiment of the present invention, the base station 200 updates the traffic encryption key for the specific multicast service or the broadcast service to all terminals (100-1, 100-2, 100-3,...). , 100-z), the signal resources used in the radio channel section are only 55 bytes in total. Compared with this, in the method in which the conventional subscriber terminals (100-1, 100-2, 100-3,..., 100-z) start updating the traffic encryption key for multicast service or broadcast service, z pieces Since the subscriber terminals (100-1, 100-2, 100-3,..., 100-z) require 110 × z bytes of signal resources in total to update the traffic encryption key, the present invention is implemented. It can be seen that the morphological scheme is very efficient. Further, from the standpoint of the base station 200, the conventional subscriber terminals (100-1, 100-2, 100-3,..., 100-z) start updating the traffic encryption key at a moment. Although a very large amount of processing is required to generate the MAC message and the SA, in the method according to the embodiment of the present invention, a subscriber terminal (provided with the multicast service or the broadcast service) with a small amount of processing ( 100-1, 100-2, 100-3,..., 100-z) has an advantage that the traffic encryption key can be stably updated and distributed.

FIG. 11 is a flowchart for encrypting the CID value of the MAC header and the traffic encryption key associated therewith when distributing the traffic encryption key by the traffic encryption key management method in the wireless portable Internet system according to the first embodiment of the present invention. It is a table explaining the relationship between input keys.
In the embodiment of the present invention, when the subscriber terminal 100 distributes the traffic encryption key for multicast service or broadcast service, it can be defined as two types of processes. One is a process of requesting the traffic encryption key for the service in order for the subscriber terminal 100 to be provided with an arbitrary multicast service or broadcast service. In this process, the traffic encryption key is uniformly updated and distributed to the subscriber terminals (100-1, 100-2, 100-3,..., 100-z) that are provided with the service.
At this time, the traffic encryption key distributed by the base station 200 is encrypted using a 3-DES method or AES method algorithm using the input key and transmitted to the subscriber terminal 100.
On the other hand, the subscriber terminal 100 that has received the encrypted traffic encryption key decrypts it using two input keys shared in advance, and has an actual traffic encryption key. In order to maintain the continuous security of the traffic encryption key, the traffic encryption key is updated by the traffic encryption key update process requested by the subscriber terminal 100 and the automatic traffic encryption key update process of the base station 200. The input key used to encrypt changes.

 First, when the subscriber terminal 100 requests a traffic encryption key for the service, the subscriber terminal 100 transmits a Key Request message to the base station 200, and the base station 200 transmits the updated traffic as a response message thereto. A Key Reply message including the encryption key is transmitted to the subscriber terminal 100. In this case, since the Key Request message and the Key Reply message are exchanged between the base station 200 and one subscriber terminal 100, the primary management CID is used as the CID value of the MAC header. That is, the traffic encryption key received through the primary management connection which is a private channel of the subscriber terminal 100 is encrypted through a private key known only to the subscriber terminal 100 and the base station 200. At this time, a KEK (Key Encryption Key) created from the authentication key (AK) of the subscriber terminal 100 is used as the private key. When a traffic encryption key distributed using 128-bit KEK using the primary management CID is encrypted with a 3-DES or AES algorithm, it becomes an input key.

 Next, in the process in which the base station 200 automatically updates the traffic encryption key and distributes it uniformly to the subscriber terminals (100-1, 100-2, 100-3,..., 100-z), A traffic encryption key is transmitted using a Reply message. In this case, the Key Reply message must be transferred to all terminals (100-1, 100-2, 100-3,..., 100-z) receiving the service at the base station 200. The broadcast CID is used as the CID value of the MAC header. In order to transmit the traffic encryption key of the service through the broadcast connection, it has the same private key between the base station 200 and the terminals (100-1, 100-2, 100-3,..., 100-z). This traffic encryption key cannot be encrypted. Therefore, in this case, without using the private key, the base station 200 and all the subscriber terminals (100-1, 100-2, 100-3,..., 100-z) provided with the service The traffic encryption key must be encrypted and distributed with a shared key between. However, this shared key must be unique and secure for each multicast service and only for the broadcast service. The previously distributed traffic encryption key (Old distributed TEK) used for the service traffic data encryption is a shared key having such characteristics. A 64-bit traffic encryption key distributed previously for each multicast service and only for the broadcast service is distributed using the broadcast CID as a 3-DES system or an AES system. This is the input key when encrypting with the algorithm. In the 3-DES method, the previously distributed 64-bit traffic encryption key is used twice for the two input keys, and in the AES method, the 64-bit traffic encryption key previously distributed is used. It is connected and used twice.

Therefore, when the base station 200 updates and distributes the traffic encryption key for multicast service or broadcast service at the request of the subscriber terminal 100, the updated traffic encryption key is encrypted by inputting KEK, When transmitting to the subscriber terminal 100 using the primary management CID and the base station 200 automatically updates and distributes the traffic encryption key for the service, the updated traffic encryption key is previously used for the service. The generated traffic encryption key is input and encrypted, and is transmitted to all terminals (100-1, 100-2, 100-3,..., 100-z) using the broadcast CID. Further, when the traffic encryption key is transmitted through the Key Reply message using the primary management CID, the subscriber terminal 100 decrypts the traffic encryption key using KEK, and the Key Reply message using the broadcast CID. When the traffic encryption key is transmitted through the service encryption key, the traffic encryption key is decrypted using the previously distributed traffic encryption key (Old distributed TEK) for the service.
Therefore, even the traffic encryption key continues to maintain security, and the system can be efficiently operated as a whole by receiving distribution of the traffic encryption key automatically updated from the base station 200 through the broadcast connection. Can do.

Hereinafter, a traffic encryption key management method in a wireless portable Internet system according to a second embodiment of the present invention will be described in detail with reference to the accompanying drawings.
FIG. 12 is a flowchart of a traffic encryption key management method in the wireless portable Internet system according to the second embodiment of the present invention.
Referring to FIG. 12, first, before the subscriber terminal 100 is substantially provided with any multicast service or broadcast service, first, the traffic encryption key necessary for decrypting the service traffic data is determined. Must receive a distribution. As described above, the process in which the subscriber terminal 100 first receives the traffic encryption key of the service from the base station 200 (S300, S310) is the first traffic of the subscriber terminal 100 described with reference to FIG. Since it is the same as the encryption key request and process (S100, S110), detailed description is omitted here. However, at this time, the Key Reply message transmitted from the base station 200 to the subscriber terminal 100 includes GKEK (Group Key Encryption Key) necessary for encrypting the traffic encryption key. Here, GKEK is a key encrypted with the authentication key of the subscriber terminal 100 shared in advance by the subscriber terminal 100 and the base station 200, and is a parameter defined only by the multicast service or the broadcast service.
As described above, when the subscriber terminal 100 receives the Key Reply message including the traffic encryption key of the service generated x-th for the n-th SA from the base station 200, The effective lifetime of the xth traffic encryption key is started (S320), during which the subscriber terminal 100 has the traffic data with the xth traffic encryption key when the service is provided. Is decrypted and used.
On the other hand, the traffic encryption key of the nth SA must be periodically updated in order for the base station to provide the traffic data of the service to the subscriber terminal continuously and securely.

However, in the second embodiment of the present invention, as described with reference to FIG. 5, the subscriber terminal 100 does not induce the traffic encryption key update by the TEK Grace Time as in a general wireless mobile Internet system. The base station 200 periodically updates the service traffic encryption key similar to the first embodiment described with reference to FIGS. 8 to 11, but in the second embodiment of the present invention. As described with reference to FIG. 8 in the first embodiment, the base station 200 does not automatically trigger the traffic encryption key update by unconditionally starting the M & B TEK Grace Time, and before and after the start of the M & B TEK Grace Time. Then, the key update is performed using the Key Update Command message which is two kinds of key update commands. At this time, in the second embodiment of the present invention, as in the first embodiment, the base station 200 manages the M & B TEK Grace Time parameter as described with reference to FIG.
Therefore, in the second embodiment of the present invention, for each multicast service or broadcast service, all terminals (100-1, 100-2, 100-) that are provided with the service before the M & B TEK Grace Time is started. 3, ..., 100-z), the first Key Update Command message is individually transmitted (S330). Through such a message, the base station 200 encrypts the next traffic encryption key to all terminals (100-1, 100-2, 100-3,..., 100-z) provided with the service. Distribute 20 bytes of GKEK required to

On the other hand, when the base station 200 distributes GKEK to all terminals (100-1, 100-2, 100-3,..., 100-z) The first Key Update Command message is distributed over time and transmitted individually.
Therefore, in the step (S330), the MAC header of the Key Update Command message transmitted from the base station 200 to the subscriber terminals (100-1, 100-2, 100-3,..., 100-z) Primary management CID is used to indicate a typical subscriber terminal, and GKEK is an authentication key shared with the subscriber terminal (100-1, 100-2, 100-3,..., 100-z). It is encrypted using a certain AK and transmitted. Thereafter, when the M & B TEK Grace Time is reached for each multicast service or broadcast service (S340), the base station 200 generates an M & B TEK Refresh Timeout event (S350). Similarly, in the base station 200, a traffic encryption key state machine that performs such an M & B TEK Refresh Timeout event is implemented in software.

Accordingly, the base station 200 newly updates the traffic encryption key for the multicast service or the broadcast service through the traffic encryption key state machine according to the M & B TEK Refresh Timeout event. The traffic encryption key updated at this time is the (x + 1) th traffic encryption key.
Thereafter, the base station 200 includes the x + 1th traffic encryption key updated for the nth SA in the subscriber terminals (100-1, 100-2, 100-3, ..., 100-z). The second Key Update Command message is broadcasted at one time (S360). That is, in the step (S360), the Key Update Command message transmitted to the subscriber terminals (100-1, 100-2, 100-3,..., 100-z) is transferred through the broadcast connection, and the MAC of this message is transmitted. Broadcast CID is used for the header. The traffic encryption key transmitted at this time is encrypted and transmitted in the previously assigned GKEK.
In this way, in the subscriber terminal 100 that has received all of the two Key Update Command messages including the GKEK and the traffic encryption key, the internally managed TEK Grace Time does not operate.
Thereafter, when the valid time of the xth traffic encryption key expires, the valid lifetime of the x + 1th traffic encryption key is started (S370). Thereafter, the subscriber terminal 100 and the base station 200 decrypt the provided service data with the (x + 1) th traffic encryption key.

 In order to update the traffic encryption key for the multicast service or the broadcast service proposed in the second embodiment of the present invention, the message Key Update Command is used twice. The first is to distribute the GKEK used to encrypt the traffic encryption key used for the next valid time, and the base station 200 is provided with the service before the M & B TEK Grace Time time. Each of the terminals (100-1, 100-2, 100-3, ..., 100-z) is individually transmitted through the primary management connection. The Key Update Command message at this time has a maximum size of 50 bytes. Next, at the time of M & B TEK Grace Time, which is a timer internally managed by the base station 200, the base station 200 has received all terminals (100-1, 100-2, 100-3,..., 100-z). The traffic encryption key used during the next valid time is broadcasted through a broadcast connection with a single Key Update Command message. At this time, the Key Update Command message including the traffic encryption key has a maximum size of 50 bytes.

FIG. 13 is a flowchart of a method for updating a traffic encryption key between a plurality of subscriber terminals and a base station in a wireless portable Internet system according to a second embodiment of the present invention.
The subscriber terminals (100-1, 100-2, 100-3,..., 100-z) shown in FIG. 13 are terminals that are currently provided with one identical multicast service or broadcast service. Here, it is assumed that one multicast service or broadcast service is associated with the nth SA.
At this time, the base station 200 internally manages the M & B TEK Grace Time as mentioned in FIG. 7 in order to automatically update the traffic encryption key for the multicast service or the broadcast service. Prior to the TEK Grace Time, the base station 200 sends the first Key Update Command to each of all subscriber terminals (100-1, 100-2, 100-3, ..., 100-z) through the primary management connection. Transmit and distribute the GKEK necessary to encrypt the next traffic encryption key (S330-1, S330-2, S330-3,..., S330-z). At this time, the base station 200 transmits Key Update Command messages one by one so that the base station 200 is not loaded over a certain period of time in order to distribute GKEK. Therefore, the primary management CID is used for the MAC header of the Key Update Command message transmitted at this time.
Thereafter, when the M & B TEK Grace Time is reached, an M & B TEK Refresh Timeout event occurs in the base station 200. When such an M & B TEK Refresh Timeout event occurs, the base station 200 automatically updates the traffic encryption key for the service, and all the subscriber terminals (100-1, 100-2, 100-3,..., 100-z) distributes the traffic encryption key by transmitting the second Key Update Command message through the broadcast connection (S360-1, S360-2, S360-3,..., S360-z). At this time, the MAC header of the Key Update Command message transmitted from the base station 200 can be transmitted to all the subscriber terminals (100-1, 100-2, 100-3,..., 100-z) at a time. CID is used.

 Accordingly, in the scheme according to the second embodiment of the present invention, the base station 200 updates the traffic encryption key for the specific multicast service or the broadcast service to obtain z subscriber terminals (100-1, 100-2, 100- 3,..., 100-z), the first Key Update Command message used in the radio channel section is 50 × z bytes in total, and the second Key Update Command message is 50 bytes. That is, the signal resources used are only a total of (50 × z + 50) bytes. Compared with this, in the method in which the conventional subscriber terminals (100-1, 100-2, 100-3,..., 100-z) start updating the traffic encryption key for multicast service or broadcast service, z pieces In order for the subscriber terminals (100-1, 100-2, 100-3,..., 100-z) to update the traffic encryption key, a total (110 × z) bytes of signal resources are required. This indicates that the more terminals that are provided with the multicast service or the broadcast service, the more efficient the scheme according to the second embodiment of the present invention is. Further, from the standpoint of the base station 200, the conventional subscriber terminals (100-1, 100-2, 100-3,..., 100-z) start updating the traffic encryption key in a moment. Although a very large amount of processing is required to generate the message and the SA, the method according to the second embodiment of the present invention distributes the load and provides the multicast service and the broadcast service even with a small amount of processing. The subscriber terminals (100-1, 100-2, 100-3,..., 100-z) have an advantage that the traffic encryption key can be stably updated and distributed.

FIG. 14 is a table showing internal parameters of a traffic encryption key response (Key Reply) message used in the traffic encryption key management method in the wireless portable Internet system according to the second embodiment of the present invention. .
In the steps shown in FIG. 12 (S300, S310), when the subscriber terminal 100 requests the first traffic encryption key for the multicast service or the broadcast service, the base station 200 subscribes a Key Reply message as a response message to this request. (S310). At this time, as shown in FIG. 14, the Key Reply message includes a Key-Sequence-Number indicating a serial number of an authentication key related to a traffic encryption key, an SA-ID that is an identifier of the SA, TEK-Parameters, which are parameters related to a traffic encryption key valid between the traffic encryption key valid time and the next traffic encryption key valid time, and HMAC-Digest for this Key Reply message authentication function are included.

FIG. 15 is a table showing the traffic encryption key related parameters (TEK-Parameters) shown in FIG.
Referring to FIG. 15, GKEK is included in the traffic encryption key related parameters (TEK-Parameters). This GKEK is a group key encryption key (Group Key Encryption Key) as a parameter defined only in the multicast service and the broadcast service. It is a key that is generated randomly and is necessary to encrypt the traffic encryption key. Yes, this GKEK is also encrypted and transmitted by the authentication key (AK) assigned to the subscriber terminal 100.
The traffic encryption key (TEK) is also included in the traffic encryption key related parameters (TEK-Parameters), and is an input key necessary for encrypting traffic data. In order for the base station 200 to securely transmit the traffic encryption key to the subscriber terminal 100 that is providing the service, the traffic encryption key itself is also encrypted and transmitted, and the key used at this time is GKEK. is there. On the other hand, the traffic encryption key for unicast service and the traffic encryption key in the first embodiment of the present invention are encrypted by KEK.

In addition, the traffic encryption key related parameters (TEK-Parameters) include the traffic encryption key lifetime (Key-Lifetime), the traffic encryption key sequence number, and the role of the input key required to encrypt the traffic data. CBC (Cipher Block Chaining) -IV (Initialization Vector) is included.
In particular, in the multicast service and the broadcast service, unlike the unicast service, the GKEK and the traffic encryption key are the same for each multicast service and each broadcast service. That is, all terminals (100-1, 100-2, 100-3,..., 100-z) that are provided with the multicast service or the broadcast service share the same GKEK and traffic encryption key. The GKEK and the traffic encryption key at this time are randomly generated by the base station 200 or the authentication server (AAA). The standard varies depending on the range in which such a service is managed, but if the range is a single base station, the base station 200 generates a GKEK and a traffic encryption key. If so, the authentication server (AAA) generates this key. Further, the GKEK sequence number and valid time are applied in the same manner as the traffic encryption key sequence number and valid time.

FIG. 16 is a table illustrating internal parameters of a key update command message used in the traffic encryption key management method in the wireless portable Internet system according to the second embodiment of the present invention.
Referring to FIG. 16, the Key Update Command message is a message defined only for the multicast service and the broadcast service, and includes the following parameters.
First, a Key-Sequence-Number indicating an authentication key serial number relating to a traffic encryption key (TEK) newly distributed through a Key Update Command message and an SA-ID which is an identifier of the SA are included.
Further, there are two types of Key Update Command messages as shown in FIG. 12, and includes a key push mode which is a code for distinguishing between them.
Also, HMAC-Digest is used for authentication of the Key Update Command message itself. At this time, a key push counter is included to prevent a replay attack. This key push counter is a parameter that the base station 200 manages for each multicast service or broadcast service, and is a 2-byte parameter that is incremented by 1 each time this Key Update Command message is transmitted.
Further, TEK-Parameters defined in FIG. 15 are included, and HMAC-Digest for the authentication function is also included.
In particular, in order to update GKEK, the first Key Update Command message transmitted to each of all terminals (100-1, 100-2, 100-3,..., 100-z) provided with the service. And the second to simultaneously transmit to all terminals (100-1, 100-2, 100-3,..., 100-z) provided with the service to update the traffic encryption key through the broadcast connection. The parameters included in the Key Update Command message are different.
That is, the first and second Key Update Command messages include the authentication key Key-Sequence-Number excluding TEK-Parameters, SA-ID, Key push modes, Key Push Counter, and HMAC-Digest in common. Has been. However, among the secondary parameters included in TEK-Parameters, GKEK and Key-Sequence-Number for traffic encryption key are included in the first Key Update Command message, and the traffic encryption key (TEK) and traffic encryption key are included. The key-lifetime, the traffic encryption key sequence number, and the CBC-IV are included in the second Key Update Command message.

FIG. 17 is a diagram showing a table expressing the Key push modes parameter shown in FIG.
This Key push modes is a code that distinguishes the usage of the Key Update Command message. In updating the traffic encryption key for the multicast service or the broadcast service, the base station 200 transmits two Key Update Command messages to the subscriber terminal 100. The first Key Update Command message is used to update GKEK, and the second Key Update Command message is used to update the actual traffic encryption key and distribute it to the subscriber terminal 100. Therefore, the usage of the Key Update Command message appears by this Key push modes, and referring to FIG. 17, when the value is 0, it is the first Key Update Command usage for updating GKEK. When the value is 1, it indicates that the second key update command is used to update the traffic encryption key. Therefore, in the subscriber terminal 100, the usage can be understood by looking at such a key push modes parameter value.

FIG. 18 is a diagram showing a table representing input keys used when generating the HMAC-Digest parameter shown in FIG.
In order to authenticate the Key Update Command message used in the second embodiment of the present invention, HMAC-Digest is required, but an HMAC authentication key (HMAC authentication key) of the Key Update Command message that is a downlink message is generated. The input key used when doing this depends on the Key Update Command message, ie, Key push modes.
The first Key Update Command message transmitted separately to each of all the subscriber terminals provided with the multicast service or the broadcast service, that is, the input key for creating the HMAC authentication key when the Key push modes is the GKEK update mode, An authentication key (AK) distributed in advance to the subscriber terminal. In contrast, a second Key Update Command message transmitted simultaneously to all terminals to which the service is provided, that is, necessary to generate an HMAC authentication key when Key push modes is TEK update mode. The input key is a GKEK distributed through a Key Update Command message in the GKEK update mode. Since the TEK update mode Key Update Command message is broadcasted, all subscriber terminals (100-1, 100-2, 100-3,..., 100-z) provided with the service receive this message. Must be able to authenticate. Therefore, not only the base station 200 but also all the subscriber terminals (100-1, 100-2, 100-3,..., 100-z) that are provided with the service are securely shared by GKEK. Because.
In addition, a key push counter is used as another input key used for this HMAC authentication key, and this key push counter is incremented by 1 for each key update command message, so that this key update command message is increased. Prevent replay attacks.
The following example is given as one method for generating a downlink HMAC authentication key used for each key update command message authentication.
HMAC_KEY_D = SHA (H_PAD_D | KeyIN | Key Push Counter)
With H_PAD_D = 0x3A repeated 64 times.
The downlink HMAC authentication key is generated using a SHA (Secure Hash Algorithm) method. Here, SHA is an algorithm defined in SHA (Secure Hash Standard) developed by the US NIST. In generating the downlink HMAC authentication key, H_PAD_D, KeyIN and Key Push Counter having a value obtained by repeating the value of 0x3A only 64 times are connected and input. Here, KeyIN is an authentication key of the subscriber terminal in the first key update command message, and is a GKEK managed for each multicast service or each broadcast service in the second key update command message.

On the other hand, as shown in FIG. 12, the base station 200 automatically updates the traffic encryption key through two Key Update Command messages and distributes the traffic encryption key to the subscriber terminal 100. A case where the two types of Key Update Command messages cannot be correctly received will be described with reference to FIG.
Referring to FIG. 19, the subscriber station 100 receives the traffic encryption key distribution of the service first from the base station 200 (S300, S310), and the base station 200 uses the internal M & B TEK Grace Time as a reference. The first key update command message in the GKEK update mode and the second key update command message in the TEK update mode are transmitted in the same way until the process (S360) of transmitting the service to the terminal 100 provided with the service. .
However, in such a process, when the subscriber terminal 100 has not received one of the two Key Update Command messages transferred from the base station 200 normally, that is, the traffic is abnormal. When the encryption key distribution cannot be received, the terminal 100 requests the base station 200 to update the traffic encryption key individually as described with reference to FIG. Through the process of receiving distribution from. That is, in the subscriber terminal 100 that has not received the traffic encryption key distribution abnormally, the internally managed TEK Grace Time operates (S380), and the traffic inside the subscriber terminal 100 is operated. A TEK Refresh Timeout event is generated in the encryption key state machine (S390). When such an event occurs, the subscriber terminal 100 requests the base station 200 for a traffic encryption key of the next cycle (S400). Therefore, similarly to the initial traffic encryption key procedure, the subscriber terminal 100 completes the traffic encryption key update by exchanging the Key Request message and the Key Reply message with the base station through the primary management connection. (S400, S410). Thereafter, when the valid time of the xth traffic encryption key expires, the valid lifetime of the x + 1th traffic encryption key is started (S420). The service data provided thereafter is decrypted by the (x + 1) th traffic encryption key.

FIG. 20 is transmitted in the Key Reply message according to the traffic encryption key request status of the subscriber terminal in the traffic encryption key management method in the abnormal case of the second embodiment shown in FIG. It is a table which shows TEK-Parameters information.
Referring to FIG. 19, the subscriber terminal 100 can transmit a Key Request message, which is a traffic encryption key request message, to the base station 200 at various points in time.
First, since the subscriber terminal 100 is provided with an arbitrary multicast service or broadcast service, a traffic encryption key can be requested first through a Key Request message at any time. The base station 200 that has received such a Key Request message has received an internal key reply message that is a traffic encryption key response message to be transmitted to the subscriber terminal 100 with reference to the M & B TEK Grace Time that is internally managed. Configure the parameters differently.

For example, referring to FIG. 19, when the base station 200 first receives a Key Request message requesting a traffic encryption key from the subscriber terminal 100 before the M & B TEK Grace Time start time (a) (Initial TEK). response) transmits a Key Reply message including TEK-Parameters valid for the current period of the service to the subscriber terminal 100.
In contrast, when the base station 200 receives a Key Request message for requesting a traffic encryption key from the subscriber terminal 100 after the M & B TEK Grace Time start time (a) (Initial TEK response), The subscriber terminal receives a Key Reply message including all TEK-Parameters (TEK-Parameters _C ) effective during the current period of the service and effective TEK-Parameters (TEK-Parameters _N ) during the next period. 200. This is because the base station before the time (a) when a valid traffic encryption key is disclosed to all terminals (100-1, 100-2, 100-3,..., 100-z) during the next period. TEK-Parameters (TEK-Parameters N) information 200 is a traffic encryption key-related parameter valid for the next period for any terminal (100-1, 100-2, 100-3,..., 100-z). There is an advantage that the amount of the Key Reply message which is a traffic encryption key response message can be reduced.
Also, when a traffic encryption key valid for the next period is disclosed to the terminals (100-1, 100-2, 100-3,..., 100-z) provided with the service (a) Thereafter, the base station 200 sends a TEK valid not only for the current period but also for the next period to the terminals (100-1, 100-2, 100-3,..., 100-z) that have requested the traffic encryption key. By transmitting -Parameters (TEK-Parameters _N ), the terminal 100 does not request a valid traffic encryption key during the next period after the start time (a) of the managed TEK Grace Time. It is to make it.
If the subscriber terminal 100 requests a new traffic encryption key after the TEK Grace Time start time (a), such a request is a request for updating the traffic encryption key (TEK update response). The base station 200 transmits a Key Reply message including only valid TEK-Parameters (TEK-Parameters _N ) to the subscriber terminal 100 during the next period. This is because the subscriber terminal 100 is currently receiving the service and therefore already has TEK-Parameters (TEK-Parameters _C ) valid for the current period. Therefore, there is an advantage that unnecessary information can be reduced when a key reply message, which is a traffic encryption key response message, is transmitted.

FIG. 21 is a state transition diagram of a traffic encryption key state machine internally managed by the subscriber terminal 100 in the traffic encryption key management method in the wireless portable Internet system according to the first embodiment of the present invention. FIG. 22 is a table showing the state transitions shown in FIG.
Regardless of the unicast service, the multicast service, or the broadcast service, the subscriber terminal 100 and the base station 200 follow the flow of the traffic encryption key state machine transition diagram for all services, corresponding to the multicast and broadcast services, Contains up to two traffic encryption key state machines. Hereinafter, the flow of the traffic encryption key state machine will be described focusing on the subscriber terminal 100. Such a flow can be referred to by the base station 200 by the occurrence of each event.

First, when the subscriber terminal 100 starts up in a normal state and becomes wirelessly communicable with the base station 200, the traffic encryption key state machine starts in the “Start” state (A).
Thereafter, as shown in FIG. 8, when the subscriber terminal 100 is to be provided with a multicast service or a broadcast service, it sends a Key Request message to the base station 200 to obtain a traffic encryption key for the service. When the requesting and waiting operation (Authorized, 2) occurs, the traffic encryption key state machine transitions to the “Op Wait” state (B).
If an operation (Key Reply, 8) in which the subscriber terminal 100 normally receives distribution of the traffic encryption key through the Key Reply message occurs, the distributed traffic encryption key is shared with the base station 200. Thus, the state transits to the “Operational” state (D) where data transmission is possible.
However, if an operation (Key Reject, 9) for receiving a Key Reject message from the base station 200 occurs in the “Op Wait” state (B), the state transits again to the “Start” state (A).
On the other hand, while the traffic encryption key state machine normally receives the traffic encryption key and waits in the “Operational” state (D), the subscriber terminal 100 moves from the base station 200 to the M & B after a certain period of time elapses. If the automatically updated traffic encryption key at the time of TEK Grace Time is transmitted through the Key Reply message, event 8 called Key Reply is generated in the internal traffic encryption key state machine, and the traffic encryption key state machine In the "Operational" state (D) that had an existing valid traffic encryption key, the newly updated SA is stored in the authentication and security database and remains in the "Operational" state (D) again. .
However, as described with reference to FIG. 9, when the subscriber terminal 100 cannot normally receive the Key Reply message for automatically updating the traffic encryption key from the base station 200 in the “Operational” state, the TEK Grace Time starts. Then, an event 7 called TEK Refresh Timeout is generated in the internal traffic encryption key state machine, and a transition is made to the “Rekey Wait” state (E). At the same time, a Key Request message is transmitted to the base station 200 and a valid traffic encryption key is requested for the next period.
Thereafter, when receiving a Key Reply message including a traffic encryption key from the base station 200 from the “Rekey Wait” state (E), the subscriber terminal 100 generates a Key Reply event 8 to generate the traffic encryption key. The state machine is again shifted to the “Operational” state (D) so that data transmission using the traffic encryption key can be performed normally.
Here, maintaining the “Operational” state (D) again by the occurrence of the Key Reply event 8 in the “Operational” state (D) is specified only for the multicast service and the broadcast service according to the first embodiment of the present invention. It has been done.
In addition to the above, there are other “Op Reauth Wait” state (C) and “Rekey Reauth Wait” state (F) in which the traffic encryption key state machine can be located. Therefore, even if the description is omitted here, it will be easily understood by those skilled in the art.

FIG. 23 is a state transition diagram of the traffic encryption key state machine of the subscriber terminal in the traffic encryption key management method in the wireless portable Internet system according to the second embodiment of the present invention, and FIG. 24 is shown in FIG. It is the table which arranged and showed the state transition which was done.
23 and FIG. 24 are similar to the case of the first embodiment of the present invention described with reference to FIGS. 21 and 22, and here, are specific to the second embodiment of the present invention. Only a part will be described.

It is the same until the traffic encryption key state machine of the subscriber terminal 100 first receives the traffic encryption key from the base station 200 first and waits in the “Operational” state (D).
Thereafter, while the traffic encryption key state machine remains in the “Operational” state (D), the subscriber terminal 100 can receive a Key Update Command message in GKEK update mode from the base station 200 before the M & B TEK Grace Time. For example, an event 10 called GKEK updated is generated in the internal traffic encryption key state machine, which causes the traffic encryption key state machine to transition to the “M & B Rekey Interim Wait” state (G). Wait for the updated key to be transmitted.
Next, after the M & B TEK Grace Time, the base station 200 broadcasts a TEK update mode Key Update Command message to the subscriber terminal 100 via a broadcast connection, and the subscriber terminal 100 that has received the message updates the internal traffic encryption. An event 11 called TEK updated is generated in the key state machine, and the state is again changed to the “Operational” state (D).
However, as described with reference to FIG. 19, the subscriber terminal 100 that has not successfully received the Key Update Command message in the TEK update mode in the “M & B Rekey Interim Wait” state (G) is internally managed TEK Grace Time. When the event occurs, an event 7 called TEK Refresh Timeout is generated in the internal traffic encryption key state machine, and a transition is made to the “Rekey Wait” state (E). At the same time, the base station 200 requests a traffic encryption key valid for the next period through the Key Request message.
On the other hand, if the subscriber terminal 100 cannot successfully receive the Key Update Command message in the GKEK update mode in the “Operational” state, the TEK Refresh Timeout is displayed in the internal traffic encryption key state machine at the time of TEK Grace Time. Event 7 is generated, and the state is changed to the “Rekey Wait” state (E). Similarly, a valid traffic encryption key is requested to the base station 200 during the next period through a Key Request message.
Next, when the subscriber terminal 100 receives a Key Reply message including a traffic encryption key from the base station 200 from the “Rekey Wait” state (E) according to the two types of cases described above, it sends a Key Reply 8 event. And cause the traffic encryption key state machine to transition again to the “Operational” state (D).
Here, the transition from the “Operational” state (D) to the “M & B Rekey Interim Wait” state (G) by the occurrence of the GKEK update event 10 and the occurrence of the TEK Refresh Timeout event 7 from the “M & B Rekey Interim Wait” state (G). The transition to the “Rekey Wait” state (E) and the transition to the “Operational” state (D) due to the occurrence of the TEK update event 11 are defined only for the multicast service and the broadcast service according to the second embodiment of the present invention. That is.
In addition to the above, there are other “Op Reauth Wait” state (C) and “Rekey Reauth Wait” state (F) in which the traffic encryption key state machine can be located. Therefore, even if the description is omitted here, it will be easily understood by those skilled in the art.

 As mentioned above, although preferable embodiment of this invention was described in detail, this invention is not limited to this, Other various changes and deformation | transformation are possible.

The present invention defines a method for managing traffic encryption keys for multicast service and broadcast service in a wireless portable Internet system such as IEEE 802.16 wireless MAN system, and has the following effects.
First, the traffic encryption key for the multicast service and the broadcast service is updated, the base station starts, and the updated key is transmitted to the subscriber terminal that is provided with the service through the broadcast connection, thereby reducing the number of signals. Traffic encryption keys can be updated and distributed even with resources.
Second, the base station automatically updates the traffic encryption keys of the multicast service and the broadcast service, and uses a uniform method for the subscriber terminal, so that the temporary traffic encryption key is transmitted from the subscriber terminal. Since the traffic encryption key can be distributed to all the subscriber terminals with one Key Reply message or two Key Update Command messages without using the request message, from the standpoint of the base station, There is an advantage that the processing amount related to a traffic encryption key is reduced.
Third, when the base station updates the traffic encryption key, the KEK or GKEK necessary for encrypting the traffic encryption key itself is encrypted with the terminal authentication key and transmitted to each of all terminals. Therefore, KEK or GKEK can be distributed safely.
Fourth, even if the traffic encryption key is transmitted to all the subscriber terminals by broadcast, the traffic encryption key itself is encrypted by KEK or GKEK, and the subscriber terminal just receives the distribution of KEK or GKEK. Only has the advantage of being secure because only the traffic encryption key can be decrypted.
Fifth, by periodically updating the traffic encryption key for the multicast service and the broadcast service at the base station, the service can be provided to the subscriber terminal while maintaining strong security for the service.
Sixth, in the case of a multicast service, the SA associated with each multicast service, in particular, the traffic encryption key is different, so that security can be maintained for each multicast service.
Seventh, in the case of a broadcast service, since a unique SA, particularly a traffic encryption key, is managed for each business operator, it is possible to provide a service that can maintain security from the terminals of other business operators.

It is the schematic which showed the outline | summary of the wireless portable internet system to which this invention is applied. FIG. 2 is a hierarchical diagram showing a hierarchical structure of the wireless portable Internet system shown in FIG. 1. FIG. 2 is a schematic diagram illustrating a connection structure between a base station and a subscriber terminal in the wireless portable Internet system shown in FIG. 1. 2 is a flowchart for setting up a connection between a subscriber terminal and a base station in the wireless mobile Internet system shown in FIG. 5 is a flowchart of a traffic encryption key management method in a general wireless portable Internet system. 3 is a flowchart of a method for updating a traffic encryption key between a plurality of subscriber terminals and a base station in a general wireless mobile Internet system. It is the figure which showed the table of the operation | use range of the encryption related PKM parameter for the traffic encryption key update in the wireless portable internet system by 1st Embodiment of this invention. 3 is a flowchart of a traffic encryption key management method in the wireless portable Internet system according to the first embodiment of the present invention. FIG. 9 is a flowchart for a traffic encryption key management method when a subscriber terminal fails to correctly receive a Key Reply message updated by a base station and transmitted through a broadcast connection. 3 is a flowchart of a traffic encryption key update method between a plurality of subscriber terminals and a base station in the wireless portable Internet system according to the first embodiment of the present invention. According to the traffic encryption key management method in the wireless mobile Internet system according to the first embodiment of the present invention, when distributing the traffic encryption key, the CID value of the MAC header and the input key for encrypting the traffic encryption key associated therewith It is a table explaining the relationship between them. 7 is a flowchart of a traffic encryption key management method in a wireless portable Internet system according to a second embodiment of the present invention. 7 is a flowchart of a traffic encryption key update method between a plurality of subscriber terminals and a base station in a wireless portable Internet system according to a second embodiment of the present invention. It is the figure which showed the table which shows the internal parameter of the traffic encryption key response (Key Reply) message used with the traffic encryption key management method in the wireless portable internet system by 2nd Embodiment of this invention. FIG. 15 is a diagram showing a table expressing traffic encryption key related parameters (TEK-Parameters) shown in FIG. 14. It is the figure which showed the table which shows the internal parameter of the key update command (Key Update Command) message used with the traffic encryption key management method in the wireless portable internet system by 2nd Embodiment of this invention. FIG. 17 is a diagram illustrating a table expressing Key push modes parameters illustrated in FIG. 16. FIG. 17 is a diagram showing a table representing input keys used when generating the HMAC-Digest parameter shown in FIG. 16. FIG. 13 is a flowchart for a traffic encryption key management method when the subscriber terminal fails to correctly receive any one of the two Key Update Command messages transmitted by the base station. 19 is a table showing TEK-Parameters information transmitted in the Key Reply message according to the traffic encryption key request status of the subscriber terminal in the abnormal traffic encryption key management method shown in FIG. It is. FIG. 6 is a state transition diagram of a traffic encryption key state machine in the traffic encryption key management method in the wireless portable Internet system according to the first embodiment of the present invention. 22 is a table showing the state transitions shown in FIG. 21 in an organized manner. FIG. 6 is a state transition diagram of a traffic encryption key state machine of a subscriber terminal in a traffic encryption key management method in a wireless portable Internet system according to a second embodiment of the present invention. 24 is a table showing the state transitions shown in FIG.

Explanation of symbols

10 Subscriber terminal 20, 21 Base station 30, 31 Router 40 Authentication server

Claims (45)

A traffic encryption key used for encrypting or decrypting traffic data transmitted and received by a base station in a wireless portable Internet system for multicast or broadcast services to wirelessly connected subscriber terminals In the method of managing
a) when the specified time has elapsed from the start of the valid time of the current traffic encryption key used to encrypt or decrypt the traffic data currently transmitted to and received from the subscriber terminal, the current traffic encryption Generating a new traffic encryption key to renew the key; and b) all of the subscriber terminals being provided with the multicast or broadcast service through the broadcast connection. Transmitting a new traffic encryption key so that the traffic encryption key used at the subscriber terminal is updated;
A traffic encryption key management method in a wireless portable Internet system including: In a method for managing a traffic encryption key used for encrypting or decrypting traffic data transmitted and received by a base station in a wireless mobile Internet system for multicast or broadcast services to wirelessly connected subscriber terminals,
a) before a specific time elapses from the start of the valid time of the current traffic encryption key used to encrypt or decrypt the traffic data currently transmitted to and received from the subscriber terminal; Generating a specific key used to encrypt or decrypt;
b) transmitting each of the generated specific keys to all of the subscriber terminals that are provided with the multicast or broadcast service through a primary management connection;
c) generating a new traffic encryption key to update the current traffic encryption key when the specified time has elapsed since the beginning of the valid time of the current traffic encryption key; and d) The traffic encryption used by the subscriber terminal is transmitted to all the subscriber terminals that are provided with the multicast or broadcast service by transmitting the generated new traffic encryption key through a broadcast connection. Allowing the activation key to be updated;
A traffic encryption key management method in a wireless portable Internet system including:   The specific time is set based on a multimedia encryption / broadcast service traffic encryption key update time (M & B TEK Grace Time) internally managed by the base station, and the expiration time of the current traffic encryption key expires 3. The traffic encryption key management method in the wireless portable Internet system according to claim 1, wherein the time is set to a time before the M & B TEK Grace Time.   In the step b), when the generated new traffic encryption key is transmitted to the subscriber terminal through a broadcast connection, a PKM-RSP (Privacy Key Management Response) message which is a security key management protocol message in IEEE 802.16. 2. The method of managing traffic encryption keys in a wireless portable Internet system according to claim 1, wherein a Key Reply message, which is one of the following messages, is used.   In step a), the generated new traffic encryption key is encrypted by a 3-DES (Data Encryption Standard) method or an AES (Advanced Encryption Standard) method, and uses the current traffic encryption key. 2. The traffic encryption key management method in the wireless portable Internet system according to claim 1, wherein the traffic encryption key is encrypted. Before step a)
i) receiving a request for a traffic encryption key for a multicast or broadcast service from the subscriber terminal in order to be provided with an initial multicast or broadcast service; and ii) traffic encryption for the requested multicast or broadcast service. Generating a key and sending it to the subscriber terminal;
Further including
2. The traffic encryption key management method in a wireless portable Internet system according to claim 1, wherein message transmission / reception with said subscriber terminal is performed through a primary management connection according to IEEE 802.16.   The traffic encryption key generated in step ii) is encrypted by a 3-DES method or an AES method, and encrypted by a KEK (Key Encryption Key) generated from the authentication key (Authentication Key) of the subscriber terminal. The traffic encryption key management method in the wireless portable Internet system according to claim 6, wherein:   In step b), after the generated new traffic encryption key is transmitted to the subscriber terminal and updated, the new traffic is transmitted after the valid time for the already assigned traffic encryption key expires. 2. The method of managing traffic encryption keys in a wireless portable Internet system according to claim 1, wherein an effective time of the encryption key is started. In step b)
The specific key is a group key encryption key (GKEK) that is distributed to all subscriber terminals that are provided with the multicast or broadcast service. 3. A traffic encryption key management method in the wireless portable Internet system according to 2.   The wireless mobile phone according to claim 9, wherein the GKEK is encrypted through an authentication key of the subscriber terminal when the multicast or broadcast service is transmitted to the subscriber terminal. A traffic encryption key management method in an Internet system. Before step a)
i) receiving a request for a traffic encryption key for a multicast or broadcast service from the subscriber terminal in order to be provided with an initial multicast or broadcast service; and ii) traffic encryption for the requested multicast or broadcast service. Generating a key and sending it to the subscriber terminal;
Further including
3. The traffic encryption key management method in the wireless mobile Internet system according to claim 2, wherein message transmission / reception with the subscriber terminal is performed through a primary management connection in IEEE 802.16. In the step ii), when the generated traffic encryption key is transmitted to the subscriber terminal, it is one message of a PKM-RSP (Privacy Key Management Response) message that is a security key management protocol message in IEEE 802.16. Using a key reply message,
The traffic encryption in the wireless portable Internet system according to claim 11, wherein the Key Reply message includes the specific key used for encrypting the traffic encryption key. Key management method.   The GKEK managed by each multicast service or each broadcast service is randomly selected by an authentication server (AAA: Authentication Authorization and Accounting server) connected to the base station or the base station to perform authentication for the subscriber. 13. The traffic encryption key management method in the wireless mobile Internet system according to claim 9, wherein the traffic encryption key management method is generated.   The traffic encryption in the wireless mobile Internet system according to claim 13, wherein the base station randomly generates the GKEK when the range of the multicast or broadcast service is limited to one base station. Key management method.   The traffic encryption in the wireless mobile Internet system according to claim 13, wherein the authentication server randomly generates the GKEK when the range of the multicast or broadcast service is the entire wireless mobile Internet system. Key management method. In step c),
The generated new traffic encryption key is encrypted by a 3-DES method or an AES method, and encrypted by the specific key transmitted to the subscriber terminal in the step b). The traffic encryption key management method in the wireless portable Internet system according to claim 2.   In step d), after the generated new traffic encryption key is transmitted to the subscriber terminal and updated, the new traffic encryption key is activated from the time when the valid time of the current traffic encryption key expires. 3. The traffic encryption key management method in the wireless portable Internet system according to claim 2, wherein an effective time of the encryption key is started. In order to provide a first multicast or broadcast service after the specified time has elapsed since the start of the valid time of the current traffic encryption key, a multicast or broadcast service traffic encryption key is sent from the subscriber terminal. When receiving a request,
All of the current traffic encryption key and the new traffic encryption key generated to update the current encryption key are transmitted to the subscriber terminal that requested the traffic encryption key. The traffic encryption key management method in the wireless portable Internet system according to claim 1 or 2. In order to update the current traffic encryption key in a state where the multicast service or the broadcast service has already been provided after the specific time has elapsed from the start of the valid time of the current traffic encryption key, When receiving a request for a traffic encryption key for multicast or broadcast service from the subscriber terminal,
The wireless mobile Internet according to claim 1 or 2, characterized in that the new traffic encryption key generated for updating the current traffic encryption key is transmitted to the requested subscriber terminal. Traffic encryption key management method in the system.   The traffic encryption key request and transmission operation generated after the specific time has elapsed from the start of the valid time of the current traffic encryption key is individually determined for each base station and each subscriber terminal through a primary management connection. 20. The traffic encryption key management method in the wireless portable Internet system according to claim 18 or 19, characterized in that the method is performed automatically. A subscriber terminal wirelessly connected to a base station in a wireless mobile Internet system manages a traffic encryption key used to encrypt or decrypt traffic data transmitted to and received from the base station for multicast or broadcast services. In the method
a) receiving a new traffic encryption key from the base station through a broadcast connection; and b) updating the current traffic encryption key to the received new traffic encryption key, and thereafter Using the updated new traffic encryption key when encrypting or decrypting traffic data transmitted to and received from a station;
A method for managing a traffic encryption key at a subscriber terminal of a wireless portable Internet system including: A subscriber terminal wirelessly connected to a base station in a wireless mobile Internet system manages a traffic encryption key used to encrypt or decrypt traffic data transmitted to and received from the base station for multicast or broadcast services. In the method
a) New specific key used to decrypt the traffic encryption key from the base station-where the new specific key is encrypted into the authentication key assigned during authentication of each subscriber terminal Received through the primary management connection;
b) updating the current specific key to the received new specific key;
c) A new traffic encryption key from the base station through a broadcast connection, where the new traffic encryption key is encrypted with the new specific key received in step b). And d) decrypting the received new traffic encryption key into the new specific key received in step b) to update the current traffic encryption key, and thereafter Using the updated new traffic encryption key when encrypting or decrypting traffic data transmitted to and received from a station;
A method for managing a traffic encryption key at a subscriber terminal of a wireless portable Internet system including:   The new traffic encryption key is received from the base station after a first specific time has elapsed from the start of the valid time of the current traffic encryption key. Method for managing traffic encryption keys in subscriber terminals of wireless mobile Internet systems in Japan. The new specific key is received from the base station before a first specific time elapses from the start of the valid time of the current traffic encryption key;
The new traffic encryption key is received from the base station after the first specific time has elapsed from the start of the valid time of the current traffic encryption key. Method for managing traffic encryption keys in subscriber terminals of wireless mobile Internet systems in Japan.   The first specific time is set based on a multimedia or broadcast service traffic encryption key update time (M & B TEK Grace Time) internally managed by the base station, and the current traffic encryption key valid time 25. The traffic encryption key management method at the subscriber terminal of the wireless portable Internet system according to claim 23, wherein the time is set to a time before the M & B TEK Grace Time from the expiration of .   If a new traffic encryption key is received from the base station through a broadcast connection before the second specific time elapses, the subscriber terminal makes a request for updating the traffic encryption key by the subscriber terminal itself. 26. The method of managing traffic encryption keys at a subscriber terminal of a wireless portable Internet system according to claim 25, wherein:   The second specific time is set based on a traffic encryption key update time (TEK Grace Time) internally managed by the subscriber terminal, and the TEK from the time when the valid time of the current traffic encryption key expires. 27. The traffic encryption key management method in a subscriber terminal of a wireless portable Internet system according to claim 26, wherein the time is set to a previous time by Grace Time.   28. The traffic encryption key management method in a subscriber terminal of a wireless portable Internet system according to claim 27, wherein the M & B TEK Grace Time is set to be larger than the TEK Grace Time.   After the current traffic encryption key is updated to the new traffic encryption key, the valid time of the new traffic encryption key is started when the valid time of the current traffic encryption key expires. 25. The traffic encryption key management method at a subscriber terminal of a wireless portable Internet system according to claim 23 or 24. If a new traffic encryption key is not received from the base station through a broadcast connection until the second specific time has elapsed,
Requesting and receiving a new traffic encryption key from the base station through a primary management connection to update the current traffic encryption key;
When the current traffic encryption key is updated to the received new traffic encryption key, and the traffic data to be transmitted to and received from the base station is encrypted or decrypted thereafter, the updated new traffic encryption key is used. Using the activation key;
26. A method for managing a traffic encryption key at a subscriber terminal of a wireless portable Internet system according to claim 25. To perform management of a traffic encryption key used for encrypting or decrypting traffic data transmitted and received for a multicast or broadcast service between a subscriber terminal and a base station in a wireless portable Internet system In the method of configuring the protocol:
a) transmitting a key request message for requesting a traffic encryption key from the subscriber terminal to the base station using a MAC message;
b) the base station sends the requested traffic encryption key and a specific key-where the specific key is encrypted as an authentication key assigned to the subscriber terminal; Sending a Key Reply message including-to be used to encrypt the subscriber terminal using a MAC message;
c) In order to update the specific key, the base station transmits a first key update command message including a new specific key to the subscriber terminal using a MAC message. And d) In order to update the traffic encryption key, the base station may use a new traffic encryption key—where the new traffic encryption key is encrypted with the new specific key. Transmitting a second key update command message including-to the subscriber terminal using a MAC message;
A protocol configuration method for traffic encryption key management in a wireless portable Internet system including: In step a),
The key request message is transmitted by a primary management connection through a Key Request message which is one of PKM-REQ (Privacy Key Management Request) messages which are security key management protocol messages in IEEE 802.16. 32. A protocol configuration method for traffic encryption key management in a wireless portable Internet system according to claim 31. In step b)
The key response message is transmitted by a primary management connection through a Key Reply message that is one of PKM-RSP (Privacy Key Management Response) messages that are security key management protocol messages in IEEE 802.16. 32. A protocol configuration method for traffic encryption key management in a wireless portable Internet system according to claim 31.   The specific key is a group key encryption key (GKEK) that is equally distributed to all the subscriber terminals that are provided with the multicast or broadcast service, and is the Key Reply message. The protocol configuration for traffic encryption key management in the wireless portable Internet system according to claim 33, wherein the protocol is transmitted by being included in a traffic encryption key parameter (TEK-Parameters) of the parameters. Method. In step c) and d),
The first key update command message is transferred through a primary management connection,
The second key update command message is transferred through a broadcast connection,
In the first key update command message and the second key update command message,
Subscriber terminal authentication key sequence number parameter, SAID parameter that is an identifier of SA (Security Association), key push mode parameter for distinguishing the first key update command message and the second key update command message A key push counter for preventing a replay attack on the key update command message, a parameter (TEK-Parameters) of information on the traffic encryption key, and the first key update command message and the second key update command 32. The protocol configuration method for traffic encryption key management in the wireless mobile Internet system according to claim 31, wherein a parameter (HMAC-Digest) for authenticating the message itself is included.   The traffic encryption in the wireless portable Internet system according to claim 35, wherein the TEK-Parameters included in the first key update command message includes the GKEK and a traffic encryption key sequence number. Protocol configuration method for key management.   The TEK-Parameters included in the second key update command message include the new traffic encryption key, the valid time of the new traffic encryption key, the new traffic encryption key sequence number, and traffic data. 36. The traffic encryption key in the wireless portable Internet system according to claim 35, further comprising a CBC (Cipher Block Chaining) -IV (Initialization Vector) functioning as an input key necessary for encrypting the mobile phone. Protocol configuration method for management. When generating the HMAC authentication key required as an input key for the downlink when generating the HMAC-Digest included in the key update command message,
The HMAC authentication key is generated using a SHA (Secure Hash Algorithm) method, and as an input key at this time,
In the first key update command message and the second key update command message, a downlink HMAC_PAD_D and a key push counter for preventing a replay attack are used together.
In the first key update command message, an authentication key assigned for each subscriber terminal is used as another input key. In the second key update command message, GKEK transmitted through the first key update command message is used. 36. The protocol configuration method for traffic encryption key management in the wireless portable Internet system according to claim 35, wherein the protocol is used as another input key. Used for encrypting or decrypting traffic data, which is provided in a subscriber terminal in a wireless portable Internet system and wirelessly connected to the base station, transmitted and received with the base station for multicast or broadcast services In a method of operating a traffic encryption key state machine for managing a traffic encryption key to be used,
A key request message is transmitted by a key request message transmission event for requesting a traffic encryption key to the base station, and an operation wait stage (Op Wait) for waiting; and normal traffic data of the base station An operation stage for performing transmission and reception operations (Operational);
The traffic encryption key state machine is
In the operation standby stage, a key response message reception event that receives a traffic encryption key from the base station is generated, and the operation stage is shifted to operate.
A method of operating a traffic encryption key state machine in a wireless portable Internet system, wherein when the key response message including the new traffic encryption key is received in the operation stage, the operation remains in the operation stage. An update waiting step (Rekey Wait) for waiting to update using a new traffic encryption key generated and transmitted at the base station at the request of the subscriber terminal;
If a key response message used to distribute the new traffic encryption key is not received from the base station in the operation stage, a traffic encryption key update event (TEK Refresh Timeout) of the terminal occurs 40. The method according to claim 39, wherein the terminal transmits a key request message to the base station, and the traffic encryption key state machine operates by transitioning to the update waiting stage. A method of operating a traffic encryption key state machine in a wireless portable internet system.   In the update waiting step, the traffic encryption key state machine receives a key reply message including a new traffic encryption key as a response of the base station to the key request message from the terminal. 41. The method of operating a traffic encryption key state machine in a wireless portable Internet system according to claim 40, wherein the operation is performed by transitioning to the operation stage. Used for encrypting or decrypting traffic data, which is provided in a subscriber terminal in a wireless portable Internet system and wirelessly connected to the base station, transmitted and received with the base station for multicast or broadcast services In a method of operating a traffic encryption key state machine for managing a traffic encryption key to be used,
An operation waiting step (Op Wait) of transmitting a key request message by a key request message transmission event for requesting a traffic encryption key to the base station and waiting;
An operational stage for performing normal traffic data transmission / reception operations with the base station; and waiting to update using a new traffic encryption key automatically generated and transmitted by the base station Including a M & B Rekey Interim Wait stage;
The traffic encryption key state machine is
In the operation standby stage, a key response message reception event that receives a traffic encryption key from the base station is generated, and the operation stage is shifted to operate.
In the operation step, when a new specific key is received through the first key update command message from the base station to update the specific key, a GKEK update event is generated, whereby the M & B It moves to the temporary update waiting stage and operates.
If a new traffic encryption key encrypted with the new specific key is received from the base station through a broadcast connection in the M & B update tentative standby stage, a TEK update event occurs. A method for operating a traffic encryption key state machine in a wireless portable Internet system, wherein the operation is performed by transitioning to the operation stage. An update waiting step (Rekey Wait) for waiting to update using a new traffic encryption key generated and transmitted at the base station at the request of the subscriber terminal;
If the operation step does not receive the first key update command message used to distribute the new specific key from the base station and no GKEK update event occurs, the traffic encryption key of the terminal When the update event (TEK Refresh Timeout) occurs, the terminal transmits a key request message to the base station, and the traffic encryption key state machine moves to the update waiting stage and operates. 43. A method of operating a traffic encryption key state machine in a wireless portable Internet system as claimed in claim 42.   In the M & B update provisional standby stage, if the second key update command message used to distribute the new traffic encryption key cannot be received from the base station and a TEK update event does not occur, When a traffic encryption key update event (TEK Refresh Timeout) occurs, the terminal transmits a key request message to the base station, and the traffic encryption key state machine transitions to the update waiting stage. 44. A method of operating a traffic encryption key state machine in a wireless portable Internet system according to claim 43, characterized in that it operates.   In the update waiting stage, a new traffic encryption key and a new specific key used to decrypt the new traffic encryption key are included as a response of the base station to the key request message from the terminal. 45. The wireless portable Internet system according to claim 43 or 44, wherein the traffic encryption key state machine is operated by transitioning to the operation stage upon receiving a key reply message being transmitted. How the traffic encryption key state machine works in