JP4319691B2 - Authentication device - Google Patents

Description

  The present invention relates to an authentication apparatus, and more particularly to a wireless communication method capable of distributing data encrypted by a broadcast channel, and more particularly to an authentication apparatus in a CDMA wireless communication system.

  In 3GPP2 (3rd Generation Partnership Project 2), which is an international standardization organization, the cdma2000 1x method, which is a mobile communication method capable of voice communication and data communication, and the mobile with improved frequency utilization efficiency by specializing exclusively in data communication The cdma2000 1xEV-DO (1x Evolution-Data Only) system, which is a body radio communication system, has been standardized. The cdma2000 1x method and the 1xEV-DO communication method are intended to realize unicast communication in which a one-to-one terminal performs communication in a mobile network, but realization of multicast communication in which one-to-many communication is performed has been studied. ing.

  As an element of technology for realizing multicast communication, a broadcast channel called “broadcast channel” is standardized as a channel for data transmission in a wireless interface. For example, for cdma2000 1x, the C.P. S0001-D v1.0, C.I. S0002-D v1.0, C.I. S0003-D v1.0, C.I. S0004-D v1.0, C.I. It is standardized by S0005-D v1.0. For example, C.D. for cdma2000 1xEV-DO It is standardized by S0054-0 v1.0. A service using a broadcast channel is called BCMCS (Broadcast Multicast Service).

  Conventionally, a unicast channel used for communication between a base station and a mobile device has a feature that data transmitted from a base station can be received only by a single mobile device. On the other hand, a broadcast channel standardized for multicast communication support has a feature that all mobile devices capable of receiving radio waves can receive data transmitted from a base station. Therefore, the data transmitted using the broadcast channel can be received by all mobile devices. Data is encrypted so that only the selected mobile station group can receive data, and the key (decryption key) necessary for decrypting the encrypted data is unicast to the selected mobile station group. A method of distributing in advance by means of communication or the like has been discussed. 3GPP2 standard candidate X. for the method of distributing the decryption key to the mobile device. P0022-0 v. In Chapters 7 and 10.2 (Non-Patent Document 1) of 0.2, an XML (Extensible Markup Language) formatted decryption key (BAK; Broadcast Access Key) is transmitted in response to an inquiry from a mobile device A method is disclosed.

FIG. 24 is a system configuration diagram in the case of providing BCMCS in a 1xEV-DO network. The figure shows a situation in which data is transmitted to a plurality of mobile devices using a 1xEV-DO broadcast channel.
The content server 108 has a function of generating and transmitting broadcast channel data. These data are transmitted to a BSN (Broadcast Serving Node) 106 as an IP packet to which a multicast IP address is assigned. This IP packet is encrypted by the content server 108 using the encryption key managed by the BCMCS Controller 109 and transmitted. When the content server 108 transmits broadcast data, the content server 108 receives an encryption key necessary for encryption from the BCMCS Controller 109 in advance.

  The data received by the BSN 106 is subjected to framing processing such as HDLC-like framing defined in IETF RFC1662 so that the mobile station can determine the IP packet boundary, and a packet control device PCF (Packet Control Function) 104. Sent to. The PCF 104 buffers the packet received from the BSN 106, adjusts the transmission rate to match the radio band, and transmits it to the base station AN (Access Node) 103.

  Data received from the PCF 104 by the AN 103 is transmitted wirelessly using a broadcast channel. Data transmitted on the broadcast channel is received by a plurality of mobile devices such as AT (Access Terminal) 101 and AT 102 which are mobile devices. The BCMCS Controller 109 manages information related to the broadcast data, a database having an encryption key / decryption key used for encryption / decryption of the broadcast data, and the presence / absence of reception authority of the mobile device.

  An AN-AAA (Access Network-Authentication, Authorization and Accounting) 105 shown in the figure is an authentication server used for mobile device authentication. For example, it is a server for authenticating whether or not wireless connection is approved by a business operator as hardware of a mobile device. A PDSN (Packet Data Serving Node) 107 is a node that terminates a point-to-point protocol (PPP) in order to support unicast communication with a mobile device. The PDSN 107 is a device that mediates between a packet conforming to the IP protocol used in the Internet 111 and a protocol used in the wireless network. AAA (Authentication, Authorization and Accounting) 110 is an authentication server used to authenticate a user using a mobile device, and whether or not the user using the mobile device is authorized to connect to the Internet 111 via a wireless connection. It is a server for authenticating.

FIG. 2 shows X.3 which is a 3GPP2 standard candidate. The decryption key distribution procedure based on Annex A of P0022-0 is shown.
The BSN 106 receives data for transmission on the broadcast channel from the content server 108. The broadcast data is transmitted to the AN 103 via the PCF 104. Broadcast data received by the AN 103 is wirelessly transmitted to the AT 101 using a broadcast channel (201). At this time, the data received by the AT 101 is encrypted, and since the AT 101 does not hold a key for decryption (decryption key), the received data is discarded by the AT 101.

  For example, when the power of the AT 101 is turned on, a 1xEV-DO session is established between the AT 101 and the AN 103, and the parameters of the wireless protocol used in the subsequent processing are determined (202). The AT 101 establishes a connection for performing data communication based on the information of the established 1xEV-DO session (203). This connection performs one-to-one unicast communication between the AT 101 and the AN 103, and is prepared separately from the broadcast channel. The communication contents of procedures 203 to 215 are such that other ATs cannot receive information because communication is performed on this connection.

  The AN 103 and the PCF 104 detect that the terminal first establishes a connection after the AT 101 establishes a session (202), and perform terminal authentication to determine whether the AT 101 is qualified to communicate before enabling the AT 101 to communicate. carry out. As a preparation for implementing this terminal authentication, an authentication path is established between the AN 103 and the PCF 104 (204).

  In order to perform terminal authentication between the AT 101 and the PCF 104, the LCP (link control protocol) defined in the PPP is established using the connection established in the procedure 203 and the authentication path established in the procedure 204. Perform (205). In order to request terminal authentication, the PCF 104 transmits, for example, a CHAP Request message (206). The AT 101 calculates an authenticator using the information received by the CHAP Request message and the mobile device specific information held by the AT 101, and transmits a CHAP Response message including the authenticator to the PCF 104 (207). The PCF 104 includes the received authenticator in an Access Accept message and transmits it to the AN-AAA 105 (208). When the AN-AAA 105 calculates the validity of the received authenticator and determines that it is valid, the AN-AAA 105 transmits an Access Accept message to the PCF 104 as having passed the terminal authentication (209). The PCF 104 transmits a CHAP Success message to the AT 101 to notify that the authentication has passed (210).

  Next, a data path is established to establish a unicast communication path between the AN 103 and the PCF 104 (211). A data path is also established between the PCF 104 and the PDSN 107 (212). In order to perform framing necessary for unicast communication, PPP is established between the AT 101 and the PDSN 107 (213).

  For example, the AT 101 transmits an HTTP Information Acquisition Request message to the BCMCS Controller 109 in order to receive a key for decrypting the encrypted broadcast data shown in the procedure 201 (214). The BCMCS controller 109 transmits an HTTP Information Acquisition Response message including the decryption key and the decryption key expiration date information to the AT 101 (215).

Thereafter, the AT 101 can decrypt the encrypted broadcast data transmitted from the AN 103 using the decryption key received in the procedure 215 and receive the data (216).
3GPP2 standard candidates X. P0022-0 v. 0.2, 7 and 10.2 C. S0001-D v1.0, 3GPP2 issued, March 2004 C. S0002-D v1.0, 3GPP2 issued, March 2004 C. S0003-D v1.0, 3GPP2 issued, March 2004 C. S0004-D v1.0, 3GPP2 issued, March 2004 C. S0005-D v1.0, 3GPP2 issued, March 2004 C. S0054-0 v1.0, 3GPP2 issued, March 2004 RFC1662, published by IETF, July 1994

  In a conventional data transmission method using a broadcast channel, when data to be transmitted is transmitted without being encrypted, it can be received even by a mobile device other than the mobile device intended for reception. For example, even a mobile device for which a service contract with a communication carrier has ended may be received. Therefore, there is a method of encrypting and transmitting data to be transmitted and transmitting a key (decryption key) for decrypting the encrypted data so that the data can be received only by the intended mobile device. It has been.

  In the conventional decryption key transmission method, in order for a mobile device to acquire a decryption key, a radio resource for unicast is secured, and communication with a server that manages the decryption key is performed via wireless communication using the resource. To obtain the decryption key. FIG. The procedure disclosed in Annex A of P0022-0. In such a procedure, since a decryption key is acquired using a unicast path, for example, the procedures shown in Procedure 211 to Procedure 215 are performed. Is required. This is because the PPP session termination of the PDSN shown in step 213 is necessary, and the transaction processing by the BCMCS controller shown in steps 214 to 215 is necessary, so resources in the PDSN and the BCMCS controller are wasted. In addition, there are many procedures for obtaining the decryption key, and the time required for obtaining the decryption key becomes longer.

  As described above, unless a radio resource is secured for obtaining the decryption key, the decryption key cannot be obtained, and the data transmitted on the broadcast channel cannot be received. Therefore, even when receiving broadcast data that does not need to be grasped by the base station that provides the communication, communication for obtaining a decryption key from the mobile device is required. As a result, the communication volume increases and wireless traffic is increased. And network traffic increases.

  In addition, in order to reduce the amount of communication for obtaining the decryption key, if the data transmitted through the broadcast channel is not encrypted, the reception can be performed by other than the receiving mobile device intended for reception as described above. This is not a fundamental solution.

  Further, in the conventional method, in order to establish PPP between the PDSN 107 and the AT 101 and further communicate with the BCMCS Controller 109, the number of sessions that must be managed and processed by the PDSN 107 increases, and the BCMCS Controller 109 More transactions have to be processed. This increases the processing capability required for the PDSN 107 and the BCMCS Controller 109, and it may be necessary to prepare a large amount of equipment. Further, since PPP establishment and communication with the BCMCS Controller are required, it takes a processing time until the AT 101 obtains a decryption key, and it takes time from the AT 101 to establish a session until reception of broadcast data starts. Become.

  In view of the above, the present invention provides an authentication device that is safely implemented only for a receiving mobile device intended to distribute a decryption key without increasing the amount of communication by special communication for obtaining the decryption key. One of the purposes. Another object of the present invention is to update a decryption key without interruption while receiving data on a broadcast channel. An object of the present invention is to receive a decryption key while suppressing an increase in the number of sessions and an increase in the number of transactions. Another object of the present invention is to shorten the processing time for the terminal to obtain the decryption key. Furthermore, an object of the present invention is to shorten the time from the start of a session to the start of reception of broadcast data. Another object of the present invention is to prevent communication from being concentrated at the same time by shifting the timing for distributing the decryption key for each wireless terminal.

  In order to solve the above problems, the present invention provides only a mobile device that is permitted to receive data to be transmitted on a broadcast channel, for example, by providing means for transmitting a decryption key to a procedure for authenticating a mobile device. One of the features is that the decryption key is transmitted. The present invention makes it possible to omit the PPP establishment process between the AT 101 and the PDSN 107 and the transaction that has occurred between the AT 101 and the BCMCS Controller 109, which have been conventionally required. It is possible to reduce processing delay due to the reduction.

  Further, the present invention provides means for setting an expiration date for a decryption key once transmitted and periodically updating the decryption key. As described above, one feature is that a procedure is provided in which a mobile device that has received a decryption key once cannot receive data when it loses the reception qualification of data transmitted on the broadcast channel. An example of losing the qualification to receive this data is when the mobile device contract is canceled.

The decryption key distribution method of the present invention has, for example, a wireless channel using a wireless system that has a broadcast channel for data distribution composed of a wireless base station and a wireless terminal, and encrypts and transmits data transmitted on the broadcast channel. In a decryption key distribution method in a communication system,
One of the characteristics is that a key for decrypting the encrypted data is transmitted to a signal for performing the terminal authentication when the wireless terminal performs terminal authentication.

  In the decryption key distribution method described above, in order to update the decryption key, the first decryption key for the currently transmitted data and the second decryption key for the data scheduled to be transmitted in the future, or any number By specifying the decryption key and the use start time of the second decryption key, or by specifying the use start time for each of the arbitrary number of decryption keys, the decryption key can be switched. .

  Further, in the above-described decryption key distribution method, terminal authentication is started by using a call signal for performing terminal authentication from the radio base station, and the first decryption key and the second decryption key or the An arbitrary number of decryption keys and a use start time of the decryption key can be transmitted to the wireless terminal.

In the above-described decryption key distribution method, when the wireless base station and the wireless terminal are communicating using a connection for unicast communication, the wireless base station transmits a call signal for performing terminal authentication. The terminal authentication is started, and the first decryption key, the second decryption key or the arbitrary number of decryption keys, and the use start time of the decryption key can be transmitted to the wireless terminal.
In the decryption key distribution method described above, traffic for distributing the decryption key can be distributed by changing the time at which the wireless base station transmits the call signal to the wireless terminal.

According to the first solution of the present invention,
The content server transmits the data encrypted using the encryption key received from the control device that manages the encryption key and / or the decryption key to the wireless terminal via the broadcast channel, and the wireless terminal previously corresponds to the encryption key. In a wireless communication system for decrypting received data using a distributed decryption key, a decryption key distribution method for distributing the decryption key to a wireless terminal,
The authentication device receives the content type or identification information and the corresponding decryption key and valid time from the control device, and associates the received content type or identification information, decryption key, and valid time with the decryption key database. The step of storing in
An authentication device receiving an authentication request including a terminal identifier from a wireless terminal;
An authentication device performing terminal authentication in accordance with the received authentication request;
Based on the terminal identifier in the received authentication request, the authentication device refers to the content registration database in which the terminal identifier and the content type or identification information of the content that can be received by the terminal are stored in advance, and the corresponding content Obtaining a type or identification information;
The authentication device refers to the decryption key database based on the acquired content type or identification information, and acquires the corresponding decryption key and valid time;
There is provided the decryption key distribution method including a step in which an authentication device transmits an authentication result in the step of performing terminal authentication and an acquired decryption key and valid time to a wireless terminal or a packet control device.

According to the second solution of the present invention, the content server transmits the data encrypted using the encryption key received from the control device that manages the encryption key and / or the decryption key to the wireless terminal through the broadcast channel, The wireless terminal is an authentication device in a wireless communication system that decrypts data received using a decryption key distributed in advance corresponding to an encryption key,
A decryption key database in which the received content type or identification information, a decryption key, and an effective time are stored correspondingly;
A content registration database in which a terminal identifier and content type or identification information of content that can be received by the terminal are stored in advance;
A processing unit that performs terminal authentication and decryption key distribution,
The processor is
Receiving the content type or identification information and the corresponding decryption key and valid time from the control device, and storing them in the decryption key database;
Receiving an authentication request including a terminal identifier from the wireless terminal;
Perform terminal authentication according to the received authentication request,
Based on the terminal identifier in the received authentication request, refer to the content registration database to obtain the corresponding content type or identification information,
Based on the acquired content type or identification information, refer to the decryption key database, acquire the corresponding decryption key and valid time,
The authentication device is provided that transmits an authentication result and the acquired decryption key and valid time to the wireless terminal or the packet control device.

  According to the present invention, it is possible to provide an authentication device that can be safely performed only on a receiving mobile device intended to distribute a decryption key without increasing the amount of communication by special communication for obtaining the decryption key. Further, according to the present invention, the decryption key can be updated without interruption while receiving data on the broadcast channel. According to the present invention, it is possible to receive a decryption key while suppressing an increase in the number of sessions and an increase in the number of transactions. Further, according to the present invention, it is possible to shorten the processing time for the terminal to generate the decryption key. Furthermore, according to the present invention, it is possible to shorten the time from the start of the session to the start of reception of broadcast data. Also, according to the present invention, it is possible to prevent communication from being concentrated at the same time by shifting the timing for distributing the decryption key for each wireless terminal.

(Hardware configuration and data format)
FIG. 1 is a configuration diagram of a 1xEV-DO network system in the present embodiment.
In the following, an example of an embodiment of the invention will be described based on the 1xEV-DO network shown in FIG. In addition to the system shown in FIG. 1, the present invention can be applied to all systems having a broadcast channel capable of transmitting encrypted data and having mobile device authentication.

  This system includes, for example, an AN (base station) 103, a PCF 104 (packet control device) 104, an AN-NNN (authentication device) 105, a BSN 106 (BCMCS service device) 106, and a PDSN (packet data service device) 107. A content server 108, a BCMCS controller 109 (BCMCS control device) 109, and an AAA 110. In addition, in order to distribute a decryption key used for decrypting broadcast data to the AT, it has a connection with a BCMCS Controller 109 that manages the decryption key. Since each device is the same as described above, description thereof is omitted.

  FIG. 10 shows a hardware configuration diagram of the AT. The AT stores a CPU 1001 that processes a call control protocol and a data transfer mechanism for performing communication with the AN 103, a memory 1002 that is used as a temporary storage medium for executing software and data processing, and encrypted broadcast data. An external storage device 1003 having a decryption key database for managing a decryption key for decryption, and modulation / demodulation for performing demodulation to extract data received from the AN 103 from the radio signal by modulating data to be transmitted to the AN 103 into a radio signal And an RF (Radio Frequency) circuit 1006 that performs wireless reception and transmission. Each part is connected via the communication bus 1004 which is a communication line for implement | achieving communication between functions, for example.

  When the AT receives broadcast data from the AN 103, the AT receives radio waves with the RF circuit 1006 and extracts data from the radio signal with the modem circuit 1005. The extracted broadcast data is once written in the memory 1002. In order to decrypt the received data written in the memory 1002, the CPU 1001 accesses the external storage device 1003 provided with the decryption key database and acquires the corresponding decryption key. For example, the decryption key corresponding to the current time is acquired by referring to the valid time of the decryption key database. Further, the CPU 1001 decodes the reception data written in the memory 1002, thereby completing the reception of the broadcast data.

  FIG. 11 shows a detailed configuration example of the decryption key database held in the AT. The decryption key database 1003 includes a content type 1101, a key type 1102, a key valid time 1103, and a decryption key 1104 corresponding to the content type 1101 and the key valid time 1103. This database can include a plurality of pieces of content information. When the AT receives the encrypted broadcast data, the AT selects the decryption key written in the decryption key database 1003 from the current time and the content type of the received broadcast data, and uses the decryption key The broadcast data is decrypted at. The key type may be omitted. The content type may be identification information for identifying each content, or information indicating a group of content.

  FIG. 12 shows a hardware configuration diagram of the AN-AAA 105. The AN-AAA 105 is used as a temporary storage medium for executing software and data processing, and a CPU 1201 for processing a call control protocol for performing communication with the PCF 104 and the BCMCS Controller 109, calculation at the time of terminal authentication, and distribution of a decryption key. Memory 1202, first external storage device 1203 having a decryption key database for managing a decryption key for decrypting encrypted broadcast data, password management used for terminal authentication, and its mobile device A second external storage device 1204 having a subscriber database that registers which decryption key can be transmitted, and a network I / F 1206 that is an interface for communicating with an external device such as the PCF 104 and the BCMCS Controller 109 Preparation Yeah. Each unit is connected via, for example, a communication bus 1204 that is a communication line for realizing communication between functions. Further, the first and second external storage devices may be constituted by one storage device.

  The AN-AAA 105 receives a terminal authentication request from the PCF 104 via the network I / F 1206, and the terminal authentication request is temporarily stored in the memory 1202. The CPU 1201 reads a terminal authentication request stored in the memory 1202 and accesses an external storage device 1204 including a subscriber database in order to obtain a password for the mobile device that generated the terminal authentication request. When the CPU 1201 confirms the match between the password received in the terminal authentication request and the password stored in the external storage device 1204 provided with the subscriber database (or the match of the authenticator based on the password), it is considered that the terminal authentication is successful. . Then, in order to obtain a decryption key for transmission to the mobile device, the external storage device 1203 provided with the decryption key database is accessed to obtain the decryption key. The CPU 1201 transmits the result that the terminal authentication is successful and the decryption key to the PCF 104 via the network I / F 1206. If terminal authentication is not successful, acquisition / transmission of the decryption key can be omitted.

  FIG. 13 shows a detailed configuration example of the decryption key database 1203 held by the AN-AAA 105. The decryption key database 1203 includes a content type 1301, a key type 1302, a key valid time 1303, and a decryption key 1304 corresponding to the content type 1301 and the key valid time 1303. This database can include a plurality of pieces of content information. The AN-AAA 105 obtains a desired decryption key by referring to the decryption key database 1203 in order to transmit the decryption key to the AT for which terminal authentication has been successful. The key type may be omitted. The AN-AAA 105 acquires and stores in advance a decryption key or the like from the BCMCS Controller 109 that manages the encryption key and the decryption key. Detailed procedures will be described later.

  FIG. 14 shows a detailed configuration example of the subscriber database held by the AN-AAA 105. The subscriber database 1204 has a terminal authentication table 1401 used for terminal authentication, and a content registration table 1402 indicating the registration status of which content is allowed to be received by the terminal.

  The terminal authentication table 1401 is a table indicating the correspondence between the mobile device identifier 1403 and the password 1404. The content registration table 1402 is a correspondence table between the mobile device identifier 1405 and the registered content 1406 indicating whether content reception is permitted for the mobile device. The terminal authentication table 1401 and the content registration table 1402 can be registered in advance. Note that these two tables 1401 and 1402 may be configured as one table. In addition to the table configuration, it can be stored in an appropriate format. This also applies to other tables.

  FIG. 15 shows a hardware configuration diagram of the BCMCS Controller 109. The BCMCS Controller 109 includes a CPU 1501 that processes a call control protocol for communicating with the AN-AAA 105 and the content server 108, a memory 1502 that is used as a temporary storage medium for software and data processing being executed, and each broadcast data content An external storage device 1503 having an encryption key / decryption key database for managing a table of encryption keys and decryption keys, and a network I / F 1505 that is an interface for communicating with external devices such as the AN-AAA 105 and the content server 108 Prepare. Each unit is connected, for example, via a communication path 1504 that is a communication line for realizing communication between functions. When distributing the encryption key / decryption key to the AN-AAA 105 and the content server 108, the BCMCS Controller 109 accesses the external storage device 1503 including the encryption key / decryption key database to acquire the encryption key / decryption key. . These keys are transmitted to the AN-AAA 105 and the content server 108 via the network I / F 1505.

  FIG. 16 shows a detailed configuration example of the encryption key / decryption key database held by the BCMCS Controller 109. The encryption key / decryption key database 1503 includes a content type 1601, a key valid time 1602, and an encryption key 1603 and a decryption key 1604 corresponding to the content type 1601 and key valid time 1602. This database can include a plurality of pieces of content information. The BCMCS Controller 109 uses information registered in this database when distributing the decryption key to the AN-AAA 105 and when distributing the encryption key to the content server 108. Each information can be registered in advance manually or automatically.

  FIG. 17 shows a hardware configuration diagram of the content server 108. The content server 108 includes a CPU 1701 that processes a call control protocol for performing communication with the BSN 106 and the BCMCS Controller 109, a memory 1702 that is used as a temporary storage medium for executing software and data processing, and encryption for each broadcast data content. It includes an external storage device 1703 having an encryption key database for managing a key table, and a network I / F 1705 that is an interface for communicating with external devices such as the BSN 106 and the BCMCS Controller 109. Each part is connected via the communication bus 1704 which is a communication line for implement | achieving communication between functions, for example.

  The content server 108 receives information indicating the encryption key necessary for encrypting broadcast data and the valid time of the encryption key from the BCMCS Controller 109, and stores the information in an external storage device 1703 including an encryption key database. When the content server 108 transmits broadcast data, the broadcast data is encrypted using the encryption key information corresponding to the content type and current time stored in the encryption key database 1703, and the network I / F 1705 is set. To the BSN 106.

  FIG. 18 shows a detailed configuration example of the encryption key database 1703 held in the content server 108. The encryption key database 1703 includes a content type 1801, a key valid time 1802, and an encryption key 1803 corresponding to the content type 1801 and the key valid time 1802. This database can include a plurality of pieces of content information. When the content server 108 transmits broadcast data to the BSN 106, the content server 108 performs encryption using the encryption key 1803 stored in the database 1703.

  FIG. 19 shows a hardware configuration diagram of the PCF 104. The PCF 104 includes a CPU 1901 that processes a call control protocol for communication with the BSN 106 and the AN 103, a memory 1902 that is used as a temporary storage medium for executing software and data processing, and a table of decryption keys for each broadcast data content. Communication with a third external storage device 1903 having a decryption key database for managing data, a fourth external storage device 1904 having a call control database for managing a decryption key transmitted to the AT, and external devices such as the BSN 106 and the AN 103. And a network I / F 1906 which is an interface for performing the operation. Each part is connected via the communication bus 1905 which is a communication line for implement | achieving communication between functions, for example.

  The PCF 104 stores the decryption key acquired from the AN-AAA 105 by terminal authentication in an external storage device 1903 including a decryption key database. Further, the PCF 104 manages the distributed decryption key and / or its valid time for each mobile device in the external storage device 1904 having a call control database in order to manage the decryption key transmitted to the AT. Based on the contents recorded in the call control database 1904, it is possible to perform redistribution processing of the decryption key.

  FIG. 20 shows a detailed configuration example of the decryption key database held in the PCF 104. The decryption key database includes a content type 2001, a key valid time 2002, and an encryption key 2003 corresponding to the content type 2001 and the key valid time 2002. This database can include a plurality of pieces of content information. The PCF 104 receives the decryption key from the AN-AAA 105 at the time of terminal authentication and leaves a record in this database. The decryption key database 1903 can be omitted.

  FIG. 21 shows a detailed configuration example of the call control database held by the PCF 104. The call control database includes a mobile device identifier 2101 used for identifying a mobile device, a content type 2102 corresponding to a decryption key transmitted to the mobile device identified by the mobile device identifier 2101, and a mobile device that has been transmitted to the mobile device. And the transmitted key valid time 2103 indicating the valid time of the decryption key. The PCF 104 can confirm the key valid time based on the content recorded in the call control database and can use it for judging the key redistribution time. For example, referring to the transmitted key valid time 2103, a new decryption key can be transmitted to the AT a predetermined time before the completion time of the valid time. It should be noted that in the transmitted key valid time, only the one corresponding to the latest decryption key may be stored, or only the end time of the valid time of the latest decryption key may be stored. Further, it may include a plurality of valid times that have already been transmitted.

  FIG. 22 shows an example of the format of an Access Accept message used for transmitting a decryption key from the AN-AAA 105 to the PCF 104. A Code field 2201 represents the message type of the Access Accept message. The Identifier field 2202 is a value that is changed for each message transmission, and is used for message retransmission control. The Length field 2203 represents the overall length of the message in octets. The Response Authenticator field 2204 is used for performing authentication between the AN-AAA 105 and the PCF 104.

  In the Description Key information element 2205, a field for transmitting the decryption key used in the present invention and its valid time is defined. The Vendor Id field 2206 indicates that a value of 159FH defined by 3GPP2 is set as an example. In the Vendor type field 2207, for example, a value of 3FH indicating that the decryption key is included in this information element is entered. The Vendor-length field 2208 stores the field length included after the Ventor-type field 2207 in a length including the Vendor-type field 2208.

  A Content ID field 2209 indicates the type of content, and a Description Key field 2210 indicates a decryption key. The Start Time field 2211 indicates the start time of the decryption key valid time, and the End Time field 2212 indicates the end time of the decryption key valid time. In addition to the Access Accept message, the AN-AAA 105 may transmit an appropriate message signal for notifying the approval / non-approval of the authentication to the AT including the decryption key, the valid time, and the like.

(Decryption key distribution procedure)
FIG. 3 shows a decryption key distribution procedure at the time of terminal authentication.
The content server 108 transmits the broadcast data to the AN 103 via the BSN 106 and the PCF 104. Broadcast data received by the AN 103 is wirelessly transmitted to the AT 101 using a broadcast channel (301). At this time, the data received by the AT 101 is encrypted, and since the AT 101 does not hold a key for decryption (decryption key), the received data is discarded by the AT 101. When transmitting the broadcast data, the content server 108 performs the transmission after encrypting the broadcast data using the encryption key stored in the encryption key database 1703 held therein.

  A 1xEV-DO session is established between the AT 101 and the AN 103 (302). For example, it can be established by a predetermined appropriate trigger such as power-on. In addition, a connection for performing unicast communication is established (303). Since this connection establishment is the first connection establishment after the 1xEV-DO session is established, an authentication path is established between the AN 103 and the PCF 104 as a preparation for performing terminal authentication (304).

  In order to perform terminal authentication between the AT 101 and the PCF 104, LCP defined in PPP is established (305). The PCF 104 transmits a CHAP Request message to request terminal authentication (306). The AT 101 calculates an authenticator using the information received by the CHAP Request message and the mobile device specific information held by the AT 101, and transmits a CHAP Response message including the authenticator and the mobile device identifier to the PCF 104 (307). . An appropriate message may be used in addition to the CHAP Request message and the CHAP Response message.

  The PCF 104 transmits an Access Request message including the received authenticator and mobile station identifier to the AN-AAA 105 (308). When the AN-AAA 105 determines the validity of the received authenticator, the AN-AAA 105 transmits an Access Accept message to the PCF 104 as having passed the terminal authentication (309). In the present embodiment, in this Access Accept message, for example, a decryption key (current decryption key in the figure) necessary for decrypting broadcast data being transmitted in step 301 and broadcast data to be transmitted in the future. The decryption key (future decryption key in the figure) necessary for decrypting the key and the key valid time are transmitted. The use of such information will be described later.

FIG. 23 is a flowchart of the authentication / key distribution processing of the AN-AAA 105. Each of these processes can be executed by the CPU 1201 of the AN-AAA 105, for example.
First, the AN-AAA 105 receives the Access Request message (S11, corresponding to 308 in FIG. 3), and performs terminal authentication (S13). For example, the AN-AAA 105 refers to the terminal authentication table of the subscriber database 1204 based on the mobile device identifier included in the message, and acquires the corresponding password. Further, the AN-AAA 105 obtains an authenticator by a method similar to that of the AT based on the mobile device identifier and the password, and compares the obtained authenticator with the authenticator included in the Access Request message. Judge that terminal authentication has passed. On the other hand, if they do not match, predetermined processing such as transmitting information indicating unsuccessful authentication to the PCF 104 can be performed. In addition to calculating the authenticator, for example, an appropriate authentication method such as authentication by collating the mobile device identifier and the password may be used.

  If the terminal authentication is passed, the AN-AAA 105 refers to the content registration table of the subscriber database 1204 based on the received mobile device identifier, and acquires the corresponding registered content type (for example, identifier) (S15). Further, the decryption key database 1203 is referred to based on the type of registered content acquired, and the corresponding decryption key and valid time are acquired (S17). Note that a predetermined number of decryption keys and valid times can be acquired. The AN-AAA 105 sends the Access Accept message including the acquired decryption key and valid time to the PCF 104 or AT (S19, corresponding to 309 in FIG. 3). For example, in the format of the Access Accept message shown in FIG. 22, the AN-AAA 105 sets the acquired content type in the Content ID field 2209 and the acquired decryption key Description Key field 2210 out of the acquired effective times. The start time can be stored in the Start Time field 2211 and the end time can be stored in the End Time field 2212 for transmission.

  Returning to FIG. 3, the PCF 104 records the information received from the AN-AAA 105 in a decryption key database and a call control database held in the PCF 104. For example, the content type, valid time, and decryption key included in the Access Accept message are associated with each other and stored in the decryption key database. The information stored in the database here is used when switching the decryption key. The PCF 104 notifies the AT 101 that the authentication has passed by sending a CHAP Success message. Further, the PCF 104 transmits the current decryption key, the future decryption key, and the key valid time to the AT 101 (310). These decryption keys and the like can be transmitted by being included in the CHAP Success message. Further, the PCF 104 stores the content type and the valid time of the transmitted key in the call control database 1904 corresponding to the mobile device identifier of the AT 101 that transmitted the decryption key. The effective time may be the slowest (latest) of the plurality of effective times transmitted, or the time span from the earliest to the latest, or the effective time It may be an end time.

The AT 101 stores the valid time and the decryption key in the decryption key database 1003 corresponding to the content type received in step 310, and decrypts the encrypted broadcast data transmitted from the AN 103 using the decryption key. (311).
In this way, by transmitting a decryption key for decrypting broadcast data at the time of terminal authentication, PPP establishment processing between the AT 101 and the PDSN 107 as seen in the known procedure of FIG. 2, between the AT 101 and the BCMCS Controller 109 This transaction can be omitted.

Next, key update will be described.
FIG. 4 is an explanatory diagram of the decryption key switching method. The content server 108 transmits encrypted data. For example, during the period from time t0 to time t3 (effective time of the encryption key 1), data encrypted by the encryption key 1 is transmitted (401). ). During this time, since it is encrypted with the encryption key 1, it is assumed that the decryption key 1 is necessary to decrypt the data. Further, data encrypted with another encryption key 2 is transmitted after time t3, and the decryption key 2 is necessary to decrypt the data during this time (402).

  The AT 101 holds the decryption key 1 at time t0 and is in a state where it can demodulate data encrypted using the encryption key 1 transmitted from the content server 108 at time t0 ( 403). In addition, the AT 101 acquires the decryption key 2 at a time t1 before the time t3 so that the content server 108 can demodulate the data encrypted with the encryption key 2 transmitted from the time t3. . Therefore, during the period from time t1 to time t3 (the valid time of the decryption key 1), the data transmitted from the content server 108 can be demodulated using the decryption key 1, and at the same time, ready for data reception from the future time t3. Thus, the decryption key 2 to be used in the future is held (404). After time t3, the decryption key 1 is discarded, and the data encrypted using the encryption key 2 transmitted from the content server 108 using the decryption key 2 is demodulated (405).

  The AT 102 holds the decryption key 1 at time t0 and is in a state where it can demodulate data encrypted using the encryption key 1 transmitted from the content server 108 at time t0 ( 406). The AT 102 acquires the decryption key 2 at a time t2 before the time t3 so that the content server 108 can demodulate the data encrypted with the encryption key 2 transmitted from the time t3. Accordingly, during the period from time t2 to time t3, the data transmitted from the content server 108 can be demodulated using the decryption key 1, and at the same time, the decryption key 2 used in the future in preparation for data reception from the future time t3. (407). After time t3, the decryption key 1 is discarded, and the data encrypted using the encryption key 2 transmitted from the content server 108 using the decryption key 2 is demodulated (408).

  Thus, before switching the encryption key used by the content server 108, by transmitting the decryption key after switching to each AT in advance, the AT can continuously receive data. Further, by changing the update timing of the decryption key for each AT, it is possible to prevent a load from being concentrated on the network or wirelessly.

(First decryption key update procedure)
FIG. 5 shows a procedure for transmitting the decryption key to the AT in response to the re-authentication process. These procedures can be executed after the processing shown in FIG. 3, for example.
The BSN 106 transmits broadcast data to the AN 103 via the PCF 104. Broadcast data received by the AN 103 is transmitted to the AT 101 wirelessly using a broadcast channel (501). At this time, the data received by the AT 101 is encrypted, and since the AT 101 already holds the decryption key 1 that is a key (decryption key) for decryption, the received data is decrypted by the AT 101. (Decoding 1) is received normally.

The PCF 104 transmits an AT call signal to the AT 101 via the AN 103 in order to distribute the decryption key 2 used in the future to the AT 101 (502). In step 309, the PCF 104 records the valid time of the decryption key distributed to the AT 101 in the call control database, and the AT call signal can be transmitted a certain time before the end time of this valid time. At this time, information indicating that the call signal is a call signal for performing terminal authentication is added to the call signal and transmitted. This call signal transmission opportunity is set to be a certain time before the expiration of the valid time of the decryption key, and transmission is performed at different times for each AT in order to avoid concentrated communication with all ATs receiving broadcast data at the same time. Such a method may be adopted. For example, the AT call signal may be transmitted to each AT with a predetermined time interval, or after the decryption key is transmitted to the AT that transmitted the AT call signal, the AT call signal is transmitted to another AT. May be sent.
In response to the call signal, the AT 101 establishes a connection for performing unicast communication between the AT 101 and the AN 103 (503). After the connection is established, an authentication path is established between the AN 103 and the PCF 104 as a preparation for performing terminal authentication (504).

  Further, in order to perform terminal authentication between the AT 101 and the PCF 104, the LCP defined in the PPP is established (505). The PCF 104 transmits a CHAP Request message to request terminal authentication (506). The AT 101 calculates an authenticator using the information received by the CHAP Response message and the mobile device specific information held by the AT 101, and transmits a CHAP Response message including the authenticator to the PCF 104 (507). The PCF 104 transmits an Access Request message including the received authenticator to the AN-AAA 105 (508). The AN-AAA 105 determines the validity of the received authenticator. If the AN-AAA 105 determines that the received authenticator is valid, the AN-AAA 105 transmits an Access Accept message to the PCF 104 as having passed the terminal authentication (509). In this Access Accept message, the decryption key (decryption key 1 in the figure) necessary for decrypting the broadcast data being transmitted in step 501 and the broadcast data to be transmitted in the future are decrypted. The decryption key (decryption key 2 in the figure) and the valid time of each key are transmitted. These pieces of information are stored in the decryption key database and the call control database of the PCF 104. Details of the processing in the AN-AAA 105 are the same as described above. The PCF 104 sends a CHAP Success message to notify that the authentication has passed, and sends the decryption key 1, the decryption key 2, and the key valid time to the AT 101 (510).

The AT 101 decrypts the encrypted broadcast data transmitted from the AN 103 using the decryption key 1 received in the procedure 510 or the originally stored decryption key 1 (decryption 1), and performs data reception. Is possible (511).
The AT 101 switches the decryption key to be used to the decryption key 2 when the end time of the key valid time received in step 510 (or the start time of the next key) is reached, and broadcast data is transmitted using the decryption key 2. Decoding (decoding 2) is performed (512). Therefore, the AT 101 can continue to receive broadcast data encrypted using the encryption key 2 after a key switching time without interruption (513).

(Second decryption key update procedure)
FIG. 6 shows a procedure in which the AT 101 performs unicast data communication for other purposes and updates the decryption key during the communication. Since unicast communication has already been performed, more effective use of radio resources can be achieved than the procedure for making an AT call shown in FIG. For example, since the AT call signal is not required and the connection between the AT and the AN 103 has already been established for data communication, it is not necessary to establish a session again for the distribution of the decryption key.
For example, the above-mentioned figure is applied only to an AT that has preferentially updated a decryption key with respect to an AT that is already in communication and has not performed unicast communication until the expiration time of the decryption key expires (or until a predetermined time before that). The method shown in 5 can be taken. The decryption key update procedure for the AT during communication is shown below.

  The BSN 106 transmits broadcast data to the AN 103 via the PCF 104. Broadcast data received by the AN 103 is wirelessly transmitted to the AT 101 using a broadcast channel (601). At this time, the data received by the AT 101 is encrypted, and since the AT 101 holds the decryption key 1 which is a key (decryption key) for decryption, the received data is decrypted by the AT 101 and the data is received. Has been made.

  The AT 101 establishes a connection between the AT 101 and the AN 103 in order to start unicast data communication such as Web access (602), for example (603). The start timing of the data communication is assumed to be a user who uses the AT 101, for example, when a user who intends to perform data communication using the AT 101 accesses a home page with a Web browser. The AT 101 and the PDSN 107 perform unicast data communication via the AN 103 and the PCF 104 (604). The PCF 104 may identify the AT 101 during data communication and manage, for example, a terminal identifier.

  The PCF 104 performs authentication connection establishment processing with the AN 103 in order to distribute the decryption key 2 to be used in the future to the AT 101 (605). This authentication connection is established at a certain time before the expiration of the valid time of the decryption key, and the time is shifted for each AT in order to avoid concentrating communications with all ATs receiving broadcast data at the same time. It is also possible to adopt a method as implemented. In order to perform terminal authentication between the AT 101 and the PCF 104, LCP defined in PPP is established (606). The PCF 104 transmits a CHAP Request message to request terminal authentication (607), and the AT 101 calculates an authenticator using the information received in the CHAP Response message and the mobile station specific information held in the AT 101, and the like. A CHAP Response message including the message is transmitted to the PCF 104 (608). The PCF 104 transmits an Access Request message including the received authenticator to the AN-AAA 105 (609). The AN-AAA 105 determines the validity of the received authenticator, determines that the received authenticator is valid, and transmits an Access Accept message to the PCF 104 on the assumption that the terminal authentication has been passed (610). In this Access Accept message, the decryption key (decryption key 1 in the figure) necessary for decrypting the broadcast data being transmitted in step 601 and the broadcast data to be transmitted in the future are decrypted. The decryption key (decryption key 2 in the figure) and the valid time of each key are transmitted. Note that more detailed processing is the same as described above. The PCF 104 notifies the AT 101 that the authentication has passed by transmitting a CHAP Success message, and transmits the current decryption key, the future decryption key, and the key valid time to the AT 101 (611).

The AT 101 decrypts the encrypted broadcast data transmitted from the AN 103 using the decryption key 1 received in step 611 or the decryption key 1 originally held (decryption 1), and performs data reception. Is possible (612).
The AT 101 switches the decryption key to be used to the decryption key 2 when the key switching time received in the procedure 611 is reached (613). Therefore, after the key switching time, broadcast data encrypted using the encryption key 2 can be decrypted using the decryption key 2 (decryption 2), and the AT 101 can continue to receive without interruption. (614).

(Modification of first decryption key update procedure)
FIG. 7 shows a procedure for transmitting three or more (hereinafter referred to as n) decryption keys. The BSN 106 transmits broadcast data to the AN 103 via the PCF 104. Broadcast data received by the AN 103 is wirelessly transmitted to the AT 101 using a broadcast channel (701). At this time, the data received by the AT 101 is encrypted, and since the AT 101 holds the decryption key 1 that is a key (decryption key) for decryption, the received data is decrypted by the AT 101 and is normally received. .
The PCF 104 transmits an AT call signal to the AT 101 via the AN 103 to distribute n decryption keys to be used in the future to the AT 101 (702). At this time, information indicating that the call signal is a call signal for performing terminal authentication is added to the call signal and transmitted.

In response to the call signal, the AT 101 establishes a connection for performing unicast communication between the AT 101 and the AN 103 (703). After the connection is established, an authentication path is established between the AN 103 and the PCF 104 as a preparation for performing terminal authentication (704).
In order to perform terminal authentication between the AT 101 and the PCF 104, LCP defined in PPP is established (705). The PCF 104 sends a CHAP Request message to request terminal authentication (706), and the AT 101 calculates the authenticator using the information received in the CHAP Response message and the mobile station specific information held in the AT 101, and the authenticator The included CHAP Response message is transmitted to the PCF 104 (707). The PCF 104 transmits the received authenticator to the AN-AAA 105 included in the Access Request message (708). The AN-AAA 105 determines the validity of the received authenticator, determines that the received authenticator is valid, and transmits an Access Accept message to the PCF 104 on the assumption that the terminal authentication has been passed (709). In this Access Accept message, the decryption key (decryption key 1 in the figure) necessary for decrypting the broadcast data being transmitted in step 701 and the broadcast data to be transmitted in the future are decrypted. It transmits n decryption keys (decryption key 2,..., decryption key n in the figure) and the valid time of each decryption key. For example, the AN-AAA 105 acquires a predetermined number of decryption keys and valid times from the decryption key database 1203 and communicates. The PCF 104 notifies that the authentication has passed by transmitting a CHAP Success message, and transmits the current decryption key, future decryption key, and key valid time to the AT 101 (710).

The AT 101 can decrypt the encrypted broadcast data transmitted from the AN 103 using the decryption key 1 received in the procedure 710 or the decryption key 1 originally held, and receive data. (711).
The AT 101 switches the decryption key to the decryption key 2 when the end time of the key valid time of the decryption key 1 or the start time of the valid time of the decryption key 2 received in the procedure 710 is reached (712). Therefore, the AT 101 can continue to receive broadcast data encrypted using the encryption key 2 after the key switching time without interruption (713).
Similarly, the AT 101 switches the decryption key to the decryption key 3 when the key switching time to the decryption key 3 received in the procedure 710 is reached (714). Therefore, by transmitting a plurality of decryption keys to the AT 101 in step 710, the AT 101 does not need to perform terminal authentication again to obtain the decryption key. Also, if the call signal cannot be normally received by the AT 101 in step 702, the decryption key cannot be transmitted normally. However, since a plurality of decryption keys have been transmitted in advance, the AT 101 continues to transmit the broadcast data. Can be received (715). Note that in the above-described decryption key update during data communication, a modification in which three or more decryption keys are communicated is possible.

  FIG. 8 is an explanatory diagram of a decryption key switching method when n decryption keys are transmitted. The content server 108 transmits encrypted data, and transmits data encrypted with the encryption key 1 between time t0 and time t2 (valid time of the encryption key 1) (801). During this time, since it is encrypted with the encryption key 1, it is assumed that the decryption key 1 is necessary to decrypt the data. Further, data encrypted with the encryption key 2 is transmitted between the time t2 and the time t3 (valid time of the encryption key 2), and the decryption key 2 is necessary to decrypt the data (802). . Data encrypted with the encryption key n is transmitted after the time tn, and the decryption key n is necessary to decrypt the data during this time (803).

  The AT 101 holds the decryption key 1 at time t0 and is in a state where it can demodulate data encrypted using the encryption key 1 transmitted from the content server 108 at time t0 ( 804). The AT 101 needs to acquire the decryption key 2 at the time t1 before the time t2, for example, in order to be able to demodulate the data encrypted with the encryption key 2 transmitted from the time t2 by the content server 108. There is. This figure shows a case where the decryption key 2 to the decryption key n are acquired at the time t1. Therefore, during the period from time t0 to time t2, the data transmitted from the content server 108 can be demodulated using the decryption key 1, and at the same time used in the future in preparation for data reception transmitted from the future time t2 to t3. The decryption key 2 to be used, the decryption key 3 to be used after time t3,..., The decryption key n are held (805). Between time t2 and time t3, it is not necessary to already hold the decryption key 1, so the decryption key 2, the decryption key 3,..., The decryption key n are retained, and broadcast using the decryption key 2. Data is demodulated (806). After time tn, the data encrypted using the encryption key n transmitted from the content server 108 using the decryption key n is demodulated (807). Similarly, decryption keys n + 1... After time tn + 1 are acquired at an appropriate timing. As this timing, for example, by referring to the transmitted key valid time stored in the call control database 1904 of the PCF 104, the decryption keys n + 1... Can be obtained a predetermined time before the valid time end time.

Here, an example of a method for updating the decryption key while shifting the time for each AT will be described in more detail.
When an entry in the call control database 1904 reaches a predetermined time before the end time of the transmitted key valid time, the PCF 104 transmits an AT call signal to the terminal. In the example of FIG. 21, when the PCF 104 reaches a predetermined time before the effective time end time 10:00 (for example, 30 minutes before), any of the mobile device identifiers at the effective time end time 10:00 (for example, # An AT call signal is transmitted to the AT indicated by 1) (corresponding to 502 in FIG. 5). After that, terminal authentication and a new decryption key (for example, key fghijk with an effective time of 10:00:00 to 12:00) are transmitted (corresponding to 503 to 510 in FIG. 5). At this time, since a new decryption key is transmitted for the mobile station identifier # 1, the transmitted key valid time in the call control database 1904 is rewritten as, for example, 10:00 to 12:00.

  Next, the PCF 104 transmits an AT call signal to the AT indicated by one of the mobile device identifiers (for example, # 2) at the valid time end time 10:00 (corresponding to 502 in FIG. 5). Similarly to the above, terminal authentication and transmission of a new decryption key are performed (corresponding to FIGS. 5 and 503 to 510). At this time, since a new decryption key has been transmitted for the mobile station identifier # 2, the transmitted key valid time in the call control database 1904 is rewritten as, for example, 10:00 to 12:00. As a result, since there is no AT whose valid time end time is 10:00, the PCF 104 ends the key update at the current time.

Further, the PCF 104 transmits an AT read signal in the same manner as described above when the predetermined time before the valid time end time 12:00. Although the case where the decryption keys are transmitted one by one has been described here, the same applies to the case where a plurality of decryption keys are transmitted. When transmitting a plurality of decryption keys, the transmitted key valid time may store the start time of the earliest valid time and the end time of the latest valid time among the transmitted keys. The start time and end time of the latest valid time may be stored.
In this way, the AT read signal can be sequentially transmitted to the AT to which the decryption key is distributed. Further, by referring to the transmitted key valid time in the call control database, it is possible to identify the AT that has transmitted a new decryption key and the AT that is to be transmitted.

  FIG. 9 shows a decryption key for holding in the AN-AAA 105 an encryption key used for encrypting broadcast data in the content server 108 and a decryption key necessary for decrypting the broadcast data encrypted by the content server 108 in the AT. The key distribution procedure is shown. The encryption key / decryption key and key valid time for encrypting broadcast data are set by the BCMCS Controller 109. For example, data as shown in FIG. 16 is stored in the encryption key / decryption key database. The setting of these keys may be automatic generation and automatic setting, or manual setting by a person.

  The encryption key set in the BCMCS Controller 109 is notified by transmitting an encryption key update request to the content server 108 that encrypts broadcast data. This message includes, for example, information indicating the content type, the encryption key for encrypting the broadcast data, and the key valid time (901). The BCMCS Controller 109 can acquire one or a plurality of encryption keys and the valid time of each key with reference to the encryption key / decryption key database 1503. When the content server 108 normally receives the information included in the encryption key update request, the content server 108 transmits an encryption key update response to the BCMCS Controller 109 to notify the BCMCS Controller 109 that the update has been normally completed (902). Further, the content server 108 stores each information in the encryption key database 1703.

  The decryption key set in the BCMCS Controller 109 is notified by transmitting a decryption key update request to the AN-AAA 105 that manages information to be distributed to the AT such as the decryption key. This message includes, for example, content type, a decryption key for decrypting broadcast data, and information indicating the key valid time (903). The BCMCS Controller 109 can acquire one or a plurality of decryption keys, the corresponding content type, and the valid time of each key from the encryption key / decryption key database 1503 and transmit it. When the information contained in the decryption key update request is normally received, the AN-AAA 105 transmits a decryption key update response to the BCMCS Controller 109 to notify the BCMCS Controller 109 that the update has been completed normally (904). Further, the AN-AAA 105 stores the decryption key and the valid time in the decryption key database 1203 corresponding to the received content type. Note that the BCMCS Controller 109 can transmit an encryption key or decryption key update request every predetermined time interval or whenever information in the encryption key / decryption key database 1503 is updated. Further, the encryption key / decryption key may be transmitted in response to a request from the AN-AAA 105 or the content server 108.

  The present invention can be used, for example, in an industry related to wireless communication that enables distribution of data encrypted by a broadcast channel.

1 is a configuration diagram of a 1xEV-DO network for distributing a decryption key. FIG. The figure which shows the decoding key delivery procedure by a known method. The figure which shows the decoding key delivery procedure at the time of terminal authentication. The figure which shows the decryption key switching method. The figure which shows the decryption key delivery procedure by re-authentication processing. The figure which shows the decryption key delivery procedure during data communication. The figure which shows the procedure which transmits the decoding key of 3 or more numbers. The figure which shows the key switching method when three or more numbers of decryption keys are transmitted. The figure which shows the key switching information delivery method by AN-AAA. The figure which shows AT hardware. The figure which shows the decryption key database of AT. The figure which shows AN-AAA hardware. The figure which shows the decryption key database of AN-AAA. The figure which shows the subscriber database of AN-AAA. The figure which shows BCMCS Controller hardware. The figure which shows the encryption key and decryption key database of BCMCS Controller. The figure which shows content server hardware. The figure which shows the encryption key database of a content server. The figure which shows PCF hardware. The figure which shows the decryption key database of PCF. The figure which shows the call control database of PCF. The figure which shows the Access Accept message format. The flowchart about the process of authentication and key distribution of AN-AAA105. The conventional network block diagram.

Explanation of symbols

101: Mobile device 1 (AT1; Access Terminal 1) capable of receiving a broadcast channel
102 ... Mobile station 2 (AT2; Access Terminal 2) capable of receiving a broadcast channel
103 ... A base station (AN; Access Network) capable of transmitting a broadcast channel
104 ... Packet control device (PCF)
105: AAA for terminal authentication (AN-AAA; Access Network-Authentication, Authorization and Accounting)
106 ... BCMCS service device (BSN; BCMCS Serving Node)
107: Packet data service device (PDSN)
108 ... content server 109 ... BCMCS controller (BCMCS Controller)
110: AAA for user authentication (AAA; Authentication, Authorization and Accounting)
111 ... Internet 1203 ... Decryption key database 1204 ... Subscriber database 1903 ... Decryption key database 1904 ... Call control database

Claims (5)

The content server transmits the data encrypted using the encryption key received from the control device that manages the encryption key and / or the decryption key to the wireless terminal via the broadcast channel, and the wireless terminal previously corresponds to the encryption key. An authentication device in a wireless communication system for decrypting received data using a distributed decryption key,
A decryption key database in which the received content type or identification information, a decryption key, and an effective time are stored correspondingly;
A content registration database in which a terminal identifier and content type or identification information of content that can be received by the terminal are stored in advance;
A processing unit that performs terminal authentication and decryption key distribution,
The processor is
Receiving the content type or identification information and the corresponding decryption key and valid time from the control device, and storing them in the decryption key database;
Receiving an authentication request including a terminal identifier from the wireless terminal;
Perform terminal authentication according to the received authentication request,
Based on the terminal identifier in the received authentication request, refer to the content registration database to obtain the corresponding content type or identification information,
Based on the acquired content type or identification information, refer to the decryption key database, acquire the corresponding decryption key and valid time,
The said authentication apparatus which transmits an authentication result and the acquired decoding key and effective time to the said radio | wireless terminal or a packet control apparatus.   The transmission of the authentication result to the wireless terminal or the packet control device and the acquired decryption key and effective time includes the acquired decryption key and the effective time in the message for notifying the authentication result, The authentication apparatus according to claim 1, which transmits the authentication apparatus. The packet control apparatus transmits a terminal call signal to which information that it is a call signal for performing terminal authentication is added, and the wireless terminal that has received the terminal call signal includes a terminal identifier transmitted according to the terminal call signal When the processing unit receives the authentication request,
The processor is
Re-authenticate the terminal according to the received authentication request, refer to the content registration database and the decryption key database, decrypt the content type or identification information, one or more decryption keys having an effective time in the future from the current time, and decryption The authentication apparatus according to claim 1, wherein the authentication apparatus performs processing of acquiring one or a plurality of valid times corresponding to the key and transmitting the acquired time to the wireless terminal or the packet control apparatus. The processor is
Using a session between a wireless terminal and a wireless base station established for data communication, receiving an authentication request including a terminal identifier from the wireless terminal in data communication; and
In accordance with the received authentication request, terminal authentication is performed again, referring to the content registration database and the decryption key database, the content type or identification information, and one or more decryption keys having a valid time in the future from the current time, The authentication device according to claim 1, wherein the authentication device performs processing for acquiring one or a plurality of valid times corresponding to the decryption key and transmitting them to the wireless terminal or the packet control device. Wherein the processing unit, for the wireless terminal in data communication,
Using a session between the wireless terminal and the wireless base station established for data communication, receiving an authentication request including a terminal identifier from the wireless terminal; and
Terminal authentication is performed again in accordance with the received authentication request, the content registration database and the decryption key database are referred to, the content type or identification information, and one or a plurality of decryption keys having an effective time in the future from the current time Obtaining one or a plurality of valid times corresponding to the decryption key, and transmitting to the wireless terminal or the packet control device,
Meanwhile, the processing unit, for the wireless terminal is not in data communication,
Receiving an authentication request including a terminal identifier, transmitted according to the terminal call signal, from the wireless terminal that has received the terminal call signal to which information that it is a call signal for implementing terminal authentication is received; and
Terminal authentication is performed again in accordance with the received authentication request, the content registration database and the decryption key database are referred to, the content type or identification information, and one or a plurality of decryption keys having an effective time in the future from the current time The authentication device according to claim 1, wherein one or a plurality of valid times corresponding to a decryption key are acquired and transmitted to the wireless terminal or the packet control device.

Images