US20060291662A1 - Decryption-key distribution method and authentication apparatus - Google Patents

Decryption-key distribution method and authentication apparatus Download PDF

Info

Publication number
US20060291662A1
US20060291662A1 US11/445,178 US44517806A US2006291662A1 US 20060291662 A1 US20060291662 A1 US 20060291662A1 US 44517806 A US44517806 A US 44517806A US 2006291662 A1 US2006291662 A1 US 2006291662A1
Authority
US
United States
Prior art keywords
key
decryption
terminal
decryption key
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US11/445,178
Other languages
English (en)
Inventor
Yosuke Takahashi
Shiro Mazawa
Akihiko Yoshida
Daigo Takayanagi
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hitachi Ltd
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Publication of US20060291662A1 publication Critical patent/US20060291662A1/en
Assigned to HITACHI COMMUNICATION TECHNOLOGIES, LTD. reassignment HITACHI COMMUNICATION TECHNOLOGIES, LTD. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: MAZAWA, SHIRO, TAKAHASHI, YOSUKE, TAKAYANAGI, DAIGO, YOSHIDA, AKIHIKO
Assigned to HITACHI, LTD. reassignment HITACHI, LTD. MERGER (SEE DOCUMENT FOR DETAILS). Assignors: HITACHI COMMUNICATION TECHNOLOGIES, LTD.
Priority to US13/044,646 priority Critical patent/US8307455B2/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution

Definitions

  • the present invention relates to decryption-key distribution methods and authentication apparatuses.
  • the present invention mainly relates to radio communication methods which allow encrypted data to be distributed through a broadcasting channel, and more particularly, to a decryption-key distribution method and an authentication apparatus used in CDMA radio communication systems.
  • the Third Generation Partnership Project 2 (3GPP2) an international standardization organization, has been standardized the CDMA2000 1 ⁇ method, which is a mobile communication method allowing audio communication and data communication, and the CDMA2000 1 ⁇ evolution-data only (1 ⁇ EV-DO) method, which is a mobile communication method that has improved frequency use efficiency by dedicating itself to data communication only.
  • Unicast communication communication between terminals on a one-to-one correspondence basis, has been implemented in a mobile network by the CDMA2000 1 ⁇ and CDMA2000 1 ⁇ EV-DO methods.
  • Implementation of multicast communication communication between one terminal and multiple terminals, has been examined.
  • a broadcast channel for data transfer in an radio interface has been standardized.
  • a broadcast channel for the CDMA2000 1 ⁇ method has been standardized in C.S0001-D v1.0, C.S0002-D v1.0, C.S0003-D v1.0, C.S0004-D v1.0, and C.S0005-D v1.0, which are all 3GPP2 standards published in March, 2004.
  • a broadcast channel for the CDMA2000 1 ⁇ EV-DO method has been standardized in C.S0054-0 v1.0, published by 3GPP2 in March, 2004.
  • a service using a broadcast channel is called a broadcast multicast service (BCMCS).
  • BCMCS broadcast multicast service
  • a Unicast channel conventionally used for communication between a base station and a mobile terminal, allows only the single mobile terminal to receive data sent from the base station.
  • a broadcast channel standardized for supporting multicast communication, allows all mobile terminals which can receive radio to receive data sent from a base station. Therefore, data transmitted through a broadcast channel can be received by all mobile terminals.
  • a method has been discussed in which data is encrypted, and a key (decryption key) necessary to decrypt the encrypted data is distributed to the group of selected mobile terminals in advance by unicast communication or other communication.
  • FIG. 24 is a structural view of a system for providing a BCMCS in a CDMA2000 1 ⁇ EV-DO network. This figure shows a state in which data is sent to a plurality of mobile terminals through a broadcast channel of the CDMA2000 1 ⁇ EV-DO method.
  • a contents server 108 generates and transmits broadcast-channel data. This data is transmitted as IP packets which are attached a multicast IP address to a broadcast serving node (BSN) 106 .
  • the contents server 108 encrypts the IP packets with the encryption key which is managed by a BCMCS controller 109 and transmits the packets.
  • the contents server 108 receives in advance the encryption key necessary for encryption from the BCMCS controller 109 before transmitting the broadcast data.
  • the BSN 106 receives the packets, applies framing processing, such as HDLC-like framing defined in IETF RFC 1662 , published in July, 1994, to the IP packets in order for mobile terminals to determine the boundaries of the IP packets, and transmits the IP packets to a packet control unit (packet control function: PCF) 104 .
  • the PCF 104 receives the packets from the BSN 106 , buffers the packets, adjusts the transfer rate to a transfer rate suited to a radio bandwidth, and transmits the packets to a base station (access node: AN) 103 .
  • the AN 103 receives the packets from the PCF 104 , and transmits the packets by radio through a broadcast channel.
  • the packets sent through the broadcast channel are received by a plurality of mobile terminals, such as access terminals (ATs) 101 and 102 .
  • the BCMCS controller 109 manages information on the broadcast data, a data base for holding an encryption key and a decryption key used for encrypting and decrypting the broadcast data, whether each mobile terminal has a receiving authority, and others.
  • an access network for authentication, authorization and accounting (AN-AAA) 105 is a authentication server for authenticating mobile terminals.
  • the server determines, for example, whether the business party has approved a radio connection to a certain mobile terminal.
  • a packet-data serving node (PDSN) 107 terminates point-to-point protocol (PPP) in order to support unicast communication with a mobile terminal.
  • the PDSN 107 mediates packets between the IP protocol, used in the Internet 111 , and a protocol used in the radio network.
  • An authentication, authorization, and accounting unit (AAA) 110 is an authentication server for authenticating users who use the mobile terminals, and determines whether a connection to the Internet 111 through a radio connection from a user using a mobile terminal has been approved.
  • FIG. 2 shows a decryption-key distribution procedure based on Annex A of X.P0022, which is a proposed 3GPP2 standard.
  • the BSN 106 receives data to be transmitted through the broadcast channel, from the contents server 108 , and sends the data to the AN 103 through the PCF 104 .
  • the AN 103 receives the data, and sends it to the AT 101 by radio through the broadcast channel (in step 201 ).
  • the data received by the AT 101 has been encrypted. Since the AT 101 does not have a key (decryption key) for decryption, the AT 101 discards the data.
  • a 1 ⁇ EV-DO session is established between the AT 101 and the AN 103 , and a parameter for a radio protocol to be used in subsequent processes and other items are determined in the establishment (in step 202 ).
  • the AT 101 establishes a connection for data communication according to information of the established 1 ⁇ EV-DO session (in step 203 ).
  • This connection is for one-to-one-correspondence unicast communication between the AT 101 and the AN 103 , and is separately prepared from the broadcast channel. Since communication is performed on this connection in steps 203 to 215 , the contents of the communication cannot be received by the other ATs.
  • the AN 103 and PCF 104 determine that the AT 101 first established the connection after the session establishment (in step 202 ), and perform, before making the AT 101 ready for communication, terminal authentication that determines whether a communication right has been given to the AT 101 .
  • terminal authentication As a preparation for this terminal authentication, an authentication path is established between the AN 103 and the PCF 104 (in step 204 ).
  • link control protocol (LCP), defined in PPP, is established (in step 205 ) by using the connection established in step 203 and the authentication path established in step 204 .
  • the PCF 104 sends, for example, a CHAP request message to the AT 101 to request terminal authentication (in step 206 ).
  • the AT 101 calculates an authenticator by using information included in the CHAP request message and unique mobile-terminal information held by the AT 101 , and sends a CHAP response message that includes the authenticator to the PCF 104 (in step 207 ).
  • the PCF 104 sends an access request message that includes the received authenticator to the AN-AAA 105 (in step 208 ).
  • the AN-AAA 105 checks the validity of the received authenticator. When the AN-AAA 105 determines that the received authenticator is valid, the AN-AAA 105 sends an access accept message to the PCF 104 as a terminal-authentication approval (in step 209 ). The PCF 104 sends a CHAP success message to the AT 101 to report an authentication approval (in step 210 ).
  • a data path is established between the AN 103 and PCF 104 in order to establish a unicast communication path (in step 211 ).
  • a data path is also established between the PCF 104 and PDSN 107 (in step 212 ).
  • PPP is established between the AT 101 and PDSN 107 (in step 213 ) in order to perform framing necessary for unicast communication.
  • the AT 101 transmits an HTTP information acquisition request message to the BCMCS controller 109 (in step 214 ).
  • the BCMCS controller 109 sends an HTTP information acquisition response message that includes a decryption key and information on the valid period of the decryption key to the AT 101 (in step 215 ).
  • the AT 101 can receive data (in step 216 ) because it can now decrypt the encrypted data sent from the AN 103 by using the decryption key received in step 215 .
  • a unicast radio resource is obtained and a mobile terminal communicates by radio through the resource with a server managing decryption keys to obtain a decryption key.
  • the procedure shown in FIG. 2 is disclosed in Annex A of X.P0022-0.
  • steps 211 to 215 are required.
  • the PDSN PPP session shown in step 213 needs to be terminated and the transaction processing performed by the BCMCS controller, shown in steps 214 and 215 , is necessary, resources are used in the PDSN and BCMCS controller.
  • a long time is required therefor.
  • the decryption key cannot be obtained without obtaining a radio resource therefor.
  • Data sent through a broadcast channel cannot be received without the decryption key. Therefore, even for receiving broadcast data which the base station providing communications does not need to obtain its communication condition, communication for sending the decryption key to the mobile terminal is required, resulting in increases in the amount of communication, in radio traffic, and in communication-network traffic.
  • the PDSN 107 In the conventional methods, in order to establish PPP between the PDSN 107 and AT 101 and to perform communication with the BCMCS controller 109 , the PDSN 107 needs to manage and process an increased number of sessions and the BCMCS controller 109 needs to manage and process an increased number of transactions. With this reason, the PDSN 107 and the BCMCS controller 109 are requested to have high performance, sometimes resulting in a large-scale facility. Since PPP establishment and communication with the BCMCS controller 109 are necessary, a processing time is required until the AT 101 obtains the decryption key, and it takes long to start receiving broadcast data on the AT 101 side after a session is established.
  • an object of the present invention is to provide a decryption-key distribution method and an authentication apparatus which distribute a decryption key only to an intended mobile terminal safely without increasing the amount of communication caused by a special communication for obtaining the decryption key.
  • Another object of the present invention is to update the decryption key during data receiving through a broadcast channel without any interruption.
  • Still another object of the present invention is to receive the decryption key while suppressing an increase in a session count and an increase in a transaction count.
  • Yet another object of the present invention is to shorten a processing time in which the mobile terminal obtains the decryption key.
  • the present invention is characterized by providing means for sending a decryption key in a procedure for authenticating a mobile terminal, so that the decryption key is transmitted only to a mobile terminal which is allowed to receive data sent through a broadcast channel.
  • the present invention allows PPP establishment processing between the AT 101 and the PDSN 107 and a transaction generated between the AT 101 and the BCMCS controller 109 to be omitted, both of which are conventionally required. Therefore, the amount of processing required in the PDSN 107 and the BCMCS controller 109 can be reduced and a processing delay can be reduced because the number of transactions is reduced.
  • the present invention provides means for updating the decryption key periodically with a valid period being assigned to an already sent decryption key.
  • the present invention is characterized by providing a procedure in which a mobile terminal which has received a decryption key cannot continuously receive data sent through a broadcast channel if the mobile terminal loses a right to receive the data.
  • One example of this case is when the mobile-terminal contract is cancelled.
  • a decryption-key distribution method of the present invention is, for example, a decryption-key distribution method used in a radio communication system that employs a radio technique where data is encrypted and sent through a broadcast channel provided for data distribution between a radio base station and a radio terminal, characterized in that, when the radio terminal performs terminal authentication, a key for decrypting the encrypted data is sent by a signal used for the terminal authentication.
  • the decryption key when a first decryption key for the data currently being transmitted, a second decryption key or a desired number of decryption keys for data to be transmitted in the future, and the start time of use of the second decryption key or the start time of use of each of the desired number of decryption keys are specified to update the decryption key, the decryption key can be switched.
  • the terminal authentication when the radio base station sends a calling signal for performing terminal authentication, the terminal authentication can be started and the first decryption key, the second decryption key or the desired number of decryption keys, and the start time of use of the second decryption key or the start time of use of each of the desired number of decryption keys can be sent to the radio terminal.
  • the terminal authentication when the radio base station sends a calling signal for performing terminal authentication to the radio terminal during communication through a connection for unicast communication between them, the terminal authentication can be started and the first decryption key, the second decryption key or the desired number of decryption keys, and the start time of use of the second decryption key or the start time of use of each of the desired number of decryption keys can be sent to the radio terminal.
  • the present invention provides a decryption-key distribution method for distributing a decryption key to a radio terminal in a radio communication system where a contents server encrypts data with an encryption key received from a control unit managing the encryption key and/or the decryption key and sends the data to the radio terminal through a broadcast channel, and the radio terminal decrypts the received data with the decryption key corresponding to the encryption key and distributed in advance.
  • the decryption-key distribution method includes: a step, performed by an authentication unit, of receiving a content type or content identification information, and a corresponding decryption key and valid period of the decryption key from the control unit and of storing the received content type or content identification information, corresponding decryption key, and valid period of the decryption key in a decryption-key data base in association with each other; a step, performed by the authentication unit, of receiving an authentication request that includes a terminal identifier from the radio terminal; a step, performed by the authentication unit, of authenticating the terminal in response to the received authentication request; a step, performed by the authentication unit, of referring to a content registration data base where the terminal identifier and the content type or content identification information of a content which the terminal can receive are stored in advance in association with each other, according to the terminal identifier included in the received authentication request to obtain the corresponding content type or content identification information; a step, performed by the authentication unit, of referring to the decryption-key
  • the present invention provides an authentication unit in a radio communication system where a contents server encrypts data with an encryption key received from a control unit managing the encryption key and/or a decryption key and sends the data to a radio terminal through a broadcast channel, and the radio terminal decrypts the received data with the decryption key corresponding to the encryption key and distributed in advance.
  • the authentication unit includes: a decryption-key data base for storing a received content type or content identification information, decryption key, and valid period of the decryption key in association with each other; a content registration data base having stored in advance a terminal identifier and the content type or content identification information of a content which the terminal can receive, in association with each other; and a processing section for authenticating the terminal and distributing the decryption key, wherein the processing section receives a content type or content identification information, a corresponding decryption key and valid period of the decryption key from the control unit and stores them in the decryption-key data base, receives an authentication request that includes a terminal identifier from the radio terminal, authenticates the terminal in response to the received authentication request, refers to the content registration data base according to the terminal identifier included in the received authentication request to obtain a corresponding content type or content identification information, refers to the decryption-key data base according to the obtained content type or content identification information to obtain a
  • a decryption-key distribution method for safely distributing a decryption key only to a mobile terminal which intends to receive the key is implemented without increasing the amount of communication dedicated to decryption-key distribution.
  • the decryption key can be updated without any interruption while data is being received through a broadcast channel.
  • a decryption key can be received while an increase in the number of sessions and an increase in the number of transactions are suppressed.
  • a terminal can generate a decryption key in a reduced period of time. According to the present invention, a period from when a terminal starts a session to when the terminal starts receiving broadcast data can be reduced.
  • a decryption key is distributed to each radio terminal at different timing, so that communication is prevented from converging at a certain period.
  • FIG. 1 is a view showing the structure of a 1 ⁇ EV-DO network for distributing a decryption key.
  • FIG. 2 is a view showing a decryption-key distribution procedure according to a known method.
  • FIG. 3 is a view showing a decryption-key distribution procedure used in terminal authentication.
  • FIG. 4 is a view showing a decryption-key switching method.
  • FIG. 5 is a view showing a decryption-key distribution procedure used in a re-authentication process.
  • FIG. 6 is a view showing a decryption-key distribution procedure used during data communication.
  • FIG. 7 is a view showing a procedure for sending three or more decryption keys.
  • FIG. 8 is a view showing a decryption-key switching method used when three or more decryption keys are sent.
  • FIG. 9 is a view showing a key-switching-information distribution method used by an AN-AAA.
  • FIG. 10 is a view showing the hardware of an AT.
  • FIG. 11 is a view showing a decryption-key data base of the AT.
  • FIG. 12 is a view showing the hardware of the AN-AAA.
  • FIG. 13 is a view showing a decryption-key data base of the AN-AAA.
  • FIG. 14 is a view showing a subscriber data base of the AN-AAA.
  • FIG. 15 is a view showing the hardware of a BCMCS controller.
  • FIG. 16 is a view showing an encryption-key and decryption-key data base of the BCMCS controller.
  • FIG. 17 is a view showing the hardware of a contents server.
  • FIG. 18 is a view showing an encryption-key data base of the contents server.
  • FIG. 19 is a view showing the hardware of a PCF.
  • FIG. 20 is a view showing a decryption-key data base of the PCF.
  • FIG. 21 is a view showing a call-control data base of the PCF.
  • FIG. 22 is a view showing the format of an access accept message.
  • FIG. 23 is a flowchart of authentication and key distribution processing in the AN-AAA.
  • FIG. 24 is a view showing a conventional network.
  • FIG. 1 is a view showing the structure of a 1 ⁇ EV-DO network system according to an embodiment of the present invention.
  • the 1 ⁇ EV-DO network system shown in FIG. 1 is used as an example in the following description.
  • the present invention can also be applied to systems having a mobile-terminal authentication function and a broadcast channel through which encrypted data can be transmitted.
  • the network system includes, for example, a base station (access node: AN) 103 , a packet control unit (packet control function: PCF) 104 , an authentication unit (access network for authentication, authorization and accounting: AN-AAA) 105 , a BCMCS service unit (broadcast serving node: BSN) 106 , a packet-data service unit (packet-data serving node: PDSN) 107 , a contents server 108 , a BCMCS controller 109 , and an authentication, authorization, and accounting unit (AAA) 110 .
  • the BCMCS controller 109 which manages decryption keys, is also connected. Since each unit is the same as that described above, a description thereof is omitted here.
  • FIG. 10 shows the hardware configuration of the AT.
  • the AT includes a CPU 1001 for processing a data transfer routine and a call control program for communicating with the AN 103 , a memory 1002 for temporarily storing software being executed and data in data processing, an external storage unit 1003 having a decryption-key data base that manages decryption keys used for decrypting encrypted broadcast data, a modulation and demodulation unit 1005 for modulating data to be sent to the AN 103 to generate a radio signal and for demodulating a radio signal received from the AN 103 to obtain data, and a radio frequency (RF) circuit 1006 for transmitting and receiving radio signals.
  • Each component is connected, for example, via a communication bus 1004 serving as a communication line implementing communication between components.
  • the RF circuit 1006 receives a radio signal and the modulation and demodulation unit 1005 demodulates the radio signal to obtain the broadcast data.
  • the obtained broadcast data is temporarily written in the memory 1002 .
  • the CPU 1001 accesses the external storage unit 1003 , having the decryption-key data base, to obtain a corresponding decryption key to decrypt the received data written in the memory 1002 .
  • the CPU 1001 obtains a decryption key appropriate for the current time by referring to the valid periods stored in the decryption-key data base.
  • FIG. 11 shows an example detailed structure of the decryption-key data base held by the AT.
  • the decryption-key data base 1003 includes a content type 1101 , a key type 1102 , a key valid period 1103 , and a decryption key 1104 corresponding to the content type 1101 and the key valid period 1103 .
  • the data base can include a plurality of pieces of contents information.
  • the AT uses the time when it received the data and the content type of the data to select the corresponding decryption key written in the decryption-key data base 1003 , and decrypts the data with the decryption key.
  • the key type may be omitted.
  • the content type may be content identification information for identifying each content, or information indicating each content group.
  • FIG. 12 is a view showing the hardware configuration of the AN-AAA 105 .
  • the AN-AAA 105 includes a CPU 1201 for processing a call-control protocol used for communications with the PCF 104 and the BCMCS controller 109 , calculations required for terminal authentication, and decryption-key distribution, a memory 1202 for temporarily storing software being executed and data in data processing, a first external storage unit 1203 having a decryption-key data base that manages decryption keys used for decrypting encrypted broadcast data, a second external storage unit 1204 having a subscriber data base that manages passwords used for terminal authentication and that stores information indicating the decryption keys corresponding to contents, which can be sent to each mobile terminal, and a network interface 1206 for communicating with the PCF 104 , the BCMCS controller 109 , and other units.
  • Each component is connected, for example, via a communication bus 1205 serving as a communication line implementing communication between components.
  • the first and second external storage units may be
  • the AN-AAA 105 receives a terminal-authentication request from the PCF 104 via the network interface 1206 , and temporarily stores the request in the memory 1202 .
  • the CPU 1201 reads the request from the memory 1202 and accesses the external storage unit 1204 , having the subscriber data base, to obtain the password corresponding to the mobile terminal which generated the request.
  • the CPU 1201 compares the password received in the request with the password stored in the external storage unit 1204 (or compares authenticators based on the passwords). When they match, the CPU 1201 determines that the terminal authentication has succeeded. Then, the CPU 1201 accesses the external storage unit 1203 , having the decryption-key data base, to obtain the decryption key to be sent to the mobile terminal.
  • the CPU 1201 sends via the network interface 1206 a result showing that the terminal authentication has succeeded and the decryption key to the PCF 104 . If the terminal authentication does not succeed, the acquisition and transmission of the decryption key can be o
  • FIG. 13 shows an example detailed structure of the decryption-key data base 1203 held by the AN-AAA 105 .
  • the decryption-key data base 1203 includes a content type 1301 , a key type 1302 , a key valid period 1303 , and a decryption key 1304 corresponding to the content type 1301 and the key valid period 1303 .
  • the data base can include a plurality of pieces of contents information.
  • the AN-AAA 105 obtains an appropriate decryption key by referring to the decryption-key data base 1203 .
  • the key type may be omitted.
  • the AN-AAA 105 obtains and stores in advance decryption keys and other information from the BCMCS controller 109 , which manages the encryption keys and decryption keys. A detailed procedure will be described later.
  • FIG. 14 shows an example detailed structure of the subscriber data base 1204 held by the AN-AAA 105 .
  • the subscriber data base 1204 has a terminal authentication table 1401 used for terminal authentication and a content registration table 1402 indicating a registration state that shows a content or contents allowed to each terminal.
  • the terminal authentication table 1401 shows the correspondence between a mobile-terminal identifier 1403 and a password 1404 .
  • the content registration table 1402 shows the correspondence between a mobile-terminal identifier 1405 and a registered content 1406 which each mobile terminal is allowed to receive.
  • the terminal authentication table 1401 and the content registration table 1402 can be stored in advance. These two tables 1401 and 1402 may be combined into one table. In addition to a table structure, any appropriate format can be used. This also applies to other tables.
  • FIG. 15 is a view showing the hardware configuration of the BCMCS controller 109 .
  • the BCMCS controller 109 includes a CPU 1501 for processing a call-control protocol used for communications with the AN-AAA 105 and the contents server 108 , a memory 1502 for temporarily storing software being executed and data in data processing, an external storage unit 1503 having an encryption-key and decryption-key data base that manages a table in which encryption keys and decryption keys correspond to each broadcast-data content, and a network interface 1505 for communicating with the AN-AAA 105 , the contents server 108 , and other units.
  • Each component is connected, for example, via a communication bus 1504 serving as a communication line implementing communication between components.
  • the BCMCS controller 109 sends an encryption key or a decryption key to the AN-AAA 105 or to the contents server 108
  • the CPU 1501 accesses the external storage unit 1503 , having the encryption-key and decryption-key data base, to obtain the encryption key or the decryption key.
  • These keys are sent to the AN-AAA 105 or to the contents server 108 via the network interface 1505 .
  • FIG. 16 shows an example detailed structure of the encryption-key and decryption-key data base 1503 held by the BCMCS controller 109 .
  • the encryption-key and decryption-key data base 1503 includes a content type 1601 , a key valid period 1602 , and an encryption key 1603 and a decryption key 1604 corresponding to the content type 1601 and the key valid period 1602 .
  • the data base can include a plurality of pieces of contents information.
  • the BCMCS controller 109 uses information stored in the data base to distribute a decryption key to the AN-AAA 105 and to distribute an encryption key to the contents server 108 . Each information can be registered in advance manually or automatically.
  • FIG. 17 is a view showing the hardware configuration of the contents server 108 .
  • the contents server 108 includes a CPU 1701 for processing a call-control protocol used for communications with the BSN 106 and the BCMCS controller 109 , a memory 1702 for temporarily storing software being executed and data in data processing, an external storage unit 1703 having an encryption-key data base that manages a table in which an encryption key is specified for each broadcast-data content, and a network interface 1705 for communicating with the BSN 106 , the BCMCS controller 109 , and other units.
  • Each component is connected, for example, via a communication bus 1704 serving as a communication line implementing communication between components.
  • the contents server 108 receives information indicating an encryption key necessary for encrypting broadcast data and the valid period of the encryption key, from the BCMCS controller 109 , and stores them in the external storage unit 1703 , having the encryption-key data base. To send broadcast data, the contents server 108 uses the information of the encryption key corresponding to the content type and current time to encrypt the broadcast data and sends it to the BSN 106 via the network interface 1705 .
  • FIG. 18 shows an example detailed structure of the encryption-key data base 1703 held by the contents server 108 .
  • the encryption-key data base 1703 includes a content type 1801 , a key valid period 1802 , and an encryption key 1803 corresponding to the content type 1801 and the key valid period 1802 .
  • the data base can include a plurality of pieces of contents information.
  • the contents server 108 uses an encryption key 1803 stored in the data base 1703 to encrypt the broadcast data.
  • FIG. 19 is a view showing the hardware configuration of the PCF 104 .
  • the PCF 104 includes a CPU 1901 for processing a call-control protocol used for communications with the BSN 106 and the AN 103 , a memory 1902 for temporarily storing software being executed and data in data processing, a third external storage unit 1903 having a decryption-key data base that manages a table where a decryption key is specified for each broadcast-data content, a fourth external storage unit 1904 having a call-control data base that manages decryption keys already sent to ATs, and a network interface 1906 for communicating with the BSN 106 , the AN 103 , and other units.
  • Each component is connected, for example, via a communication bus 1905 serving as a communication line implementing communication between components.
  • the PCF 104 stores a decryption key obtained from the AN-AAA 105 through terminal authentication, in the external storage unit 1903 , having the decryption-key data base.
  • the PCF 104 manages an already distributed decryption key and/or its valid period for each mobile terminal, in the external storage unit 1904 , having the call-control data base. According to the contents recorded in the call-control data base 1904 , re-distribution processing of a decryption key can be performed.
  • FIG. 20 shows an example detailed structure of the decryption-key data base 1903 held by the PCF 104 .
  • the decryption-key data base 1903 includes a content type 2001 , a key valid period 2002 , and a decryption key 2003 corresponding to the content type 2001 and the key valid period 2002 .
  • the data base can include a plurality of pieces of contents information.
  • the PCF 104 receives a decryption key from the AN-AAA 105 through terminal authentication, and records it in the data base.
  • the decryption-key data base 1903 can be omitted.
  • FIG. 21 shows an example detailed structure of the call-control data base 1904 held by the PCF 104 .
  • the call-control data base 1904 includes a mobile-terminal identifier 2101 used to identify each mobile terminal, a content type 2102 corresponding to the decryption key already sent to the mobile terminal identified by the mobile-terminal identifier 2101 , and an already-sent-key valid period 2103 indicating the valid period of the decryption key already sent to the mobile terminal.
  • the PCF 104 can confirm the valid period of a key according to the contents recorded in the call-control data base and determine a key re-distribution time.
  • the PCF 104 can send a new decryption key to an AT a predetermined time before the end of the valid period of the key already sent, by referring to the already-sent-key valid period 2103 .
  • the already-sent-key valid period may be the valid period of only the latest decryption key, or the end time of the valid period of the latest decryption key.
  • a plurality of valid periods already sent may be included.
  • FIG. 22 shows an example format of an access accept message used for transferring a decryption key from the AN-AAA 105 to the PCF 104 .
  • a code field 2201 indicates the message type of the access accept message.
  • An identifier field 2202 has a value changed for each message transmission and is used for message re-transmission control.
  • a length field 2203 indicates the total length of the message in units of octets.
  • a response authenticator field 2204 is used for authentication between the AN-AAA 105 and the PCF 104 .
  • a decryption-key information element 2205 defines a field for sending a decryption key and its valid period.
  • a vendor id field 2206 currently shows 159 F 16 , defined in the 3GPP2, as an example.
  • a vendor-type field 2207 shows 3 F 16 , indicating that a decryption key is included in the information element.
  • a vendor-length field 2208 indicates the length of fields included after the vendor-type field 2207 , including the length of the vendor-type field 2207 .
  • a content-ID field 2209 indicates the content type.
  • a decryption-key field 2210 indicates the decryption key.
  • a start-time field 2211 indicates the start time of the decryption-key valid period, and an end-time field 2212 indicates the end time of the decryption-key valid period.
  • the AN-AAA 105 may include a decryption key, its valid period, and others in an appropriate message signal used for informing authentication approval/unapproval, other than an access accept message, and send the signal to the AT.
  • FIG. 3 shows a decryption-key distribution procedure used in terminal authentication.
  • the contents server 108 sends broadcast data to the AN 103 through the BSN 106 and PCF 104 .
  • the AN 103 receives the data, and sends it to the AT 101 by radio through a broadcast channel (in step 301 ).
  • the data received by the AT 101 has been encrypted. Since the AT 101 does not have a key (decryption key) for decryption, the AT 101 discards the data.
  • the contents server 108 uses an encryption key stored in its inside in the encryption-key data base 1703 to encrypt the broadcast data and sends it.
  • a 1 ⁇ EV-DO session is established between the AT 101 and the AN 103 (in step 302 ). This is performed at appropriate timing determined in advance, for example, when the AT 101 is turned on. Then, a connection for unicast communication is established (in step 303 ). Since this connection establishment is the first one after the 1 ⁇ EV-DO session was established, an authentication path is established between the AN 103 and the PCF 104 (in step 304 ) as a preparation for terminal authentication.
  • LCP defined in PPP
  • the PCF 104 sends a CHAP request message to the AT 101 to request terminal authentication (in step 306 ).
  • the AT 101 calculates an authenticator by using information included in the CHAP request message and unique mobile-terminal information held by the AT 101 , and sends a CHAP response message that includes the authenticator and mobile-terminal identifier to the PCF 104 (in step 307 ).
  • Appropriate messages can be used instead of the CHAP request message and the CHAP response message.
  • the PCF 104 sends an access request message that includes the received authenticator and mobile-terminal identifier to the AN-AAA 105 (in step 308 ).
  • the AN-AAA 105 determines that the received authenticator is valid, the AN-AAA 105 sends an access accept message to the PCF 104 as a terminal-authentication approval (in step 309 ).
  • a decryption key (indicated as the current decryption key in the figure) necessary for decrypting, for example, the broadcast data being transmitted in step 301 and a decryption key (indicated as the future decryption key in the figure) necessary for decrypting broadcast data to be transmitted in the future, and the valid periods of the keys are transmitted in the access accept message.
  • a decryption key (indicated as the current decryption key in the figure) necessary for decrypting, for example, the broadcast data being transmitted in step 301 and a decryption key (indicated as the future decryption key in the figure) necessary for decrypting broadcast data to be transmitted in the future, and the valid periods of the keys.
  • FIG. 23 is a flowchart of authentication and key distribution performed by the AN-AAA 105 . These processes can be executed, for example, by the CPU 1201 of the AN-AAA 105 .
  • the AN-AAA 105 first receives the access request message (in step S 11 , which corresponds to step 308 in FIG. 3 ), and performs terminal authentication (in step S 13 ).
  • the AN-AAA 105 refers to the terminal authentication table in the subscriber data base 1204 according to the mobile-terminal identifier included in the message to obtain the corresponding password.
  • the AN-AAA 105 obtains an authenticator according to the mobile-terminal identifier and the password by the same method as used by the AT, and compares the obtained authenticator with the authenticator included in the access request message. When they match, the AN-AAA 105 determines that the terminal has been authenticated.
  • the AN-AAA 105 can perform predetermined processing such as transmitting information indicating authentication unapproval to the PCF 104 .
  • An appropriate authentication method can be used such as verifying the mobile-terminal identifier and password, instead of verifying the authenticator.
  • the AN-AAA 105 refers to the content registration table in the subscriber data base 1204 according to the received mobile-terminal identifier to obtain the corresponding registered-content type (such as identifier) (in step S 15 ).
  • the AN-AAA 105 then refers to the decryption-key data base 1203 according to the obtained registered-content type to obtain the corresponding decryption key and its valid period (in step S 17 ).
  • a specified-in-advance number of decryption keys and valid periods can be obtained.
  • the AN-AAA 105 puts the obtained decryption key and valid period in an access accept message, and sends it to the PCF 104 or to the AT (in step S 19 , which corresponds to step 309 in FIG. 3 ).
  • the AN-AAA 105 can store the obtained content type in the content-ID field 2209 , the obtained decryption key in the description-key field 2210 , the start time of the obtained valid period in the start-time field 2211 , and the end time thereof in the end-time field 2212 , and send the message.
  • the PCF 104 records the information received from the AN-AAA 105 in the decryption-key data base and call-control data base held inside the PCF 104 .
  • the PCF 104 stores the content type, key valid period, and decryption key included in the access accept message in association with each other in the decryption-key data base.
  • the information stored in the data base is used when the decryption key is switched.
  • the PCF 104 sends a CHAP success message to the AT 101 to tell that the terminal has been authenticated.
  • the PCF 104 also sends the current decryption key, the future decryption key, and the key valid periods to the AT 101 (in step 310 ).
  • the PCF 104 stores the content type and the valid periods of the decryption keys sent to the AT 101 in the call-control data base 1904 in association with the mobile-terminal identifier of the AT 101 .
  • the valid periods may be the latest (newest) valid period among the plurality of valid periods sent, a time difference between the earliest time to the latest time among the valid periods, or the end time of one of the valid periods.
  • the AT 101 stores the decryption keys and valid periods in the decryption-key data base 1003 in association with the content type received in step 310 , and uses the current decryption key to decrypt encrypted broadcast data sent from the AN 103 (in step 311 ).
  • the decryption key used for decrypting broadcast data is sent during terminal authentication, the PPP establishment between the AT 101 and the PDSN 107 and the transaction between the AT 101 and the BCMCS controller 109 , indicated in the conventional procedure shown in FIG. 2 , can be omitted.
  • FIG. 4 is a view showing a method for switching the decryption key.
  • the contents server 108 sends encrypted data. For example, from time t 0 to time t 3 (when an encryption key 1 is valid), the contents server 108 sends data encrypted with the encryption key 1 (in state 401 ). In this period, since the data is encrypted with the encryption key 1 , it is assumed that a decryption key 1 is necessary for decrypting the data. Since the contents server 108 sends data encrypted with another encryption key 2 at time t 3 or later, a decryption key 2 is required to decrypt data sent in that period (in state 402 ).
  • the AT 101 holds the decryption key 1 at time t 0 and therefore can decrypt at time t 0 the data encrypted with the encryption key 1 and sent from the contents server 108 (in state 403 ).
  • the AT 101 obtains the decryption key 2 at time t 1 , prior to time t 3 , in order to be capable of decrypting data encrypted with the encryption key 2 and sent at time t 3 or later from the contents server 108 .
  • the AT 101 can decrypt data sent from the contents server 108 with the use of the decryption key 1 from time t 1 to t 3 (when the decryption key 1 is valid), and holds the decryption key 2 , to be used in the future to decrypt data at time t 3 or later (in state 404 ).
  • the AT 101 discards the decryption key i at time t 3 and decrypts, with the decryption key 2 , data encrypted with the encryption key 2 and sent from the contents server 108 (in state 405 ).
  • An AT 102 holds the decryption key 1 at time t 0 and therefore can decrypt at time t 0 data encrypted with the encryption key 1 and sent from the contents server 108 (in state 406 ).
  • the AT 102 obtains the decryption key 2 at time t 2 , prior to time t 3 , in order to be capable of decrypting data encrypted with the encryption key 2 and sent at time t 3 or later from the contents server 108 . Consequently, the AT 102 can decrypt data sent from the contents server 108 with the use of the decryption key 1 from time t 2 to t 3 , and holds the decryption key 2 , to be used in the future to decrypt data at time t 3 or later (in state 407 ).
  • the AT 102 discards the decryption key 1 at time t 3 and decrypts, with the decryption key 2 , data encrypted with the encryption key 2 and sent from the contents server 108 (in state 408 ).
  • each AT can receive data continuously.
  • decryption-key updating timing is changed for each AT, so that load does not converge at a certain period in the network and radio communication.
  • FIG. 5 is a view showing a procedure for sending a decryption key to an AT at re-authentication. The procedure can be taken after the processing shown in FIG. 3 have been executed.
  • the BSN 106 sends broadcast data to the AN 103 through the PCF 104 .
  • the AN 103 receives the broadcast data, and sends it to the AT 101 by radio through a broadcast channel (in step 501 ).
  • the data received by the AT 101 has been encrypted. Since the AT 101 already has the decryption key 1 , which is the key (decryption key) for decrypting the data, by the above-described processing, the AT 101 decrypts the data (in decryption 1 ) to receive the original data.
  • the PCF 104 sends an AT paging signal for distributing the decryption key 2 , to be used in the future, to the AT 101 , through the AN 103 to the AT 101 (in step 502 ). Since the PCF 104 has recorded the valid period of the decryption key, already distributed to the AT 101 , in the call-control data base in step 309 , the PCF 104 can send the AT paging signal a predetermined period before the end time of the valid period. Information indicating that this paging signal is for performing terminal authentication is attached to the paging signal. The paging signal is sent a predetermined time before the end of the valid period of the decryption key.
  • a paging signal may be sent to each AT at different timing. For example, a paging signal may be sent to each AT at an interval of a predetermined time. Alternatively, after the decryption key is sent to the AT to which a paging signal has been sent, another paging signal may be sent to another AT.
  • the AT 101 In response to the paging signal, the AT 101 establishes a connection for unicast communication between the AT 101 and the AN 103 (in step 503 ). When the connection has been established, an authentication path is established between the AN 103 and the PCF 104 (in step 504 ) as a preparation for terminal authentication.
  • LCP defined in PPP
  • the PCF 104 sends a CHAP request message to request terminal authentication (in step 506 ).
  • the AT 101 calculates an authenticator by using information received with the CHAP request message and mobile-terminal unique information held by the AT 101 , and sends a CHAP response message that includes the authenticator to the PCF 104 (in step 507 ).
  • the PCF 104 sends an access request message that includes the received authenticator to the AN-AAA 105 (in step 508 ).
  • the AN-AAA 105 determines the validity of the received authenticator.
  • the AN-AAA 105 determines that the authenticator is valid, it sends an access accept message indicating a terminal-authentication approval to the PCF 104 (in step 509 ).
  • the AN-AAA 105 sends, with this access accept message, the decryption key (decryption key 1 in the figure) necessary for decrypting the broadcast data being transmitted in step 501 , the decryption key (decryption key 2 in the figure) necessary for decrypting broadcast data to be transmitted in the future, and the valid period of each key.
  • These pieces of information are stored in the decryption-key data base and the call-control data base of the PCF 104 .
  • the detailed processing performed in the AN-AAA 105 is the same as described above.
  • the PCF 104 sends a CHAP success message to the AT 101 to inform the authentication approval, and also sends the decryption key 1 , the decryption key 2 , and their valid periods (in step 510 ).
  • the AT 101 can decrypt (in decryption 1 ) the broadcast data encrypted and being transmitted from the AN 103 by using the decryption key 1 received in step 510 or the decryption key 1 which the AT 101 already has to receive the original data (in step 511 ).
  • the AT 101 switches the decryption key to the decryption key 2 at the end time of the valid period of the decryption key 1 (or at the start time of the valid period of the decryption key 2 ), received in step 510 , and uses the decryption key 2 to decrypt (in decryption 2 ) broadcast data (in step 512 ). Therefore, the AT 101 can continue to receive even broadcast data encrypted with the encryption key 2 , without any interruption after the key has been switched (in step 513 ). Second decryption-key updating procedure
  • FIG. 6 is a view showing a procedure for updating the decryption key during a period while the AT 101 is performing unicast data communication for another purpose. Since the unicast communication is already being performed, the radio resources can be used more effectively than in the procedure shown in FIG. 5 , where AT paging is performed. For example, an AT paging signal is not required, and a session does not need to be established for decryption-key distribution because a connection between the AT and the AN 103 has already been established for data communication.
  • a method can be used, for example, in which the decryption key is updated with priority for an AT that is already performing communication and the procedure shown in FIG. 5 , described above, is taken for an AT that has not performed unicast communication until the end (or a predetermined time before the end) of the valid period of the decryption key.
  • a procedure for updating the decryption key for an AT that is performing communication will be described below.
  • the BSN 106 sends broadcast data to the AN 103 through the PCF 104 .
  • the AN 103 receives the broadcast data, and sends it to the AT 101 by radio through a broadcast channel (in step 601 ).
  • the data received by the AT 101 has been encrypted. Since the AT 101 already has the decryption key 1 , which is the key (decryption key) for decrypting the data, the AT 101 decrypts the data to receive the original data.
  • the AT 101 To start unicast data communication (in step 602 ) for web access, for example, the AT 101 establishes a connection with the AN 103 (in step 603 ). It is assumed that the data communication starts at timing determined by a user who uses the AT 101 , such as when the user accesses a web site with a web browser by using the AT 101 in data communication.
  • the AT 101 and the PDSN 107 perform unicast data communication via the AN 103 and the PCF 104 (in step 604 ).
  • the PCF 104 may manage the identifier of the AT 101 , which is performing data communication.
  • the PCF 104 establishes an authentication connection for distributing the decryption key 2 , used in the future, to the AT 101 , with the AN 103 (in step 605 ).
  • This authentication connection is established a predetermined time before the end of the valid period of the decryption key 1 .
  • an authentication connection may be established with each AT at different timing.
  • LCP defined in PPP, is established (in step 606 ).
  • the PCF 104 sends a CHAP request message to request terminal authentication (in step 607 ).
  • the AT 101 calculates an authenticator by using information received with the CHAP request message and unique mobile-terminal information held by the AT 101 , and sends a CHAP response message that includes the authenticator to the PCF 104 (in step 608 ).
  • the PCF 104 sends an access request message that includes the received authenticator to the AN-AAA 105 (in step 609 ).
  • the AN-AAA 105 determines the validity of the received authenticator. When the AN-AAA 105 determines that the authenticator is valid, it sends an access accept message indicating a terminal-authentication approval to the PCF 104 (in step 610 ).
  • the AN-AAA 105 sends, with this access accept message, the decryption key (decryption key 1 in the figure) necessary for decrypting the broadcast data being transmitted in step 601 , the decryption key (decryption key 2 in the figure) necessary for decrypting broadcast data to be transmitted in the future, and the valid period of each key.
  • the detailed processing performed is the same as described above.
  • the PCF 104 sends a CHAP success message to the AT 101 to inform the authentication approval, and also sends the current decryption key, the future decryption key, and their valid periods to the AT 101 (in step 611 ).
  • the AT 101 can decrypt (in decryption 1 ) the broadcast data encrypted and being transmitted from the AN 103 by using the decryption key 1 received in step 611 or the decryption key 1 which the AT 101 already has to receive the original data (in step 612 ).
  • the AT 101 switches the decryption key to the decryption key 2 when the switching time of the key received in step 611 comes. Therefore, the AT 101 can decrypt even broadcast data encrypted with the encryption key 2 (in decryption 2 ) (in step 614 ) after the key has been switched. The AT 101 can continue to receive data without any interruption.
  • FIG. 7 shows a procedure for sending three or more (hereinafter indicated by “n”) decryption keys.
  • the BSN 106 sends broadcast data to the AN 103 through the PCF 104 .
  • the AN 103 receives the broadcast data, and sends it to the AT 101 by radio through a broadcast channel (in step 701 ).
  • the data received by the AT 101 has been encrypted. Since the AT 101 has the decryption key 1 , which is the key (decryption key) for decrypting the data, the AT 101 decrypts the data to receive the original data.
  • the PCF 104 sends an AT paging signal for distributing n decryption keys, to be used in the future, to the AT 101 , through the AN 103 to the AT 101 (in step 702 ).
  • Information indicating that this paging signal is for performing terminal authentication is attached to the paging signal.
  • the AT 101 In response to the paging signal, the AT 101 establishes a connection for unicast communication between the AT 101 and the AN 103 (in step 703 ). When the connection has been established, an authentication path is established between the AN 103 and the PCF 104 (in step 704 ) as a preparation for terminal authentication.
  • LCP defined in PPP
  • the PCF 104 sends a CHAP request message to request terminal authentication (in step 706 ).
  • the AT 101 calculates an authenticator by using information received with the CHAP request message and unique mobile-terminal information held by the AT 101 , and sends a CHAP response message that includes the authenticator to the PCF 104 (in step 707 ).
  • the PCF 104 sends an access request message that includes the received authenticator to the AN-AAA 105 (in step 708 ).
  • the AN-AAA 105 determines the validity of the received authenticator.
  • the AN-AAA 105 When the AN-AAA 105 determines that the authenticator is valid, it sends an access accept message indicating a terminal-authentication approval to the PCF 104 (in step 709 ). The AN-AAA 105 sends, with this access accept message, the decryption key (decryption key 1 in the figure) necessary for decrypting the broadcast data being transmitted in step 701 , the n decryption keys (decryption key 2 , . . . , and decryption key n in the figure) necessary for decrypting broadcast data to be transmitted in the future, and the valid period of each decryption key.
  • the decryption key decryption key 1 in the figure
  • the n decryption keys decryption key 2 , . . . , and decryption key n in the figure
  • the AN-AAA 105 obtains a predetermined number of decryption keys and valid periods from the decryption-key data base 1203 and sends them.
  • the PCF 104 sends a CHAP success message to the AT 101 to inform the authentication approval, and also sends the current decryption key, the future decryption keys, and their valid periods (in step 710 ).
  • the AT 101 can decrypt the broadcast data encrypted and being transmitted from the AN 103 by using the decryption key 1 received in step 710 or the decryption key 1 which the AT 101 already has to receive the original data (in step 711 ).
  • the AT 101 switches the decryption key to the decryption key 2 (in step 712 ) at the end time of the valid period of the decryption key 1 , received in step 710 , or at the start time of the valid period of the decryption key 2 , received in step 710 . Therefore, the AT 101 can continue to receive even broadcast data encrypted with the encryption key 2 , without any interruption after the key has been switched (in step 713 ).
  • the AT 101 switches the decryption key to the decryption key 3 (in step 714 ) at the key switching timing to the decryption key 3 , received in step 710 . Since a plurality of decryption keys has been sent to the AT 101 in step 710 , the AT 101 does not need to perform terminal authentication again to obtain a decryption key. When the AT 101 could not successfully receive the paging signal in step 702 , the decryption keys could not be sent successfully. In this case, since a plurality of decryption keys has been sent, the AT 101 can receive broadcast data continuously (in step 715 ). Even in the above-described decryption-key updating during data communication, a modification is possible in which three or more decryption keys are transmitted.
  • FIG. 8 is a view showing an n-decryption-key switching method.
  • the contents server 108 sends encrypted data. From time t 0 to time t 2 (when the encryption key 1 is valid), the contents server 108 sends data encrypted with the encryption key 1 (in state 801 ). Since data is encrypted with the encryption key 1 in this period, it is assumed that the decryption key 1 is necessary to decrypt the data. From time t 2 to time t 3 (when the encryption key 2 is valid), the contents server 108 sends data encrypted with the encryption key 2 (in state 802 ). Since data is encrypted with the encryption key 2 in this period, it is assumed that the decryption key 2 is necessary to decrypt the data. From time tn or later, the contents server 108 sends data encrypted with the encryption key n (in state 803 ). Since data is encrypted with the encryption key n, it is assumed that the decryption key n is necessary to decrypt the data.
  • the AT 101 has the decryption key 1 at time t 0 , and therefore can decrypt data encrypted with the encryption key 1 and transmitted from the contents server 108 at time 0 (in state 804 ).
  • the AT 101 needs to obtain the decryption key 2 , for example, at time t 1 , prior to time t 2 , in order to be able to decrypt data encrypted with the encryption key 2 and transmitted from the contents server 108 at time t 2 or later.
  • This figure shows a case in which the decryption keys 2 to n are obtained at the same time at time t 1 .
  • the AT 101 can decrypt data sent from the contents server 108 at a period between time t 0 and time t 2 by using the decryption key 1 , and holds the decryption key 2 , to be used to receive data transmitted from time t 2 to time t 3 in the future, the decryption key 3 , to be used after time t 3 , . . . , and the decryption key n (in step 805 ). Since it is not necessary to hold the decryption key 1 between time t 2 and time t 3 , the AT 101 has only the decryption keys 2 to n and uses the decryption key 2 to decrypt broadcast data (in state 806 ).
  • the AT 101 uses the decryption key n to decrypt data encrypted with the encryption key n and transmitted from the contents server 108 (in state 807 ).
  • the AT 101 also receives decryption keys (n+1), (n+2), . . . to be used after time tn+1, at appropriate timing.
  • the timing may be, for example, a predetermined period before the end time of the valid period of the decryption key n, by referring to the valid periods of keys already sent, stored in the call-control data base 1904 of the PCF 104 .
  • the PCF 104 sends an AT paging signal to the terminal a predetermined period before the end time of the valid period of the key already sent in an entry of the call-control data base 1904 .
  • the PCF 104 sends an AT paging signal to the AT corresponding to either (for example, #1) of the mobile-terminal identifiers for which the valid periods end at 10:00, a predetermined period (for example, 30 minutes) before the end time 10:00 of the valid period (corresponding to step 502 in FIG. 5 ).
  • the terminal is authenticated and a new decryption key (for example, a key “fghijk” having a valid period of 10:00 to 12:00) is sent (corresponding to steps 503 to 510 in FIG. 5 ). Since the new decryption key has been sent to the terminal corresponding to the mobile-terminal identifier #1, the corresponding already-sent-key valid period is changed to 10:00 to 12:00 in the call-control data base 1904 .
  • a new decryption key for example, a key
  • the PCF 104 sends an AT paging signal to the AT corresponding to the other (for example, #2) of the mobile-terminal identifiers for which the valid periods end at 10:00 (corresponding to step 502 in FIG. 5 ).
  • the terminal is authenticated and a new decryption key is sent (corresponding to steps 503 to 510 in FIG. 5 ). Since the new decryption key has been sent to the terminal corresponding to the mobile-terminal identifier #2, the corresponding already-sent-key valid period is changed, for example, to 10:00 to 12:00 in the call-control data base 1904 . With this, there is no AT for which the valid period of the key sent ends at 10:00.
  • the PCF 104 finishes key updating that should be performed at that time.
  • the PCF 104 sends an AT paging signal a predetermined period before the end time 12:00 of a valid period.
  • a decryption key is sent one by one.
  • a plurality of decryption keys can be sent in the same way.
  • the corresponding already-sent-key valid period may store the start time of the earliest valid period and the end time of the latest valid period among the valid periods of the plurality of sent keys, or the start time and the end time of the latest valid period.
  • an AT paging signal can be sequentially sent to ATs to which decryption keys are to be distributed.
  • ATs to which new decryption keys have been sent and ATs to which new decryption keys are to be sent can be identified by referring to the already-sent-key valid periods in the call-control data base.
  • FIG. 9 shows a procedure for distributing encryption keys used to encrypt broadcast data in the contents server 108 and decryption keys held by the AN-AAA 105 and used by an AT to decrypt broadcast data encrypted by the contents server 108 .
  • the BCMCS controller 109 specifies encryption keys used to encrypt broadcast data, decryption keys, and their valid periods.
  • the data shown in FIG. 16 is stored on the encryption-key and decryption-key data base. These keys may be generated automatically, specified automatically, or specified manually.
  • the BCMCS controller 109 sends an encryption-key updating request to the contents server 108 , which encrypts broadcast data, together with the specified encryption keys (in step 901 ).
  • This request includes, for example, information indicating content types, the encryption keys, and their valid periods.
  • the BCMCS controller 109 can obtain one or a plurality of encryption keys and the valid period of each encryption key by referring to the encryption-key and decryption-key data base 1503 .
  • the contents server 108 successfully receives the information included in the encryption-key updating request, it sends an encryption-key updating acknowledgment to the BCMCS controller 109 to inform that updating has been successfully completed (in step 902 ).
  • the contents server 108 stores the information in the encryption-key data base 1703 .
  • the BCMCS controller 109 sends a decryption-key updating request to the AN-AAA 105 , which manages information to be distributed to ATs, such as decryption keys, together with the specified decryption keys (in step 903 ).
  • This request includes, for example, information indicating content types, the decryption keys, and their valid periods.
  • the BCMCS controller 109 can obtain one or a plurality of decryption keys, corresponding contents, and the valid period of each encryption key from the encryption-key and decryption-key data base 1503 and send them.
  • the AN-AAA 105 When the AN-AAA 105 successfully receives the information included in the decryption-key updating request, it sends an decryption-key updating acknowledgment to the BCMCS controller 109 to inform that updating has been successfully completed (in step 904 ).
  • the AN-AAA 105 stores the decryption keys and their valid periods in the decryption-key data base 1203 in association with the corresponding content types.
  • the BCMCS controller 109 can send an encryption-key updating request or a decryption-key updating request every time interval specified in advance or every time the encryption-key and decryption-key data base 1503 is updated.
  • the BCMCS controller 109 may send an encryption key or a decryption key in response to a request sent from the AN-AAA 105 or the contents server 108 .
  • the present invention can be used, for example, in industries related to radio communication that allows encrypted data distribution through a broadcast channel.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
US11/445,178 2005-06-06 2006-06-02 Decryption-key distribution method and authentication apparatus Abandoned US20060291662A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US13/044,646 US8307455B2 (en) 2005-06-06 2011-03-10 Decryption-key distribution method and authentication apparatus

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2005-165685 2005-06-06
JP2005165685A JP4275108B2 (ja) 2005-06-06 2005-06-06 復号鍵配信方法

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US13/044,646 Continuation US8307455B2 (en) 2005-06-06 2011-03-10 Decryption-key distribution method and authentication apparatus

Publications (1)

Publication Number Publication Date
US20060291662A1 true US20060291662A1 (en) 2006-12-28

Family

ID=37510375

Family Applications (2)

Application Number Title Priority Date Filing Date
US11/445,178 Abandoned US20060291662A1 (en) 2005-06-06 2006-06-02 Decryption-key distribution method and authentication apparatus
US13/044,646 Expired - Fee Related US8307455B2 (en) 2005-06-06 2011-03-10 Decryption-key distribution method and authentication apparatus

Family Applications After (1)

Application Number Title Priority Date Filing Date
US13/044,646 Expired - Fee Related US8307455B2 (en) 2005-06-06 2011-03-10 Decryption-key distribution method and authentication apparatus

Country Status (3)

Country Link
US (2) US20060291662A1 (enExample)
JP (1) JP4275108B2 (enExample)
CN (2) CN1878062B (enExample)

Cited By (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080051026A1 (en) * 2006-08-25 2008-02-28 Samsung Electronics Co., Ltd. Apparatus and method for supporting interactive broadcasting service in broadband wireless access (bwa) system
US20080170689A1 (en) * 2006-08-07 2008-07-17 David Boubion Systems and methods for conducting secure wired and wireless networked telephony
WO2009002041A2 (en) 2007-06-22 2008-12-31 Kt Corporation System for supporting over-the-air service and method thereof
US20090070586A1 (en) * 2006-02-09 2009-03-12 Wolfgang Bucker Method, Device and Computer Program Product for the Encoded Transmission of Media Data Between the Media Server and the Subscriber Terminal
US20090245520A1 (en) * 2008-03-27 2009-10-01 Mediatek Inc. Digital content protection methods
US7610485B1 (en) * 2003-08-06 2009-10-27 Cisco Technology, Inc. System for providing secure multi-cast broadcasts over a network
US20100104103A1 (en) * 2008-10-24 2010-04-29 Qualcomm Incorporated Method And Apparatus For Billing And Security Architecture For Venue-Cast Services
US20100316219A1 (en) * 2007-08-06 2010-12-16 David Boubion Systems and methods for simultaneous integrated multiencrypted rotating key communication
US20110150223A1 (en) * 2009-12-21 2011-06-23 Qi Emily H Wireless device and method for rekeying with reduced packet loss for high-throughput wireless communications
US20120250865A1 (en) * 2011-03-23 2012-10-04 Selerity, Inc Securely enabling access to information over a network across multiple protocols
US20120311165A1 (en) * 2011-06-01 2012-12-06 Qualcomm Incorporated Selective admission into a network sharing session
US9882714B1 (en) * 2013-03-15 2018-01-30 Certes Networks, Inc. Method and apparatus for enhanced distribution of security keys
US10116637B1 (en) 2016-04-14 2018-10-30 Wickr Inc. Secure telecommunications
US10541814B2 (en) 2017-11-08 2020-01-21 Wickr Inc. End-to-end encryption during a secure communication session
US10778432B2 (en) 2017-11-08 2020-09-15 Wickr Inc. End-to-end encryption during a secure communication session
US10855440B1 (en) 2017-11-08 2020-12-01 Wickr Inc. Generating new encryption keys during a secure communication session
US11101999B2 (en) 2017-11-08 2021-08-24 Amazon Technologies, Inc. Two-way handshake for key establishment for secure communications
US20220104010A1 (en) * 2020-09-29 2022-03-31 Qualcomm Incorporated Synchronous content presentation
CN114599033A (zh) * 2022-05-10 2022-06-07 中移(上海)信息通信科技有限公司 一种通信鉴权处理方法及装置
US20240250935A1 (en) * 2022-02-28 2024-07-25 Rakuten Group, Inc. Communication system, communication method, and program

Families Citing this family (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2147518B1 (en) * 2007-05-08 2014-11-19 Thomson Licensing Method and apparatus for adjusting decryption keys
CN101369887B (zh) * 2007-08-13 2011-12-21 北京万网志成科技有限公司 一种电子邮件加密传输的方法
GB0811210D0 (en) * 2008-06-18 2008-07-23 Isis Innovation Improvements related to the authentication of messages
JP5296587B2 (ja) * 2009-03-27 2013-09-25 株式会社エヌ・ティ・ティ・ドコモ 無線通信システム及び無線通信方法
JP2012527190A (ja) * 2009-05-13 2012-11-01 リビア テクノロジーズ,エルエルシー 対称暗号化システムにおいてデバイスを安全に識別し認証するためのシステムおよび方法
US8601600B1 (en) 2010-05-18 2013-12-03 Google Inc. Storing encrypted objects
EP2405650A1 (en) * 2010-07-09 2012-01-11 Nagravision S.A. A method for secure transfer of messages
JP5875051B2 (ja) * 2010-11-08 2016-03-02 学校法人日本大学 認証サーバ及び認証サーバによる認証方法
CA2795287C (en) * 2011-04-01 2018-02-27 Certicom Corp. Identity-based decryption
US8819407B2 (en) * 2011-09-26 2014-08-26 Verizon New Jersey Inc. Personal messaging security
US10455276B2 (en) * 2013-03-04 2019-10-22 Time Warner Cable Enterprises Llc Methods and apparatus for controlling unauthorized streaming of content
US9585014B2 (en) * 2013-12-23 2017-02-28 Marvell International Ltd. Fast recovery from ciphering key mismatch
US9817990B2 (en) 2014-03-12 2017-11-14 Samsung Electronics Co., Ltd. System and method of encrypting folder in device
CN105119718B (zh) * 2015-08-05 2018-06-19 刘奇 一种生成具有使用期限的密钥的方法及其系统
CN105187402B (zh) * 2015-08-13 2019-03-12 浪潮(北京)电子信息产业有限公司 一种基于云平台管理的自适应验证方法及系统
CN107295012A (zh) * 2017-08-01 2017-10-24 贝氏科技有限公司 加解密系统与方法
CN109936552B (zh) * 2017-12-19 2021-06-15 方正国际软件(北京)有限公司 一种密钥认证方法、服务器及系统
JP7114413B2 (ja) * 2018-09-06 2022-08-08 株式会社東海理化電機製作所 認証システム及び認証方法
JP7408882B2 (ja) * 2021-12-29 2024-01-05 楽天グループ株式会社 認証システム、認証装置、認証方法、及びプログラム
WO2025007315A1 (zh) * 2023-07-05 2025-01-09 北京小米移动软件有限公司 数据传输方法、接入点设备、站点设备及通信系统

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050033967A1 (en) * 2003-08-05 2005-02-10 Hitachi, Ltd. System for managing license for protecting content, server for issuing license for protecting content, and terminal for using content protected by license
US20050044016A1 (en) * 2002-03-27 2005-02-24 Convergys Information Management Group, Inc. System and method for securing digital content
US20050071280A1 (en) * 2003-09-25 2005-03-31 Convergys Information Management Group, Inc. System and method for federated rights management
US20060021062A1 (en) * 2004-06-21 2006-01-26 Jang Hyun S Method of downloading contents and system thereof
US20060149683A1 (en) * 2003-06-05 2006-07-06 Matsushita Electric Industrial Co., Ltd. User terminal for receiving license
US7240365B2 (en) * 2002-09-13 2007-07-03 Sun Microsystems, Inc. Repositing for digital content access control
US7398557B2 (en) * 2002-09-13 2008-07-08 Sun Microsystems, Inc. Accessing in a rights locker system for digital content access control

Family Cites Families (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE10009447A1 (de) * 2000-02-29 2001-08-30 Philips Corp Intellectual Pty Drahtloses Netzwerk mit einer Fehlerbehandlungsprozedur bei einem falschen Schlüssel
US7921290B2 (en) * 2001-04-18 2011-04-05 Ipass Inc. Method and system for securely authenticating network access credentials for users
JP2003229844A (ja) 2002-02-04 2003-08-15 Nec Corp データ転送システム
US7418596B1 (en) * 2002-03-26 2008-08-26 Cellco Partnership Secure, efficient, and mutually authenticated cryptographic key distribution
US7529933B2 (en) * 2002-05-30 2009-05-05 Microsoft Corporation TLS tunneling
US8630414B2 (en) * 2002-06-20 2014-01-14 Qualcomm Incorporated Inter-working function for a communication system
AU2003265434A1 (en) * 2002-08-12 2004-02-25 Wireless Security Corporation Fine grained access control for wireless networks
JP4021288B2 (ja) 2002-09-17 2007-12-12 株式会社エヌ・ティ・ティ・ドコモ 情報送信システム、情報送信装置、情報送信方法
US7870389B1 (en) * 2002-12-24 2011-01-11 Cisco Technology, Inc. Methods and apparatus for authenticating mobility entities using kerberos
CN1567812A (zh) * 2003-06-19 2005-01-19 华为技术有限公司 一种实现共享密钥更新的方法
US7930412B2 (en) * 2003-09-30 2011-04-19 Bce Inc. System and method for secure access
KR20050064119A (ko) * 2003-12-23 2005-06-29 한국전자통신연구원 인터넷접속을 위한 확장인증프로토콜 인증시 단말에서의서버인증서 유효성 검증 방법
US20060002426A1 (en) * 2004-07-01 2006-01-05 Telefonaktiebolaget L M Ericsson (Publ) Header compression negotiation in a telecommunications network using the protocol for carrying authentication for network access (PANA)
US7194763B2 (en) * 2004-08-02 2007-03-20 Cisco Technology, Inc. Method and apparatus for determining authentication capabilities
JP4804983B2 (ja) * 2006-03-29 2011-11-02 富士通株式会社 無線端末、認証装置、及び、プログラム

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050044016A1 (en) * 2002-03-27 2005-02-24 Convergys Information Management Group, Inc. System and method for securing digital content
US7240365B2 (en) * 2002-09-13 2007-07-03 Sun Microsystems, Inc. Repositing for digital content access control
US7398557B2 (en) * 2002-09-13 2008-07-08 Sun Microsystems, Inc. Accessing in a rights locker system for digital content access control
US20060149683A1 (en) * 2003-06-05 2006-07-06 Matsushita Electric Industrial Co., Ltd. User terminal for receiving license
US20050033967A1 (en) * 2003-08-05 2005-02-10 Hitachi, Ltd. System for managing license for protecting content, server for issuing license for protecting content, and terminal for using content protected by license
US7590856B2 (en) * 2003-08-05 2009-09-15 Hitachi, Ltd. System for managing license for protecting content, server for issuing license for protecting content, and terminal for using content protected by license
US20050071280A1 (en) * 2003-09-25 2005-03-31 Convergys Information Management Group, Inc. System and method for federated rights management
US20060021062A1 (en) * 2004-06-21 2006-01-26 Jang Hyun S Method of downloading contents and system thereof

Cited By (37)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7610485B1 (en) * 2003-08-06 2009-10-27 Cisco Technology, Inc. System for providing secure multi-cast broadcasts over a network
US20090070586A1 (en) * 2006-02-09 2009-03-12 Wolfgang Bucker Method, Device and Computer Program Product for the Encoded Transmission of Media Data Between the Media Server and the Subscriber Terminal
US20080170689A1 (en) * 2006-08-07 2008-07-17 David Boubion Systems and methods for conducting secure wired and wireless networked telephony
US20140362992A1 (en) * 2006-08-07 2014-12-11 I.D. Rank Security, Inc. Systems and Methods for Conducting Secure Wired and Wireless Networked Telephony
US20080051026A1 (en) * 2006-08-25 2008-02-28 Samsung Electronics Co., Ltd. Apparatus and method for supporting interactive broadcasting service in broadband wireless access (bwa) system
US8265013B2 (en) * 2006-08-25 2012-09-11 Samsung Electronics Co., Ltd Apparatus and method for supporting interactive broadcasting service in broadband wireless access (BWA) system
WO2009002041A2 (en) 2007-06-22 2008-12-31 Kt Corporation System for supporting over-the-air service and method thereof
US9325668B2 (en) 2007-06-22 2016-04-26 Kt Corporation System for supporting over-the-air service and method thereof
EP2160909A4 (en) * 2007-06-22 2014-12-17 Kt Corp SYSTEM FOR SUPPORTING BROADCASTING SERVICE AND METHOD THEREOF
US20100316219A1 (en) * 2007-08-06 2010-12-16 David Boubion Systems and methods for simultaneous integrated multiencrypted rotating key communication
US20090245520A1 (en) * 2008-03-27 2009-10-01 Mediatek Inc. Digital content protection methods
US20100104103A1 (en) * 2008-10-24 2010-04-29 Qualcomm Incorporated Method And Apparatus For Billing And Security Architecture For Venue-Cast Services
WO2010048410A3 (en) * 2008-10-24 2010-06-17 Qualcomm Incorporated Method and apparatus for billing and security architecture for venue-cast services
US8452011B2 (en) * 2008-10-24 2013-05-28 Qualcomm Incorporated Method and apparatus for billing and security architecture for venue-cast services
US20110150223A1 (en) * 2009-12-21 2011-06-23 Qi Emily H Wireless device and method for rekeying with reduced packet loss for high-throughput wireless communications
US9231760B2 (en) 2009-12-21 2016-01-05 Intel Corporation Wireless device and method for rekeying with reduced packet loss for high-throughput wireless communications
US9866380B2 (en) 2009-12-21 2018-01-09 Intel Corporation Wireless device and method for rekeying with reduced packet loss for high-throughput wireless communications
US8630416B2 (en) * 2009-12-21 2014-01-14 Intel Corporation Wireless device and method for rekeying with reduced packet loss for high-throughput wireless communications
US10708048B2 (en) 2009-12-21 2020-07-07 Intel Corporation Wireless device and method for rekeying with reduced packet loss for high-throughput wireless communications
US20120250865A1 (en) * 2011-03-23 2012-10-04 Selerity, Inc Securely enabling access to information over a network across multiple protocols
US10681021B2 (en) * 2011-06-01 2020-06-09 Qualcomm Incorporated Selective admission into a network sharing session
US20120311165A1 (en) * 2011-06-01 2012-12-06 Qualcomm Incorporated Selective admission into a network sharing session
US9882714B1 (en) * 2013-03-15 2018-01-30 Certes Networks, Inc. Method and apparatus for enhanced distribution of security keys
US11362811B2 (en) 2016-04-14 2022-06-14 Amazon Technologies, Inc. Secure telecommunications
US10630663B1 (en) 2016-04-14 2020-04-21 Wickr Inc. Secure telecommunications
US10135612B1 (en) * 2016-04-14 2018-11-20 Wickr Inc. Secure telecommunications
US10116637B1 (en) 2016-04-14 2018-10-30 Wickr Inc. Secure telecommunications
US11502816B2 (en) 2017-11-08 2022-11-15 Amazon Technologies, Inc. Generating new encryption keys during a secure communication session
US10855440B1 (en) 2017-11-08 2020-12-01 Wickr Inc. Generating new encryption keys during a secure communication session
US10778432B2 (en) 2017-11-08 2020-09-15 Wickr Inc. End-to-end encryption during a secure communication session
US10541814B2 (en) 2017-11-08 2020-01-21 Wickr Inc. End-to-end encryption during a secure communication session
US11101999B2 (en) 2017-11-08 2021-08-24 Amazon Technologies, Inc. Two-way handshake for key establishment for secure communications
US20220104010A1 (en) * 2020-09-29 2022-03-31 Qualcomm Incorporated Synchronous content presentation
US12413825B2 (en) * 2020-09-29 2025-09-09 Qualcomm Incorporated Synchronous content presentation
US12388800B2 (en) * 2022-02-28 2025-08-12 Rakuten Group, Inc. Communication system, communication method, and program
US20240250935A1 (en) * 2022-02-28 2024-07-25 Rakuten Group, Inc. Communication system, communication method, and program
CN114599033A (zh) * 2022-05-10 2022-06-07 中移(上海)信息通信科技有限公司 一种通信鉴权处理方法及装置

Also Published As

Publication number Publication date
US8307455B2 (en) 2012-11-06
CN1878062B (zh) 2010-06-23
JP2006340296A (ja) 2006-12-14
CN101820623B (zh) 2011-12-28
CN1878062A (zh) 2006-12-13
JP4275108B2 (ja) 2009-06-10
CN101820623A (zh) 2010-09-01
US20110167264A1 (en) 2011-07-07

Similar Documents

Publication Publication Date Title
US8307455B2 (en) Decryption-key distribution method and authentication apparatus
JP4866542B2 (ja) 車内エンターテイメントおよび情報処理デバイス用の暗号化されたデータサービスへのアクセスコントロール
CA2496677C (en) Method and apparatus for secure data transmission in a mobile communication system
US8762707B2 (en) Authorization, authentication and accounting protocols in multicast content distribution networks
EP1547304B1 (en) Secure broadcast/multicast service
CN101513011B (zh) 用于向移动终端设备连续传输广播服务的加密数据的方法和系统
US8495363B2 (en) Securing messages associated with a multicast communication session within a wireless communications system
US20040202329A1 (en) Method and system for providing broadcast service using encryption in a mobile communication system
JP7771181B2 (ja) マルチキャスト暗号化鍵を分配するための方法及びデバイス
EP4295531A1 (en) A method for operating a cellular network
US8621200B2 (en) Key delivery method and apparatus in a communications system
US9143482B1 (en) Tokenized authentication across wireless communication networks
US20090196424A1 (en) Method for security handling in a wireless access system supporting multicast broadcast services
EP1889399B1 (en) Method for managing group traffic encryption key in wireless portable internet system
CN101145900A (zh) 组播方法和组播系统以及组播设备
US20050013268A1 (en) Method for registering broadcast/multicast service in a high-rate packet data system
JP4319691B2 (ja) 認証装置
JP4847555B2 (ja) 復号鍵配信方法および認証装置
KR100987231B1 (ko) 이동통신 시스템에서 방송 서비스 과금 방법

Legal Events

Date Code Title Description
AS Assignment

Owner name: HITACHI COMMUNICATION TECHNOLOGIES, LTD., JAPAN

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:TAKAHASHI, YOSUKE;MAZAWA, SHIRO;YOSHIDA, AKIHIKO;AND OTHERS;REEL/FRAME:022924/0703

Effective date: 20060703

AS Assignment

Owner name: HITACHI, LTD., JAPAN

Free format text: MERGER;ASSIGNOR:HITACHI COMMUNICATION TECHNOLOGIES, LTD.;REEL/FRAME:023772/0667

Effective date: 20090701

Owner name: HITACHI, LTD.,JAPAN

Free format text: MERGER;ASSIGNOR:HITACHI COMMUNICATION TECHNOLOGIES, LTD.;REEL/FRAME:023772/0667

Effective date: 20090701

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION