US20090271626A1 - Methods and devices for establishing security associations in communications systems - Google Patents

Methods and devices for establishing security associations in communications systems Download PDF

Info

Publication number
US20090271626A1
US20090271626A1 US12/203,652 US20365208A US2009271626A1 US 20090271626 A1 US20090271626 A1 US 20090271626A1 US 20365208 A US20365208 A US 20365208A US 2009271626 A1 US2009271626 A1 US 2009271626A1
Authority
US
United States
Prior art keywords
base station
station
security material
mobile station
mobile
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US12/203,652
Other languages
English (en)
Inventor
Jui-Tang Wang
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial Technology Research Institute ITRI
Original Assignee
Industrial Technology Research Institute ITRI
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial Technology Research Institute ITRI filed Critical Industrial Technology Research Institute ITRI
Priority to US12/203,652 priority Critical patent/US20090271626A1/en
Priority to KR1020080087483A priority patent/KR100983796B1/ko
Priority to CN2008102129115A priority patent/CN101436931B/zh
Priority to TW097133900A priority patent/TWI445371B/zh
Priority to CN2008102157257A priority patent/CN101437226B/zh
Priority to TW097133899A priority patent/TWI411275B/zh
Priority to JP2008227438A priority patent/JP4875679B2/ja
Priority to IN1875MU2008 priority patent/IN266858B/en
Assigned to INDUSTRIAL TECHNOLOGY RESEARCH INSTITUTE reassignment INDUSTRIAL TECHNOLOGY RESEARCH INSTITUTE ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: WANG, JUI-TANG
Assigned to INDUSTRIAL TECHNOLOGY RESEARCH INSTITUTE reassignment INDUSTRIAL TECHNOLOGY RESEARCH INSTITUTE ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: WANG, JUI-TANG
Publication of US20090271626A1 publication Critical patent/US20090271626A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/062Pre-authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/068Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/0005Control or signalling for completing the hand-off
    • H04W36/0011Control or signalling for completing the hand-off for data sessions of end-to-end connection
    • H04W36/0033Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information
    • H04W36/0038Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information of security context information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/08Access point devices

Definitions

  • the present disclosure relates to the field of communications and, more particularly, to systems and methods for establishing security associations in a communication system.
  • WiMAX Worldwide Interoperability for Microwave Access
  • WiMAX is a wireless networking technology that provides communication to wireless devices over significant distances. Authentication and reauthentication delays, however, can slow communication with the client device and decrease the efficiency of a WiMAX environment.
  • FIG. 1 is a block diagram of an exemplary prior art wireless communication system for use in an IEEE 802.16d/802.16e WiMAX wireless communication system.
  • Access to Internet 100 is provided to at least one connectivity service network (CSN) 102 , using at least one authentication, authorization, and accounting (AAA) server 104 .
  • CSN 102 is connected to gateways (GWs) 106 and 108 .
  • Gateways 106 and 108 are each a type of communication network authenticator and typically connected to several base stations (BSs) 110 - 115 , the number of such BSs depending on network demands in a given area, though a gateway may instead be connected to only a single base station. Only two gateways 106 and 108 are shown, but it is possible to have greater or fewer gateways depending on the number of required base stations.
  • Base stations such as base station 110 and base station 114 , communicate with one or more client devices.
  • Client devices include mobile stations (MSs), such as mobile stations 120 , 122 and 124 , to which the base stations provide wireless network service, and subscriber stations (SSs), such as subscriber stations 126 and 128 , to which base stations provide wired or wireless network service.
  • MSs mobile stations
  • SSs subscriber stations
  • the network needs of several client devices may be satisfied by a single base station, and a single base station may satisfy the network needs of both mobile stations and subscriber stations.
  • security associations, or the sharing of security information between two network entities such as mobile station 120 and base station 110 , are established to ensure that communications between the two entities are secure.
  • Authentication protocol standards have been created to standardize advance authentication techniques. These standardized protocols may include, for example, IEEE 802.1X authentication, extensible authentication protocol (EAP) method for global system for mobile communications (GSM) subscriber identity (EAP-SIM) and extensible authentication protocol method for universal mobile telecommunications systems (UMTS) authentication and key agreement (EAP-AKA) and/or a combination of the extensible authentication protocol (EAP) and the remote authentication dial in user service (RADIUS) protocol.
  • EAP extensible authentication protocol
  • GSM global system for mobile communications
  • EAP-SIM subscriber identity
  • UMTS universal mobile telecommunications systems
  • EAP-AKA extensible authentication protocol method for universal mobile telecommunications systems
  • EAP-AKA extensible authentication protocol
  • UMTS universal mobile telecommunications systems
  • RADIUS remote authentication dial in user service
  • standardized handshake protocols such as security association signaling protocols, e.g., security association and traffic encryption key (SA-TEK) 3-way handshakes, and traffic
  • IEEE 802.16d/802.16e WiMAX wireless communication systems these standardized techniques are performed between a base station and a mobile station. Each standardized authentication technique requires multiple transmissions, which consume authentication time and processing overhead.
  • FIG. 2 is a signaling diagram of exemplary prior art authentication and authorization in an IEEE 802.16d and 802.16e WiMAX wireless communication system.
  • An initialization process 200 is used to ensure that a mobile station requesting network service is authorized to access the network and to provide a security association between mobile stations and base stations to allow secure message transmission.
  • initialization process 200 may be used to provide a security association between mobile station 120 just after it moved into the range of base station 111 after previously being within the range of base station 110 .
  • mobile station 120 is wirelessly connected to base station 111 through the link up process 202 which includes, for example, a ranging request and a ranging response.
  • Mobile station 120 must then go through a multi-step process of authentication such as IEEE 802.1X full authentication 206 with AAA server 104 through gateway 106 .
  • AAA server 104 computes a master session key (MSK) 208 for mobile station 120 and transfers MSK 208 to gateway 106 , which stores MSK 208 in its cache.
  • the product of authentication through, for example, the EAP method or other authentication method is the transfer of MSK 208 , which is known to AAA server 104 , gateway 106 , and mobile station 120 .
  • Gateway 106 will generate a pairwise master key (PMK) 210 and an authentication key (AK) 212 for mobile station 120 , and transfer AK 212 to base station 111 .
  • PMK pairwise master key
  • AK authentication key
  • Mobile station 120 may also independently hold and store MSK 208 in its memory and may generate AK 212 . Then base station 111 may perform the SA-TEK 3-way handshake procedure 214 to confirm that the AK held by mobile station 120 is the same AK 212 held by base station 111 . Using AK 212 , commonly held by base station 111 and mobile station 120 , base station 111 and mobile station 120 may both respectively calculate a common message authentication code key (MACK) 224 and a common key encryption key (KEK) 220 . MACK 224 may identify an authenticated message generated by mobile station 120 and base station 111 . KEK 220 may protect transmission of traffic encryption keys from base station 120 to mobile station 111 .
  • MACK message authentication code key
  • KEK common key encryption key
  • Base station 110 and mobile station 120 may perform SA-TEK 3 way handshake procedure 214 using MACK 224 to authenticate each other.
  • the base station 110 may generate a traffic encryption key (TEK) 222 and then carry out a TEK 3-way handshake procedure 216 with KEK 220 to establish security association with the mobile station 120 .
  • TEK 222 is typically randomly generated by the base station 111 and is used to encrypt data transmitted between mobile station 120 and base station 111 after mobile station 120 has been authenticated and authorized to access the network.
  • SA-TEK 3-way handshake 214 and TEK 3-way handshake 216 are well-known in the art and will not be discussed further.
  • base station 111 controls whether data transmission occurs over the channel between base station 111 and mobile station 120 because base station 111 and mobile station 120 both hold the same TEK 222 , KEK 220 , and AK 212 , from which MACK 224 can be derived.
  • base station 120 has established a security association with base station 111 , or, in other words, after mobile station 120 has been granted permission to communicate over the network, encrypted data transmission occurs between mobile station 120 and base station 111 using TEK 222 .
  • the strength of the signal and transmission quality may decrease as the network signal travels from gateway 106 or gateway 108 to base stations 110 - 115 to client devices 120 , 122 , 124 , 126 , and 128 . Additionally, the signal and transmission quality decrease as a mobile station travels further from its serving base station. Signal quality and coverage may also be affected by factors such as physical structures, signal interferences, weather and transmission conditions and formats. Therefore, coverage gaps or holes may exist and users in those areas may have limited or no network access.
  • a network may avoid or reduce coverage gaps and/or extend its network coverage by using relay stations (RSs), such as those implementing the concept of multi-hop relaying (MR) as set forth in IEEE 802.16j.
  • RSs relay stations
  • MR multi-hop relaying
  • Base stations communicate with these relay stations, which boost and relay signals to and from mobile stations and base stations, but otherwise are not involved in authentication and/or establishing security associations.
  • FIG. 3 is a block diagram of an exemplary prior art wireless communication system for use in an IEEE 802.16j WiMAX wireless communication system with MR architecture. Similar to the IEEE 802.16d and 802.16e WiMAX wireless communication systems, access to Internet 100 is provided through at least one AAA server, such as AAA server 104 , and via at least one gateway, such as gateway 106 . For convenience, Internet 100 , CSN 102 , AAA server 104 and gateway 106 are referred to as core network 300 . Network 300 , and specifically, gateway 106 , typically communicates with base stations 310 - 313 over a wired connection.
  • Base stations 310 - 313 are shown in FIG. 3 , but greater or fewer base stations may be provided.
  • Base stations such as base station 310 , may communicate directly with one or more mobile stations, such as mobile station 320 , via wireless transmission.
  • Base stations such as base station 311 and base station 312 , may communicate indirectly with one or more mobile stations, such as mobile stations 322 , 324 , and 326 .
  • Base stations typically communicate with one or more relay stations, such as relay stations 328 , 330 , and 332 , via wireless transmission, but they may also communicate over wired connections.
  • Relay stations 328 , 330 , and 332 boost and relay the signal to/from mobile station 322 via wireless transmission.
  • relay stations 328 , 330 , and 332 are fixed relay stations. However, base stations may also communicate with mobile relay stations (MRSs), such as mobile relay station 334 .
  • MRSs mobile relay stations
  • a mobile relay station could reside, for example, on a train, plane or automobile and provide its passengers having mobile stations with mobile network access to various base stations and/or relay stations as the mobile relay station travels.
  • mobile relay station 334 provides wireless service to mobile stations 324 and 326 , but the network needs of only one mobile station, or several mobile stations, may be satisfied by a single mobile relay station.
  • base stations such as base stations 310 - 313 , may also communicate with one or more subscriber station.
  • relay stations 328 , 330 , and 332 may provide wireless service to additional relay stations, additional mobile relay stations, and/or additional mobile stations.
  • relay stations may increase the need for station-to-station (base/relay) handoffs and may require increased processing overhead for such handoffs due to the limited coverage areas of each relay station (including mobile relay stations).
  • base/relay station-to-station
  • processing overhead for such handoffs due to the limited coverage areas of each relay station (including mobile relay stations).
  • the handoff process from one base/relay station to another base/relay station may require additional overhead and reduce efficiency, bandwidth, or quality of the communication connection.
  • the disclosed embodiments are directed to overcoming one or more of the problems set forth above.
  • the present disclosure is directed to a method of providing secure communications between a base station, a relay station, and a mobile station in a communication network.
  • the method authenticates the mobile station over the communication network, and generates, by the base station, security material, wherein the security material comprises at least one of a traffic encryption key (TEK) and a message authentication code key (MACK).
  • the method also transmits, by the base station, the security material to the mobile station.
  • the method transmits, by the base station, the security material to the relay station.
  • the present disclosure is directed to a base station for providing secure communications in a communication network.
  • the base station includes at least one memory to store data and instructions, and at least one processor configured to access the memory.
  • the at least one processor is configured to, when executing the instructions, authenticate a mobile station over the communication network, and generate security material, wherein the security material comprises at least one of a traffic encryption key (TEK) and a message authentication code key (MACK).
  • the at least one processor is further configured to cause transmission of the security material to the mobile station, and cause transmission of the security material to a relay station.
  • the present disclosure is directed to a relay station for providing secure communications in a communication network.
  • the relay station includes at least one memory to store data and instructions, and at least one processor configured to access the memory.
  • the at least one processor is configured to, when executing the instructions, cause transmission of a mobile station verification request to a base station in response to a ranging request from at least one mobile station and perform secure data transmission with the at least one mobile station using security material received from the base station, wherein the security material comprises at least one of a traffic encryption key (TEK) and a message authentication code key (MACK).
  • TEK traffic encryption key
  • MACK message authentication code key
  • the present disclosure is directed to a system for providing secure communications.
  • a system for providing secure communications includes a base station configured to provide access to a communication network, authenticate at least one mobile station over the network, generate security material and transmit the security material.
  • the system also includes a relay station in communication with the base station for receiving the security material and for providing secure data transmissions to the at least one mobile station using the security material.
  • the security material includes at least one of a traffic encryption key (TEK) and a message authentication code key (MACK).
  • TEK traffic encryption key
  • MACK message authentication code key
  • FIG. 1 is a block diagram of an exemplary prior art wireless communication system for use in an IEEE 802.16d/802.16e WiMAX wireless communication system.
  • FIG. 2 is a signaling diagram of exemplary prior art authentication and authorization in an IEEE 802.16d and 802.16e WiMAX wireless communication system.
  • FIG. 3 is a block diagram of an exemplary prior art wireless communication system for use in an IEEE 802.16j wireless communication system with multi-hop relaying architecture.
  • FIG. 4 is a block diagram of an exemplary wireless communication system for use in an IEEE 802.16j wireless communication system in which selected relay stations serve as authenticator relay-relay stations.
  • FIG. 5 a is a block diagram illustrating an exemplary construction of a base station.
  • FIG. 5 b is a block diagram illustrating an exemplary construction of a mobile station.
  • FIG. 5 c is a block diagram illustrating an exemplary construction of a relay station or mobile relay station.
  • FIG. 6 is a signaling diagram of exemplary authentication and authorization in an 802.16j wireless communication system in which relay stations serve as authenticator relay-relay stations.
  • FIG. 7 is a signaling diagram of an exemplary handoff from a current authenticator relay-relay station to a target authenticator relay-relay station where both authenticator relay-relay stations communicate with the same base station.
  • FIG. 8 is a signaling diagram of an exemplary handoff from an authenticator relay-relay station connected to a current base station to a target connected to a different, target base station.
  • FIG. 9 is a signaling diagram of an exemplary mobile relay station handoff between a current base station and a target base station.
  • Embodiments of the disclosure can provide such security associations in IEEE 802.16j WiMAX wireless communication systems or other wireless communication networking systems that employ relay stations.
  • a relay station By providing a relay station with the ability to establish a secure connection with mobile stations and provide mobile stations with access to network 300 , processing overhead can be significantly reduced.
  • the relay station can establish a security association with the mobile station and perform mobile station authentication and authorization.
  • FIG. 4 is a block diagram of an exemplary wireless communication system for use in an IEEE 802.16j WiMAX wireless communication system in which selected relay stations serve as authenticator relay-relay stations (AR-RSs).
  • a base station 400 is connected over a wire to network 300 and communicates wirelessly with one or more relay stations 402 and 404 , which boost and relay the received signal to AR-RSs 406 - 409 .
  • AR-RS (MRS) 408 is a mobile relay station.
  • a security zone key, also called a relay key (RK) 410 is distributed by base station 400 to relay stations 402 and 404 , and AR-RSs 406 - 409 after relay stations 402 and 404 , and AR-RSs 406 - 409 are authenticated during their initialization to network 300 and is used to provide data and signal protection for the communication channels between relay stations and/or between relay stations and base stations in an IEEE 802.16j network.
  • Relay stations 402 and 404 and/or base station 400 may perform data and signal encryption, decryption and message authentication using relay key 410 .
  • FIG. 4 illustrates a single mobile station 414 served by AR-RS 406 and two mobile stations 416 and 418 are served by AR-RS (MRS) 408 , but the network needs of several mobile stations may be provided by a single AR-RS.
  • MRS AR-RS
  • AR-RS 408 is shown as a mobile relay station, additional AR-RSs within SRZ 412 may be mobile relay stations.
  • FIG. 5 a is a block diagram illustrating an exemplary construction of a base station such as base station 400 .
  • Base station 400 may be any type of communication device configured to transmit and/or receive data and/or communications to and from one or more mobile stations such as mobile station 414 , relay stations such as relay stations 402 and 404 , and/or AR-RSs such as AR-RSs 406 - 409 , in a wireless communication system. As shown in FIG.
  • each base station 400 may include one or more of the following components: at least one central processing unit (CPU) 500 configured to execute computer program instructions to perform various processes and methods, random access memory (RAM) 502 and read only memory (ROM) 504 configured to access and store information and computer program instructions, memory 506 to store data and information, database 508 to store tables, lists, or other data structures, I/O devices 510 , interfaces 512 , antennas 514 , etc.
  • CPU central processing unit
  • RAM random access memory
  • ROM read only memory
  • memory 506 to store data and information
  • database 508 to store tables, lists, or other data structures
  • I/O devices 510 interfaces 512
  • antennas 514 etc.
  • FIG. 5 b is a block diagram illustrating an exemplary construction of a mobile station such as mobile station 414 .
  • each mobile station 414 may include one or more of the following components: at least one CPU 520 configured to execute computer program instructions to perform various processes and methods, RAM 522 and ROM 524 configured to access and store information and computer program instructions, memory 526 to store data and information, database 528 to store tables, lists, or other data structures, I/O devices 530 , interfaces 532 , antennas 534 , etc.
  • CPU 520 configured to execute computer program instructions to perform various processes and methods
  • RAM 522 and ROM 524 configured to access and store information and computer program instructions
  • memory 526 to store data and information
  • database 528 to store tables, lists, or other data structures
  • I/O devices 530 , interfaces 532 , antennas 534 etc.
  • FIG. 5 c is a block diagram illustrating an exemplary construction of a relay station or mobile relay station such as AR-RS/mobile relay station 406 .
  • each relay station/mobile relay station 406 may include one or more of the following components: at least one CPU 540 configured to execute computer program instructions to perform various processes and methods, random access memory RAM 542 and read only memory ROM 544 configured to access and store information and computer program instructions, memory 546 to store data and information, database 548 to store tables, lists, or other data structures, I/O devices 550 , interfaces 552 , antennas 554 , etc.
  • CPU 540 configured to execute computer program instructions to perform various processes and methods
  • random access memory RAM 542 and read only memory ROM 544 configured to access and store information and computer program instructions
  • memory 546 to store data and information
  • database 548 to store tables, lists, or other data structures
  • I/O devices 550 interfaces 552 , antennas 554 , etc.
  • FIG. 6 is a signaling diagram of exemplary authentication and authorization in an IEEE 802.16j WiMAX wireless communication system in which selected relay stations serve as authenticator relay-relay stations.
  • An initialization process 600 is used to ensure that a mobile station requesting network service is authorized to access network 300 and to provide a security association between mobile stations, relay stations and AR-RSs for secure message transmission.
  • process 600 may be used to authenticate and establish a security association with mobile station 414 just after it is turned on, or after it has moved into the coverage area provided by AR-RS 406 from a coverage area provided through a base station connected to gateway 108 .
  • mobile station 414 sends a ranging request to AR-RS 406 indicating the presence of mobile station 414 in the area of coverage for AR-RS 406 .
  • AR-RS 406 responds by sending a ranging response to mobile station 414 to recognize the presence of mobile station 414 in its coverage area.
  • AR-RS 406 sends an Authentication Request 604 , protected by relay key 410 , to base station 400 .
  • Authentication Request 604 informs base station 400 of the identification information of mobile station 414 that is served by AR-RS 406 . Because mobile station 414 has not previously or recently been connected to network 300 through base station 400 and gateway 106 , mobile station 414 authenticates with AAA server 104 using IEEE 802.1X full authentication protocol 206 .
  • AAA server 104 and mobile station 414 will each calculate a master session key (MSK) 606 when IEEE 802.1X full authentication 206 has been successfully completed. Then AAA server 104 transfers MSK 606 to gateway 106 . Upon receiving MSK 606 , gateway 106 calculates PMK 608 using MSK 606 and stores PMK 608 in its cache. Gateway 106 then computes AK 610 from PMK 608 , and sends AK 610 to base station 400 . Upon obtaining AK 610 , base station 400 derives security material, such as KEK 612 and MACK 616 from AK 610 . The MSK 606 is known to the AAA server 104 , the gateway 106 , and a client device such as mobile station 414 .
  • MSK 606 is known to the AAA server 104 , the gateway 106 , and a client device such as mobile station 414 .
  • Mobile station 414 therefore independently hold MSK 606 and may derive PMK 608 and AK 610 and also derive the same MACK 616 and KEK 612 .
  • a client device such as mobile station 414 caches PMK 608 in its memory upon successful authentication using, for example, the EAP method.
  • base station 400 and mobile station 414 perform SA-TEK 3-way handshake procedure 214 with MACK 616 to authenticate each other.
  • SA-TEK 3-way handshake procedure 214 is successfully completed, base station 400 will generate security material, including traffic encryption key (TEK) 614 , first and then send the security material (e.g. TEK 614 ), protected by KEK 612 , to mobile station 414 .
  • TEK traffic encryption key
  • TEK 614 is randomly generated by base station 400 and is used to provide data confidentiality between base station 400 and AR-RS 406 .
  • base station 400 also delivers security material, which may include TEK 614 and MACK 616 , protected by relay key 410 , to AR-RS 406 .
  • Relay station 406 may receive MACK 616 to authenticate mobile station 414 directly and receive TEK 614 to encrypt/decrypt encrypted messages transmitted to and/or from mobile station 414 .
  • One or more security keys such as MK, MSK 606 , PMK 608 , AK 610 , KEK 612 , TEK 614 , MACK 616 may be referred to as security material.
  • AR-RS 406 may switch the communication channel between mobile station 414 and AR-RS 406 to an authorized state to provide mobile station 414 with access to network 300 . Moreover, because mobile station 414 and AR-RS 406 have TEK 614 , they may exchange encrypted data transmissions. Specifically, TEK 614 may then be used to encrypt the data transmitted between AR-RS 406 and mobile station 414 after mobile station 414 has been authenticated. If multicast service, where a base station may send messages to multiple client devices simultaneously, is available, BS 400 will also distribute a multicast key, which protects such multicast transmissions, to AR-RS 406 to enable MS 414 to receive transmissions intended for multiple mobile stations.
  • FIG. 7 is a signaling diagram of an exemplary handoff from a current AR-RS, for example AR-RS 406 , to a target AR-RS, for example AR-RS 407 , where the current AR-RS and target AR-RS each communicate with the same base station, e.g., base station 400 .
  • a link 702 is created between mobile station 414 and AR-RS 407 when mobile station 414 transmits a ranging request to AR-RS 407 including a security material identification such as an authentication key identification (AKID) and AR-RS 407 responds with a ranging response.
  • AKID authentication key identification
  • the AKID identifies the AK currently stored in a memory (e.g., memory 526 , ROM 524 , RAM 522 or database 528 ) of mobile station 414 due to mobile station 414 's prior authentication with AR-RS 406 .
  • AR-RS 407 transmits the AKID to base station 400 in an AK verification signal request 704 to verify that the AK stored in mobile station 414 matches the AK stored in the memory of base station 400 (e.g., memory 506 , ROM 504 , RAM 502 or database 508 ). Because AR-RS 406 and AR-RS 407 are within SRZ 412 , they share the same relay key 410 . As such, verification signal request 704 is encrypted using relay key 410 for security purposes.
  • mobile station 414 because mobile station 414 has previously performed full authentication with base station 400 through AR-RS 406 , the security material in base station 400 and mobile station 414 match (here, both AK 610 ). If the AKs match, base station 400 transmits an AK Verification Success message 706 to AR-RS 407 ; if the AKs do not match, base station 400 transmits an AK Failure message to AR-RS 407 .
  • mobile station 414 may be programmed to transmit out an Extensible Authentication Protocol over Local Area Network (EAPOL)-Start message 708 to trigger IEEE 802.1X full authentication 206 .
  • EAPOL Extensible Authentication Protocol over Local Area Network
  • AR-RS 407 may skip IEEE 802.1X full authentication 206 by sending to mobile station 414 an EAPOL-Success message 710 , thereby indicating that authentication was successful without going through the IEEE 802.1X full authentication protocol 206 .
  • both base station 400 and mobile station 414 may hold the same security material such as AK 610 .
  • Mobile station 414 and base station 400 may each derive MACK 616 from AK 610 .
  • Mobile station 414 and base station 400 may hold previously calculated TEK 614 and/or previously generated KEK 612 and may perform SA-TEK 3-way handshake 214 to authenticate each other directly.
  • base station 400 may generate a new KEK 712 by using AK 610 and may generate a new TEK 714 .
  • Base station 400 encrypts TEK 714 (or TEK 614 ) using KEK 712 (or TEK 612 ) and transmits encrypted TEK 714 (or TEK 614 ) to mobile station 414 for data confidentiality.
  • Base station 400 immediately sends security material such as TEK 714 (or 614 ) and MACK 616 , protected using relay key 410 , to AR-RS 407 .
  • security material such as TEK 714 (or 614 ) and MACK 616 , protected using relay key 410
  • AR-RS 407 may switch the communication channel between mobile station 414 and AR-RS 407 to an authorized state to provide mobile station 414 with access to network 300 .
  • mobile station 414 and AR-RS 407 then each have TEK 714 (or 614 ) and MACK 616 , they may send encrypted data transmissions.
  • FIG. 8 is a signaling diagram of an exemplary handoff from an AR-RS connected to a current base station, e.g., AR-RS 407 connected to base station 400 , to a target AR-RS 802 connected to a different, target base station 804 .
  • mobile station 414 sends link up message 702 including a security material identification such as AKID to target AR-RS 802 .
  • AKID identifies AK 610 currently stored in the memory of mobile station 414 (e.g., memory 526 , ROM 524 , RAM 522 or database 528 ) due to prior authentication with AR-RS 407 .
  • Target AR-RS 802 transmits the AKID to target base station 804 in AK verification signal request 704 to verify that the AK stored in mobile station 414 matches the AK stored in the memory of target base station 804 (e.g., memory 506 , ROM 504 , RAM 502 or database 508 ).
  • Target AR-RS 802 is not in communication with the same base station as AR-RS 407 , and as such does not share the same relay key 410 , but rather target AR-RS 802 and target base station 804 share a new relay key 806 .
  • AK verification signal request 704 is therefore encrypted by AR-RS using new relay key 806 .
  • target base station 804 If the AK present at target base station 804 matches the AK within the memory of mobile station 414 (e.g., memory 526 , ROM 524 , RAM 522 or database 528 ), target base station 804 will transmit an AK Verification Success message to target AR-RS 806 ; if the AKs do not match or either target base station 804 or mobile station 414 do not hold an AK, target base station 804 transmits an AK Verification Failure message 808 to target AR-RS 802 . In the exemplary embodiment shown in FIG.
  • both target base station 804 and mobile station 414 When both target base station 804 and mobile station 414 have new AK 814 , they will derive MACK 820 and KEK 816 from AK 814 and perform SA-TEK 3-way handshake procedure 214 to authenticate each other.
  • SA-TEK 3-way handshake procedure 214 When SA-TEK 3-way handshake procedure 214 is successfully completed, the base station 804 may generate a new TEK 818 and transmit new TEK 818 or old TEK 712 , protected by KEK 816 to mobile station 414 for data confidentiality between mobile station 414 and relay station 407 .
  • Target base station 804 will also send the TEK 818 and MACK 820 , protected by new relay key 816 , to target AR-RS 802 .
  • target AR-RS 802 may switch the communication channel between mobile station 414 and target AR-RS 802 to the authorized state to provide mobile station 414 with access to the network 300 .
  • mobile station 414 and target AR-RS 802 then each have TEK 816 and MACK 802 , they may communicate using encrypted data transmissions.
  • FIG. 9 is a signaling diagram of an exemplary mobile relay station handoff between a current base station and a target base station.
  • mobile relay station AR-RS 408 may associate with a target base station 900 when AR-RS 408 has moved or is about to move into the coverage area for target base station 900 .
  • Mobile stations 416 and 418 are connected to AR-RS 408 and their connection with AR-RS 408 is preferably maintained throughout the transition to target base station 900 .
  • AR-RS 408 may issue a ranging message 902 prior to sending the mobile stations 416 and 418 to alert mobile stations 416 and 418 of the necessity of updating their security material because AR-RS 408 is within or approaching the coverage area for target base station 900 .
  • AR-RS 408 Upon receipt of security material update message 902 , AR-RS 408 undergoes one or more of IEEE 802.1X authentication 206 , SA-TEK 3-way handshake 214 , and TEK 3-way handshake 216 with gateway 106 and AAA 104 .
  • Gateway 106 may transfer the AK for the mobile relay station at an AK Transfer 904 .
  • AR-RS 408 transmits a re-authentication trigger message, or security material update message, 906 to mobile stations 416 and 418 .
  • the re-authentication trigger message 906 may be sent in a multicast transmission to mobile stations 416 and 418 .
  • the mobile stations 416 and 418 Upon receipt of the re-authentication trigger message 906 , the mobile stations 416 and 418 perform IEEE 802.1X full authentication 206 with gateway 106 and AAA server 104 .
  • Gateway 106 may calculate a new AK obtained from the existing PMK in the gateway for target base station 900 .
  • Gateway 106 and/or AAA server 104 may transfer all of the security material, such as AKs, for the mobile stations associated with AR-RS 408 to target base station 900 at an AK Transfer 908 , and may do so in a tunnel mode, in which all of the parameters (e.g., AKs) of all mobile stations connecting to AR-RS 408 are transmitted at one time.
  • tunnel mode the logical connection between two nodes, e.g., AR-RS 408 and gateway 106 is dedicated, and intermediate nodes do not process the tunnel packets but rather only forward them on.
  • Mobile stations 416 and 418 then undergo SA-TEK 3-way handshake 214 with target base station 900 .
  • Target base station 900 will provide security material such as TEKs and MACKs for each of the mobile stations to AR-RS 408 at a TEK Transfer 910 , and may do so using tunnel mode.
  • target base station 900 will aggregate security material and send security material for each of the mobile stations to AR-RS 408 at TEK Transfer 910 in a message aggregation mode.
  • the TEKs and MACKS are received at base station 900 and mobile stations 416 and 418 prior to the inter-base station handoff to avoid a disconnect in service to mobile stations 416 and 418 .
  • AR-RS 408 may then provide secure data transmission to the mobile stations 416 and 418 and may do so without performing an authentication procedure with mobile stations 416 and/or 418 .
  • AR-RS 408 may update only authentication data within the mobile stations 416 and 418 and, in some embodiments, may not change the traffic encryption key (TEK) held by the mobile stations 416 and/or 418 .
  • TEK traffic encryption key
  • FIG. 9 shows target BS 900 communicating with the network and AAA server 104 via gateway 106
  • target base station 900 may also communicate with the network and AAA server 104 via gateway 108 , or another gateway, with the same processing as described in FIG. 9 .
  • Systems and methods disclosed herein may be implemented in digital electronic circuitry, or in computer hardware, firmware, software, or in combinations of them.
  • Apparatus embodying the invention can be implemented in a computer program product tangibly embodied in a machine-readable storage device for execution by a programmable processor.
  • Method steps consistent with the invention can be performed by a programmable processor executing a program of instructions to perform functions of the invention by operating on the basis of input data, and by generating output data.
  • Embodiments consistent with the invention may be implemented in one or several computer programs that are executable in a programmable system, which includes at least one programmable processor coupled to receive data from, and transmit data to, a storage system, at least one input device, and at least one output device, respectively.
  • Computer programs may be implemented in a high-level or object-oriented programming language, and/or in assembly or machine code.
  • the language or code can be a compiled or interpreted language or code.
  • Processors may include general and special purpose microprocessors.
  • a processor receives instructions and data from memories.
  • Storage devices suitable for tangibly embodying computer program instructions and data include all forms of non-volatile memory, including by way of example semiconductor memory devices, such as EPROM, EEPROM, and flash memory devices; magnetic disks such as internal hard disks and removable disks; magneto-optical disks; and CD-ROM disks. Any of the foregoing can be supplemented by or incorporated in ASICs (application-specific integrated circuits).
  • ASICs application-specific integrated circuits
  • ranging requests and responses are a type of signaling message and that other signaling messages may be used.
  • traffic encryption keys are a type of traffic key and that other traffic keys may be used, and that MACKs are a type of verification key and that other verification keys may be used.
  • communication between base stations and relay stations can be wireless or wired. It is intended that the standard and examples be considered as exemplary only, with a true scope of the disclosed embodiments being indicated by the following claims and their equivalents.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)
US12/203,652 2007-09-04 2008-09-03 Methods and devices for establishing security associations in communications systems Abandoned US20090271626A1 (en)

Priority Applications (8)

Application Number Priority Date Filing Date Title
US12/203,652 US20090271626A1 (en) 2007-09-04 2008-09-03 Methods and devices for establishing security associations in communications systems
TW097133899A TWI411275B (zh) 2007-09-04 2008-09-04 無線通信系統中提供安全通信的方法、系統、基地台與中繼台
CN2008102129115A CN101436931B (zh) 2007-09-04 2008-09-04 无线通信系统中提供安全通信的方法、系统、基站与中继站
TW097133900A TWI445371B (zh) 2007-09-04 2008-09-04 提供安全通訊之方法、提供安全通訊之系統、中繼站、以及基地台
CN2008102157257A CN101437226B (zh) 2007-09-04 2008-09-04 提供安全通信之方法、提供安全通信之系统、中继站、以及基站
KR1020080087483A KR100983796B1 (ko) 2007-09-04 2008-09-04 통신 시스템에서 보안 연계를 구축하고 핸드오프 인증을 수행하기 위한 방법 및 장치
JP2008227438A JP4875679B2 (ja) 2007-09-04 2008-09-04 通信システムにおいてセキュリティーアソシアーションを確立する、およびハンドオフ認証を実行する方法およびデバイス
IN1875MU2008 IN266858B (enrdf_load_stackoverflow) 2007-09-04 2008-09-04

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US96977307P 2007-09-04 2007-09-04
US98176707P 2007-10-22 2007-10-22
US98553807P 2007-11-05 2007-11-05
US12/203,652 US20090271626A1 (en) 2007-09-04 2008-09-03 Methods and devices for establishing security associations in communications systems

Publications (1)

Publication Number Publication Date
US20090271626A1 true US20090271626A1 (en) 2009-10-29

Family

ID=40193658

Family Applications (3)

Application Number Title Priority Date Filing Date
US12/203,652 Abandoned US20090271626A1 (en) 2007-09-04 2008-09-03 Methods and devices for establishing security associations in communications systems
US12/203,671 Active 2032-07-13 US9313658B2 (en) 2007-09-04 2008-09-03 Methods and devices for establishing security associations and performing handoff authentication in communications systems
US13/440,710 Active 2029-01-11 US9215589B2 (en) 2007-09-04 2012-04-05 Methods and devices for establishing security associations and performing handoff authentication in communications systems

Family Applications After (2)

Application Number Title Priority Date Filing Date
US12/203,671 Active 2032-07-13 US9313658B2 (en) 2007-09-04 2008-09-03 Methods and devices for establishing security associations and performing handoff authentication in communications systems
US13/440,710 Active 2029-01-11 US9215589B2 (en) 2007-09-04 2012-04-05 Methods and devices for establishing security associations and performing handoff authentication in communications systems

Country Status (4)

Country Link
US (3) US20090271626A1 (enrdf_load_stackoverflow)
EP (1) EP2034781A3 (enrdf_load_stackoverflow)
IN (1) IN266858B (enrdf_load_stackoverflow)
TW (2) TWI445371B (enrdf_load_stackoverflow)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050185621A1 (en) * 2004-02-19 2005-08-25 Raghupathy Sivakumar Systems and methods for parallel communication
US20100111306A1 (en) * 2008-10-31 2010-05-06 Nokia Siemens Networks Oy Security model for a relay network system
US20100138661A1 (en) * 2008-12-01 2010-06-03 Institute For Information Industry Mobile station, access point, gateway apparatus, base station, and handshake method thereof for use in a wireless network framework
US20100208692A1 (en) * 2009-02-13 2010-08-19 Samsung Electronics Co., Ltd. Apparatus and method for supporting intra-base station handover in a multi-hop relay broadband wireless communication system
US20110038480A1 (en) * 2009-08-14 2011-02-17 Industrial Technology Research Institute Security method in wireless communication system having relay node
US20110110329A1 (en) * 2009-11-06 2011-05-12 Xiangying Yang Security update procedure for zone switching in mixed-mode wimax network
US20150052580A1 (en) * 2012-03-30 2015-02-19 Nec Corporation Communications system
US20150271672A1 (en) * 2012-12-10 2015-09-24 Huawei Device Co., Ltd. Packet Processing Method, Apparatus, and System

Families Citing this family (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080176572A1 (en) * 2006-12-28 2008-07-24 Nokia Corporation Method of handoff
US9246679B2 (en) * 2007-12-28 2016-01-26 Intel Corporation Apparatus and method for negotiating pairwise master key for securing peer links in wireless mesh networks
CN102090093B (zh) 2009-04-30 2013-04-17 华为技术有限公司 空口链路安全机制建立的方法、设备
US8566593B2 (en) * 2009-07-06 2013-10-22 Intel Corporation Method and apparatus of deriving security key(s)
US8611333B2 (en) 2009-08-12 2013-12-17 Qualcomm Incorporated Systems and methods of mobile relay mobility in asynchronous networks
TWI397288B (zh) * 2009-12-01 2013-05-21 Inst Information Industry 定錨閘道器、通訊方法及其電腦程式產品
US9264448B2 (en) * 2010-01-20 2016-02-16 Blackberry Limited Apparatus, and an associated method, for facilitating secure operations of a wireless device
US8904167B2 (en) * 2010-01-22 2014-12-02 Qualcomm Incorporated Method and apparatus for securing wireless relay nodes
US8806042B2 (en) 2011-02-18 2014-08-12 Telefonaktiebolaget L M Ericsson (Publ) Mobile router in EPS
KR101931601B1 (ko) * 2011-11-17 2019-03-13 삼성전자주식회사 무선 통신 시스템에서 단말과의 통신 인증을 위한 보안키 관리하는 방법 및 장치
GB2546494B (en) * 2016-01-19 2020-02-26 British Telecomm Data relay authentication
US20170347301A1 (en) * 2017-03-10 2017-11-30 Mediatek Singapore Pte. Ltd. Virtual Roaming Methods And Apparatus Thereof
US10778432B2 (en) 2017-11-08 2020-09-15 Wickr Inc. End-to-end encryption during a secure communication session
US10541814B2 (en) * 2017-11-08 2020-01-21 Wickr Inc. End-to-end encryption during a secure communication session
US10855440B1 (en) 2017-11-08 2020-12-01 Wickr Inc. Generating new encryption keys during a secure communication session
US11101999B2 (en) 2017-11-08 2021-08-24 Amazon Technologies, Inc. Two-way handshake for key establishment for secure communications
US11277747B2 (en) * 2019-04-03 2022-03-15 Google Llc Base station location authentication
CN112787836B (zh) * 2019-11-07 2022-04-15 比亚迪股份有限公司 用于轨道交通的信息安全网络拓扑系统和用于实现轨道交通的信息安全的方法
CN112543452B (zh) * 2020-11-23 2023-06-27 广州技象科技有限公司 基于信号传输安全管理的数据跳传选择方法及装置

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020181701A1 (en) * 2001-05-30 2002-12-05 Dong-Hyang Lee Method for cryptographing information
US20030206636A1 (en) * 2002-05-02 2003-11-06 Paul Ducharme Method and system for protecting video data
US6725276B1 (en) * 1999-04-13 2004-04-20 Nortel Networks Limited Apparatus and method for authenticating messages transmitted across different multicast domains
US20060090074A1 (en) * 2004-10-22 2006-04-27 Kazumine Matoba Encryption communication system
US20070264965A1 (en) * 2006-03-29 2007-11-15 Fujitsu Limited Wireless terminal
US20070297611A1 (en) * 2004-08-25 2007-12-27 Mi-Young Yun Method for Security Association Negotiation with Extensible Authentication Protocol in Wireless Portable Internet System
US20080080713A1 (en) * 2004-03-05 2008-04-03 Seok-Heon Cho Method For Managing Traffic Encryption Key In Wireless Portable Internet System And Protocol Configuration Method Thereof, And Operation Method Of Traffic Encryption Key State Machine In Subscriber Station
US20080108355A1 (en) * 2006-11-03 2008-05-08 Fujitsu Limited Centralized-scheduler relay station for mmr extended 802.16e system
US20090019284A1 (en) * 2005-03-09 2009-01-15 Electronics And Telecommunications Research Instit Authentication method and key generating method in wireless portable internet system
US20090074189A1 (en) * 2005-10-18 2009-03-19 Ki Seon Ryu Method of providing security for relay station
US20090307484A1 (en) * 2006-07-06 2009-12-10 Nortel Networks Limited Wireless access point security for multi-hop networks
US20130052996A1 (en) * 2007-07-20 2013-02-28 Apple Inc. Group Key Security in a Multihop Relay Wireless Network

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100480258B1 (ko) * 2002-10-15 2005-04-07 삼성전자주식회사 무선 근거리 네트워크에서 고속 핸드오버를 위한 인증방법
JP3854930B2 (ja) * 2003-01-30 2006-12-06 松下電器産業株式会社 一元管理認証装置及び無線端末認証方法
JP3951990B2 (ja) * 2003-09-05 2007-08-01 ブラザー工業株式会社 無線ステーション,プログラムおよび動作制御方法
US8934448B2 (en) * 2004-02-02 2015-01-13 Electronics And Telecommunications Research Institute Handover method in wireless portable internet system
KR100684310B1 (ko) * 2004-03-05 2007-02-16 한국전자통신연구원 무선 휴대 인터넷 시스템에서의 트래픽 암호화 키 관리방법 및 그 프로토콜 구성 방법, 그리고 가입자단말에서의 트래픽 암호화 키 상태 머신의 동작 방법
US7584244B2 (en) * 2004-06-04 2009-09-01 Nokia Corporation System, method and computer program product for providing content to a terminal
KR100678054B1 (ko) * 2005-01-31 2007-02-02 삼성전자주식회사 무선 통신 시스템에서 핸드오버 방법
EP1864426A4 (en) * 2005-03-09 2016-11-23 Korea Electronics Telecomm AUTHENTICATION PROCESSES AND KEY PRODUCTION METHODS IN A WIRELESS TRACKABLE INTERNET SYSTEM
US8064948B2 (en) * 2006-01-09 2011-11-22 Cisco Technology, Inc. Seamless roaming for dual-mode WiMax/WiFi stations
JP4983208B2 (ja) * 2006-11-07 2012-07-25 富士通株式会社 中継局、無線通信方法
CN101569217B (zh) * 2006-12-28 2012-10-10 艾利森电话股份有限公司 不同认证基础设施的集成的方法和布置
JP4432986B2 (ja) 2007-03-12 2010-03-17 ブラザー工業株式会社 無線ステーション

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6725276B1 (en) * 1999-04-13 2004-04-20 Nortel Networks Limited Apparatus and method for authenticating messages transmitted across different multicast domains
US20020181701A1 (en) * 2001-05-30 2002-12-05 Dong-Hyang Lee Method for cryptographing information
US20030206636A1 (en) * 2002-05-02 2003-11-06 Paul Ducharme Method and system for protecting video data
US20080080713A1 (en) * 2004-03-05 2008-04-03 Seok-Heon Cho Method For Managing Traffic Encryption Key In Wireless Portable Internet System And Protocol Configuration Method Thereof, And Operation Method Of Traffic Encryption Key State Machine In Subscriber Station
US20070297611A1 (en) * 2004-08-25 2007-12-27 Mi-Young Yun Method for Security Association Negotiation with Extensible Authentication Protocol in Wireless Portable Internet System
US20060090074A1 (en) * 2004-10-22 2006-04-27 Kazumine Matoba Encryption communication system
US20090019284A1 (en) * 2005-03-09 2009-01-15 Electronics And Telecommunications Research Instit Authentication method and key generating method in wireless portable internet system
US20090074189A1 (en) * 2005-10-18 2009-03-19 Ki Seon Ryu Method of providing security for relay station
US20070264965A1 (en) * 2006-03-29 2007-11-15 Fujitsu Limited Wireless terminal
US20090307484A1 (en) * 2006-07-06 2009-12-10 Nortel Networks Limited Wireless access point security for multi-hop networks
US20080108355A1 (en) * 2006-11-03 2008-05-08 Fujitsu Limited Centralized-scheduler relay station for mmr extended 802.16e system
US20130052996A1 (en) * 2007-07-20 2013-02-28 Apple Inc. Group Key Security in a Multihop Relay Wireless Network

Cited By (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050185621A1 (en) * 2004-02-19 2005-08-25 Raghupathy Sivakumar Systems and methods for parallel communication
US9621384B2 (en) * 2004-02-19 2017-04-11 Georgia Tech Research Corporation Systems and methods for communicating data over parallel data paths
US20100111306A1 (en) * 2008-10-31 2010-05-06 Nokia Siemens Networks Oy Security model for a relay network system
US8644514B2 (en) * 2008-10-31 2014-02-04 Nokia Siemens Networks Oy Security model for a relay network system
US20100138661A1 (en) * 2008-12-01 2010-06-03 Institute For Information Industry Mobile station, access point, gateway apparatus, base station, and handshake method thereof for use in a wireless network framework
US8527768B2 (en) * 2008-12-01 2013-09-03 Institute For Information Industry Mobile station, access point, gateway apparatus, base station, and handshake method thereof for use in a wireless network framework
US20100208692A1 (en) * 2009-02-13 2010-08-19 Samsung Electronics Co., Ltd. Apparatus and method for supporting intra-base station handover in a multi-hop relay broadband wireless communication system
US9031036B2 (en) * 2009-02-13 2015-05-12 Samsung Electronically Co., Ltd. Apparatus and method for supporting intra-base station handover in a multi-hop relay broadband wireless communication system
US8605904B2 (en) 2009-08-14 2013-12-10 Industrial Technology Research Institute Security method in wireless communication system having relay node
US20110038480A1 (en) * 2009-08-14 2011-02-17 Industrial Technology Research Institute Security method in wireless communication system having relay node
US8451799B2 (en) * 2009-11-06 2013-05-28 Intel Corporation Security update procedure for zone switching in mixed-mode WiMAX network
US20110110329A1 (en) * 2009-11-06 2011-05-12 Xiangying Yang Security update procedure for zone switching in mixed-mode wimax network
US20150052580A1 (en) * 2012-03-30 2015-02-19 Nec Corporation Communications system
US9876821B2 (en) * 2012-03-30 2018-01-23 Nec Corporation Network entity, user device, and method for setting up device to device communications
US10992655B2 (en) 2012-03-30 2021-04-27 Nec Corporation Core network, user equipment, and communication control method for device to device communication
US12212548B2 (en) 2012-03-30 2025-01-28 Nec Corporation Core network, user equipment, and communication control method for device to device communication
US20150271672A1 (en) * 2012-12-10 2015-09-24 Huawei Device Co., Ltd. Packet Processing Method, Apparatus, and System
US9872175B2 (en) * 2012-12-10 2018-01-16 Huawei Device (Dongguan) Co., Ltd. Packet processing method, apparatus, and system

Also Published As

Publication number Publication date
TW200922238A (en) 2009-05-16
TWI445371B (zh) 2014-07-11
EP2034781A3 (en) 2011-03-09
TW200922237A (en) 2009-05-16
US20090068986A1 (en) 2009-03-12
US20120189124A1 (en) 2012-07-26
US9215589B2 (en) 2015-12-15
US9313658B2 (en) 2016-04-12
EP2034781A2 (en) 2009-03-11
TWI411275B (zh) 2013-10-01
IN266858B (enrdf_load_stackoverflow) 2015-06-09

Similar Documents

Publication Publication Date Title
US20090271626A1 (en) Methods and devices for establishing security associations in communications systems
US10425808B2 (en) Managing user access in a communications network
KR100480258B1 (ko) 무선 근거리 네트워크에서 고속 핸드오버를 위한 인증방법
US7793103B2 (en) Ad-hoc network key management
US7451316B2 (en) Method and system for pre-authentication
US8423772B2 (en) Multi-hop wireless network system and authentication method thereof
US8385549B2 (en) Fast authentication between heterogeneous wireless networks
KR100755394B1 (ko) Umts와 무선랜간의 핸드오버 시 umts에서의 빠른재인증 방법
US20030051140A1 (en) Scheme for authentication and dynamic key exchange
KR100770928B1 (ko) 통신 시스템에서 인증 시스템 및 방법
US8417219B2 (en) Pre-authentication method for inter-rat handover
JP4875679B2 (ja) 通信システムにおいてセキュリティーアソシアーションを確立する、およびハンドオフ認証を実行する方法およびデバイス
CN101436931B (zh) 无线通信系统中提供安全通信的方法、系统、基站与中继站
KR101467784B1 (ko) 이기종망간 핸드오버시 선인증 수행방법
KR20070051233A (ko) 이중 확장 가능 인증 프로토콜 방식을 사용하는 광대역무선 접속 통신 시스템에서 재인증 시스템 및 방법
US20100189258A1 (en) Method for distributing an authentication key, corresponding terminal, mobility server and computer programs
WO2019017839A1 (zh) 数据传输方法、相关设备以及系统
CN114390516A (zh) 基于可信中继的群组预切换认证方法及装置

Legal Events

Date Code Title Description
AS Assignment

Owner name: INDUSTRIAL TECHNOLOGY RESEARCH INSTITUTE, TAIWAN

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:WANG, JUI-TANG;REEL/FRAME:021869/0743

Effective date: 20081114

AS Assignment

Owner name: INDUSTRIAL TECHNOLOGY RESEARCH INSTITUTE, TAIWAN

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:WANG, JUI-TANG;REEL/FRAME:022026/0969

Effective date: 20081114

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION