WO2002017674A2 - Method and apparatus for providing encryption of information exchanged over a network link - Google Patents

Method and apparatus for providing encryption of information exchanged over a network link Download PDF

Info

Publication number
WO2002017674A2
WO2002017674A2 PCT/US2001/025370 US0125370W WO0217674A2 WO 2002017674 A2 WO2002017674 A2 WO 2002017674A2 US 0125370 W US0125370 W US 0125370W WO 0217674 A2 WO0217674 A2 WO 0217674A2
Authority
WO
WIPO (PCT)
Prior art keywords
session key
end member
information
far end
network element
Prior art date
Application number
PCT/US2001/025370
Other languages
French (fr)
Other versions
WO2002017674A3 (en
Inventor
Michael N. Kloos
Original Assignee
Motorola, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to US64448700A priority Critical
Priority to US09/644,487 priority
Application filed by Motorola, Inc. filed Critical Motorola, Inc.
Publication of WO2002017674A2 publication Critical patent/WO2002017674A2/en
Publication of WO2002017674A3 publication Critical patent/WO2002017674A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0464Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload using hop-by-hop encryption, i.e. wherein an intermediate entity decrypts the information and re-encrypts it before forwarding it
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements, e.g. access security or fraud detection; Authentication, e.g. verifying user identity or authorisation; Protecting privacy or anonymity ; Protecting confidentiality; Key management; Integrity; Mobile application security; Using identity modules; Secure pairing of devices; Context aware security; Lawful interception
    • H04W12/001Protecting confidentiality, e.g. by encryption or ciphering
    • H04W12/0013Protecting confidentiality, e.g. by encryption or ciphering of user plane, e.g. user traffic

Abstract

The present invention provides a method and an apparatus for providing encryption of information exchanged over a network link (200) during a mobile-to-mobile call between a near end member and a far end member. A transcoder (300) servicing the near end member decrypts information from a network element (370) servicing the near end member with a first session key, and encrypts the information with a second session key. The transcoder (300) transmits the information encrypted with the second session key through the network link (200) to a network element servicing the far end member.

Description

METHOD AND APPARATUS FOR PROVIDING ENCRYPTION OF INFORMATION EXCHANGED OVER A NETWORK LINK

Field of the Invention The present invention relates generally to wireless communication systems, and more particularly, to a method and an apparatus for providing encryption of information exchanged between wireless communication systems over a network link.

Background of the Invention A wireless communication system is a complex network of systems and elements. Typical elements include (1) a radio link to the mobile stations (cellular telephones), which is usually provided by at least one and typically several base stations, (2) communication links between the base stations, (3) a controller, typically one or more base station controllers or centralized base stations controllers (BSC/CBSC), to control communication between and to manage the operation and interaction of the base stations, (4) a call controller or switch, typically a mobile switching center (MSC), for routing calls within the system, and (5) a link to the land line or public switch telephone network (PSTN), which is usually also provided by the MSC. One aspect of designing wireless communication systems is to provide security to information exchanged between the network elements servicing the systems. At times, it may be desirable to encrypt information exchanged over a network link during a mobile station-to-mobile station call between a near end member and a far end member in different wireless communication systems. Typically, information exchanged between a mobile station and a base station servicing a wireless communication system is protected by encryption during a mobile-to-mobile call. However, information exchanged between wireless communication systems over a network link during a mobile-to-mobile call is not protected by encryption. In particular, information exchanged between network elements, such as base station controllers, servicing different wireless communication systems is not encrypted over a network link that couples the network elements. In a wireless communication system, a mobile station typically encrypts the information to be transmitted to the base station servicing the call. The base station decrypts the encrypted information for the other network elements servicing the call and for transmission over a network link to network elements in another wireless communication system servicing the call recipient. As used herein, the call originator and the network elements servicing the call originator are referred to as the near end or near end user/member. The call recipient and the network servicing the call recipient are referred to as the far end or far end user/member. For example, a base station controller servicing the near end member transmits the decrypted information over the network link to a base station controller in another wireless communication servicing the far end member. The call, therefore, is not protected by end-to-end encryption while it is being transmitted from the near end network to the far end network.

In a wireless communication system", encryption of information exchanged between a mobile station and a network element, such as a base station, on an over- the-air interface using unique encryption key streams is described and disclosed in the commonly assigned United States patent application serial no. __/ , filed on , 2000, entitled "Method and Apparatus for Generating an Encryption Key

Stream for a Data Block in a Communication System," the disclosure of which is hereby expressly incorporated by reference. However, the information exchanged between network elements servicing different wireless communication systems over a network link during a mobile-to-mobile call is not encrypted. Accordingly, the information does not have encryption from end-to-end and therefore, is not secure.

Therefore, a need exists for a method and an apparatus for encrypting information exchanged between network elements over a network link during a mobile-to-mobile call.

Brief Description of the Drawings

FIG. 1 is a block diagram representation of wireless communication systems that may be adapted to operate in accordance with the preferred embodiments of the present invention. FIG. 2 is a block diagram representation of a network link that may be adapted to operate in accordance with the preferred embodiments of the present invention.

FIG. 3 is a block diagram representation of a transcoder that may be adapted to operate in accordance with the preferred embodiments of the present invention. FIG. 4 is a flow diagram representation of a method of providing encryption of information in accordance with the preferred embodiments of the present invention.

Detailed Description of the Preferred Embodiments

The present invention provides a method and an apparatus for providing encryption of information exchanged between network elements over a network link during a mobile-to-mobile call. The information may include, but is not limited to, voice and data transmitted and received by the network elements during the call. The preferred embodiment of the present invention protects information exchanged between network elements in wireless communication systems servicing a near end member and a far end member.

As noted, the present invention is described in terms of several preferred embodiments, and particularly, in terms of a wireless communication system operating in accordance with at least one of several communication standards. These standards include analog, digital or dual-mode communication system protocols such as, but not limited to, the Advanced Mobile Phone System (AMPS), the Narrowband

Advanced Mobile Phone System (NAMPS), the Global System for Mobile Communications (GSM), the IS-55 Time Division Multiple Access (TDMA) digital cellular, the IS-95 Code Division Multiple Access (CDMA) digital cellular, the Personal Communications System (PCS) and variations and evolutions of these protocols. As shown in FIG. 1, a communication system 100 includes a link to a public switch telephone network (PSTN) 102 and a wireless communication system, generally shown as 106 and 108. The wireless communication systems 106 and 108 each includes a mobile switching center (MSC), generally shown as 110 and 112, respectively, and a plurality of base station controllers (BSC), generally shown as 120, 122, 124, and 126. As is known for such systems, each BSC 120, 122, 124, 126 has associated therewith a plurality of base stations (BS), generally shown as 130, 132, 134, 136, 140, 142, 144, and 146, servicing communication cells, generally shown as 150, 152, 154, 156, 160, 162, 164, and 166, respectively. It will be appreciated that additional or fewer wireless communication systems with base station controllers, base stations, and cells may be implemented as required and without departing from the fair scope of the present invention. MSCs 110 and 112, BSCs 120, 122, 124, and

126, and base stations 130, 132, 134, 136, 140, 142, 144, and 146 are specified and operate in accordance with the applicable standard or standards for providing wireless communication services to mobile stations (MS) generally shown as 172, 176, 182, and 186 operating in cells 152, 156, 162, 166 and each of these elements are commercially available from Motorola, Inc. of Schaumburg, Illinois.

The present invention may be adapted to encrypt information, which may be, but is not limited to, voice and data, exchanged over a network link during a mobile- to-mobile call between a near end member and a far end member. Now referring to FIG. 2, a mobile-to-mobile call between a near end member and a far end member generally includes a network link 200 coupled to wireless communication systems, generally shown as 202 and 204, first and second mobile stations 210 and 220 (MSI and MS2), first and second base stations 230 and 240 (BS1 and BS2), and first and second base station controllers 250 and 260 (BSC1 and BSC2), respectively. The network link 200 may be, but is not limited to, a public switch telephone network (PSTN) link. The first and second base station controllers 250 and 260 generally include first and second transcoders 270 and 280 (XCDRl and XCDR2), respectively. The first and second transcoders 270 and 280, which are further discussed in detail below, may be integrated into or adapted to the first and second base station controllers 250 and 260, respectively. To establish a mobile-to-mobile call, network elements servicing the near end member in a wireless communication system 202 transmits information through a network link to network elements servicing the far end member in another wireless communication system 204. For example, the first mobile station 210 in the wireless communication system 202 servicing the near end member compresses information with a compression algorithm. The compression algorithm may be, but is not limited to, a vector sum excited linear predictive (VSELP) speech coder. The compressed information is encrypted by a first session key assigned to the first mobile station 210 and the first base station 230 servicing the near end member in the wireless communication system 202. The first mobile station 210 transmits an operating signal carrying the information encrypted by the first session key to the first base station 230 through an over-the-air interface. The first base station 230 relays the information encrypted by the first session key to the first base station controller 250. The information encrypted by the first session key is decrypted with the first session key by the first transcoder 270 in the first base station controller 250. The first transcoder 270 requests a second session key from the second transcoder 280 servicing the far end member. The second session key is assigned to the second mobile station 220 and the second base station 240 servicing the far end member in another wireless communication system 204. The second transcoder 280 transmits the second session key to the first transcoder 270, which in turn, transmits an acknowledgment signal to indicate the receipt of the second session key. The second session key may be encrypted before being transmitted to the first transcoder 270 over the network link

200. The information decrypted by the first session key is encrypted with the second session key at the first transcoder 270. The first base station controller 250 relays the information encrypted by the second session key through the network link 200 to the second base station controller 260. The network link 200 may be, but is not limited to, a PSTN link. Accordingly, the second base station controller 260 relays the information encrypted by the second session key to the second base station 240. The second base station 240 transmits a second operating signal carrying the information encrypted by the second session key through an over-the-air interface to the second mobile station 220 to complete end-to-end encryption during a mobile-to-mobile call. Accordingly, the network elements servicing the far end member may also encrypt information transmitted to the network elements servicing the near end member through the network link 200. For example, the second mobile station 220 encrypts information with the second session key assigned to the second mobile station 220 and the second base station 240 servicing the far end member. The information encrypted by the second session key is encoded in an operating signal, which is transmitted through an over-the-air interface to the second base station 240. The second base station 240 relays the information encrypted by the second session key to the second transcoder 280 adapted to the second base station controller 260. The second transcoder 280 decrypts the information initially encrypted with the second session key and encrypts the decrypted information with the first session key transmitted by the first transcoder 270 servicing the near end member. The second transcoder 280 transmits the information encrypted with the first session key through the network link 200 to the first base station controller 250 and the first base station 230 servicing the near end member. The first base station 230 transmits an operating signal carrying the information encrypted with the second session key through an over-the-air interface to the first mobile station 210 to complete an end-to-end encryption during a mobile-to-mobile call.

As shown in FIG. 3, a transcoder 300 generally includes a memory 310, a processor 320, a decryption unit 330, an encryption unit 340, a receiving unit 350, and a transmitting unit 360. The memory 310, which provides operating instructions, is coupled to the processor 320. The processor 320 is coupled to the decryption unit

330, which decrypts information encrypted by a first session key, and the encryption unit 340, which encrypts information decrypted by a second session key. In addition, the processor 320 is coupled to the receiving unit 350, which receives the second session key from a network element servicing a far end member, and the transmitting unit 360, which transmits an acknowledgment signal to indicate the receipt of the second session key.

During a mobile-to-mobile call, the transcoder 300 receives information encrypted by the first session key from a network element 370, which may be, but is not limited to, a base station servicing a near end member in a wireless communication system. The memory 320 contains the first session key assigned to a mobile station and a base station servicing the near end member, and the operating instructions for the processor 310 to operate the decryption unit 330, the encryption unit 340, the receiving unit 350, and the transmitting unit 360. The processor 310 relays the first session key and the information encrypted by the first session key to the decryption unit 330. The decryption unit 330 decrypts the encrypted information from the network element 370 with the first session key that was stored in the memory 320. hi an alternate embodiment, the first session key may transmitted to the transcoder 270, 280 from the network element 370 that transmitted the information encrypted by the first session key.

Before the decrypted information is transmitted to the far end member through the network link 200, the decrypted information is encrypted with a second session key. The transmitting unit 360 transmits a request for the second session key to a network element servicing the far end member. The second session key may be encrypted before being transmitted to the transcoder 300 over the network link 200. The receiver unit 350 receives the second session key from the network element having the second session key. For example, the receiver unit 350 receives the second session key from a transcoder servicing the far end member. The transmitting unit 360 transmits an acknowledgment signal to indicate the receipt of the second session key from the transcoder servicing the far end member. The encryption unit 340 encrypts the decrypted information from the decryption unit 330 with the second session key. The transmitting unit 360 transmits the information encrypted with the second session key through the network link 200 to the network elements servicing the far end member.

In an alternate embodiment, the second session key may be stored in the memory 320. The processor 310 may relay the second session key to the encryption unit 330 to encrypt the decrypted information.

In accordance with the preferred embodiments of the present invention, and with references to FIG. 4, a method 400 for providing encryption of information exchanged over a network link is illustrated.

Method 400 begins at step 410 with a first transcoder receiving information encrypted by a first session key from a network element in a wireless communication system servicing a near end member. At step 420, the first transcoder decrypts the information encrypted by the first session key, which is assigned to a mobile station and a base station servicing the near end member. At step 430, the first transcoder requests for a second session key from a second transcoder servicing a far end member. The second session key may be encrypted before being transmitted to the first transcoder over the network link. At step 440, the first transcoder receives the second session key to encrypt the decrypted information for transmission over a network link to network elements servicing the far end member. The first transcoder transmits an acknowledgment signal to indicate the receipt of the second session key from the second transcoder servicing the far end member at step 450. At step 460, the first transcoder encrypts the decrypted information from the network element servicing the near end member with the second session key for transmission over the network link. The first transcoder transmits the information encrypted by the second session key over the network link to the network elements servicing the far end member at step 470. Many changes and modifications could be made to the invention without departing from the fair scope and spirit thereof. The scope of some changes is discussed above. The scope of others will become apparent from the appended claims.

Claims

What is Claimed:
1. In a wireless communication system providing communication services between a near end member having a first session key and a far end member having a second session key, wherein a communication link to a network element servicing the far end member is a network link, a method for providing encryption of information exchanged over the network link, the method comprising the steps of: receiving information encrypted by the first session key; decrypting the encrypted information with the first session key; encrypting the decrypted information with the second session key, and transmitting the encrypted information over the network link.
2. The method of claim 1 further comprising the step of requesting the second session key from the network element servicing the far end member.
3. The method of claim 2 further comprising the step of encrypting the second session key from the network element servicing the far end member.
4. The method of claim 2 further comprising the step of receiving the second session key from the network element servicing the far end member.
5. In a wireless communication system providing communication services between a near end member having a first session key and a far end member having a second session key, wherein a communication link to a network element servicing the far end member is a network link, an apparatus for providing encryption of information exchanged over the network link, the apparatus comprising: a memory adapted to contain operating instructions; a decryption unit adapted to decrypt information with the first session key; an encryption unit adapted to encrypt information with the second session key; and a processor coupled to the memory, the decryption unit, and the encryption unit, the processor operable in accordance to the operating instructions, and wherein the apparatus receives information encrypted by the first session key and the processor directs the decryption unit and the encryption unit, such that the decryption unit decrypts the encrypted information with the first session key, and the encryption unit encrypts the decrypted information with the second session key.
6. The apparatus of claim 5 further comprises a transmitting unit adapted to request for the second session key from the network element servicing the far end member.
7. The apparatus of claim 6, wherein the second session key from the network element servicing the far end member includes an encrypted second session key from the network element servicing the far end member.
8. The apparatus of claim 6 further comprises a receiving unit adapted to receive the second session key from the network element servicing the far end member.
9. The apparatus of claim 5 being adaptable to a network element of the near end member.
10. In a wireless communication system providing communication services between a near end member having a first session key and a far end member having a second session key, wherein a communication link to a network element servicing the far end member is a network link, and wherein a processor operates in accordance to a computer program embodied on a computer-readable medium for providing encryption of information exchanged over the network link, the computer program comprising: a first routine that directs the processor to receive information encrypted by the first session key; a second routine that directs the processor to decrypt the encrypted information with the first session key; a third routine that directs the processor to encrypt the decrypted information with the second session key; and a fourth routine that directs the processor to transmit the encrypted information over the network link.
PCT/US2001/025370 2000-08-23 2001-08-13 Method and apparatus for providing encryption of information exchanged over a network link WO2002017674A2 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
US64448700A true 2000-08-23 2000-08-23
US09/644,487 2000-08-23

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
AU8646301A AU8646301A (en) 2000-08-23 2001-08-13 Method and apparatus for providing encryption of information exchanged over a network link

Publications (2)

Publication Number Publication Date
WO2002017674A2 true WO2002017674A2 (en) 2002-02-28
WO2002017674A3 WO2002017674A3 (en) 2002-06-27

Family

ID=24585106

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2001/025370 WO2002017674A2 (en) 2000-08-23 2001-08-13 Method and apparatus for providing encryption of information exchanged over a network link

Country Status (2)

Country Link
AU (1) AU8646301A (en)
WO (1) WO2002017674A2 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2508606A (en) * 2012-12-04 2014-06-11 Barclays Bank Plc Mobile application for credential recovery

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000033590A1 (en) * 1998-12-03 2000-06-08 Telefonaktiebolaget Lm Ericsson (Publ) End-to-end coder/decoder (codec)
US6081601A (en) * 1998-01-08 2000-06-27 Nokia Telecommunications Oy Method of implementing connection security in a wireless network

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6081601A (en) * 1998-01-08 2000-06-27 Nokia Telecommunications Oy Method of implementing connection security in a wireless network
WO2000033590A1 (en) * 1998-12-03 2000-06-08 Telefonaktiebolaget Lm Ericsson (Publ) End-to-end coder/decoder (codec)

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
KLOOS M: "EXTENSION OF ENCRYPTION OF INTERCONNECT SERVICES FROM MOBILE TO TRANSCODER" MOTOROLA TECHNICAL DEVELOPMENTS, MOTOROLA INC. SCHAUMBURG, ILLINOIS, US, vol. 37, January 1999 (1999-01), pages 203-204, XP000883898 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2508606A (en) * 2012-12-04 2014-06-11 Barclays Bank Plc Mobile application for credential recovery
GB2508606B (en) * 2012-12-04 2015-06-03 Barclays Bank Plc Credential recovery
US9800562B2 (en) 2012-12-04 2017-10-24 Barclays Bank Plc Credential recovery

Also Published As

Publication number Publication date
AU8646301A (en) 2002-03-04
WO2002017674A3 (en) 2002-06-27

Similar Documents

Publication Publication Date Title
JP5937664B2 (en) System to ensure encryption communication after handover
AU2006220553B2 (en) Symbol stream virtual radio organism method and apparatus
US6097961A (en) Mobile station originated SMS using digital traffic channel
CA2233463C (en) An information encryption method
KR100359325B1 (en) Selective Synchronization in Digital Cellular Communication Systems
JP2656153B2 (en) Digital cellular communication for authentication system
EP1878285B1 (en) Fast user plane establishment in a telecommunications network
RU2242843C2 (en) Service control method and mobile station in mobile communication system
US7143293B2 (en) Method and apparatus for providing privacy of user identity and characteristics in a communication system
CN1109459C (en) Transcoder with prevention of tandem coding of speech
ES2272046T3 (en) Encryption method data transmission and cellular radio systems using such a method.
FI98972C (en) A digital mobile communication system
JP4981691B2 (en) METHOD communication system, the user equipment, and its synchronization
EP0841770A2 (en) Method for sending a secure message in a telecommunications system
EP0820668B1 (en) Transmission equipment for an interexchange connection
US6556835B1 (en) Implementation of multicast messaging in a mobile telecommunications network
US5060266A (en) Continuous cipher synchronization for cellular communication system
KR100978987B1 (en) Method and apparatus for rapid secure session establishment on half-duplex ad-hoc group voice cellular network channels
AU636241B2 (en) Periodic system ordered rescan in a cellular communications system
US5822314A (en) Communications system and method of operation
US6373946B1 (en) Communication security
JP4047580B2 (en) The key conversion system and method
KR100945885B1 (en) Method and device for transmitting information in mobile communication mode
CN1349695B (en) Encrypted data transmission method in a radio system
JP2782954B2 (en) Dynamic encryption key selected for encrypted wireless transmission

Legal Events

Date Code Title Description
AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW

121 Ep: the epo has been informed by wipo that ep was designated in this application
AL Designated countries for regional patents

Kind code of ref document: A3

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

AK Designated states

Kind code of ref document: A3

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase in:

Ref country code: JP