WO2003051072A1 - Apparatus and method of using a ciphering key in a hybrid communications network - Google Patents

Apparatus and method of using a ciphering key in a hybrid communications network Download PDF

Info

Publication number
WO2003051072A1
WO2003051072A1 PCT/US2002/039209 US0239209W WO03051072A1 WO 2003051072 A1 WO2003051072 A1 WO 2003051072A1 US 0239209 W US0239209 W US 0239209W WO 03051072 A1 WO03051072 A1 WO 03051072A1
Authority
WO
WIPO (PCT)
Prior art keywords
mobile
mobile station
station
cellular communications
communications system
Prior art date
Application number
PCT/US2002/039209
Other languages
English (en)
French (fr)
Inventor
Alejandro R. Holcman
Nikhil Jain
Andrew T. Hunter
Original Assignee
Qualcomm, Incorporated
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US10/077,502 external-priority patent/US6594489B2/en
Application filed by Qualcomm, Incorporated filed Critical Qualcomm, Incorporated
Priority to US10/250,712 priority Critical patent/US7054628B2/en
Priority to EP02786950A priority patent/EP1464190A4/en
Priority to CA002468938A priority patent/CA2468938A1/en
Priority to AU2002351302A priority patent/AU2002351302B2/en
Priority to JP2003552012A priority patent/JP2005512471A/ja
Priority to IL16235902A priority patent/IL162359A0/xx
Priority to BR0214690-8A priority patent/BR0214690A/pt
Priority to MXPA04005487A priority patent/MXPA04005487A/es
Publication of WO2003051072A1 publication Critical patent/WO2003051072A1/en
Priority to HK05107176A priority patent/HK1074959A1/xx

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0457Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply dynamic encryption, e.g. stream encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W80/00Wireless network protocols or protocol adaptations to wireless operation
    • H04W80/02Data link layer protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/061Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying further key derivation, e.g. deriving traffic keys from a pair-wise master key

Definitions

  • the present invention relates generally to a method of and apparatus of using a ciphering key.
  • CDMA code division multiple access
  • TDMA time division multiple access
  • FDMA frequency division multiple access
  • AM modulation schemes such as amplitude companded single sideband (ACS SB)
  • ACS SB amplitude companded single sideband
  • the available frequency band is divided into channels typically 30 KHz in bandwidth while analog FM modulation techniques are used.
  • the system service area is divided geographically into cells of varying size.
  • the available frequency channels are divided into sets with each set usually containing an equal number of channels.
  • the frequency sets are assigned to cells in such a way as to minimize the possibility of co-channel interference. For example, consider a system in which there are seven frequency sets and the cells are equal size hexagons. A frequency set used in one cell will not be used in the six nearest or surrounding neighbors of that cell. Furthermore, the frequency set in one cell will not be used in the twelve next nearest neighbors of that cell.
  • the handoff scheme implemented is intended to allow a call or other type of connection (i.e., data link) to continue when a mobile station crosses the boundary between two cells.
  • the handoff from one cell to another is initiated when the receiver in the cell base station handling the call or connection notices that the received signal strength from the mobile station falls below a predetermined threshold value.
  • a low signal strength indication implies that the mobile station must be near the cell border.
  • the base station asks the system controller to determine whether a neighboring base station receives the mobile station signal with better signal strength than the current base station.
  • the system controller in response to the current base station inquiry sends messages to the neighboring base stations with a handoff request.
  • the base stations neighboring the current base station employ special scanning receivers which look for the signal from the mobile station on the specified channel. Should one of the neighboring base stations report an adequate signal level to the system controller, then a handoff will be attempted.
  • Handoff is then initiated when an idle channel from the channel set used in the new base station is selected. A control message is sent to the mobile station commanding it to switch from the current channel to the new channel. At the same time, the system controller switches the call from the first base station to the second base station.
  • a call will be discontinued if the handoff to the new base station is unsuccessful.
  • Handoff can fail if there is no idle channel available in the neighboring cell for communicating the call.
  • Handoff can also fail if another base station reports hearing the mobile station in question, when in fact this base station actually hears a different mobile station using the same channel in a completely different cell. This reporting error will result in the call being switched to a wrong cell, typically one in which signal strength is insufficient to maintain communications.
  • the mobile station fail to hear the command to switch channels, the handoff will fail. Actual operating experience indicates that handoff failures occur frequently which questions the reliability of the system.
  • Soft Handoff In Communications In A CDMA Cellular Telephone System assigned to the present assignee, the disclosure of which is incorporated herein by reference, a method and system are disclosed for providing communication with the mobile station through more than one cell base station during the handoff.
  • communication within the cellular system is uninterrupted by the eventual handoff from the base station corresponding to the cell from which the mobile station is exiting to the base station corresponding to the cell to which the mobile station is entering.
  • This type of handoff may be considered as a "soft" handoff in communications between cell base stations with the mobile wherein two or more base station or sectors of base station transmit concurrently to the mobile station.
  • the use of such "soft" handoff techniques has been found to substantially reduce the incidence of ping-ponging situations in which repeated handoff requests are made between a pair of base stations.
  • the improved soft handoff technique prescribes that the mobile station monitors the signal strength of pilots from neighboring base stations. When the measured signal strength exceeds a given threshold, the mobile station sends a signal strength message to a system controller via the base station through which the mobile station is communicating. Command messages from the system controller to a new base station and to the mobile station establish contemporaneous communication through the new and current base stations. When the mobile station detects that signal strength of a pilot corresponding to at least one of the base stations through which the mobile station is communicating has fallen below a predetermined level, the mobile station reports the measured signal strength indicative of the corresponding base station to the system controller via the base stations through which it is communicating.
  • the handoff should be attempted only when, for example: (i) an idle channel is available in the new cell, (ii) the mobile station is actually within range of the new cell base station, but before it loses contact with the current cell base station, and (iii) the mobile station is in a position at which it is assured of receiving the command to switch channels.
  • each such hard intersystem handoff will be conducted in a manner which minimizes the potential for "ping-ponging" handoff requests between the base stations of different systems.
  • this is made difficult as a result of the failure of existing handoff procedures to identify when, and through which base stations, the mobile station should supplied with new frequency and channel information and instructed to transfer the existing call or connection.
  • CDMA Cellular Communications System describes a method and system for performing an intersystem handoff of communication with a mobile station between base stations of first and second cellular systems.
  • a quantifiable parameter of a signal transmitted by a second base station of the second system is measured.
  • the mobile station communicates a signal quality message via a first base station of the first system to a first mobile switching control station.
  • a channel request message is then communicated from the first mobile switching control station to a second mobile switching control station within the second system.
  • a quantifiable parameter of the signal received from the mobile station is also measured.
  • the second base station establishes communication with the mobile station when the measured value of the quantifiable parameter passes through a predetermined level.
  • the signal strength of a first pilot signal transmitted by the first base station is measured at the mobile station.
  • a handoff request message is then sent to the second base station when the measured signal strength of the first pilot signal becomes less than a second predetermined level, thereby mobile station communication to be established.
  • CDMA based and therefore both capable of performing soft handoff there remains the problem of how to handle inter-system handoff where one or more of the systems is unable to perform such a handoff.
  • GSM so-called GSM standard has no mechanism for a soft handoff.
  • GSM authentication cannot be done because the CDMA 2000 mechanisms cannot transfer the data required to do GSM authentication.
  • Encryption in GSM is different than the encryption in CDMA 2000.
  • GSM Global System for Mobile Communications
  • a non-GSM system e.g. a CDMA system
  • GSM has been established for a long time now, relatively speaking, and operators will be reluctant to make expensive modifications to existing equipment in order to accommodate a neighbouring incompatible system. If new messages are added to the air interface in support of dual-mode mobile stations, then modifications must be made to support these new messages. Plainly, this is undesirable form the perspective of the operator.
  • CDMA and GSM authentication use two different methods and keys.
  • the authentication methods in GSM and CDMA IX are basically the same, but the keys have different sizes.
  • CDMA IX has additional procedures such as unique challenge and count methods, which respectively prevent channel hijacking and replay attacks.
  • the invention addresses the above-discussed problems.
  • a method of using a ciphering key in a mobile station from a first base station in a first cellular communications system controlled by a first mobile switching control station to a second base station in a second, different cellular system controlled by a second mobile switching control station comprising: generating for the mobile station the cipher key for use by the mobile station during communication in the second cellular communications system, the cipher key being generated by the mobile station from a private key assigned to the mobile station for the second cellular communications system and from a random number generated by the second cellular communications system; communicating the cipher key to the first mobile system; and generating for the mobile station a private long code for use by the mobile station during communication in the first cellular communications system.
  • a mobile station comprising: a transceiver chain operable to receive and transmit signals with a base station in a first cellular communications system; and a controller for: receiving a random number generated by the second cellular communications system; and generating for the mobile station a cipher key for use by the mobile station during communication in the cellular communications system, the cipher key being generated from a private key assigned to the mobile station for the cellular communications system and from the received random number.
  • FIG. 1 is a schematic representation of a cellular system
  • FIG. 2 is a schematic representation of a boundary between two cellular systems;
  • FIG. 3 is a schematic diagram of a dual mode mobile station;
  • FIG. 4 is a schematic representation of data exchange in a GSM system.
  • FIG. 5 is a schematic diagram of a single mode mobile station.
  • FIG. 1 is a schematic illustration of an exemplary cellular telephone system.
  • the illustrated system may utilize any of various multiple access modulation techniques for facilitating communications between a typically large number of system mobile stations or mobile telephones, and the base stations.
  • multiple access communication system techniques include: time division multiple access (TDMA), frequency division multiple access (FDMA), code division multiple access (CDMA), and AM modulation schemes such as amplitude companded single sideband.
  • TDMA time division multiple access
  • FDMA frequency division multiple access
  • CDMA code division multiple access
  • AM modulation schemes such as amplitude companded single sideband.
  • the spread spectrum modulation technique of CDMA disclosed for example in the above-referenced U.S. Pat. No. 4,901,307, has significant advantages over other modulation techniques for multiple access communication systems and is therefore preferred.
  • each base station transmits a unique pilot signal, which comprises the transmission of a "pilot carrier" upon a corresponding pilot channel.
  • the pilot signal is an unmodulated, direct sequence, spread spectrum signal transmitted at all times by each base station using a common pseudorandom noise (PN) spreading code.
  • PN pseudorandom noise
  • the pilot signal allows the mobile stations to obtain initial system synchronization, i.e. timing, in addition to providing a phase reference for coherent demodulation and a reference for signal strength measurements used in handoff determination.
  • the pilot signal as transmitted by each base station may often be the same PN spreading code, but with a different code phase offset.
  • a system controller and switch 10 also referred to as a mobile switching center (MSC) typically includes interface and processing circuitry (not shown) for providing system control to plural base stations 12, 14 and 16.
  • the controller 10 also controls the routing of telephone calls from the public switched telephone network (PSTN) to the appropriate base station for transmission to the appropriate mobile station.
  • PSTN public switched telephone network
  • the controller 10 also controls the routing of calls from the mobile stations, via at least one base station to the PSTN.
  • the controller 10 may direct calls between mobile users via the appropriate base station(s) since such mobile stations do not typically communicate directly with one another.
  • Controller 10 may be coupled to the base stations by various means such as dedicated telephone lines, optical fiber links or by microwave communication links.
  • FIG. 1 three such exemplary base stations, 12, 14 and 16 along with an exemplary mobile station 18, which includes a cellular telephone, are illustrated.
  • Arrows 20a and 20b define the possible communication link between base station 12 and mobile station 18.
  • Arrows 22a and 22b define the possible communication link between base station 14 and mobile station 18.
  • arrows 24a and 24b define the possible communication link between the base station 16 and the mobile station 18.
  • the base station service areas or cells are designed in geographic shapes such that the mobile station will normally be closest to one base station.
  • the mobile station When the mobile station is idle, i.e. no calls in progress, the mobile station constantly monitors the pilot signal transmissions from each nearby base station. As illustrated in FIG. 1 the pilot signals are transmitted to the mobile station 18 by the base stations 12, 14 and 16 upon the communication links 20b, 22b and 24b, respectively. The mobile station then determines which cell it is in by comparing pilot signal strength transmitted from these particular base stations.
  • the mobile station 18 may be considered closest to base station 16.
  • a control message is transmitted to the nearest base station, here base station 16.
  • Base station 16 upon receiving the call request message, signals the system controller 10 and transfers the call number.
  • the system controller 10 then connects the call through the PSTN to the intended recipient.
  • the controller 10 transmits the call information to all base stations in the area.
  • the base stations in return transmit a paging message to the intended recipient mobile station.
  • the mobile station hears a page message, it responds with a control message that is transmitted to the nearest base station.
  • This control message signals the system controller that this particular base station is in communication with the mobile station.
  • the controller 10 then routes the call through the nearest base station to the mobile station.
  • the base station 16 notices that the signal transmitted by the mobile station 18 has fallen below a certain threshold level.
  • the base station 16 then transmits a handoff request to the system controller 10, which relays the request to all neighboring base stations 12, 14 of the base station 16.
  • the controller-transmitted request includes information relating to the channel, including the PN code sequence used by mobile station 18.
  • Base stations 12 and 14 tune a receiver to the channel being used by the mobile station and measure the signal strength, typically using digital techniques. If one of base stations 12 and 14 receivers report a stronger signal than the initial base station reported signal strength, then a handoff is made to that base station.
  • the mobile station itself may initiate a so-called mobile-assisted handoff.
  • the base stations each transmit a pilot signal, which, among other things, identifies the base station.
  • the mobile station is equipped with a search receiver which is used to scan the pilot signal transmission of the neighboring base stations 12 and 14, in addition to performing other functions. If the pilot signal of one of the neighbouring base stations 12 and 14 is found to be stronger than a given threshold, then the mobile station 18 transmits a message to this effect to the current base station 16.
  • An interactive process between the mobile station and the base station then permits the mobile station to communicate through the one or more of base stations 12, 14 and 16.
  • the mobile station identifies and measures the signal strength of the pilot signals that it receives. This information is communicated, via the base station(s) with which the mobile station is communicating, through to the MSC.
  • the MSC upon receiving this information, initiates or terminates connections between the mobile and base stations, thereby effecting the mobile-assisted handoff.
  • the foregoing process may also be considered to be a "soft" handoff in that the mobile station simultaneously communicates through more than one base station.
  • the MSC can combine or choose between the signals received from each base station with which the mobile unit is in communication during movement between different cells.
  • the MSC may relay signals from the PSTN to each base station with which the mobile unit is in communication.
  • Mobile-assisted handoffs tend to be more complex if the mobile station happens to be located within the coverage area of two or more base stations not within the same cellular system, i.e., not controlled by the same MSC.
  • FIG. 2 shows in schematic form a cellular communications network 30 in which are included a CDMA cellular system (e.g. IS-95 IX) under the control of a CDMA mobile switching center MSCc and a GSM cellular systems under the control of a GSM mobile switching center MSCg.
  • CDMA cellular system e.g. IS-95 IX
  • GSM cellular systems under the control of a GSM mobile switching center MSCg.
  • FIG. 2 there are illustratively represented five such exemplary base stations B1A to B5A respectively located within cells CIA to C5A of the CDMA system, and five base stations BIB to B5B respectively located within the cells C1B to C5B of the GSM system.
  • cells CIA to C5A and C1B to C5B are shown as being circular, it should be understood that cells will typically be designed to be of other shapes and in reality will have forms dependent on the terrain and topography of the area in which they are located.
  • cells CIA to C3A and C1B to C3B may be referred to as "border” cells, since these cells are proximate the boundary between the first and second cellular systems. This designation allows the remainder of the cells within each system to be conveniently referred to as “internal” cells.
  • the following description will be given with reference to a mobile station, which is capable of receiving and reacting to signals from base stations within both CDMA and GSM cellular systems.
  • the mobile station is configured with a dual-band transceiver having a receive chain tuneable to the different operating frequencies of the two cellular systems.
  • a schematic diagram of such a mobile station is given in FIG. 3 of the accompanying drawings.
  • the mobile station 40 comprises an antenna 42 connected through a diplexer 44 to both a CD AM transmission and reception chain 46 and a GSM transmission and reception chain 48.
  • the transmission/reception chains 46, 48 are conventional for the respective CDMA and GSM systems.
  • the chains output suitably demodulated and converted data to a convention baseband circuit 50, and receive data for transmission from the baseband circuit 40.
  • the transmission/reception chains 46, 48 are controlled by a controller 52, which, among other things, switches between the two chains in response to command signals from the CDMA or GSM system.
  • the two chains are not active at the same time. In another embodiment, the two chains may be active at the same time.
  • the mobile station is configured with a single transceiver having a receive chain tuneable to one of the two cellular systems.
  • FIG. 5 of the accompanying drawings A schematic diagram of such a mobile station is given in FIG. 5 of the accompanying drawings.
  • the mobile station 53 comprises an antenna 54.
  • a diplexer 55 is connected to a CDMA transmission and reception chain 56 (if it's a CDMA handset). Otherwise, the mobile station 53 is connected to a GSM transmission and reception chain 57.
  • the transmission/reception chains 56, 57 are conventional for their respective CDMA and GSM systems.
  • the chain output is suitably demodulated and converted data to a convention baseband circuit 58, and receives data for transmission from the baseband circuit 58.
  • the transmission/reception chain, either chain 56 or chain 57 is controlled by a controller 59.
  • the CDMA mobile switching center controls the routing of telephone calls from the public switched telephone network (PSTN) to the appropriate base station BIA to B5A for transmission to the designated mobile station.
  • the CDMA mobile switching center MSCc also controls the routing of calls from the mobile stations within the coverage area of the first cellular system, via at least one base station, to the PSTN.
  • the GSM mobile switching center MSCg operates in a like manner to govern the operation of the base stations BIB to B5B, and to route calls between the PSTN and the GSM cellular system. Control messages and the like are communicated between MSCc and MSCg over an intersystem data link 34.
  • a mobile station When a mobile station is located within an internal cell of the CDMA system, the mobile station will typically be programmed to monitor the pilot signal transmissions from each nearby (i.e., internal and/or border) base station. The mobile station then determines which internal cell it is in by comparing pilot signal strength transmitted from the surrounding base stations. When the mobile station approaches the boundary of the internal cell, a mobile-assisted handoff may be initiated in the manner described above with reference to U.S. Pat. No. 5,267,261, for example. [0051] A different situation exists when the mobile station is located within one of the border cells CIA to C3A or C1B to C3B. As an example, consider a case in which the mobile station is located within cell C2A, but is approaching cell C2B.
  • the mobile station could begin to receive usable signal levels from base station B2B, which would then be reported to base station B2B and to any other base station(s) with which the mobile station is currently in communication.
  • the time at which usable signal levels are being received by a mobile or base station may be determined by measuring one or more quantifiable parameters (e.g., signal strength, signal to noise ratio, frame erasure rate, bit error rate, and/or relative time delay) of the received signal.
  • quantifiable parameters e.g., signal strength, signal to noise ratio, frame erasure rate, bit error rate, and/or relative time delay
  • the solution to this problem is to use a generic message containing instructions that enable the mobile station to transfer from the CDMA network to the GSM network.
  • the generic message must be able to convey data necessary to effect GSM authentication and encryption.
  • other supplementary features in GSM should also be supported by the generic message.
  • established GSM protocols must be kept intact so as to minimise any changes in existing GSM systems.
  • Part of the handoff operation includes establishing subscriber identity and once the handoff has been effected it is necessary to maintain signalling and data confidentiality for physical connections (ciphering).
  • the definition and operational requirements of subscriber identity authentication are given in GSM 02.09.
  • the authentication procedure is also used to set the ciphering key. Therefore, the authentication procedure is performed after the network has established the subscriber identity and before the channel is encrypted. Two network functions are necessary in order to achieve this, namely the authentication procedure itself, and management of authentication and encryption keys within the system.
  • tunnelling mechanisms may work at any time (during hand-off situations and non-hand-off situations), and may be uni-directional or bi-directional.
  • One type of tunnelling mechanism is the so-called ADDS (Application Data Delivery Service) messages and short data burst messages to transparently pass within the CDMA system GSM parameters that are typically not examined by the GSM Base Station Controller BSC, but are needed by a dual mode mobile station.
  • ADDS Application Data Delivery Service
  • the use of ADDS messages together with data bursts allows a generic payload to be sent between the mobile service switching centers (MSC) of the networks or other network elements (e.g. SMS, position location server, OTASP).
  • MSC mobile service switching centers
  • OTASP position location server
  • ADDS messages that are used to convey GSM handoff data, such as timing information and authentication data from the MSCc through the BSCc to the mobile station.
  • the mobile station uses so-called MAP (Mobile Application Protocol) messages to convey the handoff data to the MSCg in the GSM network.
  • MAP Mobile Application Protocol
  • Other alternatives for transferring the data are, of course, possible.
  • the mobile station When the mobile station is at the border between the CDMA and GSM systems (e.g. in cell C2A and approaching cell C2B) the mobile station begins the handoff process by sending a message back to the MSCc notifying the MSCc that conditions are such that the mobile should be handed off to the GSM system.
  • a cell database (not shown) may be used as part of the handoff procedure.
  • This database is used to provide essential information on the GSM network to the mobile, so it will be able to perform a hand-off between the CDMA MSC and GSM as needed.
  • asynchronous handoff In a GSM system two types of handoff are available, namely synchronous and asynchronous. For ease of implementation asynchronous handoff is preferred. The mobile station is therefore told that the handoff will be an asynchronous handoff to GSM. After a handoff order is received by the mobile station the mobile first sends a few access bursts to the GSM base station controller BSCg until it receives until it receives back a MAP handoff message which is passed back to the CDMA MSCc to enable GSM authentication data to be generated and provided to the mobile station.
  • GSM has a procedure for asynchronous handoff, with data bursts which help the BSCg to acquire timing for mobile.
  • the ADDS message therefore includes an 'action time' message specifying a specific time for handoff to happen. Only once this data has been received will the mobile start normal transmission.
  • CDMA and GSM authentication use two different methods and keys.
  • the authentication methods in GSM and CDMA IX are basically the same, but the keys have different sizes.
  • CDMA IX has additional procedures such as Unique Challenge and Count methods, which respectively prevent channel hijacking and replay attacks.
  • GSM authentication methods should be re-used over the CDMA physical layer. This provides the advantage of the system not having to support two different types of authentication centers, two types of SIM cards, etc.
  • the authentication procedure consists of a series of exchanges between the system and the mobile station.
  • the system transmits a non-predictable number RAND to the mobile station.
  • the mobile station computes a result SRES, also known as the signature of the RAND number, using an algorithm known as the A3 algorithm.
  • the A3 algorithm uses RAND and an Individual Subscriber Authentication Key Ki to calculate SRES.
  • the Subscriber Authentication Key Ki is allocated when the customer first subscribes to the service and is stored both in a SIM (subscriber identity module) card and in the Home Location Register (HLR) of the system. Ki is the private key in the encryption and therefore is never transmitted over the network.
  • the mobile station transmits the signature SRES to the system where it is tested for validity.
  • FIG. 4 of the accompanying drawing illustrates how authentication is effected in the GSM MSC.
  • the authentication key in GSM is called Ki and is 128 bits long.
  • the network generates a random number (RAND), which is also 128 bits in length.
  • RAND and Ki are input to the A3 algorithm, which calculates a 32-bit result (SRES) from the input data.
  • SRES 32-bit result
  • the RAND number is also transmitted to the mobile station by way of over the air messages.
  • each mobile station includes a smart card, i.e. the so- called SIM (subscriber identity module) card.
  • SIM commands for authentication are specified in GSM 11.11. These commands are only allowed to be executed if they do not interfere with the correct functioning of the GSM application. If the SIM is removed from the mobile station during a call, the call is terminated immediately, as defined in GSM 11.11.
  • the SIM in the mobile station also computes SRES by applying the A3 algorithm to the received RAND number and a locally stored copy of Ki.
  • the result of the computation is again SRES and should be the same as the SRES calculated by the network.
  • the result SRES is therefore sent by the mobile station to the network where it is compared with the value of SRES calculated by the network. If both values of SRES are the same then the mobile station is authentic.
  • the RAND number is transmitted using the ADDS messages on the air interface and a result SRES is transmitted back.
  • SRES is also used in an algorithm known as A8 to calculate an
  • Kc 64-bit encryption or ciphering key Kc.
  • the Kc key generated by the GSM authentication and encryption algorithms by the SIM in the mobile station is applied to the CDMA physical layer in place of the private long code mask that would normally be generated using the CDMA CAVE algorithm.
  • the 64-bit Kc key is uniquely mapped to the 42 bit private long code and, thus, is used as a basis for the "private long code mask" to provide for voice privacy.
  • the private long code mask is passed around CDMA messages and interpreted no differently than if it had been generated from the CAVE algorithm. Using this approach for voice privacy allows the system to keep a unique authentication center and unique SEVI types, within the hybrid CDMA/GSM network.
  • GSM performs encryption at the frame level. Every frame is encrypted using the frame number and the 64-bit Kc key, which key is derived as discussed with reference to FIG. 4. The frame number and Kc mask is applied to every frame.
  • the encryption is performed using a 42 -bit private long code.
  • the Kc key is used to derive a 42-bit private long code mask, with a mapping algorithm mapping between Kc and the private long code. This mapping is performed in the MSCc, which then simply tells the BSC which private long code to use.
  • the ADDS operation allows the transfer of transparent services between terrestrial network elements (e.g. MSC, SMS, PDC) and the mobile station.
  • the system uses this operation to transfer the Authentication information RAND to the MS and to transfer SRES back to the MSC.
  • the ADDS messaging operation goes from the MSCc to the BSCc, and allows data to be sent to the mobile station over the paging channel.
  • the ADDS Transfer operation goes from the BSCc to the MSCc and allows data to be sent to the network from the mobile station over the access channel.
  • the ADDS Deliver operation goes from the MSCc to the BSCc, or BSCc to MSCc and allows data to be sent between the mobile station and the network over the traffic channel.
  • ADDS parameter has been defined as "ADDS User Part", which contains a 6-bit "Data Burst Type” that indicates the format of the application data message.
  • the ADDS operation utilizes the ADDS User Part parameter to contain the service-specific data.
  • the authentication operation makes use of the ADDS User Part to carry the authentication data.
  • the described system uses a new Data Burst Type named "GSM-MAP Authentication" which is interpreted accordingly by the mobile station.
  • the exemplary embodiments may be implemented whenever a database for storing information pertaining to the authentication process exists at the receiving end, or is accessible by the receiving end.
  • the processor of the exemplary embodiments may be used to implement one cryptographic scheme with one party and another cryptographic scheme with another party.
  • the basic implementation of the exemplary embodiments may be performed without the need for physical connection to intermediary resources because communication with separate parties occur through a wireless medium.
  • the various illustrative logical blocks, flowcharts, windows, and steps described in connection with the embodiments disclosed herein may be implemented or performed in hardware or software with an application-specific integrated circuit (ASIC), a programmable logic device, discrete gate or transistor logic, discrete hardware components, such as, e.g., registers in the FIFO, a processor executing a set of firmware instructions, any conventional programmable software and a processor, a field programmable gate array (FPGA) or other programmable logic device, or any combination thereof.
  • ASIC application-specific integrated circuit
  • a programmable logic device discrete gate or transistor logic
  • discrete hardware components such as, e.g., registers in the FIFO
  • a processor executing a set of firmware instructions any conventional programmable software and a processor
  • FPGA field programmable gate array
  • the processor may advantageously be a micro-controller, but in the alternative, the processor may be any conventional processor, controller, micro-controller, or state machine.
  • the software may reside in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, hard disk, removable disks, a CD-ROM, a DVD-ROM, registers, or any other magnetic or optical storage media.
PCT/US2002/039209 2001-12-07 2002-12-05 Apparatus and method of using a ciphering key in a hybrid communications network WO2003051072A1 (en)

Priority Applications (9)

Application Number Priority Date Filing Date Title
US10/250,712 US7054628B2 (en) 2001-12-07 2002-12-05 Apparatus and method of using a ciphering key in a hybrid communications network
EP02786950A EP1464190A4 (en) 2001-12-07 2002-12-05 APPARATUS AND METHOD FOR UTILIZING AN ENCRYPTION KEY IN A HYBRID TELECOMMUNICATION NETWORK
CA002468938A CA2468938A1 (en) 2001-12-07 2002-12-05 Apparatus and method of using a ciphering key in a hybrid communications network
AU2002351302A AU2002351302B2 (en) 2001-12-07 2002-12-05 Apparatus and method of using a ciphering key in a hybrid communications network
JP2003552012A JP2005512471A (ja) 2001-12-07 2002-12-05 ハイブリッド通信ネットワークで暗号解読用鍵を用いる装置及び方法
IL16235902A IL162359A0 (en) 2001-12-07 2002-12-05 Apparatus and method of using a ciphering key in ahybrid communications network
BR0214690-8A BR0214690A (pt) 2001-12-07 2002-12-05 Equipamento e método para uso de uma chave de cifra em uma rede de comunicações hìbrida
MXPA04005487A MXPA04005487A (es) 2001-12-07 2002-12-05 Aparato y metodo de uso de una clave cifrada en una red de comunicaciones hibrida.
HK05107176A HK1074959A1 (en) 2001-12-07 2005-08-18 Apparatus and method of using a ciphering key in ahybrid communications network

Applications Claiming Priority (8)

Application Number Priority Date Filing Date Title
US34075501P 2001-12-07 2001-12-07
US60/340,755 2001-12-07
US35040102P 2002-01-17 2002-01-17
US60/350,401 2002-01-17
US10/077,502 US6594489B2 (en) 2001-12-07 2002-02-14 Method and apparatus for effecting handoff between different cellular communications systems
US10/077,502 2002-02-14
US35849102P 2002-02-19 2002-02-19
US60/358,491 2002-02-19

Publications (1)

Publication Number Publication Date
WO2003051072A1 true WO2003051072A1 (en) 2003-06-19

Family

ID=27491347

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2002/039209 WO2003051072A1 (en) 2001-12-07 2002-12-05 Apparatus and method of using a ciphering key in a hybrid communications network

Country Status (13)

Country Link
EP (1) EP1464190A4 (ja)
JP (2) JP2005512471A (ja)
KR (1) KR101036699B1 (ja)
CN (1) CN1290346C (ja)
AR (1) AR037759A1 (ja)
AU (1) AU2002351302B2 (ja)
BR (1) BR0214690A (ja)
CA (1) CA2468938A1 (ja)
HK (1) HK1074959A1 (ja)
IL (1) IL162359A0 (ja)
MX (1) MXPA04005487A (ja)
TW (1) TWI272020B (ja)
WO (1) WO2003051072A1 (ja)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006081167A (ja) * 2004-08-12 2006-03-23 Samsung Electronics Co Ltd 再設定可能なキー検索エンジン
WO2006102565A2 (en) * 2005-03-23 2006-09-28 Nortel Networks Limited Optimized derivation of handover keys in mobile ipv6
JP2007527652A (ja) * 2003-07-07 2007-09-27 クゥアルコム・インコーポレイテッド マルチキャスト・ブロードキャスト・マルチメディア・システム(mbms)のための安全な登録
US8848920B2 (en) 2004-07-14 2014-09-30 Qualcomm Incorporated Method and apparatus for delivering keys
US8971790B2 (en) 2003-01-02 2015-03-03 Qualcomm Incorporated Method and apparatus for broadcast services in a communication system
US8983065B2 (en) 2001-10-09 2015-03-17 Qualcomm Incorporated Method and apparatus for security in a data processing system
US9100457B2 (en) 2001-03-28 2015-08-04 Qualcomm Incorporated Method and apparatus for transmission framing in a wireless communication system

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8077679B2 (en) 2001-03-28 2011-12-13 Qualcomm Incorporated Method and apparatus for providing protocol options in a wireless communication system
US8121296B2 (en) 2001-03-28 2012-02-21 Qualcomm Incorporated Method and apparatus for security in a data processing system
US7649829B2 (en) 2001-10-12 2010-01-19 Qualcomm Incorporated Method and system for reduction of decoding complexity in a communication system
US8718279B2 (en) 2003-07-08 2014-05-06 Qualcomm Incorporated Apparatus and method for a secure broadcast system
US8724803B2 (en) 2003-09-02 2014-05-13 Qualcomm Incorporated Method and apparatus for providing authenticated challenges for broadcast-multicast communications in a communication system
CN101288260A (zh) 2005-01-27 2008-10-15 美商内数位科技公司 使用未由他人分享联合随机衍生秘钥方法及系统
JP4781980B2 (ja) * 2006-11-29 2011-09-28 京セラ株式会社 無線通信装置および無線通信方法
GB2472580A (en) * 2009-08-10 2011-02-16 Nec Corp A system to ensure that the input parameter to security and integrity keys is different for successive LTE to UMTS handovers
DK3018850T3 (en) * 2013-01-30 2017-07-10 ERICSSON TELEFON AB L M (publ) Generating a security key for dual connectivity
US9591587B2 (en) * 2014-05-07 2017-03-07 Qualcomm Incorporated Maximum pathloss measurement for broadcast communication
TWI751433B (zh) * 2019-08-19 2022-01-01 中華電信股份有限公司 安全通訊金鑰協商方法

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5778075A (en) * 1996-08-30 1998-07-07 Telefonaktiebolaget, L.M. Ericsson Methods and systems for mobile terminal assisted handover in an private radio communications network
WO2000024139A1 (en) 1998-10-21 2000-04-27 Qualcomm Incorporated Encryption support in a hybrid gsm/cdma network
WO2001020925A2 (en) 1999-09-10 2001-03-22 Telefonaktiebolaget Lm Ericsson (Publ) System and method of passing encryption keys after inter-exchange handoff
US20020091933A1 (en) * 2001-01-05 2002-07-11 Quick Roy F. Local Authentication in a communication system
US20020146127A1 (en) * 2001-04-05 2002-10-10 Marcus Wong System and method for providing secure communications between wireless units using a common key

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5697055A (en) * 1994-10-16 1997-12-09 Qualcomm Incorporated Method and apparatus for handoff between different cellular communications systems
US5673259A (en) * 1995-05-17 1997-09-30 Qualcomm Incorporated Random access communications channel for data services
JPH11231773A (ja) * 1998-02-10 1999-08-27 Mitsubishi Electric Corp 暗号強度評価装置
KR100275447B1 (ko) * 1998-06-18 2000-12-15 이계철 무선 통신망의 키 생성 함수 갱신 방법 및 그를 이용한 비밀키 갱신 방법
KR100299058B1 (ko) * 1998-12-08 2001-09-06 이계철 이동통신에서스마트카드채택시호이력카운트를이용한단말기복제탐지방법
FI105964B (fi) * 1998-12-16 2000-10-31 Nokia Networks Oy Menetelmä matkaviestinyhteyksien hallintaan

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5778075A (en) * 1996-08-30 1998-07-07 Telefonaktiebolaget, L.M. Ericsson Methods and systems for mobile terminal assisted handover in an private radio communications network
WO2000024139A1 (en) 1998-10-21 2000-04-27 Qualcomm Incorporated Encryption support in a hybrid gsm/cdma network
WO2001020925A2 (en) 1999-09-10 2001-03-22 Telefonaktiebolaget Lm Ericsson (Publ) System and method of passing encryption keys after inter-exchange handoff
US20020091933A1 (en) * 2001-01-05 2002-07-11 Quick Roy F. Local Authentication in a communication system
US20020146127A1 (en) * 2001-04-05 2002-10-10 Marcus Wong System and method for providing secure communications between wireless units using a common key

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP1464190A4

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9100457B2 (en) 2001-03-28 2015-08-04 Qualcomm Incorporated Method and apparatus for transmission framing in a wireless communication system
US8983065B2 (en) 2001-10-09 2015-03-17 Qualcomm Incorporated Method and apparatus for security in a data processing system
US8971790B2 (en) 2003-01-02 2015-03-03 Qualcomm Incorporated Method and apparatus for broadcast services in a communication system
JP2007527652A (ja) * 2003-07-07 2007-09-27 クゥアルコム・インコーポレイテッド マルチキャスト・ブロードキャスト・マルチメディア・システム(mbms)のための安全な登録
US8098818B2 (en) 2003-07-07 2012-01-17 Qualcomm Incorporated Secure registration for a multicast-broadcast-multimedia system (MBMS)
US8848920B2 (en) 2004-07-14 2014-09-30 Qualcomm Incorporated Method and apparatus for delivering keys
JP2006081167A (ja) * 2004-08-12 2006-03-23 Samsung Electronics Co Ltd 再設定可能なキー検索エンジン
WO2006102565A2 (en) * 2005-03-23 2006-09-28 Nortel Networks Limited Optimized derivation of handover keys in mobile ipv6
WO2006102565A3 (en) * 2005-03-23 2007-12-13 Nortel Networks Ltd Optimized derivation of handover keys in mobile ipv6

Also Published As

Publication number Publication date
MXPA04005487A (es) 2004-12-06
AR037759A1 (es) 2004-12-01
KR20050044738A (ko) 2005-05-12
IL162359A0 (en) 2005-11-20
AU2002351302A1 (en) 2003-06-23
JP2005512471A (ja) 2005-04-28
JP2011229185A (ja) 2011-11-10
EP1464190A4 (en) 2009-12-30
CN1618241A (zh) 2005-05-18
TWI272020B (en) 2007-01-21
CN1290346C (zh) 2006-12-13
TW200306125A (en) 2003-11-01
KR101036699B1 (ko) 2011-05-24
EP1464190A1 (en) 2004-10-06
HK1074959A1 (en) 2005-11-25
BR0214690A (pt) 2004-11-30
AU2002351302B2 (en) 2008-01-31
CA2468938A1 (en) 2003-06-19

Similar Documents

Publication Publication Date Title
US7016326B2 (en) Method and apparatus for effecting handoff between different cellular communications systems
US7961687B2 (en) Method and apparatus for effecting handoff between different cellular communications systems
US6594489B2 (en) Method and apparatus for effecting handoff between different cellular communications systems
JP5108054B2 (ja) ハイブリッド通信ネットワークにおけるハンドオフ
JP2011229185A (ja) ハイブリッド通信ネットワークで暗号解読用鍵を用いる装置及び方法
US7054628B2 (en) Apparatus and method of using a ciphering key in a hybrid communications network
EP1451966A1 (en) Authentication in a hybrid communications network

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SC SD SE SG SK SL TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR IE IT LU MC NL PT SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
WWE Wipo information: entry into national phase

Ref document number: 10250712

Country of ref document: US

WWE Wipo information: entry into national phase

Ref document number: 2468938

Country of ref document: CA

WWE Wipo information: entry into national phase

Ref document number: 2004/04391

Country of ref document: ZA

Ref document number: 162359

Country of ref document: IL

Ref document number: 200404391

Country of ref document: ZA

WWE Wipo information: entry into national phase

Ref document number: 2003552012

Country of ref document: JP

Ref document number: PA/a/2004/005487

Country of ref document: MX

Ref document number: 1247/CHENP/2004

Country of ref document: IN

Ref document number: 1020047008761

Country of ref document: KR

WWE Wipo information: entry into national phase

Ref document number: 2002351302

Country of ref document: AU

WWE Wipo information: entry into national phase

Ref document number: 2002786950

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 20028275241

Country of ref document: CN

WWP Wipo information: published in national office

Ref document number: 2002786950

Country of ref document: EP