WO2010064782A1 - Communication method and device with security function - Google Patents

Communication method and device with security function Download PDF

Info

Publication number
WO2010064782A1
WO2010064782A1 PCT/KR2009/005287 KR2009005287W WO2010064782A1 WO 2010064782 A1 WO2010064782 A1 WO 2010064782A1 KR 2009005287 W KR2009005287 W KR 2009005287W WO 2010064782 A1 WO2010064782 A1 WO 2010064782A1
Authority
WO
WIPO (PCT)
Prior art keywords
layer
pdu
pdus
unit
transmission
Prior art date
Application number
PCT/KR2009/005287
Other languages
French (fr)
Inventor
Myung San Bae
Mi Kyoung Kim
Young Soo Jung
Original Assignee
Mth Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Mth Inc filed Critical Mth Inc
Publication of WO2010064782A1 publication Critical patent/WO2010064782A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L1/00Arrangements for detecting or preventing errors in the information received
    • H04L1/12Arrangements for detecting or preventing errors in the information received by using return channel
    • H04L1/16Arrangements for detecting or preventing errors in the information received by using return channel in which the return channel carries supervisory signals, e.g. repetition request signals
    • H04L1/18Automatic repetition systems, e.g. Van Duuren systems
    • H04L1/1867Arrangements specially adapted for the transmitter end
    • H04L1/1874Buffer management

Definitions

  • the present invention relates to communication method and device with security function and a recording medium having recorded thereon a program for carrying out the communication method.
  • the communication layers may vary depending on the fields or techniques to which a hierarchical classification is applied and may generally mean some layers of an open system interconnection (hereinafter, referred to as “OSI”) reference model.
  • OSI open system interconnection
  • the OSI reference model is a communication-relating standard model established to smoothly connect different types of communication devices to each other and generally includes layer 1 (physical layer), layer 2 (data link layer), layer 3 (network layer), layer 4 (transport layer), layer 5 (session layer), layer 6 (presentation layer), and layer 7 (application layer).
  • Layer 1 determines what electric signal should be used to transmit a bit stream sent from a higher layer through a transmission medium.
  • Layer 2 data link layer
  • Layer 3 network layer constitutes a logical link not shown between a transmission party and a reception party and serves to divide data into packet units, to transmit and combine the divided packet units, and to provide a routing function of searching for the optimal path for transmitting the packets.
  • Layer 4 (transport layer) sets up and maintains links between users or between computers and takes charge of the logical stabilization of the transmission and reception systems and the uniform provision of services.
  • Layer 5 (session layer) sets up a session and provides a synchronization function so as to smooth a sequential flow of conversations.
  • Layer 6 (presentation layer) handles methods of presenting data and provides a standard interface permitting different data presentations.
  • Layer 7 (application layer) which is the highest layer serves as a window for allowing a user’s application program to access network environments.
  • a packet generated in layer 7 is sent to layer 4 (transport layer) through layer 6 (presentation layer) and layer 5 (session layer).
  • Layer 4 transport layer
  • Layer 4 transport layer
  • Layer 3 network layer
  • Layer 2 data link layer
  • Layer 1 physical layer
  • the data to be transmitted by the above-mentioned processes may be subjected to an encrypting process in advance for the purpose of security.
  • a security block is called from a layer of protocol stack which is an input unit of the security block so as to encrypt the data.
  • Such encrypting methods could be embodied faithful to the standard and other developers could easily understand the embodied blocks.
  • different types of structures should be provided depending on the applied standards.
  • the security block used in a communication system could perform the encrypting process in the unit of a layer 2 (data link layer) PDU (Protocol Data Unit) or in the unit of a layer 3 (network layer) PDU in terms of the seven layers of the OSI reference model.
  • the security blocks should be individually provided to correspond to the modes because of the above-mentioned difference. Accordingly, elements supporting the same function should be repeatedly provided to one system, which causes a waste of resources.
  • the processing time for re-transmission and the data transmission rate can be slowed down to a half.
  • the opposite party having received the data may determine a transmission error and continuously send a NACK signal, thereby causing a ping-pong phenomenon.
  • the present invention is to provide communication method and devices with a security function and a program for carrying out the communication method, which can be coherently applied to any communication system regardless of standards.
  • the present invention is to provide communication method and devices with a security function and a program for carrying out the communication method, which can selectively encrypt and output only a part requiring the encrypting just before it goes from layer 2 to layer 1, in encrypting a higher-layer PDU (for example, a PDU of the third or higher layer of the OSI seven layers) and encrypting a layer 2 PDU.
  • a higher-layer PDU for example, a PDU of the third or higher layer of the OSI seven layers
  • the present invention is to provide communication method and devices with a security function and a program for carrying out the communication method, which can raise a processing speed of a security block (that is, encryption unit) while a small amount of used memory is maintained.
  • a security block that is, encryption unit
  • another goal of the invention is to communication method and devices with a security function and a program for carrying out the communication method, which can maintain a high processing speed by minimizing the movement of data between memories and can easily cope with a later change in information by storing the original data.
  • the present invention is to provide communication method and devices with a security function and a program for carrying out the communication method, which cannot deteriorate the speed or the processing time when previously transmitted data is re-encrypted using another security key for the purpose of re-transmission.
  • the encrypted transmission unit packet is combined with a layer 2 header to generate a layer 2 PDU.
  • the layer 2 header may include information on the one or more of the process of dividing the one or more layer 3 PDUs and the process of combining the one or more layer 3 PDUs to generate the transmission unit packet.
  • Location information and length information of the higher-layer PDU to be encrypted in the transmission unit packet may be managed to encrypt the higher-layer PDU.
  • One or more of the encrypting keys and the encrypting algorithms of the one or more higher-layer PDUs included in the transmission unit packet may be different.
  • the step of encrypting one or more higher-layer PDUs may be performed when the generation of a transmission interrupt for notifying a transmission time of the layer 2 PDU is sensed.
  • the layer 2 PDU may be stored in a transmitting memory in a modem and then transmitted to a receiving device.
  • a terminal device for encrypting a higher-layer PDU (Protocol Data Unit) in layer 2 including: a transmitted data storage unit storing one or more layer 3 PDUs; a function processing unit performing one or more of a process of dividing the stored one or more layer 3 PDUs and a process of combining the stored one or more layer 3 PDUs to generate a transmission unit packet with a predetermined transmission size; a control information processing unit storing one or more of location information and length information of one or more higher-layer PDUs included in the transmission unit packet in a location storage unit; and an encryption unit encrypting the higher-layer PDU located at the corresponding location using the one or more of the location information and the length information for indicating a range of an input data to be encrypted in the transmission unit packet and an encrypting key.
  • a transmitted data storage unit storing one or more layer 3 PDUs
  • a function processing unit performing one or more of a process of dividing the stored one or more layer 3 PDUs and a process of
  • the terminal device may further include a transmission block generating unit combining the encrypted transmission unit packet with a layer 2 header to generate a layer 2 PDU.
  • the layer 2 header may include information on the one or more of the process of dividing one or more layer 3 PDUs and the process of combining the one or more layer 3 PDUs in the function processing unit.
  • the terminal device may further include a data transmitting unit generating a transmission interrupt for notifying a transmission start of the layer 2 PDU to allow the encryption unit to start its operation.
  • the data transmitting unit may include a transmitting memory storing the layer 2 PDU.
  • a method of decrypting a higher-layer PDU (Protocol Data Unit) in layer 2, which is performed by a terminal device including the steps of: (a) separating a layer 2 PDU received through a network into a layer 2 header and a transmission unit packet; (b) decrypting an encrypted higher-layer PDU included in the transmission unit packet; and (c) reconstructing one or more layer 3 PDUs from the decrypted transmission unit packet.
  • the layer 2 header includes information on one or more of a process of dividing the one or more layer 3 PDUs and a process of combining the one or more layer 3 PDUs to generate the transmission unit packet.
  • Location information and length information of the higher-layer PDU to be encrypted in the transmission unit packet may be managed to decrypt the higher-layer PDU.
  • the method may further include the steps of: determining whether the reconstructed layer 3 PDU is complete; and notifying a higher layer of the receipt of the layer 3 PDU when the reconstructed layer 3 PDU is complete.
  • the layer 3 PDU includes only a partial piece due to the division process or a sequence number is not matched, it is determined that the reconstructed layer 3 PDU is incomplete.
  • the method may further include the steps of: waiting until all the pieces for constructing a complete layer 3 PDU are reconstructed by repeatedly performing the processes of the steps of (a) to (c); and reconstructing the complete layer 3 PDU using the reconstructed pieces.
  • the method may further include the step of waiting until a complete layer 3 PDU matched with a sequence number is reconstructed by repeatedly performing the processes of the steps of (a) to (c) when the layer 3 PDU is an incomplete layer 3 PDU which is not matched with the sequence number.
  • a terminal device for decrypting a higher-layer PDU (Protocol Data Unit) in layer 2 including: a receiving memory storing one or more layer 2 PDUs; a transmission block separating unit separating the layer 2 PDU into a layer 2 header and a transmission unit packet; and a decryption unit receiving one or more of location information and length information for indicating a range of an input data to be decrypted in a layer 3 PDU and a decrypting key from a control information processing unit and decrypting the higher-layer PDU corresponding to the range of the input data in the transmission unit packet.
  • the layer 2 header includes information on one or more of a process of dividing one or more layer 3 PDUs and a process of combining the one or more layer 3 PDUs to construct the transmission unit packet.
  • the terminal device may further include a function processing unit determining whether the layer 3 PDU reconstructed from the decrypted transmission unit packet is a complete layer 3 PDU and notifying a higher layer of the receipt of the layer 3 PDU when the layer 3 PDU is complete.
  • a function processing unit determining whether the layer 3 PDU reconstructed from the decrypted transmission unit packet is a complete layer 3 PDU and notifying a higher layer of the receipt of the layer 3 PDU when the layer 3 PDU is complete.
  • the layer 3 PDU includes only a partial piece due to the division process or a sequence number is not matched, it may be determined that the reconstructed layer 3 PDU is incomplete.
  • the process of the security block is performed just before transmitting and receiving data, it is possible to easily store the original data and thus to use the stored original data to re-encrypt data for the purpose of re-transmission, thereby reducing the processing time. That is, only one memory access for acquiring the original data is required for the re-transmission and the re-encrypting.
  • FIG. 1 is a diagram schematically illustrating a communication system according to an embodiment of the invention.
  • FIG. 2 is a diagram illustrating the configuration of a transmitted data converting unit according to an embodiment of the invention.
  • FIG. 3 is a flowchart illustrating the flow of processes in the transmitted data converting unit according to an embodiment of the invention.
  • FIG. 4 is a diagram illustrating a state where layer 3 PDUs are stored in a transmitted data storage unit according to an embodiment of the invention.
  • FIG. 5 is a diagram illustrating a process of generating a transmission unit packet according to an embodiment of the invention.
  • FIG. 6 is a diagram illustrating the structure of a transmission block (layer 2 PDUs) according to an embodiment of the invention.
  • FIG. 7 is a diagram illustrating the configuration of a received data converting unit according to an embodiment of the invention.
  • FIG. 8 is a flowchart illustrating the flow of processes in the received data converting unit according to an embodiment of the invention.
  • first and second can be used to describe various elements, but the elements are not limited to the terms. The terms are used only to distinguish one element from another element. For example, without departing from the scope of the invention, a first element may be named a second element and the second element may be named the first element similarly.
  • layer 1 corresponds to the layer 1 (physical layer) of the OSI seven layers and layer 2 corresponds to the layer 2 (data link layer) of the OSI seven layers.
  • a higher layer is one of the layer 3 (network layer) to the layer 7 (application layer) out of the OSI seven layers and is located higher than layer 2.
  • the higher layer may be called a control layer.
  • FIG. 1 is a diagram schematically illustrating a communication system according to an embodiment of the invention.
  • FIG. 2 is a diagram illustrating the configuration of a transmitted data converting unit according to an embodiment of the invention.
  • FIG. 3 is a flowchart illustrating the flow of processes in the transmitted data converting unit according to an embodiment of the invention.
  • FIG. 4 is a diagram illustrating a state where layer 3 PDUs are stored in a transmitted data storage unit according to an embodiment of the invention.
  • FIG. 5 is a diagram illustrating a process of generating a transmission unit packet according to an embodiment of the invention.
  • FIG. 6 is a diagram illustrating the structure of a transmission block (layer 2 PDUs) according to an embodiment of the invention.
  • a transmitting terminal 100 and a receiving terminal 135 for transmitting and receiving data through a network are shown in FIG. 1.
  • the transmitting terminal 100 includes a data output unit 110, a transmitted data converting unit 120, and a data transmitting unit 130.
  • the receiving terminal 135 includes a data receiving unit 140, a received data converting unit 150, and a data input unit 160.
  • the transmitting terminal 100 and the receiving terminal 135 may further include elements such as an input unit, a display unit, and a control unit depending on their functions, which do not relate directly to the gist of the invention and thus will not be described.
  • Two or more elements for example, the transmitted data converting unit 120 and the data transmitting unit 130, or the data receiving unit 140 and the received data converting unit 150 may be embodied by one element.
  • the transmitted data converting unit 120 is disposed between the data output unit 110 for a higher layer (or higher-ranked application) and the data transmitting unit 130 transmitting data through the network.
  • the received data converting unit 150 is disposed between the data input unit 160 for a higher layer (or higher-ranked application) and the data receiving unit 140 receiving data through the network.
  • the data transmitting unit 130 and/or the data receiving unit 140 may be, for example, a modem.
  • a security block that is, an encryption unit and/or a decryption unit in this embodiment is included in each of the transmitted data converting unit 120 and the received data converting unit 150 and are located for use in transmitting and receiving layer 2 data.
  • the transmitted data converting unit 120 is located to operate in layer 2 and serves to receive a PDU (Protocol Data Unit) from layer 3 and to convert the received PDU into a data format to be transmitted via the data transmitting unit 130.
  • the received data converting unit 150 is also located to operate in layer 2 and serves to convert the data received by the data receiving unit 140 and to send the converted data to layer 3.
  • PDU Protocol Data Unit
  • the transmitted data converting unit 120 in this embodiment has a feature of encrypting and outputting only a part requiring the encrypting just before it goes from layer 2 to layer 1, similarly in encrypting a layer 3 PDU and encrypting a layer 2 PDU having been subjected to the division, the combination, and the addition of a header.
  • the part to be encrypted may be higher-layer data used to construct the layer 3 PDU. An example where the layer 3 PDU is encrypted and outputted will be described now.
  • the transmitted data converting unit 120 includes a transmitted data storage unit 210, a location storage unit 220, a higher layer processing unit 230, a layer 2 function processing unit 240, a layer 2 control information processing unit 250, an encryption unit 260, and a transmission block generating unit 270.
  • One or more elements may be embodied in the form of a software program.
  • elements for performing operations being simple but requiring relatively much time may be embodied by hardware and elements having many logics and variations may be embodied by software.
  • the transmitted data storage unit 210, the encryption unit 260, and the transmission block generating unit 270 may be embodied by hardware logics and the high layer processing unit 230, the layer 2 function processing unit 240, the layer 2 control information processing unit 250, and the location storage unit 220 may be embodied by software programs.
  • the transmitted data storage unit 210 serves as a storage space for storing layer 3 PDUs received from a higher layer (see FIG. 4).
  • the transmitted data storage unit 210 may a physical memory such as a DRAM (Dynamic Random Access memory) and an SRAM (Static Random Access Memory).
  • the layer 3 PDU may be data in an IP (Internet Protocol) format.
  • the header information of the layer 3 PDU may be subjected to a compressing process of reducing the amount of data divided and transmitted to the receiving terminal 135.
  • the transmitted data storage unit 210 keeps the layer 3 PDU stored in layer 2 so as to easily cope with the re-transmission or the like. However, the stored layer 3 PDUs are deleted as needed (for example, when a reception acknowledge is received from the receiving terminal 135) so as to reuse the storage space.
  • the data can be processed at a high speed by allowing an element to access given address information and to use the corresponding data without moving or copying the layer 3 PDUs stored in the transmitted data storage unit 210 to another storage unit or memory for the process by the encryption unit 260.
  • the location storage unit 220 stores one or more of location information on the location where data is stored in the transmitted data storage unit 210, location information in the transmission unit packet, and length information (see FIGS. 4 to 6).
  • the location information stored in the location storage unit 220 may be information analyzed by the higher layer processing unit 230.
  • the location storage unit 220 may be included in the layer 2 control information processing unit 250.
  • the higher layer processing unit 230 supports the functions (such as mobility management, transmission control, and session management) of the higher layer, and manages various parameters for controlling the second or lower layer.
  • the higher layer processing unit 230 can perform maintenance and management functions of an encrypting algorithm to be used, key values, and various functions supported by layer 2.
  • the layer 2 function processing unit 240 performs data PDU division/combination, retransmission control using an ARQ (Automatic Retransmission Request), an HARQ (Hybrid ARQ), and the like, and medium access control for managing physical layer resources.
  • ARQ Automatic Retransmission Request
  • HARQ Hybrid ARQ
  • the PDU division/combination performed by the layer 2 function processing unit 240 will be described now in brief.
  • the transmissible resources (for example, a path for communication) are allocated to layer 2 from layer 3 as a higher layer, but the size of the IP data arriving at the transmitted data storage unit 210 may be different from the size of the allocated resources. Therefore, the layer 2 function processing unit 240 can divide and/or combine one or more layer 3 PDUs stored in the transmitted data storage unit 210 into a proper size so as to transmit the maximum-sized data using the allocated resources (see FIG. 5).
  • the data transmitting method from layer 2 includes three modes of a non-controlled mode, a controlled mode, and a controlled and acknowledged mode.
  • the ARQ is an algorithm for defining an acknowledge method used in the controlled and acknowledged mode, in which the receiving terminal 135 having received specific data from the transmitting terminal 100 decodes the received data and returns an ACK message to the transmitting terminal 100.
  • the HARQ is an algorithm for compensating for the disadvantage of the ARQ, in which the data to be retransmitted is not discarded but stored so as to help reconstruct the retransmitted data.
  • the medium access control for physical layer resource management performed by the layer 2 function processing unit 240 means a scheduling and multiplexing function for efficiently using the allocated resources. This is intended to transmit and receive data with the maximum size suitable for the allocated physical resources, which is the ultimate function of layer 2.
  • the layer 2 control information processing unit 250 generates a layer 2 header.
  • the layer 2 header is header information of the transmission unit packet and is intended to smoothly transmit the transmission unit packet which is obtained by combining and/or dividing the layer 3 PDUs so as to correspond to the transmission size for the purpose of efficient use of resources.
  • the layer 2 header can be generated to include information used to perform the layer 2 functions and can include, for example, one or more of redundancy check information (such as information for checking redundant arrival using a sequence number or the like), retransmission information (such as a retransmission number and an acknowledge message of ACK/NACK), information on division/combination of the layer 3 PDUs, and information on the medium access control.
  • the layer 2 control information processing unit 250 may include the above-mentioned location storage unit 220 and can set and send the location of input data and the location where output data after the encrypting should be stored to the encryption unit 260, depending on whether the input data stream to be encrypted is the layer 3 PDU or the layer 2 PDU.
  • the encryption unit 260 receives the input data stream, the key value used for the encryption, a sequence number, and the like and generates an output data stream.
  • the input data stream is instructed with the position and the length of the layer 3 PDU to be encrypted in the transmission unit packet generated suitably for the transmission size (see FIG. 5).
  • a part of the layer 3 PDU with the position and the length of the higher-layer PDU used for generating the layer 3 PDU may be instructed as the data to be encrypted.
  • the key value and the sequence number are managed and provided to the encryption unit 260 by one or more of the layer 2 function processing unit 240 and the layer 2 control information processing unit 250.
  • the key value used for the encrypting may be constant or may be different by the input data streams. Similarly, the same or different encrypting algorithms may be used to encrypt one or more input data streams.
  • the key value or the like may be shared by the transmitting terminal 100 and the receiving terminal 135. When the key value is not shared, the key value may be transmitted and received as separate data therebetween.
  • the transmission block generating unit 270 generates a transmission block (layer 2 PDU) by combining the layer 2 header generated by the layer 2 control information processing unit 250 and the transmission unit packet encrypted by the encryption unit 260.
  • the transmission block generating unit 270 may be omitted.
  • the transmission block generating unit 270 may be an element of the data transmitting unit 130.
  • the data transmitting unit 130 may transmit the transmission block stored in the transmitting memory 280 to the receiving terminal 135, or may combine the layer 2 header and the transmission unit packet stored in the transmitting memory 280 to generate the transmission block and may then transmit the generated transmission block to the receiving terminal 135.
  • the transmitting memory 280 may be included in the transmitted data converting unit 120 or may be included in the data transmitting unit 130.
  • step 310 the layer 3 PDUs are generated in the higher layer and are stored in the transmitted data storage unit 210.
  • the lengths of the layer 3 PDUs may be the same or different and the layer 3 PDUs are stored at locations with addresses in the transmitted data storage unit 210.
  • the layer 2 function processing unit 240 combines or divides the layer 3 PDUs stored in the transmitted data storage unit 210 to generate a transmission unit packet with the transmission size.
  • the information on the layer 3 PDUs (for example, one or more of the storage location and the length) is stored and managed in the location storage unit 220.
  • the layer 2 function processing unit 240 accesses the location storage unit 220 and recognizes the corresponding information, or is provided with the corresponding information from the higher-layer processing unit 230.
  • FIG. 5 shows an example where the layer 3 PDUs are combined and/or divided to generate a transmission unit packet.
  • the layer 3 PDUs are continuously arranged until the transmission size is satisfied, and the layer 3 PDU is divided at the non-exceeded portion to form the transmission unit packet when the layer 3 PDUs exceed the transmission size.
  • the location and length information (510, 520, and 530) of the layer 3 PDUs included in the transmission unit packet are managed and are used in the successive encrypting process and the like.
  • step 330 the layer 2 control information processing unit 250 generates a layer 2 header.
  • the layer 2 control information processing unit 250 generating the layer 2 header may be controlled by the layer 2 function processing unit 240.
  • step 340 the layer 2 function processing unit 240 determines whether a transmission interrupt for notifying the transmission time of the transmission block from the data transmitting unit 130 is generated.
  • the processes on the layer 3 PDUs generated and received in the high layer are repeated from step 310.
  • the generation of the transmission interrupt may be waited for in step 340.
  • the layer 2 control information processing unit 250 sends the information on the storage location (and/or length) of the input data depending on whether the input data stream to be encrypted includes the layer 3 PDUs or the layer 2 PDUs and the storage location of the encrypted output data and the key value to be used for encrypting to the encryption unit 260 in step 350.
  • the layer 2 control information processing unit 250 can generate the corresponding layer 2 header and provide the generated layer 2 header to the encryption unit 260 or the transmission block generating unit 270.
  • the encrypted output data and/or the layer 2 header can be stored in a memory to generate a transmission block.
  • the encryption unit 260 encrypts the input data stream (for example, in the unit of the layer 2 PDU or the higher-layer PDU) using the sent location information and the sent key value and outputs the encrypted output data to a specified storage location.
  • the key values or the encrypting algorithms to be used in encrypting the PDUs may be different (see FIG. 6) and one or more higher-layer PDUs may not be encrypted.
  • the determination on whether a high-layer PDU should be encrypted can be provided as control information from the higher layer to layer 2.
  • the storage location of the output data may be information indicating a specific location in the transmitting memory 280.
  • the encryption unit 260 When the encryption unit 260 only encrypts the input data stream and thus the generation of the transmission block is further required, the storage location of the output data is provided to the transmission block generating unit 270 so as to store the transmission block generated by the transmission block generating unit 270 at the specific location. Thereafter, the data transmitting unit 130 transmits the transmission block stored in the transmitting memory 280 to the receiving terminal 135 through the network.
  • the data transmitting unit 130 combines the layer 2 header and the transmission unit packet to generate the transmission block and then transmit the generated transmission block to the receiving terminal 135.
  • FIG. 7 is a diagram illustrating the configuration of the received data converting unit according to an embodiment of the invention
  • FIG. 8 is a flowchart illustrating the flow of processes in the received data converting unit according to an embodiment of the invention.
  • the configuration or operation of the receiving terminal 135 can be easily understood by those skilled in the art with reference to the configuration or operation of the transmitting terminal 100 and will thus be described in brief. However, the details of the received data converting unit or the like not described herein should be understood with reference to the details of the transmission terminal 100.
  • the received data converting unit 150 includes a transmission block separating unit 740, a decryption unit 720, a layer 2 control information processing unit 730, a layer 2 function processing unit 740, a higher layer processing unit 750, a location storage unit 760, and a received data storage unit 770.
  • Some of the shown elements may be omitted or plural elements may be combined into one element.
  • One or more elements may be embodied by software.
  • the functions of the elements of the received data converting unit 150 are equal to or reverse to the functions of the elements of the above-mentioned transmitted data converting unit 120. Therefore, the received data converting unit 150 and the transmitted data converting unit 120 may be combined into one data converting unit.
  • the transmission block separating unit 710 separates the layer 2 header from the received transmission block.
  • the layer 2 header includes information for retransmission by the transmitted data PDUs and the corresponding information includes information (for example, one or more of location, length, and shape) on one or more transmitted data PDUs included in the transmission unit packet.
  • the decryption unit 720 decrypts the encrypted transmission unit packet from which the layer 2 header has been separated by the transmission block separating unit 710 using the key value and the like predetermined or received from the transmitting terminal 100.
  • the decrypting process is carried out to correspond to the above-mentioned encrypting process and the decrypted layer 3 PDUs are stored in the received data storage unit 770.
  • the layer 2 control information processing unit 730 receives the notification on the reception of the transmission block from the data receiving unit 140 and separates the control information and the data in the receiving memory 780 with reference to the information on the layer 2 header separated by the transmission block separating unit 710.
  • the data reception notification may include information (address information) on the storage location in the receiving memory 780 storing the received transmission block.
  • the layer 2 control information processing unit 730 provides information (for example, one or more of location and length) on the input data stream depending on whether the input stream to be decrypted is the layer 2 PDU or the higher-layer PDU, a storage location of the decrypted output data, and the key value to be used in decrypting the data stream to the decryption unit 720 so as to allow the decryption unit 720 to decrypt the encrypted transmission unit packet.
  • the information on the address in the received data storage unit 770 where the data decrypted by the decryption unit 720 will be stored may be provided together.
  • the information on the input data stream can be managed by the location storage unit 760 and the location storage unit 760 may be an element of the layer 2 control information processing unit 730.
  • the layer 2 function processing unit 740 can construct one complete layer 3 PDU using the data obtained by decrypting the data included in the transmission unit packet received thereafter. This is because the transmitting terminal 100 divides/combines the layer 3 PDUs to construct the transmission unit packet.
  • the receiving terminal 135 constructs the layer 3 PDU the divided pieces can be recognized using the information on the division/combination of the layer 3 PDUs included in the layer 2 header.
  • the higher layer processing unit 750 supports the functions (for example, mobility management, transmission control, and session management) of the higher layer, and manages various parameters for controlling the second or lower layer.
  • the higher layer processing unit 750 can perform a maintenance and management function of the decrypting algorithms and key values to be used and a control and management function of various functions supported by layer 2.
  • the location storage unit 760 stores one or more address information on the storage location of the transmission unit packet in the receiving memory 780 and the location information of the PDUs included in the transmission unit packet and/or the size information.
  • the location storage unit 760 may be an element of the layer 2 control information 730.
  • the operation of the received data converting unit 150 will be described now with reference to FIG. 8. Since the received data converting unit 150 performs its operations in the order reverse to the above-mentioned operations of the transmitted data converting unit 120, description thereof will be made in brief.
  • step 810 a transmission block received from the transmitting terminal 100 is stored in the receiving memory 780.
  • the data receiving unit 140 notifies the layer 2 control information processing unit 730 of the receipt of the transmission block.
  • the data receiving unit 140 can transmit the address information in the receiving memory 780 in which the transmission block is stored together.
  • step 820 the transmission block separating unit 710 separates the layer 2 header from the transmission block.
  • the layer 2 control information processing unit 730 provides the decryption unit 720 with the information on the input data stream depending on whether the input stream to be decrypted includes the layer 2 PDU or the higher-layer PDU, the storage location of the decrypted output data, and the key value to be used in decrypting the data.
  • the decryption unit 720 decrypts the transmission unit packet stored in the receiving memory 780 using the key value and the like predetermined or received from the transmitting terminal 100 and stores the decrypted layer 3 PDU in the received data storage unit 770.
  • the decryption unit may send the decrypted layer 2 header to the layer control information processing unit 730 to reconstruct the layer 3 PDU.
  • the received data storage unit 770 may be a physical memory such as a DRAM (Dynamic Random Access Memory) and an SRAM (Static Random Access Memory).
  • the layer 2 function processing unit 740 determines whether the data stored in the received data storage unit 770 is a complete layer 3 PDU. This is to check whether the layer 3 PDU to be sent to the higher layer is complete and matched with the transmission sequence.
  • the information of the layer 2 header provided to the layer 2 control information processing unit 730 can be used for the check. For example, when the data is a divided layer 3 PDU and the other piece is not received yet, or when the sequence number is not matched, it can be determined that the data is not a complete layer 3 PDU.
  • the reason of receipt of the divided piece of the layer 3 PDU is that the transmitting terminal 100 can construct the transmission unit packet so as to include only a part of one layer 3 PDU.
  • the layer 2 function processing unit 740 determines whether all the required pieces are stored in the received data storage unit 770 and can be combined in step 860.
  • the layer 2 function processing unit 740 constructs one layer 3 PDU using the divided pieces in step 865.
  • the process of step 870 is performed after the process of step 865
  • the process of step 850 may be performed after the process of step 865.
  • step 810 is performed again.
  • step 850 When it is determined in step 850 that the data is a complete layer 3 PDU, the receipt of the layer 3 PDU is notified to the higher layer in step 870.
  • the notification may be carried out by one or more of the higher layer processing unit 750 and the layer 2 function processing unit 740.
  • the layer 3 PDU is encrypted and output and the input transmission unit packet is decrypted to reconstruct the layer 3 PDU.
  • the transmitted data converting unit 120 encrypts the layer 3 PDU or the layer 2 PDU having been subjected to the division/combination and the addition of a header
  • the received data converting unit 150 can perform the corresponding functions with the corresponding configuration.
  • the above-mentioned communication method with a security function may be embodied by codes which can be read by a digital processor.
  • a recording medium in which the codes readable by the digital processor are recorded includes all kinds of recording mediums in which data are stored. Examples of the recording medium include a ROM, a RAM, a CD-ROM, a magnetic tape, a floppy disk, and an optical data storage device and also includes a type embodied in the form of carrier waves (for example, transmission through the Internet).
  • the codes readable by the digital processor may be stored and executed in a distributed manner in which the codes are distributed in systems connected via a network. Functional programs, codes, and code segments for embodying the above-mentioned method will be easily obtained by programmers skilled in the art.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Communication method and device with a security function is disclosed. The method of encrypting a higher-layer PDU (Protocol Data Unit) in layer 2 includes the steps of: generating a transmission unit packet with a predetermined transmission size by performing one or more of a process of dividing one or more received layer 3 PDUs and a process of combining the one or more received layer 3 PDUs; and encrypting one or more higher-layer PDUs included in the transmission unit packet. Accordingly, it is possible to provide a security process structure coherent regardless of communication standards to be applied.

Description

COMMUNICATION METHOD AND DEVICE WITH SECURITY FUNCTION
The present invention relates to communication method and device with security function and a recording medium having recorded thereon a program for carrying out the communication method.
With the development of communication techniques, wired and wireless communication devices have been widely used and users of the communication devices have wanted to be provided with stable and secure data transmitting and receiving services at any place at any time. The processes of transmitting data between the communication devices by communication layers will be described now in brief.
The communication layers may vary depending on the fields or techniques to which a hierarchical classification is applied and may generally mean some layers of an open system interconnection (hereinafter, referred to as “OSI”) reference model.
The OSI reference model is a communication-relating standard model established to smoothly connect different types of communication devices to each other and generally includes layer 1 (physical layer), layer 2 (data link layer), layer 3 (network layer), layer 4 (transport layer), layer 5 (session layer), layer 6 (presentation layer), and layer 7 (application layer).
Functions of the seven layers of the OSI reference model will be described now in brief. Layer 1 (physical layer) determines what electric signal should be used to transmit a bit stream sent from a higher layer through a transmission medium. Layer 2 (data link layer) takes charge of the transmission of a data block including data bits of a signal level and solves a synchronization problem relating to the start and end of the data block and an error problem relating to detection and correction of an error. Layer 3 (network layer) constitutes a logical link not shown between a transmission party and a reception party and serves to divide data into packet units, to transmit and combine the divided packet units, and to provide a routing function of searching for the optimal path for transmitting the packets. Layer 4 (transport layer) sets up and maintains links between users or between computers and takes charge of the logical stabilization of the transmission and reception systems and the uniform provision of services. Layer 5 (session layer) sets up a session and provides a synchronization function so as to smooth a sequential flow of conversations. Layer 6 (presentation layer) handles methods of presenting data and provides a standard interface permitting different data presentations. Layer 7 (application layer) which is the highest layer serves as a window for allowing a user’s application program to access network environments.
The transmission of data between the seven layers of the OSI reference model will be described now in brief. A packet generated in layer 7 (application layer) is sent to layer 4 (transport layer) through layer 6 (presentation layer) and layer 5 (session layer). Layer 4 (transport layer) divides the data sent from the session layer into segments, numbers the segments, adds an error detection code thereto, and controls the communication flow. Layer 3 (network layer) performs a routing function of searching for the optimal path for transmission of the packet to a destination. Layer 2 (data link layer) solves the synchronization problem and the error problem and sends the packet to layer 1. Layer 1 (physical layer) sends the packet to the destination in a wired or wireless manner.
The data to be transmitted by the above-mentioned processes may be subjected to an encrypting process in advance for the purpose of security.
In the past encrypting methods, a security block is called from a layer of protocol stack which is an input unit of the security block so as to encrypt the data. Such encrypting methods could be embodied faithful to the standard and other developers could easily understand the embodied blocks. However, different types of structures should be provided depending on the applied standards. For example, the security block used in a communication system could perform the encrypting process in the unit of a layer 2 (data link layer) PDU (Protocol Data Unit) or in the unit of a layer 3 (network layer) PDU in terms of the seven layers of the OSI reference model.
However, in the past encrypting method, when the blocks for performing the security process exist in different layers, operations to be carried out after the security process are different due to different requirements of the layers and the types of data to be stored are accordingly different.
Therefore, in a communication system supporting dual or triple modes used in recent years, the security blocks should be individually provided to correspond to the modes because of the above-mentioned difference. Accordingly, elements supporting the same function should be repeatedly provided to one system, which causes a waste of resources.
In the past encrypting method, only the process result of original input data streams by the security block is stored in a memory so as to reduce the capacity of the memory for the security block. However, when re-transmission is required due to the instability of a communication link or the like, an input key value of the security block can be changed and thus re-encrypting may be required. In this case, the data encrypted and stored should be re-decrypted to reconstruct the original data and then the reconstructed original data should be re-encrypted and transmitted.
However, in the re-encrypting method, the processing time for re-transmission and the data transmission rate can be slowed down to a half. In some cases, the opposite party having received the data may determine a transmission error and continuously send a NACK signal, thereby causing a ping-pong phenomenon.
The present invention is to provide communication method and devices with a security function and a program for carrying out the communication method, which can be coherently applied to any communication system regardless of standards.
And the present invention is to provide communication method and devices with a security function and a program for carrying out the communication method, which can selectively encrypt and output only a part requiring the encrypting just before it goes from layer 2 to layer 1, in encrypting a higher-layer PDU (for example, a PDU of the third or higher layer of the OSI seven layers) and encrypting a layer 2 PDU.
And the present invention is to provide communication method and devices with a security function and a program for carrying out the communication method, which can raise a processing speed of a security block (that is, encryption unit) while a small amount of used memory is maintained. That is, another goal of the invention is to communication method and devices with a security function and a program for carrying out the communication method, which can maintain a high processing speed by minimizing the movement of data between memories and can easily cope with a later change in information by storing the original data.
And the present invention is to provide communication method and devices with a security function and a program for carrying out the communication method, which cannot deteriorate the speed or the processing time when previously transmitted data is re-encrypted using another security key for the purpose of re-transmission.
Other goals of the invention will be easily understood from the following description.
According to an aspect of the invention, there is provided a method of encrypting a higher-layer PDU (Protocol Data Unit) in layer 2, which is carried out by a terminal device, including the steps of: generating a transmission unit packet with a predetermined transmission size by performing one or more of a process of dividing one or more received layer 3 PDUs and a process of combining the one or more received layer 3 PDUs; and encrypting the transmission unit packet including one or more higher-layer PDUs. Here, the encrypted transmission unit packet is combined with a layer 2 header to generate a layer 2 PDU.
The layer 2 header may include information on the one or more of the process of dividing the one or more layer 3 PDUs and the process of combining the one or more layer 3 PDUs to generate the transmission unit packet.
Location information and length information of the higher-layer PDU to be encrypted in the transmission unit packet may be managed to encrypt the higher-layer PDU.
One or more of the encrypting keys and the encrypting algorithms of the one or more higher-layer PDUs included in the transmission unit packet may be different.
The step of encrypting one or more higher-layer PDUs may be performed when the generation of a transmission interrupt for notifying a transmission time of the layer 2 PDU is sensed.
The layer 2 PDU may be stored in a transmitting memory in a modem and then transmitted to a receiving device.
According to another aspect of the invention, there is provided a terminal device for encrypting a higher-layer PDU (Protocol Data Unit) in layer 2, including: a transmitted data storage unit storing one or more layer 3 PDUs; a function processing unit performing one or more of a process of dividing the stored one or more layer 3 PDUs and a process of combining the stored one or more layer 3 PDUs to generate a transmission unit packet with a predetermined transmission size; a control information processing unit storing one or more of location information and length information of one or more higher-layer PDUs included in the transmission unit packet in a location storage unit; and an encryption unit encrypting the higher-layer PDU located at the corresponding location using the one or more of the location information and the length information for indicating a range of an input data to be encrypted in the transmission unit packet and an encrypting key.
The terminal device may further include a transmission block generating unit combining the encrypted transmission unit packet with a layer 2 header to generate a layer 2 PDU. Here, the layer 2 header may include information on the one or more of the process of dividing one or more layer 3 PDUs and the process of combining the one or more layer 3 PDUs in the function processing unit.
The terminal device may further include a data transmitting unit generating a transmission interrupt for notifying a transmission start of the layer 2 PDU to allow the encryption unit to start its operation.
The data transmitting unit may include a transmitting memory storing the layer 2 PDU.
According to another aspect of the invention, there is provided a method of decrypting a higher-layer PDU (Protocol Data Unit) in layer 2, which is performed by a terminal device, including the steps of: (a) separating a layer 2 PDU received through a network into a layer 2 header and a transmission unit packet; (b) decrypting an encrypted higher-layer PDU included in the transmission unit packet; and (c) reconstructing one or more layer 3 PDUs from the decrypted transmission unit packet. Here, the layer 2 header includes information on one or more of a process of dividing the one or more layer 3 PDUs and a process of combining the one or more layer 3 PDUs to generate the transmission unit packet.
Location information and length information of the higher-layer PDU to be encrypted in the transmission unit packet may be managed to decrypt the higher-layer PDU.
The method may further include the steps of: determining whether the reconstructed layer 3 PDU is complete; and notifying a higher layer of the receipt of the layer 3 PDU when the reconstructed layer 3 PDU is complete. Here, when the layer 3 PDU includes only a partial piece due to the division process or a sequence number is not matched, it is determined that the reconstructed layer 3 PDU is incomplete.
When the layer 3 PDU is an incomplete layer 3 PDU including only a partial piece, the method may further include the steps of: waiting until all the pieces for constructing a complete layer 3 PDU are reconstructed by repeatedly performing the processes of the steps of (a) to (c); and reconstructing the complete layer 3 PDU using the reconstructed pieces.
The method may further include the step of waiting until a complete layer 3 PDU matched with a sequence number is reconstructed by repeatedly performing the processes of the steps of (a) to (c) when the layer 3 PDU is an incomplete layer 3 PDU which is not matched with the sequence number.
According to another aspect of the invention, there is provided a terminal device for decrypting a higher-layer PDU (Protocol Data Unit) in layer 2, including: a receiving memory storing one or more layer 2 PDUs; a transmission block separating unit separating the layer 2 PDU into a layer 2 header and a transmission unit packet; and a decryption unit receiving one or more of location information and length information for indicating a range of an input data to be decrypted in a layer 3 PDU and a decrypting key from a control information processing unit and decrypting the higher-layer PDU corresponding to the range of the input data in the transmission unit packet. Here, the layer 2 header includes information on one or more of a process of dividing one or more layer 3 PDUs and a process of combining the one or more layer 3 PDUs to construct the transmission unit packet.
The terminal device may further include a function processing unit determining whether the layer 3 PDU reconstructed from the decrypted transmission unit packet is a complete layer 3 PDU and notifying a higher layer of the receipt of the layer 3 PDU when the layer 3 PDU is complete. Here, when the layer 3 PDU includes only a partial piece due to the division process or a sequence number is not matched, it may be determined that the reconstructed layer 3 PDU is incomplete.
The above-mentioned embodiments of the invention can be coherently applied to any communication system regardless of standards for the security function.
It is possible to selectively encrypt and output only a part requiring the encrypting just before it goes from layer 2 to layer 1, similarly in encrypting a higher-layer PDU and encrypting a layer 2 PDU.
It is possible to raise a processing speed of a security block (that is, encryption unit) while maintaining a small amount of used memory. Since the movement of data between the memories is minimized, it is possible to maintain a high processing speed and to easily cope with a later change in information by storing the original data.
Even when previously transmitted data is re-encrypted using another security key for the purpose of re-transmission, the speed or the processing time is not deteriorated, whereby it is possible to stabilize the communication system.
Since the process of the security block is performed just before transmitting and receiving data, it is possible to easily store the original data and thus to use the stored original data to re-encrypt data for the purpose of re-transmission, thereby reducing the processing time. That is, only one memory access for acquiring the original data is required for the re-transmission and the re-encrypting.
FIG. 1 is a diagram schematically illustrating a communication system according to an embodiment of the invention.
FIG. 2 is a diagram illustrating the configuration of a transmitted data converting unit according to an embodiment of the invention.
FIG. 3 is a flowchart illustrating the flow of processes in the transmitted data converting unit according to an embodiment of the invention.
FIG. 4 is a diagram illustrating a state where layer 3 PDUs are stored in a transmitted data storage unit according to an embodiment of the invention.
FIG. 5 is a diagram illustrating a process of generating a transmission unit packet according to an embodiment of the invention.
FIG. 6 is a diagram illustrating the structure of a transmission block (layer 2 PDUs) according to an embodiment of the invention.
FIG. 7 is a diagram illustrating the configuration of a received data converting unit according to an embodiment of the invention.
FIG. 8 is a flowchart illustrating the flow of processes in the received data converting unit according to an embodiment of the invention.
The above-mentioned goals, features, and advantages of the invention will be apparent from the following detailed description with reference to the accompanying drawings.
The invention can be variously modified in various forms and specific embodiments will be described and shown in the drawings. However, the embodiments are not intended to limit the invention, but it should be understood that the invention includes all the modifications, equivalents, and replacements belonging to the spirit and the technical scope of the invention. When it is determined that detailed description of known techniques associated with the invention makes the gist of the invention obscure, the detailed description will be omitted.
Terms such as “first” and “second” can be used to describe various elements, but the elements are not limited to the terms. The terms are used only to distinguish one element from another element. For example, without departing from the scope of the invention, a first element may be named a second element and the second element may be named the first element similarly. The term, “and/or”, includes a combination of plural elements or any one of the plural elements.
If it is mentioned that an element is “connected to” or “coupled to” another element, it should be understood that still another element may be interposed therebetween, as well as that the element may be connected or coupled directly to another element. On the contrary, if it is mentioned that an element is “connected directly to” or “coupled directly to” another element, it should be understood that still another element is not interposed therebetween.
The terms used in the following description are used to merely describe specific embodiments, but are not intended to limit the invention. An expression of the singular number includes an expression of the plural number, so long as it is clearly read differently. The terms such as “include” and “have” are intended to indicate that features, numbers, steps, operations, elements, components, or combinations thereof used in the following description exist and it should be thus understood that the possibility of existence or addition of one or more different features, numbers, steps, operations, elements, components, or combinations thereof is not excluded.
So long as they are not defined differently, all the terms used therein, which include technical or scientific terms, have the same meanings as generally understood by those skilled in the art. The terms defined in dictionaries used in general should be analyzed to have the same meaning as in the contexts of the related art, but the terms should not be analyzed ideal or excessively formal.
Hereinafter, exemplary embodiments of the invention will be described in detail with reference to the accompanying drawings. Like or corresponding elements are referenced by like reference numerals regardless of the drawing number and repeated description thereof is omitted.
The exemplary embodiments of the invention will be described now in detail with reference to the accompanying drawings.
In describing the embodiments of the invention by the use of layer names, layer 1 corresponds to the layer 1 (physical layer) of the OSI seven layers and layer 2 corresponds to the layer 2 (data link layer) of the OSI seven layers. A higher layer is one of the layer 3 (network layer) to the layer 7 (application layer) out of the OSI seven layers and is located higher than layer 2. The higher layer may be called a control layer.
FIG. 1 is a diagram schematically illustrating a communication system according to an embodiment of the invention. FIG. 2 is a diagram illustrating the configuration of a transmitted data converting unit according to an embodiment of the invention. FIG. 3 is a flowchart illustrating the flow of processes in the transmitted data converting unit according to an embodiment of the invention. FIG. 4 is a diagram illustrating a state where layer 3 PDUs are stored in a transmitted data storage unit according to an embodiment of the invention. FIG. 5 is a diagram illustrating a process of generating a transmission unit packet according to an embodiment of the invention. FIG. 6 is a diagram illustrating the structure of a transmission block (layer 2 PDUs) according to an embodiment of the invention.
A transmitting terminal 100 and a receiving terminal 135 for transmitting and receiving data through a network are shown in FIG. 1.
The transmitting terminal 100 includes a data output unit 110, a transmitted data converting unit 120, and a data transmitting unit 130. The receiving terminal 135 includes a data receiving unit 140, a received data converting unit 150, and a data input unit 160. In addition, the transmitting terminal 100 and the receiving terminal 135 may further include elements such as an input unit, a display unit, and a control unit depending on their functions, which do not relate directly to the gist of the invention and thus will not be described. Two or more elements (for example, the transmitted data converting unit 120 and the data transmitting unit 130, or the data receiving unit 140 and the received data converting unit 150) may be embodied by one element.
As shown in the drawing, the transmitted data converting unit 120 is disposed between the data output unit 110 for a higher layer (or higher-ranked application) and the data transmitting unit 130 transmitting data through the network. Similarly, the received data converting unit 150 is disposed between the data input unit 160 for a higher layer (or higher-ranked application) and the data receiving unit 140 receiving data through the network. Here, the data transmitting unit 130 and/or the data receiving unit 140 may be, for example, a modem.
The configuration and the processing operation of the transmitted data converting unit 120 will be described now with reference to Figs. 2 and 3.
As described below, a security block (that is, an encryption unit and/or a decryption unit) in this embodiment is included in each of the transmitted data converting unit 120 and the received data converting unit 150 and are located for use in transmitting and receiving layer 2 data.
The transmitted data converting unit 120 is located to operate in layer 2 and serves to receive a PDU (Protocol Data Unit) from layer 3 and to convert the received PDU into a data format to be transmitted via the data transmitting unit 130. The received data converting unit 150 is also located to operate in layer 2 and serves to convert the data received by the data receiving unit 140 and to send the converted data to layer 3.
That is, in the transmitted data converting unit 120 in this embodiment has a feature of encrypting and outputting only a part requiring the encrypting just before it goes from layer 2 to layer 1, similarly in encrypting a layer 3 PDU and encrypting a layer 2 PDU having been subjected to the division, the combination, and the addition of a header. Here, the part to be encrypted may be higher-layer data used to construct the layer 3 PDU. An example where the layer 3 PDU is encrypted and outputted will be described now.
Referring to FIG. 2, the transmitted data converting unit 120 includes a transmitted data storage unit 210, a location storage unit 220, a higher layer processing unit 230, a layer 2 function processing unit 240, a layer 2 control information processing unit 250, an encryption unit 260, and a transmission block generating unit 270.
Some of the shown elements may be omitted or plural elements may be combined into one element. One or more elements may be embodied in the form of a software program. For example, elements for performing operations being simple but requiring relatively much time may be embodied by hardware and elements having many logics and variations may be embodied by software. For example, the transmitted data storage unit 210, the encryption unit 260, and the transmission block generating unit 270 may be embodied by hardware logics and the high layer processing unit 230, the layer 2 function processing unit 240, the layer 2 control information processing unit 250, and the location storage unit 220 may be embodied by software programs.
The transmitted data storage unit 210 serves as a storage space for storing layer 3 PDUs received from a higher layer (see FIG. 4). The transmitted data storage unit 210 may a physical memory such as a DRAM (Dynamic Random Access memory) and an SRAM (Static Random Access Memory). The layer 3 PDU may be data in an IP (Internet Protocol) format. The header information of the layer 3 PDU may be subjected to a compressing process of reducing the amount of data divided and transmitted to the receiving terminal 135.
The transmitted data storage unit 210 keeps the layer 3 PDU stored in layer 2 so as to easily cope with the re-transmission or the like. However, the stored layer 3 PDUs are deleted as needed (for example, when a reception acknowledge is received from the receiving terminal 135) so as to reuse the storage space. The data can be processed at a high speed by allowing an element to access given address information and to use the corresponding data without moving or copying the layer 3 PDUs stored in the transmitted data storage unit 210 to another storage unit or memory for the process by the encryption unit 260.
The location storage unit 220 stores one or more of location information on the location where data is stored in the transmitted data storage unit 210, location information in the transmission unit packet, and length information (see FIGS. 4 to 6). The location information stored in the location storage unit 220 may be information analyzed by the higher layer processing unit 230. The location storage unit 220 may be included in the layer 2 control information processing unit 250.
The higher layer processing unit 230 supports the functions (such as mobility management, transmission control, and session management) of the higher layer, and manages various parameters for controlling the second or lower layer. For example, the higher layer processing unit 230 can perform maintenance and management functions of an encrypting algorithm to be used, key values, and various functions supported by layer 2.
The layer 2 function processing unit 240 performs data PDU division/combination, retransmission control using an ARQ (Automatic Retransmission Request), an HARQ (Hybrid ARQ), and the like, and medium access control for managing physical layer resources.
The PDU division/combination performed by the layer 2 function processing unit 240 will be described now in brief. The transmissible resources (for example, a path for communication) are allocated to layer 2 from layer 3 as a higher layer, but the size of the IP data arriving at the transmitted data storage unit 210 may be different from the size of the allocated resources. Therefore, the layer 2 function processing unit 240 can divide and/or combine one or more layer 3 PDUs stored in the transmitted data storage unit 210 into a proper size so as to transmit the maximum-sized data using the allocated resources (see FIG. 5).
The retransmission control performed by the layer 2 function processing unit 240 will be described now in brief. The data transmitting method from layer 2 includes three modes of a non-controlled mode, a controlled mode, and a controlled and acknowledged mode. The ARQ is an algorithm for defining an acknowledge method used in the controlled and acknowledged mode, in which the receiving terminal 135 having received specific data from the transmitting terminal 100 decodes the received data and returns an ACK message to the transmitting terminal 100. In this case, when the ACK message is not received in a predetermined time after the transmission of data or a data-reception error message is received, the data is retransmitted. On the contrary, the HARQ is an algorithm for compensating for the disadvantage of the ARQ, in which the data to be retransmitted is not discarded but stored so as to help reconstruct the retransmitted data.
The medium access control for physical layer resource management performed by the layer 2 function processing unit 240 means a scheduling and multiplexing function for efficiently using the allocated resources. This is intended to transmit and receive data with the maximum size suitable for the allocated physical resources, which is the ultimate function of layer 2.
The layer 2 control information processing unit 250 generates a layer 2 header. Here, the layer 2 header is header information of the transmission unit packet and is intended to smoothly transmit the transmission unit packet which is obtained by combining and/or dividing the layer 3 PDUs so as to correspond to the transmission size for the purpose of efficient use of resources. The layer 2 header can be generated to include information used to perform the layer 2 functions and can include, for example, one or more of redundancy check information (such as information for checking redundant arrival using a sequence number or the like), retransmission information (such as a retransmission number and an acknowledge message of ACK/NACK), information on division/combination of the layer 3 PDUs, and information on the medium access control.
The layer 2 control information processing unit 250 may include the above-mentioned location storage unit 220 and can set and send the location of input data and the location where output data after the encrypting should be stored to the encryption unit 260, depending on whether the input data stream to be encrypted is the layer 3 PDU or the layer 2 PDU.
The encryption unit 260 receives the input data stream, the key value used for the encryption, a sequence number, and the like and generates an output data stream.
Here, the input data stream is instructed with the position and the length of the layer 3 PDU to be encrypted in the transmission unit packet generated suitably for the transmission size (see FIG. 5). In this case, a part of the layer 3 PDU with the position and the length of the higher-layer PDU used for generating the layer 3 PDU may be instructed as the data to be encrypted.
The key value and the sequence number are managed and provided to the encryption unit 260 by one or more of the layer 2 function processing unit 240 and the layer 2 control information processing unit 250. The key value used for the encrypting may be constant or may be different by the input data streams. Similarly, the same or different encrypting algorithms may be used to encrypt one or more input data streams. The key value or the like may be shared by the transmitting terminal 100 and the receiving terminal 135. When the key value is not shared, the key value may be transmitted and received as separate data therebetween.
The transmission block generating unit 270 generates a transmission block (layer 2 PDU) by combining the layer 2 header generated by the layer 2 control information processing unit 250 and the transmission unit packet encrypted by the encryption unit 260.
When the generation of the transmission block is carried out by the encryption unit 260, the transmission block generating unit 270 may be omitted. When the generation of the transmission block is performed by the data transmitting unit 130, the transmission block generating unit 270 may be an element of the data transmitting unit 130. The data transmitting unit 130 may transmit the transmission block stored in the transmitting memory 280 to the receiving terminal 135, or may combine the layer 2 header and the transmission unit packet stored in the transmitting memory 280 to generate the transmission block and may then transmit the generated transmission block to the receiving terminal 135. Alternatively, the transmitting memory 280 may be included in the transmitted data converting unit 120 or may be included in the data transmitting unit 130.
The processing operation of the transmitted data conversion unit 120 will be described now with reference to FIG. 3. Although it is described that the process steps are sequentially performed in time series, the flow or the details of the process steps may be changed depending on the configuration of the transmitted data converting unit 120 or plural process steps may be concurrently performed.
Referring to FIG. 3, in step 310, the layer 3 PDUs are generated in the higher layer and are stored in the transmitted data storage unit 210. The conceptual diagram illustrating the state where the layer 3 PDUs are stored in the transmitted data storage unit 210 is shown in FIG. 4. The lengths of the layer 3 PDUs may be the same or different and the layer 3 PDUs are stored at locations with addresses in the transmitted data storage unit 210.
In step 320, the layer 2 function processing unit 240 combines or divides the layer 3 PDUs stored in the transmitted data storage unit 210 to generate a transmission unit packet with the transmission size. The information on the layer 3 PDUs (for example, one or more of the storage location and the length) is stored and managed in the location storage unit 220. The layer 2 function processing unit 240 accesses the location storage unit 220 and recognizes the corresponding information, or is provided with the corresponding information from the higher-layer processing unit 230.
FIG. 5 shows an example where the layer 3 PDUs are combined and/or divided to generate a transmission unit packet. As shown in FIG. 5, the layer 3 PDUs are continuously arranged until the transmission size is satisfied, and the layer 3 PDU is divided at the non-exceeded portion to form the transmission unit packet when the layer 3 PDUs exceed the transmission size. The location and length information (510, 520, and 530) of the layer 3 PDUs included in the transmission unit packet are managed and are used in the successive encrypting process and the like.
In step 330, the layer 2 control information processing unit 250 generates a layer 2 header. The layer 2 control information processing unit 250 generating the layer 2 header may be controlled by the layer 2 function processing unit 240.
In step 340, the layer 2 function processing unit 240 determines whether a transmission interrupt for notifying the transmission time of the transmission block from the data transmitting unit 130 is generated.
When it is determined that the transmission interrupt is not generated, the processes on the layer 3 PDUs generated and received in the high layer are repeated from step 310. Alternatively, the generation of the transmission interrupt may be waited for in step 340.
On the contrary, when it is determined that the transmission interrupt is generated, the layer 2 control information processing unit 250 sends the information on the storage location (and/or length) of the input data depending on whether the input data stream to be encrypted includes the layer 3 PDUs or the layer 2 PDUs and the storage location of the encrypted output data and the key value to be used for encrypting to the encryption unit 260 in step 350. When the input data stream includes the layer 3 PDUs, the layer 2 control information processing unit 250 can generate the corresponding layer 2 header and provide the generated layer 2 header to the encryption unit 260 or the transmission block generating unit 270. Here, the encrypted output data and/or the layer 2 header can be stored in a memory to generate a transmission block.
In step 360, the encryption unit 260 encrypts the input data stream (for example, in the unit of the layer 2 PDU or the higher-layer PDU) using the sent location information and the sent key value and outputs the encrypted output data to a specified storage location. When the input data stream includes the higher-layer PDUs, the key values or the encrypting algorithms to be used in encrypting the PDUs may be different (see FIG. 6) and one or more higher-layer PDUs may not be encrypted. The determination on whether a high-layer PDU should be encrypted can be provided as control information from the higher layer to layer 2. The storage location of the output data may be information indicating a specific location in the transmitting memory 280.
When the encryption unit 260 only encrypts the input data stream and thus the generation of the transmission block is further required, the storage location of the output data is provided to the transmission block generating unit 270 so as to store the transmission block generated by the transmission block generating unit 270 at the specific location. Thereafter, the data transmitting unit 130 transmits the transmission block stored in the transmitting memory 280 to the receiving terminal 135 through the network.
As described above, when the layer 2 header and the transmission unit packet are stored in the transmitting memory 280, the data transmitting unit 130 combines the layer 2 header and the transmission unit packet to generate the transmission block and then transmit the generated transmission block to the receiving terminal 135.
FIG. 7 is a diagram illustrating the configuration of the received data converting unit according to an embodiment of the invention and FIG. 8 is a flowchart illustrating the flow of processes in the received data converting unit according to an embodiment of the invention. The configuration or operation of the receiving terminal 135 can be easily understood by those skilled in the art with reference to the configuration or operation of the transmitting terminal 100 and will thus be described in brief. However, the details of the received data converting unit or the like not described herein should be understood with reference to the details of the transmission terminal 100.
Referring to FIG. 7, the received data converting unit 150 includes a transmission block separating unit 740, a decryption unit 720, a layer 2 control information processing unit 730, a layer 2 function processing unit 740, a higher layer processing unit 750, a location storage unit 760, and a received data storage unit 770. Some of the shown elements may be omitted or plural elements may be combined into one element. One or more elements may be embodied by software. As described below, the functions of the elements of the received data converting unit 150 are equal to or reverse to the functions of the elements of the above-mentioned transmitted data converting unit 120. Therefore, the received data converting unit 150 and the transmitted data converting unit 120 may be combined into one data converting unit.
The transmission block separating unit 710 separates the layer 2 header from the received transmission block. As described above, the layer 2 header includes information for retransmission by the transmitted data PDUs and the corresponding information includes information (for example, one or more of location, length, and shape) on one or more transmitted data PDUs included in the transmission unit packet.
The decryption unit 720 decrypts the encrypted transmission unit packet from which the layer 2 header has been separated by the transmission block separating unit 710 using the key value and the like predetermined or received from the transmitting terminal 100. The decrypting process is carried out to correspond to the above-mentioned encrypting process and the decrypted layer 3 PDUs are stored in the received data storage unit 770.
The layer 2 control information processing unit 730 receives the notification on the reception of the transmission block from the data receiving unit 140 and separates the control information and the data in the receiving memory 780 with reference to the information on the layer 2 header separated by the transmission block separating unit 710. Here, the data reception notification may include information (address information) on the storage location in the receiving memory 780 storing the received transmission block.
The layer 2 control information processing unit 730 provides information (for example, one or more of location and length) on the input data stream depending on whether the input stream to be decrypted is the layer 2 PDU or the higher-layer PDU, a storage location of the decrypted output data, and the key value to be used in decrypting the data stream to the decryption unit 720 so as to allow the decryption unit 720 to decrypt the encrypted transmission unit packet. In this case, the information on the address in the received data storage unit 770 where the data decrypted by the decryption unit 720 will be stored may be provided together. Here, the information on the input data stream can be managed by the location storage unit 760 and the location storage unit 760 may be an element of the layer 2 control information processing unit 730.
When a layer 3 PDU is not completely constructed by the data obtained by decrypting the data included in an encrypted transmission unit packet, the layer 2 function processing unit 740 can construct one complete layer 3 PDU using the data obtained by decrypting the data included in the transmission unit packet received thereafter. This is because the transmitting terminal 100 divides/combines the layer 3 PDUs to construct the transmission unit packet. When the receiving terminal 135 constructs the layer 3 PDU, the divided pieces can be recognized using the information on the division/combination of the layer 3 PDUs included in the layer 2 header.
The higher layer processing unit 750 supports the functions (for example, mobility management, transmission control, and session management) of the higher layer, and manages various parameters for controlling the second or lower layer. For example, the higher layer processing unit 750 can perform a maintenance and management function of the decrypting algorithms and key values to be used and a control and management function of various functions supported by layer 2.
The location storage unit 760 stores one or more address information on the storage location of the transmission unit packet in the receiving memory 780 and the location information of the PDUs included in the transmission unit packet and/or the size information. The location storage unit 760 may be an element of the layer 2 control information 730.
The operation of the received data converting unit 150 will be described now with reference to FIG. 8. Since the received data converting unit 150 performs its operations in the order reverse to the above-mentioned operations of the transmitted data converting unit 120, description thereof will be made in brief.
In step 810, a transmission block received from the transmitting terminal 100 is stored in the receiving memory 780. When the transmission block is received and stored, the data receiving unit 140 notifies the layer 2 control information processing unit 730 of the receipt of the transmission block. At this time, the data receiving unit 140 can transmit the address information in the receiving memory 780 in which the transmission block is stored together.
In step 820, the transmission block separating unit 710 separates the layer 2 header from the transmission block.
In step 830, the layer 2 control information processing unit 730 provides the decryption unit 720 with the information on the input data stream depending on whether the input stream to be decrypted includes the layer 2 PDU or the higher-layer PDU, the storage location of the decrypted output data, and the key value to be used in decrypting the data.
In step 840, the decryption unit 720 decrypts the transmission unit packet stored in the receiving memory 780 using the key value and the like predetermined or received from the transmitting terminal 100 and stores the decrypted layer 3 PDU in the received data storage unit 770. When the decryption unit 720 performs the decrypting process in the unit of the layer 2 PDU, the decryption unit may send the decrypted layer 2 header to the layer control information processing unit 730 to reconstruct the layer 3 PDU. The received data storage unit 770 may be a physical memory such as a DRAM (Dynamic Random Access Memory) and an SRAM (Static Random Access Memory).
In step 850, the layer 2 function processing unit 740 determines whether the data stored in the received data storage unit 770 is a complete layer 3 PDU. This is to check whether the layer 3 PDU to be sent to the higher layer is complete and matched with the transmission sequence. The information of the layer 2 header provided to the layer 2 control information processing unit 730 can be used for the check. For example, when the data is a divided layer 3 PDU and the other piece is not received yet, or when the sequence number is not matched, it can be determined that the data is not a complete layer 3 PDU. The reason of receipt of the divided piece of the layer 3 PDU is that the transmitting terminal 100 can construct the transmission unit packet so as to include only a part of one layer 3 PDU.
When it is determined that the data is not the complete layer 3 PDU, the layer 2 function processing unit 740 determines whether all the required pieces are stored in the received data storage unit 770 and can be combined in step 860.
When it is determined that the pieces can be combined, the layer 2 function processing unit 740 constructs one layer 3 PDU using the divided pieces in step 865. Although it is shown in the drawing that the process of step 870 is performed after the process of step 865, the process of step 850 may be performed after the process of step 865.
However, when the divided pieces are not stored yet in the received data storage unit 770, the subsequent process on the transmission block should be performed earlier and thus the process of step 810 is performed again.
When it is determined in step 850 that the data is a complete layer 3 PDU, the receipt of the layer 3 PDU is notified to the higher layer in step 870. Here, the notification may be carried out by one or more of the higher layer processing unit 750 and the layer 2 function processing unit 740.
It has been hitherto described that the layer 3 PDU is encrypted and output and the input transmission unit packet is decrypted to reconstruct the layer 3 PDU. However, regardless of whether the transmitted data converting unit 120 encrypts the layer 3 PDU or the layer 2 PDU having been subjected to the division/combination and the addition of a header, it will be easily understood with reference to the embodiments of the invention that only the part requiring the encrypting is encrypted and output just before it goes from layer 2 to layer 1. Similarly, it will be easily understood that the received data converting unit 150 can perform the corresponding functions with the corresponding configuration.
The above-mentioned communication method with a security function may be embodied by codes which can be read by a digital processor. A recording medium in which the codes readable by the digital processor are recorded includes all kinds of recording mediums in which data are stored. Examples of the recording medium include a ROM, a RAM, a CD-ROM, a magnetic tape, a floppy disk, and an optical data storage device and also includes a type embodied in the form of carrier waves (for example, transmission through the Internet). The codes readable by the digital processor may be stored and executed in a distributed manner in which the codes are distributed in systems connected via a network. Functional programs, codes, and code segments for embodying the above-mentioned method will be easily obtained by programmers skilled in the art.
Although the invention has been described with reference to the exemplary embodiments, it will be understood by those skilled in the art that the invention can be modified and changed in various forms without departing from the spirit and scope of the invention described in the appended claims.

Claims (19)

  1. A method of encrypting a higher-layer PDU (Protocol Data Unit) in layer 2, which is carried out by a terminal device, the method comprising:
    generating a transmission unit packet with a predetermined transmission size by performing one or more of a process of dividing one or more received layer 3 PDUs and a process of combining the one or more received layer 3 PDUs; and
    encrypting one or more higher-layer PDUs included in the transmission unit packet;
    wherein the encrypted transmission unit packet is combined with a layer 2 header to generate a layer 2 PDU.
  2. The method according to claim 1, wherein the layer 2 header includes information on the one or more of the process of dividing the one or more layer 3 PDUs and the process of combining the one or more layer 3 PDUs to generate the transmission unit packet.
  3. The method according to claim 1, wherein location information and length information of the higher-layer PDU to be encrypted in the transmission unit packet are managed to encrypt the higher-layer PDU.
  4. The method according to claim 1, wherein one or more of the encrypting keys and the encrypting algorithms of the one or more higher-layer PDUs included in the transmission unit packet are different.
  5. The method according to claim 1, wherein the step of encrypting one or more higher-layer PDUs is performed when the generation of a transmission interrupt for notifying a transmission time of the layer 2 PDU is sensed.
  6. The method according to claim 1, wherein the layer 2 PDU is stored in a transmitting memory in a modem and is then transmitted to a receiving device.
  7. A terminal device for encrypting a higher-layer PDU (Protocol Data Unit) in layer 2, comprising:
    a transmitted data storage unit storing one or more layer 3 PDUs;
    a function processing unit performing one or more of a process of dividing the stored one or more layer 3 PDUs and a process of combining the stored one or more layer 3 PDUs to generate a transmission unit packet with a predetermined transmission size;
    a control information processing unit storing one or more of location information and length information of one or more higher-layer PDUs included in the transmission unit packet in a location storage unit; and
    an encryption unit encrypting the higher-layer PDU located at the corresponding location using the one or more of the location information and the length information for indicating a range of an input data to be encrypted in the transmission unit packet and an encrypting key.
  8. The terminal device according to claim 7, further comprising a transmission block generating unit combining the encrypted transmission unit packet with a layer 2 header to generate a layer 2 PDU,
    wherein the layer 2 header includes information on the one or more of the process of dividing the one or more layer 3 PDUs and the process of combining the one or more layer 3 PDUs in the function processing unit.
  9. The terminal device according to claim 7, further comprising a data transmitting unit generating a transmission interrupt for notifying a transmission start of the layer 2 PDU to allow the encryption unit to start its operation.
  10. The terminal device according to claim 7, wherein the data transmitting unit includes a transmitting memory storing the layer 2 PDU.
  11. A recording medium having recorded thereon a program which can be read by a digital processor and in which command words executable by the digital processor are materially described so as to carry out the method according to any one of claims 1 to 6.
  12. A method of decrypting a higher-layer PDU (Protocol Data Unit) in layer 2, which is performed by a terminal device, the method comprising:
    (a) separating a layer 2 PDU received through a network into a layer 2 header and a transmission unit packet;
    (b) decrypting an encrypted higher-layer PDU included in the transmission unit packet; and
    (c) reconstructing one or more layer 3 PDUs from the decrypted transmission unit packet,
    wherein the layer 2 header includes information on one or more of a process of dividing the one or more layer 3 PDUs and a process of combining the one or more layer 3 PDUs to generate the transmission unit packet.
  13. The method according to claim 12, wherein location information and length information of the higher-layer PDU to be encrypted in the transmission unit packet are managed to decrypt the higher-layer PDU.
  14. The method according to claim 12, further comprising:
    determining whether the reconstructed layer 3 PDU is complete; and
    notifying a higher layer of the receipt of the layer 3 PDU when the reconstructed layer 3 PDU is complete,
    wherein when the layer 3 PDU includes only a partial piece due to the division process or a sequence number which is not matched, it is determined that the reconstructed layer 3 PDU is incomplete.
  15. The method according to claim 14, further comprising: when the layer 3 PDU is an incomplete layer 3 PDU including only a partial piece,
    waiting until all the pieces for constructing a complete layer 3 PDU are reconstructed by repeatedly performing the processes of the steps of (a) to (c); and
    reconstructing the complete layer 3 PDU using the reconstructed pieces.
  16. The method according to claim 14, further comprising the step of waiting until a complete layer 3 PDU matched with a sequence number is reconstructed by repeatedly performing the processes of the steps of (a) to (c) when the layer 3 PDU is an incomplete layer 3 PDU not matched with the sequence number.
  17. A terminal device for decrypting a higher-layer PDU (Protocol Data Unit) in layer 2, comprising:
    a receiving memory storing one or more layer 2 PDUs;
    a transmission block separating unit separating the layer 2 PDU into a layer 2 header and a transmission unit packet; and
    a decryption unit receiving one or more of location information and length information for indicating a range of an input data to be decrypted in a layer 3 PDU and a decrypting key from a control information processing unit and decrypting the higher-layer PDU corresponding to the range of the input data in the transmission unit packet,
    wherein the layer 2 header includes information on one or more of a process of dividing one or more layer 3 PDUs and a process of combining the one or more layer 3 PDUs to construct the transmission unit packet.
  18. The terminal device according to claim 17, further comprising a function processing unit determining whether the layer 3 PDU reconstructed from the decrypted transmission unit packet is a complete layer 3 PDU and notifying a higher layer of the receipt of the layer 3 PDU when the layer 3 PDU is complete,
    wherein when the layer 3 PDU includes only a partial piece due to the division process or a sequence number is not matched, it is determined that the reconstructed layer 3 PDU is incomplete.
  19. A recording medium having recorded thereon a program which can be read by a digital processor and in which command words executable by the digital processor are materially described so as to carry out the method according to any one of claims 12 to 16.
PCT/KR2009/005287 2008-12-02 2009-09-17 Communication method and device with security function WO2010064782A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR10-2008-0120984 2008-12-02
KR1020080120984A KR100904489B1 (en) 2008-12-02 2008-12-02 Communication method and device with security function and recording medium for performing the method

Publications (1)

Publication Number Publication Date
WO2010064782A1 true WO2010064782A1 (en) 2010-06-10

Family

ID=40983122

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2009/005287 WO2010064782A1 (en) 2008-12-02 2009-09-17 Communication method and device with security function

Country Status (2)

Country Link
KR (1) KR100904489B1 (en)
WO (1) WO2010064782A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20020028096A (en) * 2000-10-07 2002-04-16 구자홍 Acknowledged mode entity in radio link control
KR20050073904A (en) * 2004-01-12 2005-07-18 삼성전자주식회사 Data ciphering/deciphering method in radio link control layer of radio network communication apparatus
KR20070061684A (en) * 2005-12-10 2007-06-14 한국전자통신연구원 Apparatus of low mac layer for mobile internet system and data processing method thereby

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100344980B1 (en) * 2000-10-07 2002-07-20 엘지전자주식회사 Unacknowledged mode entity in radio link control
KR20080018055A (en) * 2006-08-23 2008-02-27 삼성전자주식회사 Method and apparatus for transmitting and receiving packet data

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20020028096A (en) * 2000-10-07 2002-04-16 구자홍 Acknowledged mode entity in radio link control
KR20050073904A (en) * 2004-01-12 2005-07-18 삼성전자주식회사 Data ciphering/deciphering method in radio link control layer of radio network communication apparatus
KR20070061684A (en) * 2005-12-10 2007-06-14 한국전자통신연구원 Apparatus of low mac layer for mobile internet system and data processing method thereby

Also Published As

Publication number Publication date
KR100904489B1 (en) 2009-06-23

Similar Documents

Publication Publication Date Title
JP4490331B2 (en) Fragment packet processing method and packet transfer apparatus using the same
EP0702477B1 (en) System for signatureless transmission and reception of data packets between computer networks
JP4273535B2 (en) Data transmission control method, data transmission system, data receiving apparatus and data transmitting apparatus
WO2012074198A1 (en) Terminal and intermediate node in content oriented networking environment and communication method of terminal and intermediate node
JP3595145B2 (en) Cryptographic communication system
JP5785346B1 (en) Switching facility and data processing method supporting link layer security transmission
JP3263877B2 (en) Cryptographic gateway device
WO2014063455A1 (en) Instant messaging method and system
WO2009148263A2 (en) A system and method of reducing encryption overhead by concatenating multiple connection packets associated with a security association
WO2006093079A1 (en) Communication system, communication apparatus, communication method, and program
WO2011145910A2 (en) Method and system for multiplexing data streaming in audio/video networks
WO2011144077A2 (en) Method and device for point to point file transmission
WO2023128723A1 (en) Method and device for selective user plane security in wireless communication system
WO2015199271A1 (en) Method and system for sharing files over p2p
WO2011142583A2 (en) Method and system for isochronous communication in audio/video networks
JP3296514B2 (en) Encryption communication terminal
WO2010074385A1 (en) Method and apparatus for compressing frame
CN113595964B (en) Connection tracking synchronization method, device, system, equipment and medium
WO2019052463A1 (en) Multimedia file sharing method, device and system based on wifi display
JP4850585B2 (en) Common encryption and decryption method, common encryption and decryption apparatus, encryption communication system, program, and recording medium
WO2010064782A1 (en) Communication method and device with security function
US8897441B2 (en) Packet transmitting and receiving apparatus and packet transmitting and receiving method
WO2010064783A1 (en) Communication method and device in communication system and recording medium having recorded program for carrying out communication method
WO2010147317A2 (en) Content encoding method, content decoding method and electronic device using same
WO2023120852A1 (en) Method for receiving firmware and method for transmitting firmware

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09830520

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09830520

Country of ref document: EP

Kind code of ref document: A1