Method For Managing Traffic Encryption Key In Wireless Portable Internet System And Protocol Configuration Method Thereof, And Operation Method Of Traffic Encryption Key State Machine In Subscriber Station
First Claim
1. A method for a base station to manage a traffic encryption key (TEK) for encrypting traffic data for a multicast service or a broadcast service provided to a subscriber station in a wireless portable Internet system, the method comprising:
- (a) generating a new traffic encryption key so as to update a current traffic encryption key when a predetermined time elapses from a start time of an active lifetime of the current traffic encryption key used for encrypting traffic data currently transmitted to the subscriber station; and
(b) transmitting the new traffic encryption key to subscriber stations provided with the multicast service or the broadcast service through a broadcast connection.
2 Assignments
0 Petitions
Accused Products
Abstract
Disclosed is a traffic encryption key (TEK) management method for automatically generating a TEK for a multicast or broadcast service by a base station to periodically update a TEK used by a subscriber station. The base station transmits the first Key Update Command message for updating a group key encryption key (GKEK) for encrypting the TEK and the second Key Update Command message for updating the TEK to the subscriber station to update the TEK. The base station establishes an M & B TEK Grace Time which is different from a TEK Grace Time established by the subscriber station, transmits the first message including a new GKEK to the subscriber station through a primary management connection before the M & B TEK Grace Time, and transmits the second message including a new TEK encrypted with the new GKEK thereto through a broadcast connection after the M & B TEK Grace Time.
90 Citations
45 Claims
-
1. A method for a base station to manage a traffic encryption key (TEK) for encrypting traffic data for a multicast service or a broadcast service provided to a subscriber station in a wireless portable Internet system, the method comprising:
- (a) generating a new traffic encryption key so as to update a current traffic encryption key when a predetermined time elapses from a start time of an active lifetime of the current traffic encryption key used for encrypting traffic data currently transmitted to the subscriber station; and
(b) transmitting the new traffic encryption key to subscriber stations provided with the multicast service or the broadcast service through a broadcast connection. - View Dependent Claims (3, 5, 6, 7, 8, 18, 19, 20)
- (a) generating a new traffic encryption key so as to update a current traffic encryption key when a predetermined time elapses from a start time of an active lifetime of the current traffic encryption key used for encrypting traffic data currently transmitted to the subscriber station; and
-
2. A method for a base station to manage a traffic encryption key (TEK) for encrypting traffic data for a multicast service or a broadcast service provided to a subscriber station in a wireless portable Internet system, the method comprising:
- (a) generating a specific key for encrypting or decrypting a traffic encryption key before a predetermined time elapses from a start time of an active lifetime of the current traffic encryption key used for encrypting traffic data currently transmitted to the subscriber station;
(b) transmitting the specific key to subscriber stations receiving the multicast service or the broadcast service through a primary management connection;
(c) generating a new traffic encryption key so as to update the current traffic encryption key when the predetermined time elapses from a start time of an active lifetime of the current traffic encryption key; and
(d) transmitting the new traffic encryption key to subscriber stations receiving the multicast service or the broadcast service through a broadcast connection to update a traffic encryption key used by the subscriber station. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17)
- (a) generating a specific key for encrypting or decrypting a traffic encryption key before a predetermined time elapses from a start time of an active lifetime of the current traffic encryption key used for encrypting traffic data currently transmitted to the subscriber station;
-
4. The method of claim l, wherein in (b), a Key Reply message included in a Privacy Key Management Response (PKM-RSP) message is used to transmit the new traffic encryption key to the subscriber station through the broadcast connection.
-
21. A method for a subscriber station to manage a traffic encryption key (TEK) for decrypting traffic data for a multicast service or a broadcast service received from a base station in a wireless portable Internet system, the method comprising:
- (a) receiving a new traffic encryption key from the base station through a broadcast connection; and
(b) updating a current traffic encryption key with the new traffic encryption key, and using the new traffic encryption key to decrypt traffic data received from the base station. - View Dependent Claims (23, 25, 26, 27, 28, 29, 30)
- (a) receiving a new traffic encryption key from the base station through a broadcast connection; and
-
22. A method for a subscriber station to manage a traffic encryption key (TEK) for decrypting traffic data for a multicast service or a broadcast service received from a base station in a wireless portable Internet system, the method comprising:
- (a) receiving a new specific key for decrypting a traffic encryption key from the base station through a Primary Management Connection, the new specific key being encrypted with an Authorization Key (AK) allocated when the subscriber station is authenticated;
(b) updating a current specific key with the new specific key;
(c) receiving a new traffic encryption key from the base station through a broadcast connection, the new traffic encryption key being encrypted with the new specific key; and
(d) decrypting the new traffic encryption key with the new specific key to update the current traffic encryption key, and using the updated traffic encryption key to decrypt traffic data received from the base station. - View Dependent Claims (24)
- (a) receiving a new specific key for decrypting a traffic encryption key from the base station through a Primary Management Connection, the new specific key being encrypted with an Authorization Key (AK) allocated when the subscriber station is authenticated;
-
31. A method for configuring a protocol for managing a traffic encryption key (TEK) for encryption or decryption of traffic data for a multicast service or a broadcast service transmitted and received between a subscriber station and a base station in a wireless portable Internet system, the method comprising:
- (a) the subscriber station using a MAC message to transmit a Key Request message to the base station and request a traffic encryption key;
(b) the base station using the MAC message to transmit a Key Reply message including the requested new traffic encryption key and a specific key to the subscriber station, the specific key being encrypted with an Authorization Key allocated to the subscriber station and being used to encrypt the traffic encryption key;
(c) the base station using the MAC message to transmit the first Key Update Command message including a new specific key to the subscriber station so as to update the specific key; and
(d) the base station using the MAC message to transmit the second Key Update Command message including a new traffic encryption key encrypted by the new specific key to the subscriber station. - View Dependent Claims (32, 33, 34, 35, 36, 37, 38)
- (a) the subscriber station using a MAC message to transmit a Key Request message to the base station and request a traffic encryption key;
-
39. An operation method of a traffic encryption key state machine provided to a subscriber station and used for the subscriber station to manage a traffic encryption key (TEK) for decrypting traffic data received from a base station for a multicast service or a broadcast service, the operation method comprising:
- transmitting a Key Request message to the base station according to generation of a traffic encryption key request event and then entering an Op Wait state; and
controlling an Operational state being able to receive the traffic data from the base station, wherein the traffic encryption key state machine goes to the Operational state and starts a predetermined operation when the subscriber station in an Op Wait state receives a Key Reply message including a new traffic encryption key from the base station. - View Dependent Claims (40, 41)
- transmitting a Key Request message to the base station according to generation of a traffic encryption key request event and then entering an Op Wait state; and
-
42. An operation method of a traffic encryption key (TEK) state machine existing in a subscriber station and used for the subscriber station to manage a traffic encryption key for decrypting traffic data received from a base station for a multicast service or a broadcast service, the operation method comprising:
- transmitting a Key Request message to the base station according to generation of a traffic encryption key request event and then entering an Op Wait state;
controlling an Operational state to receive the traffic data from the base station; and
controlling a Multicast and Broadcast (M&
B) Re-key Interim Wait state to momentarily wait for by using a new traffic encryption key automatically generated and transmitted by the base station, wherein the traffic encryption key state machine goes to the Operational state and starts a predetermined operation when a Key Reply message event is provided from the base station in the Op Wait state, a Group Key Encryption Key (GKEK) Updated event is generated and the traffic encryption key state machine goes to the M&
B Re-key Interim Wait state when a new specific key is provided from the base station through the first Key Update Command message in the Operational state so as to update the specific key, and a TEK Updated event is generated and the traffic encryption key state machine goes to the Operational state when the second Key Update Command message for distributing a new traffic encryption key encrypted with the new specific key is transmitted from the base station through a broadcast connection in the M&
B Re-key Interim Wait state. - View Dependent Claims (43, 44, 45)
- transmitting a Key Request message to the base station according to generation of a traffic encryption key request event and then entering an Op Wait state;
Specification