Updating Encryption Keys in a Radio Communication System
First Claim
1. A method for updating encryption keys in a radio communication system, including:
- defining one or more rekey groups containing radios having one or more shared encryption keys,determining one or more existing keys to be updated with new keys,transmitting the new keys to each radio in one or more rekey groups, using respective rekey messages,storing the new keys in inactive keysets of respective radios, andactivating the inactive keysets in the rekey groups to become active keysets, using respective changeover messages.
2 Assignments
0 Petitions
Accused Products
Abstract
Encryption keys in a communication system are updated according to rekey groups having a common set of encryption keys or CKRs. Each group includes a number of radios with active and inactive keysets. A database records the relationships between rekey groups and keys, and the status of their keysets. An operator first determines one or more keys to be updated. New keys are then transmitted to each radio in one or more rekey groups using respective rekey messages. The new keys are stored in the inactive keysets of the radios. The inactive keysets are then activated using respective changeover messages. Deployment of new keys is carried out by software in the form of automated update tasks.
28 Citations
6 Claims
-
1. A method for updating encryption keys in a radio communication system, including:
-
defining one or more rekey groups containing radios having one or more shared encryption keys, determining one or more existing keys to be updated with new keys, transmitting the new keys to each radio in one or more rekey groups, using respective rekey messages, storing the new keys in inactive keysets of respective radios, and activating the inactive keysets in the rekey groups to become active keysets, using respective changeover messages. - View Dependent Claims (2)
-
-
3. A key management facility for a radio communication system having terminals arranged in groups with active and inactive keysets for encrypted communications within the groups, including:
-
an operator interface, a communication unit which sends and receives messages to and from the communication system, a database which stores encryption data relating to the groups, a cryptographic module which calculates new encryption keys for the groups when required by the operator, and a scheduling subsystem which transmits rekey messages containing new keys to the groups for respective inactive keysets, and transmits changeover messages which cause the terminals to switch between active and inactive keys. - View Dependent Claims (4)
-
-
5. A method of updating encryption keys in a radio communication system having a plurality of radios assigned to rekey groups, including:
-
creating a first update task relating to one or more of the rekey groups, creating a second update task relating to the same or a different rekey group, each task involving deployment of one or more new keys to the respective groups, initiating the first and second update tasks, and executing the update tasks subject to conditions determined by any conflict between the two tasks. - View Dependent Claims (6)
-
Specification