Frame number identification and ciphering activation time synchronization for a wireless communications protocol

US 6,870,932 B2
Filed: 05/07/2001
Issued: 03/22/2005
Est. Priority Date: 05/07/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A method for synchronizing a ciphering key change in a wireless communications system, the wireless communications system comprising:

a first station capable of receiving a security mode command to effect a ciphering change, and capable of receiving encrypted layer 2 protocol data units (PDUs), each received PDU being sequentially identified by an n-bit frame number (FN), the first station comprising;

a decryption unit capable of decrypting received PDUs according to at least a first ciphering key, a first m-bit hyper frame number (HFN) which is a function of the FN for each received PDU, and the FN of each received PDU; and

a second station capable of transmitting the security mode command, capable of assigning each transmitted PDU with an n-bit FN and capable of transmitting encrypted PDUs, the second station comprising;

an encryption unit capable of encrypting transmitted PDUs according to at least the first ciphering key, a second m-bit HFN which is a function of the FN for each transmitted PDU and is synchronized with the first m-bit HFN, and the FN associated with each transmitted PDU;

the method comprising;

the second station determining an activation time at which a ciphering key change is to occur, the activation time corresponding to a second HFN/FN sequence pair for a crossover PDU, the crossover PDU being the sequentially earliest PDU encrypted using a second ciphering key;

the second station composing the security mode command, the security mode command comprising a switching FN corresponding to the activation time, and x least-significant bits (LSBs) from the second HFN corresponding to the crossover PDU;

the second station transmitting the security mode command;

the first station receiving the security mode command;

the first station utilizing the switching FN and the x LSBs from the second HFN contained in the security mode command to obtain an application time; and

the first station using the first ciphering key to decrypt PDUs with FNs sequentially prior to the application time, and using the second ciphering key to decrypt PDUs with FNs sequentially on or after the application time, wherein the second ciphering key is different from the first ciphering key.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A received PDU is sequentially identified by an n-bit frame number (FN) and an m-bit hyper frame number (HFN), which are synchronously maintained on first and second stations. The second station determines an activation time at which a ciphering key change is to occur, and composes a security mode command that includes an identifying FN corresponding to the activation time, and x least-significant bits (LSBs) from the HFN of the identifying FN. The second station transmits the security mode command to the first station. The x LSBs contained in the security mode command enable the first station to resolve cyclical ambiguities of the identifying FN to properly construct an application time. The first station uses a first ciphering key to decrypt PDUs with FNs sequentially prior to the application time, and uses a second ciphering key to decrypt PDUs with FNs sequentially on or after the application time.

44 Citations

View as Search Results

23 Claims

1. A method for synchronizing a ciphering key change in a wireless communications system, the wireless communications system comprising:
- a first station capable of receiving a security mode command to effect a ciphering change, and capable of receiving encrypted layer 2 protocol data units (PDUs), each received PDU being sequentially identified by an n-bit frame number (FN), the first station comprising;
  
  a decryption unit capable of decrypting received PDUs according to at least a first ciphering key, a first m-bit hyper frame number (HFN) which is a function of the FN for each received PDU, and the FN of each received PDU; and
  
  a second station capable of transmitting the security mode command, capable of assigning each transmitted PDU with an n-bit FN and capable of transmitting encrypted PDUs, the second station comprising;
  
  an encryption unit capable of encrypting transmitted PDUs according to at least the first ciphering key, a second m-bit HFN which is a function of the FN for each transmitted PDU and is synchronized with the first m-bit HFN, and the FN associated with each transmitted PDU;
  
  the method comprising;
  
  the second station determining an activation time at which a ciphering key change is to occur, the activation time corresponding to a second HFN/FN sequence pair for a crossover PDU, the crossover PDU being the sequentially earliest PDU encrypted using a second ciphering key;
  
  the second station composing the security mode command, the security mode command comprising a switching FN corresponding to the activation time, and x least-significant bits (LSBs) from the second HFN corresponding to the crossover PDU;
  
  the second station transmitting the security mode command;
  
  the first station receiving the security mode command;
  
  the first station utilizing the switching FN and the x LSBs from the second HFN contained in the security mode command to obtain an application time; and
  
  the first station using the first ciphering key to decrypt PDUs with FNs sequentially prior to the application time, and using the second ciphering key to decrypt PDUs with FNs sequentially on or after the application time, wherein the second ciphering key is different from the first ciphering key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 20, 21)
- - 2. The method of claim 1 wherein the first station increments the first HFN by a predetermined value on detection of roll-over of an FN of a received PDU.
  - 3. The method of claim 1 wherein the second station increments the second HFN by a predetermined value on detection of roll-over of an FN of a transmitted PDU.
  - 4. The method of claim 1 wherein the application time corresponds to a synchronized first HFN/FN sequence pair for a corresponding received PDU.
  - 5. The method of claim 1 wherein the activation time is equal to the application time.
  - 6. The method of claim 1 wherein x is greater than or equal to 2.
  - 7. The method of claim 1 wherein x is equal to m.
  - 8. The method of claim 1 wherein the first station compares the x LSBs from the second HFN contained in the security mode command to determine a cyclical positioning of the switching FN within the first HFN. encrypted PDUs;
    - wherein PDUs that are sequentially before the application time are encrypted using the first ciphering key, and PDUs sequentially on or after the application time are encrypted using the second ciphering key.
  - 20. The method of claim 1 wherein x is equal to 2.
  - 21. The method of claim 1 wherein x is less than m.

9. A wireless communications system comprising:
- a first station capable of receiving encrypted layer 2 protocol data units (PDUs), and capable of receiving a security mode command, the first station comprising;
  
  a receiving buffer for storing received PDUs;
  
  a means for associating a sequentially ordered n-bit frame number (FN) with each received PDU by the first station;
  
  a means for maintaining an m-bit hyper frame number (HFN) as a function of the associated FN for each received PDU by the first station;
  
  an extraction unit for obtaining an application time from a switching FN and x least significant bits (LSBs) of a second HFN, the switching FN being the FN of a crossover PDU and the second HFN being the HFN of the crossover PDU, the switching FN and the x LSBs of the second HFN being contained in the security mode command;
  
  a means for storing a first ciphering key;
  
  a means for storing a second ciphering key, the second ciphering key being different from the first ciphering key;
  
  a second station capable of transmitting encrypted layer 2 PDUs, and capable of transmitting a security mode command, the second station comprising;
  
  an encryption unit capable of generating an activation time, the activation time corresponding to an HFN/FN sequence pair for the crossover PDU, the crossover PDU being the sequentially earliest PDU encrypted by the encryption unit using the second ciphering key; and
  
  a decryption unit for decrypting the received PDUs, the decryption unit using the first ciphering key to decrypt any received PDU with an HFN/FN pair that is sequentially before the application time, and using the second ciphering key to decrypt any received PDU with an HFN/FN pair that is sequentially on or after the application time.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 22, 23)
- - 10. The system of claim 9 wherein PDUs that are sequentially before the application time are encrypted using the first ciphering key, and PDUs sequentially on or after the application time are encrypted using the second ciphering key.
  - 11. The system of claim 10 wherein the HFN of each received PDU is synchronized with a corresponding HFN on the second station for each PDU transmitted by the second station.
  - 12. The system of claim 9 wherein the application time corresponds to a synchronized HFN/FN sequence pair for a corresponding PDU received by the first station.
  - 13. The system of claim 12 wherein the activation time is equal to the application time.
  - 14. The system of claim 11 wherein the first station increments the HFN associated with a first PDU by a predetermined value on rollover of the FN associated with the first PDU.
  - 15. The system of claim 11 wherein x is greater than or equal to 2.
  - 16. The system of claim 11 wherein x is equal to m.
  - 22. The method of claim 9 wherein x is equal to 2.
  - 23. The method of claim 9 wherein x is less than m.

17. A method for removing cyclical ambiguity of an n-bit identifying frame number (FN) transmitted in a signaling message from a first station to a second station in a wireless communications system, the method comprising:
- the first station placing an identifying FN for identifying a layer 2 protocol data unit (PDU) in a stream of transmitted PDUs, into a first field of a message;
  
  the first station placing x least significant bits (LSBs) from a first m-bit hyper frame number (HFN) value associated with the identifying FN in a second field of the message, the first HFN being incremented by a first value upon detection of roll-over of an FN in the stream of transmitted PDUs; and
  
  the first station transmitting the message to the second station;
  
  the second station receiving the message and using the x LSBs of the second field to determine a cyclical position of the identifying FN of the first field;
  
  wherein x<
  
  m.
- View Dependent Claims (18, 19)
- - 18. The method of claim 17 wherein x is greater than or equal to two.
  - 19. The method of claim 17 wherein the second station has a second HFN that is synchronized with the HFN of the first station, the second HFN being incremented by the first value upon detection of roll-over of an FN in the stream of received PDUs and the second station uses the x LSBs of the second field to determine the cyclical position of the identifying FN within the second HFN.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Innovative Sonic Limited
Original Assignee
ASUS Computer International, Inc. (ASUSTek Computer, Inc.), ASUSTek Computer, Inc.
Inventors
Jiang, Sam Shiaw-Shiang
Primary Examiner(s)
Sheikh, Ayaz
Assistant Examiner(s)
Baum, Ronald

Application Number

US09/849,403
Publication Number

US 20020164029A1
Time in Patent Office

1,415 Days
Field of Search

380/239, 380/270, 380273-285, 380/229
US Class Current

380/273
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/068   using time-dependent keys, ...

H04L 9/0891   Revocation or update of sec...

H04L 9/12   Transmitting and receiving ...

H04W 12/033   of the user plane, e.g. use...

Frame number identification and ciphering activation time synchronization for a wireless communications protocol

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

44 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Frame number identification and ciphering activation time synchronization for a wireless communications protocol

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

44 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links