Frame number identification and ciphering activation time synchronization for a wireless communications protocol
First Claim
1. A method for synchronizing a ciphering key change in a wireless communications system, the wireless communications system comprising:
- a first station capable of receiving a security mode command to effect a ciphering change, and capable of receiving encrypted layer 2 protocol data units (PDUs), each received PDU being sequentially identified by an n-bit frame number (FN), the first station comprising;
a decryption unit capable of decrypting received PDUs according to at least a first ciphering key, a first m-bit hyper frame number (HFN) which is a function of the FN for each received PDU, and the FN of each received PDU; and
a second station capable of transmitting the security mode command, capable of assigning each transmitted PDU with an n-bit FN and capable of transmitting encrypted PDUs, the second station comprising;
an encryption unit capable of encrypting transmitted PDUs according to at least the first ciphering key, a second m-bit HFN which is a function of the FN for each transmitted PDU and is synchronized with the first m-bit HFN, and the FN associated with each transmitted PDU;
the method comprising;
the second station determining an activation time at which a ciphering key change is to occur, the activation time corresponding to a second HFN/FN sequence pair for a crossover PDU, the crossover PDU being the sequentially earliest PDU encrypted using a second ciphering key;
the second station composing the security mode command, the security mode command comprising a switching FN corresponding to the activation time, and x least-significant bits (LSBs) from the second HFN corresponding to the crossover PDU;
the second station transmitting the security mode command;
the first station receiving the security mode command;
the first station utilizing the switching FN and the x LSBs from the second HFN contained in the security mode command to obtain an application time; and
the first station using the first ciphering key to decrypt PDUs with FNs sequentially prior to the application time, and using the second ciphering key to decrypt PDUs with FNs sequentially on or after the application time, wherein the second ciphering key is different from the first ciphering key.
4 Assignments
0 Petitions
Accused Products
Abstract
A received PDU is sequentially identified by an n-bit frame number (FN) and an m-bit hyper frame number (HFN), which are synchronously maintained on first and second stations. The second station determines an activation time at which a ciphering key change is to occur, and composes a security mode command that includes an identifying FN corresponding to the activation time, and x least-significant bits (LSBs) from the HFN of the identifying FN. The second station transmits the security mode command to the first station. The x LSBs contained in the security mode command enable the first station to resolve cyclical ambiguities of the identifying FN to properly construct an application time. The first station uses a first ciphering key to decrypt PDUs with FNs sequentially prior to the application time, and uses a second ciphering key to decrypt PDUs with FNs sequentially on or after the application time.
44 Citations
23 Claims
-
1. A method for synchronizing a ciphering key change in a wireless communications system, the wireless communications system comprising:
-
a first station capable of receiving a security mode command to effect a ciphering change, and capable of receiving encrypted layer 2 protocol data units (PDUs), each received PDU being sequentially identified by an n-bit frame number (FN), the first station comprising;
a decryption unit capable of decrypting received PDUs according to at least a first ciphering key, a first m-bit hyper frame number (HFN) which is a function of the FN for each received PDU, and the FN of each received PDU; and
a second station capable of transmitting the security mode command, capable of assigning each transmitted PDU with an n-bit FN and capable of transmitting encrypted PDUs, the second station comprising;
an encryption unit capable of encrypting transmitted PDUs according to at least the first ciphering key, a second m-bit HFN which is a function of the FN for each transmitted PDU and is synchronized with the first m-bit HFN, and the FN associated with each transmitted PDU;
the method comprising; the second station determining an activation time at which a ciphering key change is to occur, the activation time corresponding to a second HFN/FN sequence pair for a crossover PDU, the crossover PDU being the sequentially earliest PDU encrypted using a second ciphering key;
the second station composing the security mode command, the security mode command comprising a switching FN corresponding to the activation time, and x least-significant bits (LSBs) from the second HFN corresponding to the crossover PDU;
the second station transmitting the security mode command;
the first station receiving the security mode command;
the first station utilizing the switching FN and the x LSBs from the second HFN contained in the security mode command to obtain an application time; and
the first station using the first ciphering key to decrypt PDUs with FNs sequentially prior to the application time, and using the second ciphering key to decrypt PDUs with FNs sequentially on or after the application time, wherein the second ciphering key is different from the first ciphering key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 20, 21)
-
-
9. A wireless communications system comprising:
-
a first station capable of receiving encrypted layer 2 protocol data units (PDUs), and capable of receiving a security mode command, the first station comprising;
a receiving buffer for storing received PDUs;
a means for associating a sequentially ordered n-bit frame number (FN) with each received PDU by the first station;
a means for maintaining an m-bit hyper frame number (HFN) as a function of the associated FN for each received PDU by the first station;
an extraction unit for obtaining an application time from a switching FN and x least significant bits (LSBs) of a second HFN, the switching FN being the FN of a crossover PDU and the second HFN being the HFN of the crossover PDU, the switching FN and the x LSBs of the second HFN being contained in the security mode command;
a means for storing a first ciphering key;
a means for storing a second ciphering key, the second ciphering key being different from the first ciphering key;
a second station capable of transmitting encrypted layer 2 PDUs, and capable of transmitting a security mode command, the second station comprising;
an encryption unit capable of generating an activation time, the activation time corresponding to an HFN/FN sequence pair for the crossover PDU, the crossover PDU being the sequentially earliest PDU encrypted by the encryption unit using the second ciphering key; and
a decryption unit for decrypting the received PDUs, the decryption unit using the first ciphering key to decrypt any received PDU with an HFN/FN pair that is sequentially before the application time, and using the second ciphering key to decrypt any received PDU with an HFN/FN pair that is sequentially on or after the application time. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 22, 23)
-
-
17. A method for removing cyclical ambiguity of an n-bit identifying frame number (FN) transmitted in a signaling message from a first station to a second station in a wireless communications system, the method comprising:
-
the first station placing an identifying FN for identifying a layer 2 protocol data unit (PDU) in a stream of transmitted PDUs, into a first field of a message;
the first station placing x least significant bits (LSBs) from a first m-bit hyper frame number (HFN) value associated with the identifying FN in a second field of the message, the first HFN being incremented by a first value upon detection of roll-over of an FN in the stream of transmitted PDUs; and
the first station transmitting the message to the second station;
the second station receiving the message and using the x LSBs of the second field to determine a cyclical position of the identifying FN of the first field;
wherein x<
m.- View Dependent Claims (18, 19)
-
Specification