Group key security in a multihop relay wireless network
First Claim
1. A method of implementing security zones on a multi-hop relay wireless network, the method comprising the steps of:
- defining a security zone including a base station and at least two relay stations on the multi-hop relay wireless network;
establishing a security zone security association for use in connection with authenticating management messages, encrypting management messages, and decrypting management messages transmitted between the relay stations and between the relay stations and base station on the multi-hop relay wireless network;
distributing security zone security association key material from the base station to the at least two relay stations to enable each of the relay stations on the multi-hop wireless network that have been defined as included in the security zone to use the security zone key material to authenticate management messages, encrypt management messages, and decrypt management messages transmitted between the relay stations and between the relay stations and base station on the multi-hop relay wireless network; and
establishing a transport security association between one of the relay stations and a mobile station for use in connection with transmission of data between the relay station and mobile station, the security association between the relay station and mobile station being different than that security zone security association;
wherein the security zone security association is used in connection with transmission of data between the base station and the relay station; and
wherein the relay station uses the security zone security association key material to decrypt data messages received from the base station, and uses transport key material associated with the transport security association to encrypt the data messages received from the base station for transmission to the mobile station.
3 Assignments
0 Petitions
Accused Products
Abstract
A security zone key is used to secure data traffic/control messages in a multi-hop wireless relay network. In one embodiment, the security zone key is generated by a base station and passed to relay stations and optionally mobile stations that are to be associated with the security zone. A given base station may implement multiple security zones on the wireless network. The members in each zone share a unique group security association. One or more connections may be assigned to a particular security zone. Data traffic/control messages directed to relay stations in a security zone are processed using the security zone key to enable all relay nodes within the security zone to verify the authenticity of the management message and optionally decode the messages. From a management perspective, since a common security zone key is in use by all relay stations in the security zone, the management messages may be broadcast/multicast to the relay nodes in the security zone and the key distribution and management protocols have much less complexity.
-
Citations
12 Claims
-
1. A method of implementing security zones on a multi-hop relay wireless network, the method comprising the steps of:
-
defining a security zone including a base station and at least two relay stations on the multi-hop relay wireless network; establishing a security zone security association for use in connection with authenticating management messages, encrypting management messages, and decrypting management messages transmitted between the relay stations and between the relay stations and base station on the multi-hop relay wireless network; distributing security zone security association key material from the base station to the at least two relay stations to enable each of the relay stations on the multi-hop wireless network that have been defined as included in the security zone to use the security zone key material to authenticate management messages, encrypt management messages, and decrypt management messages transmitted between the relay stations and between the relay stations and base station on the multi-hop relay wireless network; and establishing a transport security association between one of the relay stations and a mobile station for use in connection with transmission of data between the relay station and mobile station, the security association between the relay station and mobile station being different than that security zone security association; wherein the security zone security association is used in connection with transmission of data between the base station and the relay station; and wherein the relay station uses the security zone security association key material to decrypt data messages received from the base station, and uses transport key material associated with the transport security association to encrypt the data messages received from the base station for transmission to the mobile station. - View Dependent Claims (2, 3)
-
-
4. A device in a multi-hop relay wireless network, comprising:
-
a transmitter and receiver for performing communication with one or more other devices in the multi-hop relay wireless network; processing hardware coupled to the transmitter and receiver, wherein the processing hardware is configured to; define a security zone including a base station and at least two relay stations on the multi-hop relay wireless network; establish a security zone security association for use in connection with authenticating management messages, encrypting management messages, and decrypting management messages transmitted between the relay stations and between the relay stations and base station on the multi-hop relay wireless network; distribute security zone security association key material from the base station to the at least two relay stations to enable each of the relay stations on the multi-hop wireless network that have been defined as included in the security zone to use the security zone key material to authenticate management messages, encrypt management messages, and decrypt management messages transmitted between the relay stations and between the relay stations and base station on the multi-hop relay wireless network; and establish a transport security association between one of the relay stations and a mobile station for use in connection with transmission of data between the relay station and mobile station, the security association between the relay station and mobile station being different than that security zone security association; wherein the security zone security association is used in connection with transmission of data between the base station and the relay station; and wherein the relay station uses the security zone security association key material to decrypt data messages received from the base station, and uses transport key material associated with the transport security association to encrypt the data messages received from the base station for transmission to the mobile station. - View Dependent Claims (5, 6, 7, 8, 9)
-
-
10. A non-transitory, computer accessible memory medium storing program instructions for implementing security zones on a multi-hop relay wireless network, wherein the program instructions are executable to:
-
establish a security zone security association for use in connection with authenticating management messages, encrypting management messages, and decrypting management messages transmitted between the relay stations and between the relay stations and base station on the multi-hop relay wireless network; distribute security zone security association key material from the base station to the at least two relay stations to enable each of the relay stations on the multi-hop wireless network that have been defined as included in the security zone to use the security zone key material to authenticate management messages, encrypt management messages, and decrypt management messages transmitted between the relay stations and between the relay stations and base station on the multi-hop relay wireless network; and establish a transport security association between one of the relay stations and a mobile station for use in connection with transmission of data between the relay station and mobile station, the security association between the relay station and mobile station being different than that security zone security association; wherein the security zone security association is used in connection with transmission of data between the base station and the relay station; and wherein the relay station uses the security zone security association key material to decrypt data messages received from the base station, and uses transport key material associated with the transport security association to encrypt the data messages received from the base station for transmission to the mobile station. - View Dependent Claims (11, 12)
-
Specification