Apparatus, method and system for creating and maintaining multicast data encryption key in machine to machine communication system
First Claim
Patent Images
1. A method of operating a subscriber station, the method comprising:
- performing a network entry procedure through a base station (BS);
receiving multicast service authentication information comprising a machine-to-machine (M2M) service group security seed from the BS during the network entry procedure;
generating a multicast data encryption key based on the multicast service authentication information; and
communicating data with the BS based on the multicast data encryption key,wherein the multicast data encryption key is determined by Equation below;
MGTEK=Dot16KDF(MAK,MGSS|Key_counter|MGID|“
MGTEK”
,128)where,MGTEK;
multicast data encryption key,MAK;
M2M service authorization key,MGSS;
M2M service group security seed,Key_counter;
index of the currently used MGTEK,MGID;
multicast group identifier,“
MGTEK”
;
character string representing that it is multicast data encryption key, andDot16KDF;
algorithm of generating multicast data encryption key of 128 bits that inputs M2M service authorization key, M2M service group security seed, and multicast group identifier.
1 Assignment
0 Petitions
Accused Products
Abstract
A wireless communication system includes a system and method for encryption of multicast data between a subscriber station and a base station that communicate a multicast service in a Machine-To-Machine (M2M) communication system. An M2M service controller manages the multicast service manages information for encrypting the multicast data and provides the information to the subscriber station and the base station.
21 Citations
40 Claims
-
1. A method of operating a subscriber station, the method comprising:
-
performing a network entry procedure through a base station (BS); receiving multicast service authentication information comprising a machine-to-machine (M2M) service group security seed from the BS during the network entry procedure; generating a multicast data encryption key based on the multicast service authentication information; and communicating data with the BS based on the multicast data encryption key, wherein the multicast data encryption key is determined by Equation below;
MGTEK=Dot16KDF(MAK,MGSS|Key_counter|MGID|“
MGTEK”
,128)where, MGTEK;
multicast data encryption key,MAK;
M2M service authorization key,MGSS;
M2M service group security seed,Key_counter;
index of the currently used MGTEK,MGID;
multicast group identifier,“
MGTEK”
;
character string representing that it is multicast data encryption key, andDot16KDF;
algorithm of generating multicast data encryption key of 128 bits that inputs M2M service authorization key, M2M service group security seed, and multicast group identifier. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method of operating a base station (BS) in a machine-to-machine (M2M) communication system, the method comprising:
-
performing a network entry procedure of a subscriber station; obtaining a M2M service group security seed from a network entity, and transmitting multicast service authentication information comprising the M2M service group security seed to the subscriber station during the network entry procedure; generating a multicast data encryption key based on the multicast service authentication information; and communicating data with the subscriber station based on the multicast data encryption key, wherein the multicast data encryption key is determined by Equation below;
MGTEK=Dot16KDF(MAK,MGSS|Key_counter|MGID|“
MGTEK”
,128)where, MGTEK;
multicast data encryption key,MAK;
M2M service authorization key,MGSS;
M2M service group security seed,Key_counter;
index of the currently used MGTEK,MGID;
multicast group identifier, “
MGTEK”
;
character string representing that it is multicast data encryption key, andDot16KDF;
algorithm of generating multicast data encryption key of 128 bits that inputs M2M service authorization key, M2M service group security seed, and multicast group identifier. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A method of a base station (BS) in a machine-to-machine (M2M) communication system, the method comprising:
-
determining whether a replay attack preventive counter has expired; if the replay attack preventive counter expires, determining if a key counter for generating a multicast data encryption key has expired; if the key counter expires, transmitting a request for multicast service authentication information to a group service controller; and generating the multicast data encryption key based on the multicast service authentication information, and forwarding the multicast service authentication information to a subscriber station. - View Dependent Claims (21)
-
-
22. A method of a subscriber station, the method comprising:
-
determining whether a replay attack preventive counter has expired; if the replay attack preventive counter expires, determining if a key counter for generating a multicast data encryption key has expired; if the key counter expires, receiving multicast service authentication information from a base station (BS); and generating the multicast data encryption key based on the multicast service authentication information, and storing the multicast data encryption key. - View Dependent Claims (23)
-
-
24. A subscriber station comprising:
- a transceiver configured to receive a multicast service authentication information comprising a machine-to-machine (M2M) service group security seed from a base station (BS) during a network entry procedure; and
a controller configured to generate a multicast data encryption key based on the multicast service authentication information, and communicate data with the BS based on the multicast data encryption key, wherein the multicast data encryption key is determined using Equation below;
MGTEK=Dot16KDF(MAK,MGSS|Key counter MGID|“
MGTEK”
,128) where,MGTEK;
multicast data encryption key, MAK;
M2M service authorization key, MGSS;
M2M service group security seed, MGID;
multicast group identifier, Key counter;
index of the currently used MGTEK, “
MGTEK”
;
character string representing that it is multicast data encryption key, and Dot16KDF;
algorithm of generating multicast data encryption key of 128 bits that inputs M2M service authorization key, M2M service group security seed, and multicast group identifier. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31)
- a transceiver configured to receive a multicast service authentication information comprising a machine-to-machine (M2M) service group security seed from a base station (BS) during a network entry procedure; and
-
32. A base station (BS) in a machine-to-machine (M2M) communication system, the base station comprising:
-
a transceiver; and a controller configured to; perform a network entry procedure of a subscriber station; obtain a M2M service group security seed from a network entity; control to transmit multicast service authentication information comprising the M2M service group security seed to a subscriber station during the network entry procedure, generate a multicast data encryption key based on the multicast service authentication information, and communicate, via the transceiver, data with the subscriber station based on the multicast data encryption key, wherein the multicast data encryption key is determined using Equation below;
MGTEK=Dot16KDF(MAK,MGSS|Key_counter|MGID|“
MGTEK”
,128)where, MGTEK;
multicast data encryption key,MAK;
M2M service authorization key,MGSS;
M2M service group security seed,MGM;
multicast group identifier,Key_counter;
index of the currently used MGTEK,“
MGTEK”
;
character string representing that it is multicast data encryption key, andDot16KDF;
algorithm of generating multicast data encryption key of 128 bits that inputs M2M service authorization key, M2M service group security seed, and multicast group identifier. - View Dependent Claims (33, 34, 35, 36, 37, 38, 39)
-
-
40. A subscriber station, the subscriber station comprising:
-
a transceiver; and a controller configured to determine whether a replay attack preventive counter has expired;
if the replay attack preventive counter expires, determine if a key counter for generating a multicast data encryption key has expired;
if the key counter expires, receive, via the transceiver, multicast service authentication information from a network node; and
generate the multicast data encryption key based on the multicast service authentication information, and store the multicast data encryption key.
-
Specification