Preventing shortened lifetimes of security keys in a wireless communications security system

Abstract

23A wireless communications device has a first security key, a second security key, and established channels. Each established channel has a corresponding security count value, and utilizes a security key. At least one of the established channels utilizes the first security key. The second security key is assigned to a new channel. A first set is then used to obtain a first value. The first set has only security count values of all the established channels that utilize the second key. The first value is at least as great as the x most significant bits (MSB.sub.x) of the greatest value in the first set. The MSB.sub.x of the initial security count value for the new channel is set equal to the first value. If the first set is empty, then the initial security count is set to zero.

Claims

.[.1. A method for calculating an initial security count value for a new channel in a wireless communications device, the wireless communications device comprising: a first security key; a second security key; and a plurality of established channels, each established channel having a corresponding security count value and utilizing a security key, at least one of the established channels utilizing the first security key; the method comprising: assigning the second security key to the new channel; utilizing a first set to obtain a first value, the first set consisting of corresponding security count values of the established channels that utilize the second key, the first value being at least as great as the x most significant bits (MSB.sub.x) of a value in the first set; and setting the MSB.sub.x of the initial security count value for the new channel equal to the first value; wherein if the first set is empty, then the first value is set to a first predetermined value..].

.[.2. The method of claim 1 wherein the first predetermined value is zero..].

.[.3. The method of claim 2 wherein the first value is at least as great as the MSB.sub.x of the greatest value in the first set..].

.[.4. The method of claim 3 wherein the first value is greater than the MSB.sub.x of the greatest value in the first set..].

.[.5. A method for providing an initial security count value to a new channel in a wireless communications device, the method comprising: establishing at least a first channel, each first channel utilizing a first security key and having a corresponding security count value; performing a security mode reconfiguartion to change utilization of each first channel from the first security key to a second security key according to an activation time for each first channel; wherein upon utilization of the second security key, the corresponding security count value for the first channel is changed; initiating establishment of a second channel that utilizes the second security key; utilizing a first set to obtain a first value, the first set consisting of corresponding security count values of the established channels that utilize the second key, the first value being at least as great as the x most significant bits (MSB.sub.x) of a value in the first set; and setting the MSB.sub.x of the initial security count value for the second channel equal to the first value; wherein if the first set is empty, then the first value is set to a first predetermined value..].

.[.6. The method of claim 5 wherein the first set includes the corresponding security count values of all first channels utilizing the second security key when initiating the establishment of the second channel..].

.[.7. The method of claim 6 wherein the predefined value is zero..].

.[.8. The method of claim 5 wherein the first value is at least as great as the MSB.sub.x of the greatest value in the first set..].

.[.9. The method of claim 8 wherein the first value is greater than the MSB.sub.x of the greatest value in the first set..].

.Iadd.10. A method for calculating an initial security count value for a new channel, the method comprising: establishing a plurality of established channels in a wireless communication device, wherein each established channel in the wireless communication device has a corresponding security count value and utilizes a first security key; performing a security mode reconfiguration to change utilization of each of the established channels in the wireless communication device from the first security key to a second security key according to an activation time for each of the established channels, wherein upon utilization of the second security key by one of the established channels, the corresponding security count value for the one of the established channels is changed, wherein the second security key is a new security key that replaces the first security key and is different from the first security key; initiating establishment of a new channel in the wireless communication device; assigning the second security key to the new channel; utilizing a first set to obtain a first value, wherein the first set includes corresponding security count values of the established channels in the wireless communication device that utilize the second security key and that have reached or exceeded their activation time but excludes security count values of the established channels that utilize the first security key, and wherein the first value is at least as great as the x most significant bits (MSB.sub.x) of the greatest security count value in the first set, and wherein at least one of the established channels is utilizing the first security key; and setting the MSB.sub.x of the initial security count value for the new channel equal to the first value, wherein if the first set is empty, then the first value is set to a first predetermined value, wherein the first predetermined value is zero and wherein the first set includes the corresponding security count value of each established channel in the wireless communication device utilizing the second security key when initiating the establishment of the new channel in the wireless communication device..Iaddend.

.Iadd.11. The method of claim 10, wherein the performing a security mode reconfiguration occurs in response to the security count value for one of the established channels exceeding a predetermined cross-over value..Iaddend.

Description

BRIEF DESCRIPTION OF DRAWINGS

(1) FIG. 1 is a simplified block diagram of a prior art wireless communications system.

(2) FIG. 2 is a simplified block diagram of a wireless communications system according to the present invention.

DETAILED DESCRIPTION

(3) In the following description, a station may be a mobile telephone, a handheld transceiver, a base station, a personal data assistant (PDA), a computer, or any other device that requires a wireless exchange of data. It should be understood that many means may be used for the physical layer to effect wireless transmissions, and that any such means may be used for the system hereinafter disclosed.

(4) Please refer to FIG. 2. FIG. 2 is a simplified block diagram of a wireless communications system 30 according to the present invention. The wireless communications system 30 is much like that of the prior art, as it is the primary objective of the present invention to change the method used for assigning an initial security count value 44c, 54c to a newly established channel 42, 52. The wireless communications system 30 includes a first station 40 in wireless communications with a second station 50 over a plurality of established channels 42. The first station 40 may establish a channel 42 to effect communications with the second station 50. The second station 50 establishes a corresponding channel 52 for the channel 42 of the first station 40. The first station 40 may also release an established channel 42, in which case the second station 50 releases the corresponding channel 52. Each channel 42 has a receiving buffer 42r and a transmitting buffer 42t. Similarly, on the second station 50, each channel 52 has a receiving buffer 52r and a transmitting buffer 52t. The receiving buffer 42r is used to hold protocol data units (PDUs) 41r received from the second station 50. The transmitting buffer 42t is used to hold PDUs 41t awaiting transmission to the second station 50. A PDU 41t is transmitted along its channel 42 to the second station 50, where it is received and placed into the receiving buffer 52r of the corresponding channel 52. Similarly, a PDU 51t is transmitted along its channel 52 to the first station 40, where it is received and placed into the receiving buffer 42r of the corresponding channel 42. Each PDU 41r, 41t, 51r, 51t has an m-bit sequence number (SN) 35r, 35t, 36r, 36t that indicates the sequential position of the PDU 41r, 41t, 51r, 51t within its respective buffer 42r, 42t, 52r, 52t. Sequentially later PDUs 41r, 41t, 51r, 51t have sequentially higher sequence numbers 35r, 35t, 36r, 36t. As the sequence number 35r, 35t, 36r, 36t has a fixed bit size of m bits, the sequence number 35r, 35t, 36r, 36t will rollover to zero when its value exceeds 2.sup.m−1. The receiving buffers 42r, 52r each have a respective receiving hyper-frame number (HFN.sub.R) 43r, 53r that is incremented by one upon detection of such a rollover event of the sequence number 35r, 36r of received PDUs 41r, 51r. The HFN.sub.R 43r, 53r associated with each received PDU 41r, 51r thus serves as high-order bits (most significant bits) for the sequence number 35r, 36r of the received PDU 41r, 51r. Similarly, each transmitting buffer 42t, 52t has a respective transmitting hyper-frame number (HFN.sub.T) 43t, 53t that serves as the high-order, most significant bits of the sequence number 35t, 36t of each transmitted PDU 41t, 51t. The hyper-frame numbers 43r, 43t, 53r, 53t are internally maintained by the first station 40 and second station 50, and are explicitly transmitted only during synchronization events. This is in contrast to the sequence numbers 35t, 36t, which are typically carried by their respective PDUs 41t, 51t.

(5) The first station 40 has a security engine 44 that is used to perform enciphering/deciphering and data integrity checks of the PDUs 41r, 41t. Two of a multiple of inputs into the security engine particularly include an n-bit security count 44c, and a first security key 44k. A corresponding security engine 54 is provided on the second station 50, which also uses an n-bit security count 54c and a first security key 54k. A PDU 41t is enciphered by the security engine 44 using a distinct security count 44c, and the first key 44k. To properly decipher the corresponding received PDU 52r, the security engine 54 must use a security count 54c that is identical to the security count 44c, and the first security key 54k that is identical to the first security key 44k. Integrity checking of PDUs 41r, 41t, 51r, 51t also utilizes synchronized security counts, but as these integrity security counts are almost invariably smaller than the ciphering security counts 44c, 54c, for purposes of the following discussion it is the ciphering security counts 44c, 54c that are considered.

(6) The first security keys 44k and 54k are changed whenever the security count 44c for any established channel 42 exceeds a predetermined cross-over value 44x. A security mode command is used to synchronize the security engines 44 and 54 from using the first security key 44c, 54c to using a second, new security key 44n, 54n. The security count 44c, 54c continuously changes with each PDU 41r, 41t, 51r, 51t along the channel 42, 52. The security count 44c is generated for each PDU 41r, 41t by using the sequence number 35r, 35t of the PDU 41r, 41t as the low-order (least significant) bits of the security count 44c, and the HFN.sub.R 43r, HFN.sub.T 43t, respectively associated with the PDU 41r, 41t, as the high-order bits of the security count 44c. A corresponding process is used by the security engine 54 of the second station 50. For a stream of transmitted PDUs 41t along an established channel 42, the security count 44c associated with the channel 12 continuously increases with each PDU 41t. The same is thus also true for streams of PDUs 51t transmitted by the second station 50. The range of security count values 44c used by the various channels 42 may vary widely. Typically, all channels 42 will use either the first security key 44k or the second security key 44n.

(7) Initially, the first station 40 has no established channels 42 with the second station 50. To establish a channel 42 with the second station 50, the first station 40 first extracts a start value 46s from a non-volatile memory 46 of the first station 40, and uses this start value 46s to generate the HFN.sub.T 43t and the HFN.sub.R 43r for the channel 42 that is to be established. The non-volatile memory 46 is used to permanently store data for the first station 40, and may be an electrically erasable programmable read-only memory (EEPROM), a SIM card, or the like, so that the start value 46s is not lost when the first station 40 is turned off. Ideally, the bit size of the start value 46s should be equal to the bit size of the hyper-frame numbers 43t and 43r. In this case, the HFN.sub.T 43t and the HFN.sub.R 43r are simply set equal to the start value 46s. If, however, the start value 46s is x bits in size for m-bit hyper-frame number 43t, 43r, and x is less than m, then the start value 46s is used as the x most significant bits (MSB.sub.x) of the hyper-frame numbers 43t, 43r, and the remaining low-order bits of HFN.sub.T 43t and HFN.sub.R 43r are simply set to zero. After generating the hyper-frame numbers 43t and 43r by way of the start value 46s, the first station 40 transmits the start value 46s (or, alternatively, one of HFN.sub.T 43t or HFN.sub.R 43r) to the second station 50 so that the second station 50 may set the HFN.sub.R 53r and the HFN.sub.T 53t of the corresponding channel 52 equal to the initial value of the hyper-frame numbers 43t and 43r. In this manner, the HFN.sub.T 43t is synchronized with the corresponding HFN.sub.R 53r, and the HFN.sub.R 43r is synchronized with the corresponding HFN.sub.T 53t. As the start value 46s is an x-bit sized number, and the HFN.sub.T 43t is used as the most significant bits of the security count 44c for transmitted PDUs 41t, the start value 46s effectively holds the MSB.sub.x of the n-bit security count 44c, where n is equal to the sum of the bit size of the HFN.sub.T 43t and the bit size of the sequence number 35t. This is also true for the security count 44c for received PDUs 41r, as regards HFN.sub.R 43r. A security key is also assigned to the newly established channel 42, such as the first security key 44k, which is then used by the security engine 44 for ciphering and deciphering operations of the new channel 42 Many other channels 42 may be established by the first station 40 (or in response to a channel 52 being established by the second station 50) after an initial channel 42 has been established. When establishing a new channel 42 when other channels 42 are already established, the first station 40 first assigns a security key to the new channel 42. The security key will typically be the security key that is already in use by all other established channels 42, such as the first security key 44k. However, due to a security mode command, the new channel 42 may be assigned a second security key, such as the new security key 44n, that is different from that of other established channels 42. By way of example, it is assumed in the following that the first station 40 assigns the new security key 44n to a new channel 42. The first station 40 must next assign hyper-frame numbers 43r and 43t to the new channel 42. To do this, the first station 40 parses all other established channels 42 that also use the new security key 44n (i.e., the same security key that is assigned to the new channel 42) at the time the new channel 42 is being established, and selects the greatest security count 44c from all of these channels 42. This greatest security count 44c may be formed from either a receiving hyper-frame number HFN.sub.R 43r, or a transmitting hyper-frame number HFN.sub.T 43t, and is used to generate the hyper-frame numbers 43r, 43t of the new channel 42. For simplicity in the following discussion, it is assumed that the hyper-frame numbers 43r, 43t of the new channel 42 are both x bits in size, and that the x most significant bits (MSB.sub.x) of this so-called greatest security count 44c are copied into a temporary holding space as a first value 45. For example, if the hyper-frame numbers 43r, 43t for the new channel 42 are 20 bits in size, then the MSB.sub.20 of the greatest security count 44c (associated with the new security key 44n) are used as the first value 45. The first value 45 is then incremented if the first value 45 is less than 2.sup.x−1, so as to ensure that no rollover to zero (i.e., over-flow) occurs. The first value 45 is then copied into the HFN.sub.R 43r and the HFN.sub.T 43t of the new channel 42. Note that if no other established channels 42 are using the new security key 44n (i.e., the same security key that is being used by the new channel 42) at the time that the new channel 42 is being established, then the hyper-frame values 43r and 43t for the new channel 42 are simply set to zero. That is, the first value 45 is given a default value of zero, which becomes the value for the hyper-frame numbers 43r and 43t. Alternatively, as zero is sometimes used as a flag, another small value, such as one, may be used.

(8) Note that the above is, in fact, setting the MSB.sub.x of an initial value for the security counts 44c (one for the receiving buffer 42r, another for the transmitting buffer 42t) for the new channel 42 according to the MSB.sub.x of the security counts 44c of other established channel 42 that use the same security key 44n as is used by the new channel 42. In effect, a set 48 of elements 48e is parsed. Each element 48e is a security count 44c for either a receiving buffer 42r or a transmitting buffer 42t of a channel 42 that uses the new security key 44n. Each and every security count 44c that is associated with the new security key 44n is represented as an element 48e in the set 48. Each channel 42 that uses the new security key 44n thus provides two elements 48e to the set 48. The MSB.sub.x of the largest element 48e in this set 48 are then extracted, incremented, and used as the MSB.sub.x for the security counts 44c for the receiving buffer 42r and transmitting buffer 42t of the new channel 42, by way of the hyper-frame numbers 43r and 43t of the new channel 42.

(9) The present invention method is particularly important for the determination of the hyper-frame numbers 43r, 43t of a new channel 42 that is established just after, or during, a security mode reconfiguration. Initially, a plurality of channels 42 are established, each using the first security key 44k. A security mode command is performed some time later, which culminates in a receiving activation time 49r for each receiving buffer 42r, and a transmitting activation time 49t for each transmitting buffer 42t. After reception of the security mode command, when the sequence numbers 35r, 35t of PDUs 41r, 41t exceed their respective buffer 42r, 42t activation times 49r, 49t, the respective hyper-frame number 43r, 43t is cleared to zero, and the second, new security key 44n is then applied to the PDUs 41r, 41t. As an example, consider a stream of PDUs 41t in a transmitting buffer 42t having sequence numbers 35t ranging from 18 to 35. Further assume that this transmitting buffer 42t has an HFN.sub.T 43t of 168, and an activation time 49t of 30. After reception of the security mode command, the PDUs 41t with sequence numbers 35t from 18 to 29 are transmitted using the first security key 44k, and security counts 44c with most significant bits (MSBs) given by the HFN.sub.T value 43t of 168. PDUs 41t with sequence numbers 35t from 30 to 35, however, are transmitted using the second security key 44n, and security counts 44c with most significant bits (MSBs) given by a new HFN.sub.T value 43t of zero. When establishing a new channel 42, the second, new security key 44n is assigned to this new channel 42. The first station 40 then considers every buffer 42r, 42t that has reached or exceeded its respective activation time 49r, 49t, and is thus using the new security key 44n at the time that the new channel 42 is being established. The largest security count 44c of such buffers 42r, 42t is then used in the manner previously described to generate the hyper-frame numbers 43r, 43t for the new channel 42. Again, if no such buffers 42r, 42t exist, then the hyper-frame numbers 43r, 43t for the new channel 42 are simply set to a default value, such as zero. Note that no security count values 44c are considered for buffers 42r, 42t that have not reached or exceeded their respective activations times 49r, 49t, and which thus continue to use the first security key 44k. Because of this, the present invention avoids entangling hyper-frame numbers 43r, 43t that properly associate with the first security key 44k when assigning values to hyper-frame numbers 43r, 43t that associate with the second, new security key 44n. In this manner, the lifetime of the new security key 44n is not prematurely shortened due to an initial assignment of unduly high hyper-frame numbers 43r, 43t. As before, the above description of the present invention method may be thought of as the parsing of a set 48 that contains all security count values 44c (as elements 48e) that are associated with the second, new key 44n at the time that the new channel 42 is initiated for establishment. The MSB.sub.x of the largest-valued element 48e in this set 48 are extracted, incremented, and used for the x-bit hyper-frame numbers 43r, 43t of the new channel 42, thus providing the MSB.sub.x for the initial values of the security counts 44c of the new channel 42.

(10) In contrast to the prior art, the present invention only considers security count values associated with a second security key when assigning an initial security count value to a new channel that uses the second security key. Security count values associated with the first security key thus do not influence the calculation of the new security count value for the new channel, and so do not lead to a prematurely shortened lifetime for the second security key.

(11) Those skilled in the art will readily observe that numerous modifications and alterations of the device may be made while retaining the teachings of the invention. Accordingly, the above disclosure should be construed as limited only by the metes and bounds of the appended claims.