Patent Application
20080132204
The present disclosure relates to a system and method for updating at least one attribute at a mobile station.
Communication systems, including radio transceivers, are common and are often used in emergency communication situations. Often, these communication systems use encryption techniques for secure communications, although not all systems are secure. For example, Motorola, Inc. offers a line of secure communication systems as the ASTRO system. In a typical secure communications system, transmissions between a base station and a mobile station, such as between a dispatch and an ambulance or fire engine, are encrypted with a changing set of encryption keys or other attributes. To provide additional levels of security, the attributes stored at a mobile station can change and be modified with a rekeying process. Other communication systems can update various parameters, including software updates and the like, using over the air protocols as well. In the event that the mobile station does not have the current set of attributes stored, communications can be undesirably delayed. In response, several rekeying (or attribute update) solutions have been proposed.
One solution propagates attribute changes with multiple transmissions over the system. While effective, such propagation undesirably occupies available bandwidth, potentially delaying communications. Another solution includes a complete transmission of all attributes held by the base station. Again, while effective, such a solution undesirably occupies available bandwidth.
In some systems, attribute updates are performed with a direct, wired, connection between the mobile station and the base station. In other systems, rekeying is provided using an over the air rekeying (“OTAR”) process in which a key management facility (“KMF”) at the base station manages the encryption keys and related attributes for the mobile stations. While OTAR is effective, in the event that a mobile station is either out of range of the OTAR transmissions, or does not receive the OTAR (e.g., the mobile station is powered off, in a tunnel, in an urban canyon, etc.), the set of attributes stored at the mobile station can be out-of-date.
In other systems, updates are provided using an over the air programming (“OTAP”) process in which the base station manages the programming of the mobile stations. While OTAP is effective, in the event that a mobile station is either out of range of the OTAP transmissions, or does not receive the OTAP (e.g., the mobile station is powered off, in a tunnel, in an urban canyon, etc.), the set of attributes stored at the mobile station can be out-of-date.
Further, in some systems, a user can intentionally or unintentionally alter the set of attributes stored at the mobile station which could also render the set of attributes stored at the mobile station out-of-date or inaccurate as well. For example, some systems allow the user the ability to change keys or other stored attributes using the keypad or other user input device on the mobile station.
Moreover, other OTAR/OTAP systems update each key or attribute during a given period (e.g., each encryption period), thus producing a large body of duplicative data traffic, and reducing the effective bandwidth of the communication system. Some OTAR techniques are also classified as store and forward (“SAF”). In a SAF system, a mobile station or a key fill device (KFD) receives at least one attribute, stores the received attribute, and forwards the received and stored attribute to at least one additional mobile station. Such a system can reduce transactions at the base station, but increases traffic among mobile stations.
Therefore, it would be desirable to provide a system and method for updating at least one attribute at a mobile station that overcomes the aforementioned disadvantages.
Various embodiments of the disclosure are now described, by way of example only, with reference to the accompanying figures, in which:
Skilled artisans will appreciate that elements in the figures are illustrated for simplicity and clarity and have not necessarily been drawn to scale. For example, the dimensions and/or relative positioning of some of the elements in the figures may be exaggerated relative to other elements to help improve the understanding of various embodiments of the present disclosure. Also, common but well-understood elements that are useful or necessary in a commercially feasible embodiment are not often depicted in order to facilitate a less obstructed view of these various embodiments of the present disclosure. It will be further appreciated that certain actions and/or steps may be described or depicted in a particular order of occurrence while those skilled in the art will understand that such specificity with respect to sequence is not actually required. It will also be understood that the terms and expressions with respect to their corresponding respective areas of inquiry and study except where specific meaning have otherwise been set forth herein.
A system and method for updating at least one attribute stored at a mobile station in a wireless communication system is disclosed. In the present disclosure, communication bandwidth usage between a base station and a mobile station is reduced when updating at least one attribute stored at a mobile station by use of hash functions (or hash algorithms). Hash functions are commonly known in a general sense and are used as a shortcut for comparing two data strings. A hash function is a way of creating a small digital “fingerprint” from stored data (for example, from encryption key data or other attribute data). This fingerprint is generally represented as a short string of random-looking letters and/or numbers. The hashing techniques, or algorithms, used in the methods disclosed herein, for example, substitute or transpose attribute data (currently stored at the mobile station or desired to be stored at the mobile station) to create a hash as the output of the hashing technique.
In accordance with the present disclosure, a first hash function is determined to represent a set of desired attributes to be stored at a mobile station and a second hash function is determined to represent a set of attributes currently stored at the mobile station. The resultant hashes are compared, and based on the results of the comparison, the set of attributes stored at the mobile station may or may not be updated or, if updated, the entire set of desired attributes may not need to be transmitted in its entirety in order to bring the attributes stored at the mobile station up-to-date.
The set of attributes (and/or the desired set of attributes) may include, but is not limited to, encryption keys, encryption state variables, encryption identifiers, encryption configuration attributes, programmed channels, software modules, stored identification as well as any other attribute at the mobile station that is managed or configured by the base station. The base station generates the set of desired attributes that each mobile station is desired to have that represents the most current attribute data for the mobile station. The set of desired attributes can be generated via memory or generated or received from an external source. Let us now refer to the figures and describe the present disclosure in greater detail.
In addition to the desired hash, a mobile station hash that is representative of a set of attributes that is currently stored at the mobile station is determined at step 210. As with the desired hash, the mobile station hash can be determined using any appropriate hashing technique as commonly known in the art, such as Message-Digest algorithms (i.e., MD-2, MD-4, MD-5, etc.), WHIRLPOOL, SHA-1, RACE Integrity Primitives Evaluation Message Digest (“RIPEMD”), or the like. Further, the mobile station hash can be determined by the mobile station itself 155 or by the base station 165. For example, the mobile station hash can be determined from a memory stored at the mobile station 155 or a memory stored at the base station 165; the mobile station hash can be determined by the base station 165 by querying the mobile station 155 for its mobile station hash and receiving the mobile station hash from the mobile station 155; or the mobile station hash can be determined by the base station 165 from an unsolicited message received at the base station 165 from the mobile station 155 (e.g., a registration message, a rekey request message, a hello message. a poll message, or the like). It should be noted that there will be other ways that the mobile station hash can be determined by the mobile station 155 or by the base station 165 that will become obvious to a person of ordinary skill in the art after reading the present disclosure.
Once the desired hash and the mobile station hash have been determined, the hashes are compared to each other to determine the difference, if any, at step 220. The comparison can occur at either the mobile station 155 or the base station 165. If the mobile station hash is equal to the desired hash at step 230, there is no need for the attributes stored in the mobile station 155 to be updated because the set of attributes stored in the mobile station 155 is up-to-date. Thus, over-the-air bandwidth and resources are preserved because the base station 165 does not need to update the mobile station 155 with the most current set of attributes. In one embodiment, if the mobile station hash is equal to the desired hash at step 230, the process ends until the base station needs to update a stored attribute, until a predetermined amount of time lapses, or until some other triggering event occurs; in another embodiment, however, depending on which device is performing the comparison of the hashes, the base station 165 can send the mobile station 155 a message indicating that the attributes stored at the mobile station 155 are up-to-date, or the mobile station 155 can send the base station 165 a message indicating that the attributes stored at the mobile station 155 are up-to-date.
If, on the other hand, the mobile station hash is not equal to the desired hash at step 230, at least one attribute in the set of attributes stored at the mobile station is updated at step 240. It should be noted that a plurality of messages may need to be sent in order to update the at least one attribute in the set of attributes stored at the mobile station, depending on the size of the set of desired attributes being sent to the mobile station and/or depending on which technique is used to update the set of attributes stored at the mobile station 155.
There are numerous ways that the at least one attribute in the set of attributes stored at the mobile station is updated. It should be noted that the following examples should not be considered limiting in nature, and that there will be other ways that the at least one attribute in the set of attributes stored at the mobile station is updated that will become obvious to a person of ordinary skill in the art after reading the present disclosure. In a first example, if the base station 165 performs the comparison, the base station 165 can automatically begin updating the attributes stored at the mobile station 155 by sending the entire set of desired attributes to the mobile station 155 when it is determined that the hashes are not equal by using commonly known techniques, such as OTAR, OTAP, store-and-forward, or the like.
In a second example, if the base station 165 performs the comparison, the base station 165 can automatically send a first portion of the set of desired attributes to the mobile station 155 when it is determined that the hashes are not equal. The mobile station 155 processes the first portion of the set of desired attributes and generates a new mobile station hash. The base station 165 receives and compares the new mobile station hash with the desired hash. If the hashes still do not match, the base station sends a next portion of the set of desired attributes. This process of receiving a new mobile station hash, comparing the new mobile station hash with the desired hash, and sending a next portion of the set of desired attributes continues until the hashes are equal.
In a third example, if the mobile station 155 performs the comparison, the mobile station 155 can request that the base station 165 send the entire set of desired attributes to the mobile station 155 when it is determined that the hashes are not equal.
In a fourth example, if the mobile station 155 performs the comparison, the mobile station 155 can request a first portion of the set of desired attributes from the base station 165. Once received and processed, the mobile station 155 generates a new mobile station hash and compares the new mobile station hash with the desired hash. If the new mobile station hash still does not equal the desired hash, the mobile station 155 requests a next portion of the set of desired attributes from the base station 165. The mobile station 155 continues requesting updates, processing the portions of the set of desired attributes, and generating a new mobile station hash until the new mobile station hash equals the desired hash.
To provide additional details regarding updating at least one attribute stored at the mobile station when the set of desired attributes are sent in a plurality of messages, let us refer to
Alternatively, when the mobile station 155 requests an update for the set of attributes stored at the mobile station 155 from the base station 165 at step 310, the communication system 100 can be configured to have the mobile station 155 receive and process a portion of the set of desired attributes to be stored at the mobile station 155 from the base station 165 at steps 320 and 330. Once the portion of the set of desired attributes to be stored at the mobile station 155 is processed, the process loops back to step 210 and a new mobile station hash is determined. The new mobile station hash and the desired hash are compared at step 220. This is an iterative process until the new mobile station hash equals the desired hash at step 230, at which time, in this specific example, the mobile station 155 sends a message to the base station 165 indicating that the set of attributes stored at the mobile station 155 is up-to-date. It should be noted that the iterative process in
The process described above with respect to
In various embodiments of the disclosure, the mobile station hash can further be generated in response to a request from the base station 165, and the desired hash can be generated in response to a request from the mobile station 155. When inconsistent attributes are found, any of the methods can undergo further authentication prior to simply updating a mobile station 155 to allow communication with the base station 165. Further, updating can include rekeying each encryption key, only rekeying any mobile station attributes that are determined to be inconsistent, updating a portion of a software upgrade, updating an entire software upgrade, or the like.
It is important to note that the figures and description illustrate specific applications and embodiments of the present disclosure, and is not intended to limit the scope of the present disclosure or claims to that which is presented therein. Upon reading the specification and reviewing the drawings hereof, it will become immediately obvious to those skilled in the art that myriad other embodiments of the present disclosure are possible, and that such embodiments are contemplated and fall within the scope of the presently claimed disclosure.
Various changes and modifications can be made without departing from the spirit and scope of the disclosure. The scope of the disclosure is indicated in the appended claims, and all changes that come within the meaning and range of equivalents are intended to be embraced therein.
