This invention relates to a wireless communication system and encryption control method to perform encryption of data in the wireless circuits of a wireless network, and in particular relates to a wireless communication system and encryption control method for performance of encryption processing between an originating mobile terminal and a terminating mobile terminal, and not in a wireless network control device (Radio Network Controller, RNC) when the originating mobile terminal (UE) and terminating mobile terminal (UE) are in the same network.
Specifications for wireless communication systems employing the W-CDMA method have been established by the 3GPP (3rd Generation Partnership Project), and actual services are now being initiated within Japan as well as elsewhere.
In order to prevent illicit interception by third parties in the above network, encryption is applied to user data between a UE and the UTRAN, to control information, and to TMSI (Temporary Mobile Subscriber Identity) information, which is a temporary user identifier, and similar. For example, in a 3GPP system the KASUMI algorithm is adopted to apply encryption to information.
An encryption processing portion CPH is configured similarly in the UE and UTRAN, and comprises an encryption code generation block 7 which uses encryption parameters to generate an encryption code (keystream block) KSB, and a computation portion 8 which computes the exclusive logical sum of the encryption code and the data for processing DT. The encryption parameters necessary for encryption code generation are COUNT-C, BEARER, DIRECTION, LENGTH and CK, as shown in
The encryption processing portion CPH on the transmission side performs ciphering of data by computing, in bit units, the exclusive logical sum of the encryption code KSB and the data portion (unciphered MAC SDU) DT which is to be encrypted, and transmits the ciphered data (ciphered MAC SDU) CDT. The encryption processing portion CPH on the receiving side deciphers the data by computing, in bit units, the exclusive logical sum of the encryption code KSB and the received ciphered data (ciphered MAC SDU) CDT, and outputs the deciphered data (unciphered MAC SDU) DT.
In the 3GPP system, of the encryption parameters, the count value COUNT-C of the counters comprises a long-period sequence number SN (=HFN) and a short-period sequence number SN (=MAC CFN).
As explained in
With respect to UL (uplink) encryption, in the second half of the wireless bearer setup sequence (DTCH setup sequence) S2 of
In current 3GPP systems, in order to prevent the interception of data during wireless communication, transmission data is encrypted between the originating-side UE and RNC, and between the terminating-side UE and RNC. That is, the originating-side UE encrypts the data and sends the data to the originating RNC; the originating-side RNC decrypts the data and transmits the data to the receiving-side RNC; the terminating-side RNC again encrypts the data and transmits the data to the terminating-side UE; and the terminating-side terminal decrypts the data.
The reason for decryption by the originating-side RNC is that the encryption parameters used by the originating-side UE and RNC and the encryption parameters used by the terminating-side UE and RNC are different, so that if the originating-side RNC does not decrypt the data, decryption on the terminating side becomes impossible. As another reason, because a fixed terminal has no decryption functions, if the data is not decrypted by the originating-side RNC, a fixed terminal, upon receiving encrypted data, cannot perform decryption.
From the above, even when an originating terminal and a terminating terminal of the prior art exist in the same network (for example, when associated with an area managed by the same RNC, or when associated with an area managed by the same MSC), processing to encrypt/decrypt user data must be performed four times, resulting in an increased burden on the RNCs and a decrease in the number of channels (the number of users) which can be accommodated.
As described above, even in communication over the same network, encryption/decryption processing of user data must be performed four times, and moreover RNCs perform encryption/decryption processing two out of these four times, so that the burden on the RNCs is increased and the number of channels (number of users) which can be accommodated is decreased. If user data is sent over different networks, RNCs must perform encryption/decryption processing; but if communication is between two UEs over the same network, there should be no need for intermediate equipment to perform encryption/decryption processing.
This invention was devised in light of these problems, and has as an object elimination of the need for an RNC to perform encryption/decryption processing when the originating terminal and terminating terminal are both in the same network.
Another object of this invention is the ability for the originating terminal and terminating terminal to each perform encryption/decryption processing of user data one time each, for a total of two times, when both the originating terminal and the terminating terminal are in the same network, so that the burden on RNCs can be alleviated and the number of channels (number of users) accommodated can be increased.
In this invention, the above objects are achieved by an encryption control method in a wireless communication system in which encryption parameters are used to encrypt data in wireless communication, and the encryption parameters are used to perform decryption.
A first encryption control method has a step of judging whether the originating mobile terminal and terminating mobile terminal exist in the same network; a step, if they exist in the same network, of passing data through the network-side equipment without performing encryption/decryption processing; and a step of performing encryption/decryption processing only at the originating mobile terminal and the terminating mobile terminal.
A second encryption control method has a step of making encryption parameters in the originating mobile terminal identical with the encryption parameters in the terminating mobile terminal; a step of having the originating mobile terminal perform data encryption processing using the encryption parameters; and a step of having the terminating mobile terminal perform decryption processing of the received data using the encryption parameters.
A third encryption control method has a step of judging whether the originating mobile terminal and terminating mobile terminal exist in the same network; and a step, if they exist in the same network, of decrypting the encryption performed by the above originating mobile terminal, not in a network-side device, but in the terminating mobile terminal.
In this invention, the above objects are achieved by a wireless communication system in which encryption parameters are used in wireless communication to encrypt data, and the encryption parameters are used to decrypt the data. This wireless communication system comprises control devices in a core network to judge whether an originating mobile terminal and terminating mobile terminal exist in the same network; wireless network control devices to pass data through, without performing encryption/decryption processing, when the originating mobile terminal and terminating mobile terminal exist in the same network; an originating mobile terminal which uses the encryption parameters to perform encryption processing of transmission data and which transmits the encrypted data; and a terminating mobile terminal which uses the encryption parameters to perform decryption of received data. Further, the wireless communication system comprises means for making the encryption parameters in the originating mobile terminal identical with the encryption parameters in the terminating mobile terminal.
In the above wireless communication system, when the originating mobile terminal and the terminating mobile terminal exist in the same network, the above control device of the core network generates an encryption key which is an encryption parameter and transmits the encryption key to the wireless network control devices on the originating side and on the terminating side; the originating-side and terminating-side wireless network control devices receive the encryption key and transmit the key to the originating mobile terminal and to the terminating mobile terminal respectively, so that the encryption parameters of the originating mobile terminal are identical with the encryption parameters of the terminating mobile terminal. When the originating mobile terminal and terminating mobile terminal exist in the same network, the originating-side and terminating-side wireless network control devices pass through data without performing decryption or encryption.
In this invention, the above objects are achieved by means of network control devices in a wireless communication system in which, upon wireless communication, encryption parameters are used to encrypt data, and the encryption parameters are used to decrypt the data. A network control device of this invention comprises means for judging whether an. originating mobile terminal and a terminating mobile terminal exist in the same network; means for making the encryption parameters in the originating mobile terminal identical with the encryption parameters in the terminating mobile terminal, when the originating mobile terminal and the terminating mobile terminal exist in the same network; and means for passing data through without performing encryption/decryption processing, when the originating mobile terminal and the terminating mobile terminal exist in the same network.
In this invention, the above objects are achieved by means of mobile terminals in a wireless communication system in which, upon wireless communication, encryption parameters are used to encrypt data, and the encryption parameters are used to decrypt the data. The mobile terminals of this invention comprise means, upon call termination, when the mobile terminal exists in the same network as the originating mobile terminal, for making the encryption parameters identical with the encryption parameters of the originating mobile terminal; means for using the encryption parameters to generate an encryption code and for using the encryption code to decrypt data; and means for performing normal decryption when the originating mobile terminal and the terminating mobile terminal do not exist in the same network.
By means of this invention, when an originating mobile terminal and a terminating mobile terminal exist in the same network, network-side devices pass data through without performing encryption/decryption processing, and encryption/decryption processing is performed only by the originating mobile terminal and by the terminating mobile terminal, so that the RNCs need not perform encryption/decryption processing, the burden on the RNCs is alleviated and the number of channels (number of users) accommodated can be increased.
Other features and advantages of the present invention will be apparent from the following description, taken in conjunction with the accompanying drawings.
The MSC 41 makes reference the destination telephone number comprised by the setup message input from the originating mobile terminal 11 at the time of call origination and the location table holding telephone numbers of mobile terminals being managed, and investigates whether the terminating mobile terminal 21 exists within the same network as the originating mobile terminal 11. If the originating mobile terminal 11 and terminating mobile terminal 21 exist in a same network and, as shown in (A), they are managed by the same RNC 31, the MSC 41 notifies the RNC 31 of this fact, and the RNC 31 makes the encryption parameters of the originating mobile terminal 11 identical with those of the terminating mobile terminal 21. The originating mobile terminal 11 uses the encryption parameters to perform encryption of the transmission data, which is input to the RNC 31 via the base station BTS 51. The RNC 31 transmits the received information unmodified, without performing decryption, to the terminating mobile terminal 21 via the terminating-side base station BTS 52. The terminating mobile terminal 21 uses the same encryption parameters as the encryption parameters of the originating mobile terminal to perform decryption of the received data. When data is transmitted from the UE 21 to the UE 11 also, encryption control similar to that described above is performed.
On the other hand, when the originating mobile terminal 11 and terminating mobile terminal 21 exist in the same network and are being managed by the same MSC 41 as shown in (B), the MSC 41 notifies the RNCs 31, 32 on the originating and terminating sides of this fact, and cooperates with the RNCs 31, 32 to make the encryption parameters of the originating mobile terminal 11 identical with those of the terminating mobile terminal 21. The originating mobile terminal 11 uses the encryption parameters to perform encryption processing of transmission data, and inputs the encrypted data to the originating-side RNC 31 via the base station BTS 51. The originating-side RNC 31 does not perform encryption processing (decryption), but passes through the received data without modification, transmitting the data to the terminating-side RNC 32. The terminating-side RNC 32 also does not perform encryption processing, but passes through the received data without modification, transmitting the data to the terminating mobile terminal 21 via the terminating-side base station BTS 52. The terminating mobile terminal 21 uses the same encryption parameters as the encryption parameters of the originating mobile terminal to perform decryption processing of the received data. During data transmission from the UE 21 to the UE 11 also, encryption control similar to that described above is performed.
By this means, when the originating mobile terminal 11 and the terminating mobile terminal 21 exist in the same network, the RNCs 31, 32 pass data through without performing encryption processing, and encryption processing need only be performed by the mobile terminals 11, 21, so that the burden on the RNCs 31, 32 is alleviated, and the number of channels (number of users) which can be accommodated can be increased.
The encryption mechanism in a 3GPP system uses encryption parameters such as those shown in
(A) Encryption Parameter Coincidence Control
Below, the method for making the encryption parameters of the mobile terminal (UE) 11 identical with those of the mobile terminal(UE) 21 is explained.
(1) COUNT-C
As explained in
As shown in
The originating-side RNC 31 notifies the terminating-side RNC 32 of the value of COUNT-C (=C1=HFN+CFN) used on the originating side in the RNSAP (Radio Network Subsystem Application Part) message. The terminating-side RNC 32 computes the difference ΔC between the COUNT-C value (=C2) set on the terminating side and C1 (=C1−C2), and notifies the terminating-side UE 21 of this value in an RRC message. On receiving this message, the UE 21 adds this difference ΔC to the COUNT-C value to be set on the terminating side (=C2), and takes the addition result C2+ΔC (=C1) to be the value of the encryption parameter COUNT-C. As a result, the terminating-side UE 21 uses the same value of COUNT-C as the originating-side UE 11, so that encryption/decryption processing can be executed.
The terminating-side RNC 32 notifies the terminating-side UE 21 of the COUNT-C value (=C1) received from the originating-side RNC 31 without modification, and the terminating-side UE 21 can perform processing with C2=C1.
(2) BEARER, LENGTH
BEARER takes a value according to the service (voice, packet, or similar); for current setup methods, the same bearer is used on both the originating and terminating sides. Because the same service type setup is performed on both the originating and the terminating sides, the same value for LENGTH is similarly used on the originating and on the terminating sides. As shown in
(3) DIRECTION
DIRECTION indicates either the uplink or downlink direction, and again, the same value must be used on the originating and terminating sides. When performing encryption as shown in
(4) CK
The encryption key CK (Confidential Key) is generated according to a prescribed algorithm using KSI. KSI is an encryption key held in each mobile terminal UE.
As shown in
The CK value held by both the UE 21 and RNC 32 differs from the CK value held by both the UE 11 and RNC 31. If the originating-side UE 11 and terminating-side UE 21 do not exist in the same network, these CK values are used in independent encryption/decryption processing on the originating side and on the terminating side. However, if the originating-side UE 11 and the terminating-side UE 21 exist in the same network, the CK value on the originating side and the CK value on the terminating side must be made identical each other.
At the time of call origination, the MSC 41 investigates whether the originating mobile terminal (UE) 11 and the terminating mobile terminal (UE) 21 exist in the same network (M-M telephone call judgment), by referencing the destination telephone number comprised by the SETUP message input from the originating mobile terminal 11. If it is judged that the originating mobile terminal 11 and terminating mobile terminal 21 exist in the same network, if for example both mobile terminals are under management of the same MSC 41 as shown in (B) of
The RNCs 31, 32 on the originating and terminating sides, upon receiving this notification, both set encryption/decryption to off (do not perform encryption/decryption processing), and notify the originating mobile terminal 11 and terminating mobile terminal 21 of the newly received KSI value. The originating mobile terminal 11 and terminating mobile terminal 21 use the received KSI value to generate a CK value according to the same CK generation algorithm. By this means, the CK values of the originating mobile terminal 11 and terminating mobile terminal 21 are made identical with each other.
The MSC 41 investigates whether the terminating mobile terminal 21 and the originating mobile terminal 11 exist in the same network, by referring to the destination telephone number comprised by the SETUP message input from the originating mobile terminal 11 (M-M telephone call judgment). If the originating mobile terminal 11 and terminating mobile terminal 21 exist in the same network, and if for example both are managed by the same MSC 41 as shown in (B) of
The originating-side RNC 31, on receiving this notification, sets encryption/decryption to off (no encryption/decryption processing is performed), creates the KSI for the M-M telephone call, and notifies the terminating-side RNC 32 of the M-M telephone call and provides the newly created KSI, as well as notifying the originating mobile terminal 11 of the new KSI.
The terminating-side RNC 32, upon receiving this notification, sets encryption/decryption to off (no encryption/decryption processing is performed), and notifies the terminating mobile terminal 21 of the newly created KSI.
The originating mobile terminal 11 and terminating mobile terminal 21 generate a CK value using the new received KSI according to the same CK generation algorithm. By this means, the CK values of the originating mobile terminal 11 and of the terminating mobile terminal 21 are made identical with each other.
(B) Overall Sequence
When a call is originated by the originating mobile terminal (UE) 11, the RRC connection setup sequence between the UE 11 and RNC 31 is executed, a signaling connection (DCCH) is established, and the UE 11 notifies the RNC 31 of the long-period HFN through RRC Connection Setup Complete.
Then, the bearer setup sequence (DTCH sequence) between the UE 11 and RNC 31 is executed. In this sequence, the UE 11 sends an initial L3 message to the MSC 41, the MSC computes the CK value using the KSI parameter comprised by this message according to a prescribed algorithm, and this CK value is sent to the RNC 31 in a security mode command message. The UE 11 also computes the CK value using the same algorithm, so that the UE 11 and RNC 31 hold the same CK value. Then, the RNC 31 sets DCCH parameters (BEARER, LENGTH, activation time) in the UE 11 through a security mode command message.
When DTCH parameter setup is completed, the UE 11 sends a SETUP message to the MSC 41, and the MSC 41 references the destination telephone number comprised by the SETUP message and sends a paging message to the terminating-side RNC 32, upon which the RNC 32 performs paging. As a result of this paging, the terminating mobile terminal (UE) 21 executes an RRC connection setup sequence with the RNC 32, establishes a signaling connection (DCCH), and notifies the RNC 32 of the long-period HFN through RRC Connection Setup Complete.
Next, the bearer setup sequence (DTCH sequence) between the UE 21 and RNC 32 is executed. In this sequence, the UE 21 sends an initial L3 message to the MSC 41, and the MSC 41 uses the KSI parameter comprised by the message to compute the CK value according to a prescribed algorithm, and sends the CK value to the RNC 32 through a security mode command message. The UE 21 also uses the same algorithm to compute the CK value, so that the UE 21 and RNC 32 hold the same CK value. Then, the RNC 32 sets DCCH parameters (BEARER, LENGTH, activation time) in the UE 21 through a security mode command message.
When DTCH parameter setup is completed, the MSC 41 sends a SETUP message to the UE 21. Also, the MSC 41 analyzes the SETUP message received from the UE 11, and investigates whether the terminating mobile terminal (UE) 21 and originating mobile terminal (UE) 11 exist in the same network (M-M telephone call judgment). If the UEs 11, 21 exist in the same network (if for example both are managed by the same MSC 41 as in (B) of
Upon receiving this notification, the originating-side and terminating-side RNCs 31, 32 both set encryption/decryption to off (no encryption/decryption processing is performed), and notify the UEs 11, 21 of the new KSI value. The UEs 11, 21 each use the new received KSI value to generate a CK value according to the same CK generation algorithm. By this means, the CK values of the UEs 11, 21 become idential.
Then, the originating-side and terminating-side RNCs 31, 32 set the DTCH parameters (BEARER, LENGTH, activation time) in the UEs 11, 21 through Radio Bearer Setup messages. Following this, the originating-side RNC 31 notifies the terminating-side RNC 32 of the COUNT-C value (=C1=HFN+CFN) used on the originating side in an RNSAP (Radio Network Subsystem Application Part) message. The terminating-side RNC 32 computes the difference ΔC (=C1−C2) between the COUNT-C value to be set on the terminating side (=C2) and C1, and notifies the terminating-side UE 21 of this value in an RRC message. Upon receiving this message, the UE 21 adds this difference ΔC to the COUNT-C value to be set on the terminating side (=C2), and takes the addition result, C2+ΔC (=C1), as the COUNT-C encryption parameter.
Through the above sequence, the DTCH encryption parameters in the originating mobile terminal (UE) 11 are made identical with those in the terminating mobile terminal (UE) 21. Thereafter, the UE 11 uses the encryption parameters to generate an encryption code, encrypts transmission data using this encryption code, and transmits the encrypted data. On the other hand, the UE 21 uses these encryption parameters to generate the same encryption code, and uses this encryption code to decrypt received data.
The M-M telephone call judgment portion 41a of the MSC 41 analyzes the SETUP message and judges that the call is an M-M telephone call, and sends the judgment result to the new KSI generation portion 41b and to the encryption control portion 31a of the RNC 31. In the case of an M-M telephone call, the new KSI generation portion 41b generates a new KSI, and sends this to the encryption control portion 31a of the RNC 31.
The encryption control portions 11a and 31a of the UE 11 and RNC 31 respectively acquire or generate encryption parameters according to the sequence of
The encryption code generation portion 11b of the originating mobile terminal (UE) 11 uses the encryption parameters to generate an encryption code, and the encryption processing portion 11c uses this encryption code to encrypt transmission data, and transmits the data. The encryption code generation portion 31b of the RNC 31 uses the encryption parameters to generate an encryption code, which is input to the encryption/decryption processing portion 31d, and the receiving portion 31c receives data from the UE 11 and inputs the data to the encryption/decryption processing portion 31d. If the call is not an M-M telephone call (encryption/decryption set to on), the encryption/decryption processing portion 31d uses the encryption code to decrypt the encrypted received data, and transmits the data to the transmission portion 31e. If however the call is an M-M telephone call (encryption/decryption set to off), the encryption/decryption processing portion 31d transmits the received data without modification to the transmission portion 31e, without performing decryption.
Although not shown, if the call is not an M-M telephone call (encryption/decryption set to on), the receiving-side RNC uses the encryption code to perform decryption of the received data and transmits the data to the terminating mobile terminal (UE), whereas if the call is an M-M telephone call (encryption/decryption set to off), the received data is transmitted without modification to the terminating mobile terminal (UE), without performing decryption. The terminating mobile terminal (UE) uses the encryption parameters to generate an encryption code, and uses this encryption code to decrypt the received data, which is output.
All encryption parameters are acquired or generated according to the sequence of
Encryption parameters are acquired or generated according to the sequence of
On the other hand, if in step 202 it is judged that the call is an M-M telephone call, encryption/decryption is set to off (step 205). The KSI received from the MSC 41 is transmitted to the terminating mobile terminal (UE) 21 (step 206), and the count C1 encryption parameter is received from the originating-side RNC 31 (step 207). Then, the terminating-side RNC 32 computes the difference ΔC (=C1−C2) between the value of COUNT-C which is to be set on the terminating side (=C2) and the received value C1 (step 208), and sends this difference in an RRC message to the terminating-side UE 21 (step 209). The UE 21 adds this difference ΔC to COUNT-C (=C2), and takes the addition result C2+AC (=C1) to be the encryption parameter COUNT-C.
Subsequently, the terminating-side RNC 32 transmits data received from the originating-side RNC 31 without modification, and without performing encryption (step 204).
Encryption parameters are acquired or generated according to the sequence of
Then a judgment is made as to whether the call is an M-M telephone call and whether a new KSI has been received from the RNC 32 (step 302); if not an M-M telephone call, normal decryption processing is executed (step 303).
If on the other hand the call is an M-M telephone call, a CK value is generated based on the new KSI received (step 304). Also, the received difference ΔC is added to COUNT-C (=C2), and the addition result C2+ΔC (=C1) is taken to be the COUNT-C encryption parameter (step 305). Further, the DIRECTION encryption parameter is inverted (“downlink” is inverted to “uplink”) (step 306). Through the above processing, the eencryptionparameters are the same in the originating mobile terminal 11 and in the terminating mobile terminal 21.
Then, the terminating mobile terminal 21 uses these encryption parameters to generate an encryption code (step 307), and this encryption code is used to decrypt received data, which is output (step 308).
By means of the above invention, if an originating mobile terminal and a terminating mobile terminal exist in the same network, data is passed through without performing encryption/decryption processing in network-side devices (RNCs or similar), and with encryption/decryption processing performed only in the originating-side and terminating-side mobile terminals. Hence there is no longer a need for RNCs to perform encryption/decryption processing, so that the burden on RNCs is alleviated, and the number of channels (number of users) which can be accommodated can be increased.
As many apparently widely different embodiments of the present invention can be made without departing from the spirit and scope thereof, it is to be understood that the invention is not limited to the specific embodiments thereof except as defined in the appended claims.
Number | Date | Country | Kind |
---|---|---|---|
JP2004-158910 | May 2004 | JP | national |