Many communications systems currently use encryption to enhance security of the systems. These communication systems include cellular radio telephone communication system, personal communication systems, paging systems, as well as wireline and wireless data networks. By way of example a cellular communication system will be described below; however, it will be appreciated by those skilled in the art that the encryption techniques described can be readily extended to other communication systems without departing from the scope and spirit of the present invention. Turning now to cellular communication systems, these systems typically include subscriber units (such as mobile or portable units) which communicate with a fixed network communication unit via radio frequency (RF) communication links. A typical cellular communication system includes at least one base station (i.e., communication unit) and a switching center (i.e., an infrastructure communication center). Present cellular communication systems are designed to encrypt communications on an RF link between a subscriber unit and a base station unit through the use of an encryption key known to both units so that others who intercept the RF link communication link will be unable to listen to the communication (e.g., unable to eavesdrop on a voice conversation).
One such RF link encryption technique is described in the United States Digital Cellular (USDC) standard (known as IS-54 and IS-55) and published by the Electronic Industries Association (EIA), 2001 Eye Street, N.W., Washington, D.C. 20006. The USDC system encryption technique utilizes a series of specialized messages which must be passed between the subscriber unit and a base site communication unit before a session encryption key is known to both units. This encryption key is based upon shared secret data (SSD)in USDC system. For an authentication process an SSDA key is used. Similarly, for a voice privacy function an SSD.sub.B key is used. For the voice privacy function, the initial transmitted subscriber message contains an authentication response, but no other data is encrypted. The command to begin an encryption process is sent from the service provider (i.e., base site communication unit) to the subscriber after the subscriber has been assigned a traffic channel. Further, current system architecture design is focused on bringing encryption to data as well as voice. Data consists of either synchronous or packet data. Ideally, an encryption key should be provided for each data communication session. In a synchronous data environment, a session key is an encryption key which is used for the duration of a single (e.g., circuit switched) data communication (i.e., "call"). Similarly in a data packet environment, a session key is an encryption key which is used from the time that the communication unit registers with a serving system until the next time that the communication unit re-registers. In addition, in a previously-cited related invention entitled "Method and Apparatus for Efficient Real-Time Authentication and Encryption in a Communication System" by Brown et al. having U.S. Ser. No. 08/084,644, and filed on Jun. 28, 1993, another encryption key is proposed for USDC system which is termed an SSD.sub.C key and which is used for data packet encryption. In these communication systems, packetized data also needs to be encrypted. Packetized data adds an additional problem to the typical encryption process. This is because packets of data may arrive at different times at a subscriber unit of a communication unit (i.e., packet messages are "connectionless"). These packets need to be reassembled and decrypted in the same order in which they were encrypted. In addition, an encryption key can only be negotiated when a subscriber performs a registration. Therefore, a need exists for an encryption technique which can alleviate these problems associated with packetized data.
However, these previously known encryption techniques do not address all of the possible eavesdropping vulnerabilities inherent in a communication channel. Eavesdropping may still occur at other points in the communication channel between the subscriber unit and an endpoint target communication device such as through wiretapping of a land-line phone. Such a communication between a subscriber unit and an endpoint target communication device is termed a "point-to-point" communication. The communication may travel along several different physical communication links before being ultimately coupled via a communication link between the subscriber and target devices. For example in the cellular environment, a user of a subscriber unit may place a voice call to a target communication device located at a place of business. In order for that call to be completed, a communication channel must be set up on an RF link to a base site communication unit. In addition, the communication channel must be extended through the public switched telephone network (PSTN) to the place of business. This place of business may have a private telephone network connected to the PSTN. As a result, the communication channel may also need to be extended through the private network to ultimately connect with the target communication device. Currently, encryption techniques are only being applied to individual components of the entire communication channel (e.g., the RF link in USDC system may be encrypted). However, this leaves other components such as the PSTN or private network vulnerable to eavesdropping through wiretapping. Therefore, a need also exists for an encryption technique which can alleviate these problems associated with eavesdropping at other points of the communication channel.