The invention relates to a method of providing end-to-end encryption during a single-hop, terminal-to-terminal call in a mobile satellite communication system.
A number of systems exist which provide both mobile terrestrial communication (i.e., cellular communication) and mobile satellite communication between terminals. Such a system is hereinafter referred to as an MSAT system. Satellite communication between two terminals is typically implemented via a doublehop, that is, two signal paths. One signal path is from an originating terminal to a ground station via a satellite, and the other signal path is from the ground station to a destination terminal via the satellite.
A number of single-hop MSAT systems also exist; however, these systems are disadvantageous because they do not provide encryption for privacy during a single-hop terminal-to-terminal (TtT) call. Some systems that provide both single-hop and double-hop call modes can maintain ciphering for encryption in only the double-hop mode. The ciphering capability is lost when the TtT call is implemented in single-hop mode because the signaling paths between the terminals and their base stations are also lost. A need therefore exists for an MSAT system which provides end-to-end encryption for single-hop TtT calls.
In accordance with the present invention, a mobile satellite communication system is provided to control the transfer of a terminal for a single-hop call from at least one of a clear mode and a ciphered mode with respect to a gateway station to a ciphered mode with respect to a satellite link connecting the terminal with another terminal for a single-hop terminal-to-terminal call using a cipher key and an encryption algorithm common to the terminal and the other terminal.
In accordance with another aspect of the present invention, frame number offset data, which indicates a mapping delay between received and transmitted time slots at the satellite, is provided to both terminals in a terminal-to-terminal call for ciphering synchronization. A method is also provided for operating two terminals in an MSAT system in a ciphered mode with respect to transmissions therefrom to a corresponding gateway station. The cipher keys and encryption algorithms can be implemented independently of each other. This ciphered mode is changed at each terminal to a ciphered mode using a common cipher key and encryption algorithm for use during a single-hop, terminal-to-terminal call.
In accordance with an aspect of the present invention, the originating terminal transmits information to a terminating gateway station regarding encrpytion algorithms supported by the originating station. The terminating gateway station selects one of the encryption algorithms that is also supported by the other terminal and commands the two terminals to use the selected algorithm and a common key during the single-hop call.
In accordance with yet another aspect of the present invention, the originating terminal is reregistered with the terminating gateway station at which the terminating terminal is registered if the originating gateway station is different from the terminating gateway station.
In accordance with yet another aspect of the present invention, ciphering synchronization is implemented by providing the originating terminal and the terminating terminal with frame number offset data indicating a time slot mapping delay between transmissions received at and then transmitted from the satellite. The originating terminal and the terminating terminal use the frame number offset data with said selected encryption algorithm to generate frame-dependent number sequences for encryption.
In accordance with yet another aspect of the present invention, a message signal embodied in a carrier wave contains at least one of a plurality of segments comprising a segment having a common ciphering key for use between two terminals during a single-hop call, a segment for indicating assigned satellite channels for use by both of the terminals during the single-hop call, a segment indicating a signaling channel between one of the terminals and a corresponding gateway station, and a command segment instructing the terminal to activate the assigned satellite channels and to commence ciphering through the assigned satellite channels using the common ciphering key.