1. Field of the Invention
The present invention relates to security count values in a wireless communications system. In particular, the present invention discloses a method for ensuring that security counts generated by a hyper-frame number are re-used as little as possible over the lifetime of a security key.
2. Description of the Prior Art
Please refer to FIG. 1. FIG. 1 is a simplified block diagram of a prior art wireless communications system. The wireless communications system includes a first station 10 in wireless communications with a second station 20. As an example, the first station 10 could be a mobile unit, such as a cellular telephone, and the second station 20 could be a base station. The first station 10 communicates with the second station 20 over a plurality of channels 12. The second station 20 thus has corresponding channels 22, one for each of the channels 12. Each channel 12 has a receiving buffer 12r for holding protocol data units (PDUs) 11r received from the corresponding channel 22 of the second station 20. Each channel 12 also has a transmitting buffer 12t for holding PDUs 11t that are awaiting transmission to the corresponding channel 22 of the second station 20. A PDU 11t is transmitted by the first station 10 along a channel 12 and received by the second station 20 to generate a corresponding PDU 21r in the receiving buffer 22r of the corresponding channel 22. Similarly, a PDU 21t is transmitted by the second station 20 along a channel 22 and received by the first station 10 to generate a corresponding PDU 11r in the receiving buffer 12r of the corresponding channel 12.
For the sake of consistency, the data structures of each PDU 11r, 11t, 21r and 21t along corresponding channels 12 and 22 are identical. That is, a transmitted PDU 11t generates an identical corresponding received PDU 21r, and vice versa. Furthermore, both the first station 10 and the second station 20 use identical PDU 11t, 21t data structures. Although the data structure of each PDU 11r, 11t, 21r and 21t along corresponding channels 12 and 22 is identical, different channels 12 and 22 may use different PDU data structures according to the type of connection agreed upon along the corresponding channels 12 and 22. In general, though, every PDU 11r, 11t, 21r and 21t will have a sequence number 5r, 5t, 6r, 6t. The sequence number 5r, 5t, 6r, 6t is an m-bit number that is incremented for each PDU 11r, 11t, 21r, 21t. The magnitude of the sequence number 5r, 5t, 6r, 6t thus indicates the sequential ordering of the PDU 11r, 11t, 21r, 21t in its buffer 12r, 12t, 22r, 22t. The sequence number 5t, 6t is often explicitly carried by the PDU 11t, 21t, but may also be implicitly assigned by the station 10, 20. For example, in an acknowledged mode setup for corresponding channels 12 and 22, each transmitted PDU 11t, successful reception of which generates an identical corresponding PDU 21r, is explicitly confirmed by the second station 20. A 12-bit sequence number 5t is explicitly carried by each PDU 11t. The second station 20 scans the sequence numbers 6r embedded within the received PDUs 21r to determine the sequential ordering of the PDUs 21r, and to determine if any PDUs 21r are missing. The second station 20 can then send a message to the first station 10 that indicates which PDUs 21r were received by using the sequence numbers 6r of each received PDU 21r, or may request that a PDU 11t be re-transmitted by specifying the sequence number 5t of the PDU 11t to be re-transmitted. Alternatively, in a so-called transparent transmission mode, data is never confirmed as successfully received. The sequence numbers 5t, 6t are not explicitly carried in the PDUs 11t, 21t. Instead, the first station 10 simply internally assigns a 7 bit sequence number 5t to each PDU 11t. Upon reception, the second station 20 similarly assigns a 7-bit sequence number 6r to each PDU 21r. Ideally, the sequence numbers 5t maintained by the first station 10 for the PDUs 11t are identical to the corresponding sequence numbers 6r for the PDUs 21r that are maintained by the second station 20.
Hyper-frame numbers (HFNs) are also maintained by the first station 10 and the second station 20. Hyper-frame numbers may be thought of as high-order bits of the sequence numbers 5t, 6t that are never physically transmitted with the PDUs 11t, 21t, except in rare cases of special signaling PDUs 11t, 21t that are used for synchronization. And in these cases, the HFNs are not carried as part of the sequence number 11t,21t, but instead are carried in fields of the data payload of the signaling PDU 11t, 21t, and thus are more properly signaling data. As each transmitted PDU 11t, 21t generates a corresponding received PDU 21r, 11r, hyper-frame numbers are also maintained for received PDUs 11r, 21r. Each channel 12 of the first station 10 thus has a receiving hyper-frame number (HFNR) 13r and a transmitting hyper-frame number (HFNT) 13t. Similarly, the corresponding channel 22 on the second station 20 has a HFNR 23r and a HFNT 23t. When the first station 10 detects roll-over of the sequence numbers 5r of PDUs 11r in the receiving buffer 12r, the first station 10 increments the HFNR 13r. On roll-over of sequence numbers 5t of transmitted PDUs 11t, the first station 10 increments the HFNT 13t. A similar process occurs on the second station 20 for the HFNR 23r and HFNT 23t. The HFNR 13r of the first station 10 should thus be synchronized with (i.e., identical to) the HFNT 23t of the second station 20. Similarly, the HFNT 13t of the first station 10 should be synchronized with (i.e., identical to) the HFNR 23r of the second station 20.
The PDUs 11t and 21t are not transmitted xe2x80x9cout in the openxe2x80x9d. A security engine 14 on the first station, and a corresponding security engine 24 on the second station 20, are together used to ensure secure and private exchanges of data exclusively between the first station 10 and the second station 20. The security engine 14, 24 has two primary functions. The first is the obfuscation (i.e., ciphering, or encryption) of data held within a PDU 11t, 21t so that the PDU 11t, 21t presents a meaningless collection of random numbers to an eavesdropper. The second is to verify the integrity of data contained within the PDUs 11r, 21r. This is used to prevent another, improper, station from masquerading as either the first station 10 or the second station 20. By verifying data integrity, the first station 10 can be certain that a PDU 11r was, in fact, transmitted by the second station 20, and vice versa. For a PDU 11t to be transmitted, the security engine 14 uses, amongst other inputs, an n-bit security count 14c and a key 14k to perform the ciphering functions to the PDU 11t. To properly decipher the corresponding PDU 21r, the security engine 24 must use an identical security count 24c and key 24k. Similarly, data integrity checking on the first station 10 uses an n-bit security count that must be synchronized with a corresponding security count on the second station 20. As the data integrity security count is generated in a manner similar to that for the ciphering security count 14c, 24c, and as ciphering is more frequently applied, the ciphering security count 14c, 24c is considered in the following. The keys 14k and 24k remain constant across all PDUs 11t and 21t (and thus corresponding PDUs 21r and 11r), until explicitly changed by both the first station 10 and the second station 20. The security counts 14c and 24c, however, continuously change with each PDU 11t and 21t. This constant changing of the security count 14c, 24c makes decrypting (and spoofing) of PDUs 11t, 21t more difficult, as it reduces statistical consistency of inputs into the security engine 14, 24. The security count 14c for a PDU 11t is generated by using the sequence number 5t of the PDU 11t as the low order bits of the security count 14c, and the HFNT 13t associated with the sequence number 5t as the high order bits of the security count 14c. Similarly, the security count 14c for a PDU 11r is generated from the sequence number 5r of the PDU 11r and the HFNR 13r of the PDU 11r. An identical process occurs on the second station 20, in which the security count 24c is generated using the sequence number 6r, 6t and the appropriate HFNR 23r or HFNT 23t. The security count 14c, 24c has a fixed bit size, say 32 bits. As the sequence numbers 5r, 6r, 5t, 6t may vary in bit size depending upon the transmission mode used, the hyper-frame numbers HFNR 13r, HFNR 23r, HFNT 13t and HFNT 23t must vary in bit size in a corresponding manner to yield the fixed bit size of the security count 14c, 24c. For example, in a transparent transmission mode, the sequence numbers 5r, 6r, 5t, 6t are all 7 bits in size. The hyper-frame numbers HFNR 13r, HFNR23r, HFNT 13t and HFNT 23t are thus 25 bits in size; combining the two together yields a 32 bit security count 14c, 24c. In an acknowledged transmission mode, the sequence numbers 5r, 6r, 5t, 6t are all 12 bits in size. The hyper-frame numbers HFNR 13r, HFNR 23r, HFNT 13t and HFNT 23t are thus 20 bits in size so that combining the two together continues to yield a 32 bit security count 14c, 24c. 
Initially, there are no established channels 12 and 22 between the first station 10 and the second station 20. The first station 10 thus establishes a channel 12 with the second station 20. To do this, the first station 10 must determine an initial value for the HFNT 13t and HFNR 13r. The first station 10 references a non-volatile memory 16, such as a flash memory device or a SIM card, for a start value 16s, and uses the start value 16s to generate the initial value for the HFNT 13t and the HFNR 13r. The start value 16s holds the x most significant bits (MSBX) of a hyper-frame number from a previous session along a channel 12. Ideally, x should be at least as large as the bit size of the smallest-sized hyper-frame number (i.e., for the above example, x should be at least 20 bits in size). The MSB of the HFNT 13t and the HFNR 13r are set to the start value 16s, and the remaining low order bits are set to zero. The first station 10 then transmits the start value 16s to the second station 20 (by way of a special signaling PDU 11t) for use as the HFNR23r and the HFNT 23t. In this manner, the HFNT 13t is synchronized with the HFNR 23r, and the HFNT 23t is synchronized with the HFNR 13r. 
As noted, the first station 10 may establish a plurality of channels 12 with the second station 20. Each of these channels 12 uses its own sequence numbers 5r and 5t, and hyper-frame numbers 13r and 13t. When establishing a new channel 12, the first station 10 considers the HFNT 13t and HFNR 13r of all currently established channels 12, selecting the HFNT 13t or HFNR 13r with the highest value. The first station 10 then extracts the MSBX of this highest-valued hyper-frame number 13r, 13t, increments the MSBX by one, and uses it as the MSBX for the new HFNT 13t and HFNR 13r for a newly established channel 12. Synchronization is then performed between the first station 10 and the second station 20 to provide the MSBX to the second station 20 for the HFNR 23r and HFNT 23t. In this manner, a constantly incrementing spacing is ensured between the security counts 14c of all established channels 12.
It is noted that, for the sake of security, the keys 14k and 24k should be changed after a predetermined interval. This interval is determined by the security count 14c, 24c. When the security count 14c, 24c exceeds a predetermined value, the first station 10 and second station 20 initiate a security command to change the keys 14k and 24k. For the security count 14c, 24c to reach the predetermined value, a hyper-frame number must be remembered between sessions (that is, remembered between when the first station 10 is turned off and then turned back on again), which is the purpose of the start value 16s. When the very last channel 12 is released (i.e., terminated, so that no more channels 12 are established with the second station 20), the MSBX of the HFNT 13t or HFNR 13r for this channel 12 are extracted (depending on which is the larger, HFNT 13t or HFNR 13r), incremented by one, and then saved in the start value 16s. When the first station 10 is turned back on again, and seeks to establish a channel 12, the first station 10 uses the start value 16s, and the security count 14c is thus ensured to continuously rise.
Unfortunately, using the HFNT 13t or HFNR 13r of the very last released channel 12 to generate the start value 16s can lead to excessive delays in the changing of the security key 14k. As a matter of routine, the first station 10 establishes a signaling channel 12 with the second station 20. This signaling channel 12 is used to carry special signaling PDUs 11t for the communications protocol, and is established quite early on after the first station 10 is turned on. Signaling channels 12 tend to have a long duration, but generally do not carry much data. Thus, both the HFNT 13t and the HFNR 13r of the signaling channel 12 will have relatively small values, as the hyper-frame numbers 13t, 13r are created early on and are infrequently incremented due to low PDU 11t, 11r traffic loads. On the other hand, data channels 12 may be established sporadically and have high PDU 11t, 11r throughput. The HFNT 13t, or HFNR 13r, of such a data channel 12 may thus become quite large in comparison to that of the signaling channel 12. However, once a data channel 12 has fulfilled its function it is released. More likely than not, the signaling channel 12 will continue to exist, and so the hyper-frame numbers 13t, 13r associated with the data channel 12 are lost. Though a data channel 12 may have much larger hyper-frame numbers 13t, 13r than the signaling channel 12, it is the signaling channel 12 that is finally the last channel 12 to be released, and so it is the HFNT 13t, or HFNR 13r, of the signaling channel 12 that is used to generate the start value 16s. This leads to an excessive re-use of hyper-frame number 13t, 13r values, and hence unnecessary delays between the changing of the security key 14k. Security on the channels 12 is consequently weakened.
It is therefore a primary objective of this invention to provide a method for determining a start value to be stored in a memory of a wireless communications device.
Briefly summarized, the preferred embodiment of the present invention discloses a method for storing and managing a start value in a wireless communications device. The start value is x bits in size and is used to provide an initial value to an n-bit security count value. The wireless communications device is capable of establishing a plurality of channels and capable of releasing established channels. For every channel established by the wireless communications device, a corresponding terminal value is obtained. A terminal value for a channel is the highest value reached by the x most significant bits (MSBX) of an n-bit security count value associated with the channel. A final value is obtained that is the greatest value of all the terminal values. Finally, a start value is stored in the memory of the wireless device that is at least as large as the final value.
It is an advantage of the present invention that by saving the largest MSBX of all the n-bit security count values associated with all the established channels, the present invention method reduces re-use of security count values, and encourages a more rapid changing of security keys. A minimum re-use of security count values is obtained, while maintaining a maximum security key usage. Overall transmission security is enhanced by avoiding unnecessary delays to the changing of the security key.
These and other objectives of the present invention will no doubt become obvious to those of ordinary skill in the art after reading the following detailed description of the preferred embodiment, which is illustrated in the various figures and drawings.