The invention relates to a method for managing a counter status.
To promote the compatibility and interoperability of broadband wireless communication networks, several interested parties have amalgamated to form the so-called WiMax Forum (www.wiMaxforum.org). One objective of this forum is to create a standard which allows mobile communication terminals to be able to access different communication networks.
Provision is made here for a pairwise master key to be set up during a network registration of a communication subscriber, for instance according to the extensible authentication protocol. An authentication key which differs for each pair comprising a communication terminal and a base station is derived from this pairwise master key. This authentication key is used for Management messages for instance. With each communication process, in other words either when sending a message from the communication terminal to the base station or when receiving a message through the communication terminal from the base station (Uplink/Downlink), a counter status allocated to this authentication key is increased. This counter status is thus unique to a certain pair comprising a communication terminal and a base station and can thus be used to ensure the authenticity of the communication terminal. This is used for instance to safeguard against replay attacks, in which an unauthorized user could input intercepted messages into the communication network again.
The base station stores the allocated counter status for each authentication key in order to manage this counter status. Since the storage space for storing these counter statuses on a base station is however limited, it may be necessary to delete a counter status. Furthermore, the counter status may also get lost in another way, like data loss for instance. In this instance a handover, in other words a passing over of a communication link from one base station to another base station using the current pairwise master key is no longer possible, since otherwise replay attacks may not be ruled out. A renewed authentication by the extensible authentication protocol must thus be carried out in order to set up a new pairwise master key and finally to be able to derive new authentication keys once again from this. This results in delays and increased signaling, since such a renewed authentication is not carried out locally, but instead including the AAA server (Authentication, Authorization, Accounting) in the home network of the communication terminal.