Encryption methodologies of various kinds are well known in the art. In general, the contents of a so-called plain-text message (which may comprise, for example, an alphanumeric message, digitized voice or vocoded voice, and so forth) are encoded pursuant to an encryption algorithm as a function of one or more encryption keys. Ideally, the resultant data stream will appear, for all intents and purposes, as a random string of data elements (such as alphabetic characters or binary ones and zeros) notwithstanding the underlying pattern of the original informational content itself Encryption techniques are often employed to protect wireless communications from unauthorized monitoring and eavesdropping.
Maintaining the security of an encrypted communication system usually requires ongoing care and careful observation of specific procedures. For example, the encryption key(s) itself must be well protected as the encryption algorithm utilized by a given system will itself often be known or ascertainable. As part of ensuring such security, the encryption key or keys for a given system will often be changed from time to time. There are various ways to facilitate this activity, but generally speaking, system operators prefer to arrange for a new key to be provided to the communication units of a given system on an as-needed basis (or shortly before such anticipated need). When a system operator has direct physical access to a given communication unit a new encryption key can be installed with a relatively high assurance of security as the operator can chose a physical location and the circumstances attending such installation.
It is not always convenient or even possible, however, for all of the wireless communication units in a given system to be brought, more or less simultaneously, to a common location to permit the physical installation of a new encryption key. As a result, the logistic challenge of installing a new encryption key over a wide number of geographically distributed communication units can be challenging enough to discourage some operators from varying their encryption keys in a sufficiently aggressive manner to comport with generally recommended security protocols.
One solution has been to provide a wireless transmission to such wireless communications units that includes the new encryption key. To protect that new encryption key, the rekeying message, including the new encryption key, is often encrypted through use of another encryption key. In a relatively closed system, this approach tends to constitute a satisfactory solution. The key management facility of a given wireless communication system can readily accommodate the necessary process to effect the installation of new encryption keys while using another encryption key with an acceptable level of security.
Many modern communication units, encrypted and otherwise, are capable of extra-system performance, however. For example, an encrypted communication unit belonging to a first system can roam outside of that first system and into a second system and nevertheless operate compatibly within the second system. This compatible operation can include, for example, both encrypted and clear communications with other units that also belong to the first system. When the home system switches its encryption key, however, this switch must be accomplished for roaming communication units as well as for more locally positioned units. Otherwise, the roaming units will no longer be able to communicate in an encrypted mode compatibly with other system users.
To meet this need, the prior art provides for a communication link between the key management facilities of differing systems. So configured, a roaming communication unit can communicate with the key management facility of a non-home system and request, for example, a rekeying event. That key management facility then contacts the home key management facility for that communication unit and receives the rekeying information. The rekeying information will be encrypted with the second encryption key in accord with prior practice. To make use of that information, however, the non-home system key management facility must be provided with the second encryption key (because the non-home system key management facility must have clear access to the new encryption key in order to facilitate rekeying the roaming communication unit). This means that the non-home system key management facility therefore will have access to the other system's encryption key itself.
For many applications this is acceptable. For other applications, however, this presents an unacceptable breach of security. Non-system access to one's encryption key permits a variety of unauthorized and undesired activities, including but not limited to eavesdropping, inappropriate programming of the communication units themselves, and so forth. Notwithstanding this attendant risk of compromised security, however, the above-described process, whereby an intervening key management facility has knowing access to the encryption key of another system in order to thereby effect the proper and timely rekeying of a roaming communication unit, essentially represents a typical and present best available rekeying process.
Skilled artisans will appreciate that elements in the figures are illustrated for simplicity and clarity and have not necessarily been drawn to scale. For example, the dimensions of some of the elements in the figures may be exaggerated relative to other elements to help to improve understanding of various embodiments of the present invention. Also, common but well-understood elements that are useful or necessary in a commercially feasible embodiment are typically not depicted in order to facilitate a less obstructed view of these various embodiments of the present invention.