1. Field of the Invention
The present invention relates to an initialization of hyper-frame numbers (HFNs) in a wireless communication system. In particular, the present invention discloses a method of initializing HFNs during an establishment of a new radio bearer.
2. Description of the Prior Art
Please refer to FIG. 1. FIG. 1 is a simplified block diagram of a prior art wireless communications system, as defined by the 3rd Generation Partnership Project (3GPP) specifications 3GPP TS 25.322 V3.10.0 “RLC Protocol Specification”, and 3GPP TS 25.331 V3.10.0 “Radio Resource Control (RRC) Specification”, which are included herein by reference. The wireless communications system includes a first station 10 in wireless communications with a second station 20. As an example, the first station 10 is a mobile unit, such as a cellular telephone, and the second station 20 is a base station. The first station 10 communicates with the second station 20 over a plurality of radio bearers 12. The second station 20 thus has corresponding radio bearers 22, one for each of the radio bearers 12. Each radio bearer 12 has a receiving buffer 12r for holding protocol data units (PDUs) 11r received from the corresponding radio bearer 22 of the second station 20. Each radio bearer 12 also has a transmitting buffer 12t for holding PDUs 11t that are awaiting transmission to the corresponding radio bearer 22 of the second station 20. A PDU 11t is transmitted by the first station 10 along a radio bearer 12 and received by the second station 20 to generate a corresponding PDU 21r in the receiving buffer 22r of the corresponding radio bearer 22. Similarly, a PDU 21t is transmitted by the second station 20 along a radio bearer 22 and received by the first station 10 to generate a corresponding PDU 11r in the receiving buffer 12r of the corresponding radio bearer 12.
For the sake of consistency, the data structures of each PDU 11r, 11t, 21r and 21t along corresponding radio bearer 12 and 22 are identical. That is, a transmitted PDU 11t generates an identical corresponding received PDU 21r, and vice versa. Furthermore, both the first station 10 and the second station 20 use identical PDU 11t, 21t data structures. Although the data structure of each PDU 11r, 11t, 21r and 21t along corresponding radio bearers 12 and 22 is identical, different radio bearers 12 and 22 may use different PDU data structures according to the type of connection agreed upon along the corresponding radio bearers 12 and 22. In general, though, every PDU 11r, 11t, 21r and 21t will have a sequence number 5r, 5t, 6r, 6t. The sequence number 5r, 5t, 6r, 6t is an m-bit number that is incremented for each PDU 11r, 11t, 21r, 21t. The magnitude of the sequence number 5r, 5t, 6r, 6t indicates the sequential ordering of the PDU 11r, 11t, 21r, 21t in its buffer 12r, 12t, 22r, 22t. For example, a received PDU 11r with a sequence number 5r of 108 is sequentially before a received PDU 11r with a sequence number 5r of 109, and sequentially after a PDU 11r with a sequence number 5r of 107. The sequence number 5t, 6t is often explicitly carried by the PDU 11t, 21t, but may also be implicitly assigned by the station 10, 20. For example, in an acknowledged mode setup for corresponding radio bearers 12 and 22, each transmitted PDU 11t, successful reception of which generates an identical corresponding PDU 21r, is confirmed as received by the second station 20. Ideally, the sequence numbers 5t maintained by the first station 10 for the PDUs 11t are identical to the corresponding sequence numbers 6r for the PDUs 21r that are maintained by the second station 20.
Hyper-frame numbers (HFNs) are also maintained by the first station 10 and the second station 20. Hyper-frame numbers may be thought of as high-order (i.e., most significant) bits of the sequence numbers 5t, 6t, and which are never physically transmitted with the PDUs 11t, 21t. Exceptions to this rule occur in rare cases of special signaling PDUs 11t, 21t that are used for synchronization. In these cases, the HFNs are not carried as part of the sequence number 11t, 21t, but instead are carried in fields of the data payload of the signaling PDU 11t, 21t, and thus are more properly signaling data. As each transmitted PDU 11t, 21t generates a corresponding received PDU 21r, 11r, hyper-frame numbers are also maintained for received PDUs 11r, 21r. In this manner, each received PDU 11r, 21r, and each transmitted PDU 11t, 21t is assigned a value that uses the sequence number (implicitly or explicitly assigned) 5r, 6r, and 5t, 6t as the least significant bits, and a corresponding hyper-frame number (always implicitly assigned) as the most significant bits. Each radio bearer 12 of the first station 10 thus has a receiving hyper-frame number (HFNR) 13r and a transmitting hyper-frame number (HFNT) 13t. Similarly, the corresponding radio bearer 22 on the second station 20 has a HFNR 23r and a HFNT 23t. When the first station 10 detects rollover of the sequence numbers 5r of PDUs 11r in the receiving buffer 12r, the first station 10 increments the HFNR 13r. On rollover of sequence numbers 5t of transmitted PDUs 11t, the first station 10 increments the HFNT 13t. A similar process occurs on the second station 20 for the HFNR 23r and HFNT 23t. Ideally, the HFNR 13r of the first station 10 should thus be synchronized with (i.e., identical to) the HFNT 23t of the second station 20. Similarly, the HFNT 13t of the first station 10 should be synchronized with (i.e., identical to) the HFNR 23r of the second station 20.
A security engine 14 on the first station 10, and a corresponding security engine 24 on the second station 20, together ensure secure and private exchanges of data exclusively between the first station 10 and the second station 20. The security engine 14, 24 is used for performing the obfuscation (i.e., ciphering, or encryption) of data held within a PDU 11t, 21t so that the corresponding PDU 11r, 21r presents a meaningless collection of random numbers to an eavesdropper. For transmitting a PDU 11t, the security engine 14 uses, amongst other inputs, an n-bit security count 14c and a security key 14k to perform the ciphering functions upon the PDU 11t. To properly decipher the corresponding PDU 21r, the security engine 24 must use an identical security count 24c and security key 24k. To start the ciphering upon the radio bearers 12,22, the second station 20 has to send a “SECURITY MODE COMMAND” message to the first station 10. Each of the first station 10 and the second station 20 has a corresponding variable CIPHERING—STATUS 16, 26 respectively to record a ciphering status as “STARTED” or “NOT STARTED”. For example, the variable CIPHERING—STATUS 26 is initially set to “NOT STARTED” before the ciphering is started between the first and second stations 10, 20. When the first station 10 receives the “SECURITY MODE COMMAND” command from the second station 20 that indicates that ciphering should be activated, the variable CIPHERING—STATUS 16 is set to “STARTED”. The CIPHERING—STATUS 16 is initially set to “NOT STARTED” until the second station 20 sends the “SECURITY MODE COMMAND” message to the first station 10 for starting the ciphering. In addition, after the first station 10 is ready to perform the ciphering upon PDUs, the variable CIPHERING—STATUS 26 of the second station 20 will be set to “STARTED”. That is, the variables CIPHERING—STATUS 16 and the CIPHERING—STATUS 26 are synchronized to make the ciphering between the first and second stations 10, 20 operate correctly. If there are a plurality of first stations 10 each having a specific variable CIPHERING—STATUS 16 to indicate the corresponding ciphering status between the first station 10 and the second station 20, the second station 20, therefore, has to establish a plurality of variables CIPHERING—STATUS 26 each being synchronized with one variable CIPHERING—STATUS 16 of each first station 10 for transmitting and receiving PDUs correctly.
The security count 14c for a PDU 11t is generated by using the sequence number 5t of the PDU 11t as the least significant bits of the security count 14c, and the HFNT 13t associated with the sequence number 5t as the most significant bits of the security count 14c. Similarly, the security count 14c for a PDU 11r is generated from the sequence number 5r of the PDU 11r and the HFNR 13r of the PDU 11r. An identical process occurs on the second station 20, in which the security count 24c is generated using the sequence number 6r or 6t, and the appropriate HFN R 23r or HFNT 23t. The security count 14c, 24c has a fixed bit size, which is typically 32 bits. As the sequence numbers 5r, 6r, 5t, 6t may vary in bit size depending upon the transmission mode used, the hyper-frame numbers HFNR 13r, HFNR 23r, HFNT 13t and HFNT 23t must vary in bit size in a corresponding manner to yield the fixed bit size of the security count 14c, 24c. For example, in a transparent transmission mode, the sequence numbers 5r, 6r, 5t, 6t are all 7 bits in size. The hyper-frame numbers HFNR 13r, HFNR 23r, HFNT 13t and HFNT 23t are thus 25 bits in size; combining the two together yields a 32 bit security count 14c, 24c. On the other hand, in an acknowledged transmission mode, the sequence numbers 5r, 6r, 5t, 6t are all 12 bits in size. The hyper-frame numbers HFNR 13r, HFNR 23r, HFNT 13t and HFNT 23t are thus 20 bits in size so that combining the two together continues to yield a 32 bit security count 14c, 24c. 
As noted, the first station 10 may establish a plurality of radio bearers 12 with the second station 20. Each of these radio bearers 12 uses its own sequence numbers 5r and 5t, and hyper-frame numbers 13r and 13t. When establishing a new radio bearer 12, the first station 10 calculates an START value by considering the HFNT 13t and HFNR 13r of all currently established radio bearers 12, and selects the HFNT 13t or HFNR 13r having the highest value and add one to the value. The START value is stored in a variable START—VALUE—TO—TRANSMIT. Then, the variable START—VALUE—TO—TRANSMIT is sent to the second station 20 in a “RADIO BEARER SETUP COMPLETE” message. However, if the variable “CIPHERING—STATUS” is set to “NOT STARTED”, the initial value is calculated based on the HFNT 13t and HFNR 13r of all currently established radio bearers 12, but is not used for initializing the HFNT 13t and the HFNR 13r for the new radio bearer 12. That is, the HFNT 3t and the HFNR 13r are initialized by the calculated initial value only when the variable “CIPHERING—STATUS” 16 is set to “STARTED”. Generally speaking, The first station 10 then extracts the MSBx of this highest-valued hyper-frame number 13r, 13t, increments the MSBx by one, and uses it as the MSBx for the new HFNT 13t and HFNR 13r for a newly established radio bearer 12 with a corresponding variable “CIPHERING—STATUS” set to “STARTED”. Synchronization is then performed between the first station 10 and the second station 20 to provide the MSBx to the second station 20 for the HFNR 23r and HFNT 23t. 
However, the establishment of a new radio bearer 12 may generate a problem when considering the possibility of the variable CIPHERING—STATUS being set to “NOT STARTED”. Please refer to FIG. 2, which is a flow chart related to a prior art establishment of the radio bearer 12. Establishing a new radio bearer 12 has the following steps.
Step 101:
The second station 20 transmits a “RADIO BEARER SETUP” message to the first station 10 for triggering an establishment of a new radio bearer 12;
Step 102: The first station 10 calculates a START value;
Step 103:
The first station 10 checks whether the variable CIPHERING—STATUS is set to “STARTED” or “NOT STARTED”. If the status is “STARTED” for the new radio bearer 12, go to Step 104; otherwise, go to Step 105;
Step 104: Use the START value to initialize the HFNs related to the new radio bearers 12;
Step 105:
The first station 10 transmits a “RADIO BEARER SETUP COMPLETE” message, which contains the START value, to the second station 20 to inform the second station 20 that the new radio bearer 12 has been successfully established.
As mentioned above, when a new radio bearer is established, HFNs 13r and 13t will be initialized with the variable START—VALUE—TO—TRANSMIT if the CIPHERING—STATUS is set to “STARTED”. However, when a new radio bearers 12 is created with the variable CIPHERING—STATUS set to “NOT STARTED”, an initial value for the HFNR 13r and HFNT 13t is calculated, but no HFN 13r, 13t is initialized by the calculated value. Because the CIPHERING—STATUS is set to “NOT STARTED”, ciphering is disabled, and the corresponding security count 14c is not maintained. In addition, the HFNs 13r, 13t for the new radio bearer 12, not having been initialized, are effectively random numbers. Consider the situation in which a great number of PDUs 11t are transmitted from the first station 10 to the second station 20, resulting in the related HFNT 13t increasing in value. The first station 10 may later receive the “SECURITY MODE COMMAND” message from the second station 20, intending to start the ciphering. Because the HFNR 13r and HFNT 13t were not initialized when the radio bearer 12 was established, the HFNs 13r, 13t are random and meaningless numbers. In addition, the HFNs 13r, 13t are not initialized when the “SECURITY MODE COMMAND” message has been transmitted and received. It can be expected, then, that the HFNR 13r and HFNT 23t are not synchronized, and that the HFNR 23r and HFNT 13t are also not synchronized. Consequently, when the “SECURITY MODE COMMAND” message is sent by the second station 20, a corresponding ciphering function fails along the new radio bearer 12 between the first station 10 and the second station 20 due to the unsynchronized HFNs for the new radio bearer 12 between the first and second stations 10, 20. Besides, the prior art does not teach or mention about initializing the HFNs of the ever established radio bearers when the first station 10 later receives the “SECURITY MODE COMMAND” message to start the ciphering operation. However, it is not reasonable trying to initialize HFNs by the variable START—VALUE—TO—TRANSMIT at this time to solve the above-mentioned problem since the variable START—VALUE—TO—TRANSMIT that stores the original calculated START value might have been altered owing to new establishments of other radio bearers between the first station 10 and the second station 20. That is, the original calculated START value of the target radio bearer might be lost when the first station 10 later receives the “SECURITY MODE COMMAND” message for the target radio bearer.
For the sake of ensuring secure data transmission, the second station 20 may also trigger a counter check procedure to perform a local authentication. The purpose of the procedure is to check that the amount of data sent in both directions, that is, from the second station 20 to the first station 10 and from the first station 10 to the second station 20, over a duration of the established radio bearer 12 is identical at the first and second stations 10, 20. The procedure is helpful for detecting a possible intruder. It is obvious that the security count 14c, 24c containing an HFN and an SN related to a PDU can be used to calculate total amount of transmitted data. Whether the ciphering is activated or not, the security count 14c, 24c, should be possible at all the times during the existence of the radio bearer 12. As mentioned above, the security count 14c is a random number when the variable CIPHERING—STATUS is set to “NOT STARTED” during establishment of the new radio bearer 12. Therefore, the counter check procedure will not function correctly for the new radio bearer 12.