Communication between two mobile radio terminals, and in particular between terminals of a GSM type network, is conventionally set up via at least one fixed radio station serving as a gateway, which station can optionally be the same for two terminals if both of them are within appropriate radio range of that station. Under such circumstances, managing radio resources and processing encryption and decryption are performed by the station serving both terminals. One radio link is established between the calling terminal and the common station, and another radio link is established between said station and the called terminal. Encryption is performed using a cipher key, referred to herein as Kc1 on the first-mentioned of said links, and using a cipher key, referenced herein as Kc2, on the second link.
An authentication procedure is provided for each of the two terminals via the station which is then common to them. To this end, the station transmits a different random number RAND to each terminal. The subscriber identification card, e.g. a SIM card, inserted in a terminal makes use of the number RAND received by the terminal to calculate a signal response number SRES, with the help of an individual secret authentication key Ki and a shared authentication algorithm A3 which it stores together with the key Ki. The signed response SRES supplied by the card is transmitted by the terminal including the card and enables the assembly constituted by the terminal plus the card to be identified by the mobile radio network. This identification is achieved if the transmitted signed response SRES corresponds to the signed response SRES simultaneously calculated from the same number RAND in the mobile radio network. The card inserted in a terminal also makes use of the number RAND that the terminal has received and of the key Ki that it stores for the purpose of calculating the cipher key Kc, i.e. Kc1 or Kc2 in this case, by means of a shared algorithm A8 for key-determining purposes, that it also stores. Each cipher key produced by a card is designed to be used together with a shared ciphering algorithm A5 to encrypt the data transmitted by the terminal which includes the card and to decrypt the data received by said terminal from the station with which it is in communication.
However, it is not possible at present to have direct encrypted communication between two terminals of the GSM/DCT mobile radio network that are situated within appropriate radio range of each other without passing via a station, since each of the two terminals uses a different cipher key Kc1 or Kc2, so neither of them can decrypt the transmissions of the other.
Similarly, in a mobile radio network where calls are established under the supervision of a controlling ground station and where they pass via one or possibly more satellites between the mobile radio terminals, it is not possible at present to have direct encrypted communication between terminals in a single hop via one or more satellites, for the reason given above.