The present invention relates to decryption-key distribution methods and authentication apparatuses. The present invention mainly relates to radio communication methods which allow encrypted data to be distributed through a broadcasting channel, and more particularly, to a decryption-key distribution method and an authentication apparatus used in CDMA radio communication systems.
The Third Generation Partnership Project 2 (3GPP2), an international standardization organization, has been standardized the CDMA2000 1× method, which is a mobile communication method allowing audio communication and data communication, and the CDMA2000 1× evolution-data only (1×EV-DO) method, which is a mobile communication method that has improved frequency use efficiency by dedicating itself to data communication only. Unicast communication, communication between terminals on a one-to-one correspondence basis, has been implemented in a mobile network by the CDMA2000 1× and CDMA2000 1×EV-DO methods. Implementation of multicast communication, communication between one terminal and multiple terminals, has been examined.
As a technical element for implementing multicast communication, a broadcast channel for data transfer in a radio interface has been standardized. For example, a broadcast channel for the CDMA2000 1× method has been standardized in C.S0001-D v1.0, C.S0002-D v1.0, C.S0003-D v1.0, C.S0004-D v1.0, and C.S0005-D v1.0, which are all 3GPP2 standards published in March, 2004. In addition, a broadcast channel for the CDMA2000 1×EV-DO method has been standardized in C.S0054-0 v1.0, published by 3GPP2 in March, 2004. A service using a broadcast channel is called a broadcast multicast service (BCMCS).
A Unicast channel, conventionally used for communication between a base station and a mobile terminal, allows only the single mobile terminal to receive data sent from the base station. In contrast, a broadcast channel, standardized for supporting multicast communication, allows all mobile terminals which can receive radio to receive data sent from a base station. Therefore, data transmitted through a broadcast channel can be received by all mobile terminals. To allow only a group of selected mobile terminals to receive data, a method has been discussed in which data is encrypted, and a key (decryption key) necessary to decrypt the encrypted data is distributed to the group of selected mobile terminals in advance by unicast communication or other communication. As a method for distributing a decryption key to a mobile terminal, Chapter 7 and Chapter 10.2 of X.P0022-0 V.0.2, a proposed 3GPP2 standard, discloses a method in which a decryption key (broadcast access key: BAK) in the extensible markup language (XML) format is transmitted in response to an inquiry from a mobile terminal.
FIG. 24 is a structural view of a system for providing a BCMCS in a CDMA2000 1×EV-DO network. This figure shows a state in which data is sent to a plurality of mobile terminals through a broadcast channel of the CDMA2000 1×EV-DO method.
A contents server 108 generates and transmits broadcast-channel data. This data is transmitted as IP packets which are attached a multicast IP address to a broadcast serving node (BSN) 106. The contents server 108 encrypts the IP packets with the encryption key which is managed by a BCMCS controller 109 and transmits the packets. The contents server 108 receives in advance the encryption key necessary for encryption from the BCMCS controller 109 before transmitting the broadcast data.
The BSN 106 receives the packets, applies framing processing, such as HDLC-like framing defined in IETF RFC 1662, published in July, 1994, to the IP packets in order for mobile terminals to determine the boundaries of the IP packets, and transmits the IP packets to a packet control unit (packet control function: PCF) 104. The PCF 104 receives the packets from the BSN 106, buffers the packets, adjusts the transfer rate to a transfer rate suited to a radio bandwidth, and transmits the packets to a base station (access node: AN) 103.
The AN 103 receives the packets from the PCF 104, and transmits the packets by radio through a broadcast channel. The packets sent through the broadcast channel are received by a plurality of mobile terminals, such as access terminals
(ATs) 101 and 102. The BCMCS controller 109 manages information on the broadcast data, a data base for holding an encryption key and a decryption key used for encrypting and decrypting the broadcast data, whether each mobile terminal has a receiving authority, and others.
In FIG. 24, an access network for authentication, authorization and accounting (AN-AAA) 105 is an authentication server for authenticating mobile terminals. The server determines, for example, whether the business party has approved a radio connection to a certain mobile terminal. A packet-data serving node (PDSN) 107 terminates point-to-point protocol (PPP) in order to support unicast communication with a mobile terminal. The PDSN 107 mediates packets between the IP protocol, used in the Internet 111, and a protocol used in the radio network. An authentication, authorization, and accounting unit (AAA) 110 is an authentication server for authenticating users who use the mobile terminals, and determines whether a connection to the Internet 111 through a radio connection from a user using a mobile terminal has been approved.
FIG. 2 shows a decryption-key distribution procedure based on Annex A of X.P0022, which is a proposed 3GPP2 standard.
The BSN 106 receives data to be transmitted through the broadcast channel, from the contents server 108, and sends the data to the AN 103 through the PCF 104. The AN 103 receives the data, and sends it to the AT 101 by radio through the broadcast channel (in step 201). The data received by the AT 101 has been encrypted. Since the AT 101 does not have a key (decryption key) for decryption, the AT 101 discards the data.
When the AT 101 is turned on, for example, a 1×EV-DO session is established between the AT 101 and the AN 103, and a parameter for a radio protocol to be used in subsequent processes and other items are determined in the establishment (in step 202). The AT 101 establishes a connection for data communication according to information of the established 1×EV-DO session (in step 203). This connection is for one-to-one-correspondence unicast communication between the AT 101 and the AN 103, and is separately prepared from the broadcast channel. Since communication is performed on this connection in steps 203 to 215, the contents of the communication cannot be received by the other ATs.
The AN 103 and PCF 104 determine that the AT 101 first established the connection after the session establishment (in step 202), and perform, before making the AT 101 ready for communication, terminal authentication that determines whether a communication right has been given to the AT 101. As a preparation for this terminal authentication, an authentication path is established between the AN 103 and the PCF 104 (in step 204).
To perform terminal authentication between the AT 101 and PCF 104, link control protocol (LCP), defined in PPP, is established (in step 205) by using the connection established in step 203 and the authentication path established in step 204. The PCF 104 sends, for example, a CHAP request message to the AT 101 to request terminal authentication (in step 206). The AT 101 calculates an authenticator by using information included in the CHAP request message and unique mobile-terminal information held by the AT 101, and sends a CHAP response message that includes the authenticator to the PCF 104 (in step 207). The PCF 104 sends an access request message that includes the received authenticator to the AN-AAA 105 (in step 208). The AN-AAA 105 checks the validity of the received authenticator.
When the AN-AAA 105 determines that the received authenticator is valid, the AN-AAA 105 sends an access accept message to the PCF 104 as a terminal-authentication approval (in step 209). The PCF 104 sends a CHAP success message to the AT 101 to report an authentication approval (in step 210).
Then, a data path is established between the AN 103 and PCF 104 in order to establish a unicast communication path (in step 211). A data path is also established between the PCF 104 and PDSN 107 (in step 212). PPP is established between the AT 101 and PDSN 107 (in step 213) in order to perform framing necessary for unicast communication.
To obtain a key for decrypting, for example, the encrypted broadcast data sent in step 201, the AT 101 transmits an HTTP information acquisition request message to the BCMCS controller 109 (in step 214). The BCMCS controller 109 sends an HTTP information acquisition response message that includes a decryption key and information on the valid period of the decryption key to the AT 101 (in step 215).
Then, the AT 101 can receive data (in step 216) because it can now decrypt the encrypted data sent from the AN 103 by using the decryption key received in step 215.
In conventional data transmission methods using a broadcast channel, when data is sent without encryption, the data can be received by mobile terminals other than the intended mobile terminal. For example, even a mobile terminal whose service contract with the communication business party has expired can receive data in some cases. To allow only the intended mobile terminal to receive data, a method has been examined in which data is encrypted and sent, and a key (decryption key) for decrypting the encrypted data is also sent.
In conventional decryption-key transmission methods, a unicast radio resource is obtained and a mobile terminal communicates by radio through the resource with a server managing decryption keys to obtain a decryption key. The procedure shown in FIG. 2 is disclosed in Annex A of X.P0022-0. In such a procedure, since a decryption key is sent through a unicast path, steps 211 to 215, for example, are required. Because the PDSN PPP session shown in step 213 needs to be terminated and the transaction processing performed by the BCMCS controller, shown in steps 214 and 215, is necessary, resources are used in the PDSN and BCMCS controller. In addition, since many steps are needed to obtain the decryption key, a long time is required therefor.
In this way, the decryption key cannot be obtained without obtaining a radio resource therefor. Data sent through a broadcast channel cannot be received without the decryption key. Therefore, even for receiving broadcast data which the base station providing communications does not need to obtain its communication condition, communication for sending the decryption key to the mobile terminal is required, resulting in increases in the amount of communication, in radio traffic, and in communication-network traffic.
If data to be sent through a broadcast channel is not encrypted in order to suppress the amount of communication used for obtaining the decryption key, mobile terminals other than the intended mobile terminal can receive the data, as described above, causing a problem.
In the conventional methods, in order to establish PPP between the PDSN 107 and AT 101 and to perform communication with the BCMCS controller 109, the PDSN 107 needs to manage and process an increased number of sessions and the BCMCS controller 109 needs to manage and process an increased number of transactions. With this reason, the PDSN 107 and the BCMCS controller 109 are requested to have high performance, sometimes resulting in a large-scale facility. Since PPP establishment and communication with the BCMCS controller 109 are necessary, a processing time is required until the AT 101 obtains the decryption key, and it takes long to start receiving broadcast data on the AT 101 side after a session is established.