1. Field
Various features pertain to wireless communication systems. At least one aspect pertains to a system and method for group key distribution and management for broadcast message security.
2. Background
Wireless communication networks enable communication devices to transmit and/or receive information while on the move. These wireless communication networks may be communicatively coupled to other public or private networks to enable the transfer of information to and from the mobile access terminal. Such communication networks typically include a plurality of access nodes (e.g., base stations) which provide wireless communication links to access terminals (e.g., mobile communication devices, mobile phones, wireless user terminals). The access nodes may be stationary (e.g., fixed to the ground) or mobile (e.g., mounted on satellites, etc.) and positioned to provide wide area coverage as the access terminal travels across different coverage areas.
In prior art centralized wireless network systems, a centralized network controller functions as the manager for authenticating a subscriber, establishing communications, and handing off a communication from a first access node to a second access node. The network controller typically controls a plurality of access nodes that provide service to one or more access terminals. When a handoff occurs between the access nodes, the access terminal maintains unique security keys with each access node with which it communicates. Consequently, additional over-the-air signaling may be needed from the access terminal to secure communications with each access node.
To provide greater flexibility, decentralized or distributive wireless communication network systems may be employed, where a centralized network controller is either eliminated or its role in managing communications is reduced. However, such decentralized wireless network architectures are susceptible to some security risks. For example, an access terminal may send a broadcast message, such as an air-interface message, to all access nodes in its active access node set. However, an attacker may forge a broadcast message and send the forged message to access nodes, but the access nodes are unable to verify the authenticity or identity of the sender of such broadcast message, creating a security risk.
Additionally, with a reduced role or elimination of a centralized network controller in a distributive wireless communication network system, securely handing off communications from one access node to another may create security risks.
In view of the above shortcomings of the prior art, the recipient of a broadcast message needs to be able to authenticate a broadcast message and the anchor access node needs to be able to verify that the requesting node is a currently valid member of the active set. Consequently, a method is needed that provides for a distributive group key management scheme where a group key is shared between the access terminal and the access nodes in the active set for the encryption/authentication of broadcast messages and backhaul messages between access nodes in the active set. In other words, a method is needed that allows an access terminal to broadcast a single copy of a message where only members of a group can decrypt and understand the message.