Field
Various features relate to wireless communication devices and systems, and more particularly to synchronizing security configurations between access terminals and network entities.
Background
Security is an important feature of a wireless communication system. Security in some wireless communication systems may conventionally comprise two features: the “Data Integrity” and “Ciphering”. “Data Integrity” is the feature that ensures no rogue network will be able to send unnecessary signaling messages with the intent to cause, or actually causing any undesired effect in an ongoing call. “Ciphering” is the feature that ensures all signaling and data messages are ciphered over the air interface to inhibit a third party from eavesdrop on the messages. In some wireless communication systems, such as a Universal Mobile Telecommunications System (UMTS), integrity protection is mandatory while ciphering is optional. Integrity protection may be implemented only on signaling radio bearers, whereas ciphering may be implemented on signaling as well as data radio bearers.
In a conventional wireless network, an access terminal (AT) typically negotiates with the wireless network to establish security parameters, such as encryption keys for use in encrypting (or ciphering) communications between the access terminal and the network components. Such security parameters may be updated and/or changed occasionally to ensure secrecy of the data transmitted between the access terminal and the network components.
An example of a conventional method for initiating or updating security parameters between the access terminal and the wireless network generally includes the access terminal receiving a security mode command from the wireless network and updating its security parameters based on the received security mode command. After the access terminal updates its security parameters, and prior to implementing the new security parameters, the access terminal sends a security mode complete message to the wireless network. On receipt of the security mode complete message, the wireless network will begin using the new security parameters to protect any subsequent downlink messages sent to the access terminal.
However, the access terminal will not begin using the new security parameters to protect any uplink messages sent to the wireless network until an acknowledgement message is received from the wireless network in response to the security mode complete message sent by the access terminal. In other words, the access terminal does not begin using the new security parameters for messages sent from the access terminal to the wireless network until the access terminal receives an acknowledgement from the wireless network that the security mode complete message was received and authenticated.
As a result, there exists a small window between the time when the security mode procedure is completed at the wireless network (e.g., when the security mode complete message is received at the wireless network) and when the security mode procedure is completed at the access terminal (e.g., when the acknowledgement is received by the access terminal and the security parameters are updated). Because of this time window, it is possible for the wireless network to be updated to the new security parameters, while the access terminal remains with the old security parameters. For example, conventional access terminals are typically adapted to abort the security mode procedure when certain other procedures are initiated, such as a mobility procedure.
In instances where the wireless network is updated to the new security parameters, but the access terminal continues with the old security parameters, the wireless connection between the two typically fails, resulting in dropped calls and dissatisfaction by the user of the access terminal. Therefore, it would be beneficial to provide methods and apparatuses for avoiding the situation where the wireless network is updated to new security parameters while the access terminal continues with old security parameters and/or for synchronizing the security parameters when such a situation occurs.