1. Field of the Invention
The present invention relates to a wireless communications protocol. More specifically, the present invention discloses a method and associated system and data structure for ensuring proper synchronization of a ciphering key activation time between two stations, and for removing cyclical ambiguity of a frame number (FN) transmitted in a signaling message.
2. Description of the Prior Art
The surge in public demand for wireless communication devices has placed pressure upon industry to develop increasingly sophisticated communications standards. The 3rd Generation Partnership Project (3GPP™) is an example of such a new communications protocol. These standards utilize a three-layer approach to communications. Please refer to FIG. 1. FIG. 1 is a block diagram of the three layers in such a communications protocol. In a typical wireless environment, a first station 10 is in wireless communications with one or more second stations 20. An application 13 on the first station 10 composes a message 11 and has it delivered to the second station 20 by handing the message 11 to a layer 3 interface 12. The layer 3 interface 12 may also generate some layer 3 signaling messages 12a for the purpose of controlling layer 3 operations. An example of such a layer 3 signaling message is a request for a ciphering reconfiguration activation, which includes a SECURITY MODE COMMAND on downlink (base station to mobile unit) and a SECURITY MODE COMPLETE on uplink (mobile unit to base station). Such layer 3 signaling messages are generated by the layer 3 interfaces 12 or 22 of the first station 10 or the second station 20, respectively. The layer 3 interface 12 delivers either the message 11 or the layer 3 signaling message 12a to a layer 2 interface 16 in the form of layer 2 service data units (SDUs) 14. The layer 2 SDUs 14 may be of any length. The layer 2 interface 16 composes the SDUs 14 into one or more layer 2 protocol data units (PDUS) 18. Each layer 2 PDU 18 is of a fixed length, and is delivered to a layer 1 interface 19. The layer 1 interface 19 is the physical layer, transmitting data to the second station 20. The transmitted data is received by the layer 1 interface 29 of the second station 20 and reconstructed into one or more PDUs 28, which are passed up to the layer 2 interface 26. The layer 2 interface 26 receives the PDUs 28 and builds up one or more layer 2 SDUs 24 from the PDUs 28. The layer 2 SDUs 24 are passed up to the layer 3 interface 22. The layer 3 interface 22, in turn, converts the layer 2 SDUs 24 back into either a message 21, which should be identical to the original message 11 that was generated by the application 13 on the first station 10, or a layer 3 signaling message 22a, which should be identical to the original signaling message 12a generated by the layer 3 interface 12 and which is then processed by the layer 3 interface 22. The received message 21 is passed up to an application 23 on the second station 20. As a note regarding terminology used throughout this disclosure, a PDU is a data unit that is used by a layer internally to transmit and receive information, whereas an SDU is a data unit that is passed up to, or received from, an upper layer. Thus, a layer 3 PDU is exactly the same as a layer 2 SDU. Similarly, a layer 2 PDU could also be termed a layer 1 SDU. For purposes of the following disclosure, the shortened term “SDU” is used to indicate layer 2 SDUs (that is, layer 3 PDUS), and the term “PDU” should be understood as layer 2 PDUs (i.e., layer 1 SDUs).
Of note are the layer 2 interfaces 16 and 26, which act as a buffers between the relatively high-end data transmission and reception requests of the layer 3 interfaces 12 and 22, and the low-level requirements of the physical transmission and reception process at the layer 1 interfaces 19 and 29. Please refer to FIG. 2. FIG. 2 is a simplified diagram of a transmission/reception process from a layer 2 perspective. A layer 2 interface 42 of a first station 40 receives a string of SDUs 44 from a layer 3 interface 43. The SDUs 44 are sequentially ordered from 1 to 5, and are of an unequal length. The layer 2 interface 42 converts the string of layer 2 SDUs 44 into a string of layer 2 PDUs 46. The PDUs 46 are sequentially ordered from 1 to 4, and are all of an equal length. Depending on the type of transmission mode used, each PDU 46 may have a header that includes a sequence number to explicitly indicate the sequential order of each PDU 46 within the stream of transmitted PDUs 46. This better enables a second station 50 to properly determine the sequential ordering of a received stream of PDUs 58, and thus properly reconstruct corresponding SDUs 54 from the received PDUs 58. These header-inclusive transmission modes include acknowledged mode (AM) transmissions, and unacknowledged mode (UM) transmissions. Both AM and UM type transmissions require the addition of the header to each PDU 46 by the transmitting station 40 to hold the inclusive sequence number. These headers increase the overall transmission overhead. Alternatively, a transparent mode (TM) transmission method can be used, in which case the layer 2 interface 42 adds no data to the PDUs 46, but instead simply segments them into proper lengths. The TM transmission method consequently has a minimum of transmission overhead associated with it, but makes the assembly of the received PDUs 58 potentially more difficult and error-prone. In TM transmissions, each PDU 46 has an associated connection frame number to identify that PDU 46. The connection frame number is never, however, actually transmitted with the PDU 46, unlike the sequence numbers in AM and UM transmissions. For purposes of the present invention, a general term “frame number” (FN) shall be employed. An FN may represent either a connection frame number or a sequence number, depending upon the transmission mode used. The bit size of an FN will vary depending on the transmission method used. For example, in TM transmissions, each PDU 46 is assigned an 8-bit FN. In UM transmissions, the FN is a 7-bit value held in the PDU 46 header, whereas in AM transmissions the FN is a 12-bit value held in the header.
Each layer 2 PDU 46 in the string of PDUs 46 thus has an associated FN 46a. As noted above, the FN 46a may or may not be an actual part of the corresponding PDU 46, but, regardless of this, the FN 56a is an n-bit number assigned by the layer 2 interface 42 to the PDU 46. The FNs 46a of succeeding PDUs 46 are successively incremented. For example, if PDU146m has an FN 46n of 192, then PDU246o would have an associated FN 46p of 193, and so forth. Note that roll-over of the FNs 46a (which occurs at a value of 2n−1 as each FN 46a is an n-bit number) can cause sequentially later PDUs 46 to have FNs 46a that are numerically less than those of sequentially earlier PDUs 46. The FNs 46a thus have a cyclical ambiguity. That is, every 2n−1 PDUs 46, the FNs 46a repeat, and thus the PDUs 46 are not uniquely identified by the FNs 46a, but only uniquely identified within each cycle of the FNs 46a. This may lead to confusion between the first station 40 and the second station 50 when a signaling message is passed between the two stations 40 and 50 that indicates only an FN 46a as a reference. A specific example of this shall be enumerated in the following.
The layer 2 PDUs 46 are encrypted by an encryption engine 47. The encryption of the PDUs 46 includes many variables, but, in particular, the encryption engine 47 utilizes the FN 46a of each PDU 46, and a ciphering key 47a. The ciphering key 47a is provided by the layer 3 interface 43, by way of command primitives. The result is a string of encrypted PDUs 48, which is then sent off to a layer 1 interface 41 for transmission. A reverse process occurs at the second station 50. The second station 50 associates an FN 58a with each received encrypted PDU 58. This association is either explicit, by extracting the FNs 58a from the header of each received encrypted PDU 58, or implicit by assignment, i.e., by the layer 2 interface 52 simply assigning the FN 58a to each encrypted PDU 58. If the FNs 58a are assigned by the layer 2 interface 52, then the FNs 58a should be synchronized with the corresponding FNs 46a maintained by the first station 40. The FNs 58a, along with a ciphering key 57a, are used by a decryption engine 57 to decrypt the encrypted PDUs 58 into decrypted PDUs 56. The decrypted PDUs 56 are converted into a received string of layer 2 SDUs 54, which are then passed up to a layer 3 interface 53.
For the encrypted PDUs 58 to be properly decrypted into the decrypted PDUs 56, the decryption engine 57 must use a ciphering key 57a that is identical to the ciphering key 47a. A layer 3 signaling message, a so-called ciphering reconfiguration activation command, is used to synchronize the ciphering keys 47a and 57a. Periodically, the first station 40 may wish to change its ciphering key 47a for the sake of security. The layer 3 interface 43 will thus compose a layer 3 ciphering reconfiguration activation command, indicating the changing of the ciphering key 47a, and when this key change will take effect. For the sake of simplicity, though, rather than using an actual time, the ciphering reconfiguration activation command indicates an activation time. This activation time is simply a layer 2 PDU FN value. PDUs 46 with FNs 46a that are sequentially before the activation time are encrypted using the old ciphering key 47a. PDUs 46 with FNs 46a that are sequentially on or after the activation time are encrypted using a new ciphering key 47a. By indicating the ciphering key and the activation time in the ciphering reconfiguration activation command, the first station 40 ensures that the ciphering process will be properly synchronized with the second station 50. After reception of the ciphering reconfiguration activation command, the second station 50 will use the old ciphering key 57a to decrypt encrypted PDUs 58 having FNs 58a that are sequentially prior to the activation time. The second station 50 will use the new ciphering key 57a to decrypt encrypted PDUs 58 having FNs 58a that are sequentially on or after the activation time.
Please refer to FIGS. 3 in conjunction with FIG. 4. FIG. 3 is a more detailed block diagram of a prior art layer 2 interface 60. FIG. 4 is a timing diagram of transmission time intervals (TTIs) 72 that are used by the layer 2 interface 60. The layer 2 interface 60 comprises a radio link control (RLC) layer 62 on top of, and in communications with, a medium access control (MAC) layer 64. The MAC layer 64 acts as an interface between the RLC layer 62 and the layer 1 interface 61. The MAC layer 64 divides the transmission of PDUs 63, which the MAC layer 64 receives from the RLC layer 62, into a series of transmission time intervals (TTIs) 72. Each TTI 72 has an interval length that is identical to the other TTIs 72, such as a 20 millisecond (ms) interval. Within the time span of each TTI 72, the MAC layer 64 sends off a transport blocks set 74 to the layer 1 interface 61 to be transmitted. The transport block set 74 comprises a predetermined number of transport blocks 74a. Each of the transport blocks 74a comprises one RLC PDU 75 and may optionally carry a MAC header. In TM transmissions, the MAC layer 64 generally will not add any header to the RLC PDUs 75, and thus a transport block 74a is identical to an RLC PDU 75, as is indicated in FIG. 4. All of the RLC PDUs 75, and thus the transport blocks 74a, within each TTI 72, are of the same length. The number of RLC PDUs 75 (or equivalent transport blocks 74a) within each transport block set 74 between TTIs 72 may change. For example, in FIG. 4 the first TTI 72 transmits six PDUs 75, and the subsequent TTI 72 transmits three PDUs 75. The actual data length of the PDUs 75 may also vary from TTI 72 to TTI 72, but is always the same within each TTI 72. Consequently, prior to transmission for each TTI 72, the MAC layer 64 informs the RLC layer 62 of the number of PDUs 75 required for the TTI 72, and the size for the PDUs 75 within the TTI 72. The RLC layer 62 composes SDUs 65a, held in a buffer 65, into appropriately sized PDUs 63, and delivers the required number of PDUs 63 to the MAC layer 64. In TM transmissions, it is the MAC layer 64 that internally associates an FN 76 with each transport block 74a, and is thus responsible for encryption and decryption of the RLC PDUs 75 in each TTI 72. Note that, in TM transmissions, each FN 76 is not actually transmitted, but is only associated with a corresponding transport block 74a. In FIG. 3, TM transmissions are assumed, and thus an encryption engine 66 is shown as within the MAC layer 64. However, in UM and AM transmissions, as the FNs 76 are actually a part of the RLC PDUs 63, encryption can be performed by the RLC layer 62.
For purposes of security, the PDUs 63, 75 are encrypted before being delivered to the layer 1 interface 61. The encryption is usually performed in either the MAC layer 64 or the RLC layer 62. As noted above, for purposes of the present example, it will be assumed that a TM transmission method is employed, and so it is the MAC layer 64 that performs the encryption process, as it is the MAC layer 64 that assigns the FN 76 to each transport block 75. Prior to delivering transport block sets 74 to the layer 1 interface 61, an encryption engine 66 within the MAC layer 64 encrypts all of data within each PDU 63 to generate encrypted PDUs 75 within each transport block set 74. The encryption engine 66 uses the FN 76 of each PDU 75, as well as at least one ciphering key 68, to generate the encrypted PDUs 75. Consequently, on the receiver side, the receiver FNs must be synchronized with the transmitter FNs 76 to perform the decryption of the PDUs 75. Of course, such synchronization is not a problem in AM and UM transmissions, as the FNs 76 are explicitly included with the transmitted PDUs 75. The FN 76 associated with each PDU 63, 75 is used to form a count-c value 66c for that PDU 63, 75. The count-c value 66c is a 32-bit number that comprises a hyper-frame number (HFN) 66h as the most significant 32-n bits (as the FN 76 is an n-bit number), and an FN 66f of the PDU 63, 75 to be encrypted as the least significant n bits. The HFN 66h is initially set to zero, or a specific value specified by the radio access network, and is incremented upon detection of rollover in the PDU 63, 75 FN 76. For example, if the HFN 66h has a value of zero, and a PDU 63, 75 has an associated FN 76 of 255, count-c 66c would have a value of 255 that is used to encrypt the PDU 63 to generate the encrypted PDU 75. A subsequent PDU 63, 75 would have an FN 76 of zero, due to rollover, and the encryption engine 66 would thus increment the HFN value 66h to one. Count-c 66c, used to encrypt this subsequent PDU 63, would thus be 256. The HFN 66h is used in all transmission modes, AM, UM and TM. Although the FN values 76 may or may not be transmitted with the PDUs 75, depending on the transmission method employed, the HFN value 66h is never transmitted. The FNs 76 and HFN 66h thus must both remain synchronized on both the reception and transmission sides for the PDUs 75 to undergo a proper encryption/decryption cycle. Note that item 76 has been used to indicate an n-bit FN value. In terms of encryption and decryption, however, it is more correct to say that each item 76 associated with a PDU 75 is, in fact, a count-c value 66c that includes the HFN 66h for that particular FN 76. That is, within one transport block set 74, due to roll-over, one group of preceding FNs 76 may have associated with them an HFN 66h that is a unit less than the HFNs 66h associated with the succeeding FNs 76. It is the responsibility of the layer 2 interface 60 to ensure that each PDU 75 has associated with it the correct HFN 66h/FN 76 pair to generate a correct count-c 66c to properly encrypt or decrypt a PDU 75.
The communications protocol supports the simultaneous use of several channels from the layer 2 interface 60. Please refer to FIG. 5. FIG. 5 is a block diagram of a first station 80 utilizing several channels 86a, 86b, 86c, 86d for communications purposes. Again, TM transmissions are assumed for the present example. The first station 80 has applications 84a, 84b and 84c running simultaneously, each of which is in communications with a layer 3 interface 83. For each application 84a to 84c, the layer 3 interface 83 creates a corresponding TM channel 86a to 86c with a layer 2 interface 82. Additionally, the layer 3 interface 83 establishes a unique signaling channel 86d to communicate with a layer 3 interface 93 on a remote station 90. The signaling channel 86d employs an AM transmission method so that both the first station 80 and the remote station 90 receive reception confirmation of any signaling messages passed between them. Layer 2 SDUs are exchanged between the layer 2 interface 82 and the layer 3 interface 83 along the channels 86a to 86d. Each channel 86a to 86d has a corresponding buffer 87a to 87d, which is used to transform the layer 2 SDU data into layer 2 PDUs. Thus, data from applications 84a, 84b and 84c is sent to the layer 2 interface 82 by the layer 3 interface 83 along the TM channels 86a, 86b and 86c, respectively, in the form of layer 2 SDUs. Additionally, signaling data for the layer 3 interfaces 83, 93 is sent to the layer 2 interface 82 along the AM channel 86d. All of these SDUs land into their corresponding buffers 87a, 87b, 87c and 87d, and are converted into layer 2 PDUs. A consequence of this is that each buffer 87a to 87d uses its own set of PDU FNs and HFNs, independently of the other buffers 87a to 87d. The PDUs from the buffers 87a to 87d are fed into a MAC layer 89. The MAC layer 89 utilizes an encryption engine 88, which uses a ciphering key 88a, to generate encrypted PDUs for each TTI of the channels 86a to 86c. As previously described, the encryption engine 88 also uses the HFN/FN pair (i.e., the count-c value) of each PDU to perform the encryption. The AM signaling channel 86d does not need to use the MAC layer 89 encryption engine 88, as encryption is performed in the RLC layer (item 62 of FIG. 3) for AM transmissions. Each transport block set in the TTI, now containing encrypted PDU data, is then sent off to a layer 1 interface 81 for transmission.
Please refer to FIG. 6 in conjunction with FIG. 5. FIG. 6 is a simplified block diagram of a ciphering reconfiguration activation command 100. As noted previously, the layer 3 interface 83 may, from time to time, desire to change the ciphering key 88a. To perform this change to the ciphering key 88a, the layer 3 interface 83 sends the ciphering reconfiguration activation command 100 along the signaling channel 86d to the layer 3 interface 93 of the remote station 90. The ciphering reconfiguration activation command 100 is a layer 3 signaling message that is carried by layer 2 PDUs. Consequently, the ciphering reconfiguration activation command 100 is itself encrypted, and is treated by the layer 2 interfaces 82, 92, like any other layer 3 data, without being given any special consideration. The ciphering reconfiguration activation command 100 comprises ciphering data 102, and, in particular, activation times 104. The ciphering data 102 is not of direct relevance to the present invention, and so is glossed over. The ciphering data 102, however, may contain, for example, data to indicate which new ciphering key 88b is to be used. The new ciphering key 88b is already present on both the first station 80 and the remote station 90, having been transferred by a previous layer 3 signaling message. Of interest to the present invention are the activation times 104. The activation times 104 comprises a plurality of FNs 106a, 106b, 106c and 106d. Each FN 106a to 106d corresponds to one of the channels 86a to 86d, respectively, and, as previously described, tells the remote station 90 at what FN value the new ciphering key 88b should be applied for that channel 86a to 86d. For example, suppose that the first station 80 determines that, after the next 30 PDUs, the new ciphering key 88b will be used. If the first channel 86a has a current FN of 148, then FN1 106a will hold a value of 178. If the second channel 86b has a current FN of 245, then FN2 106b will hold a value of 19, due to roll-over of the 8-bit FN. Upon reception of the ciphering reconfiguration activation command 100, the remote station 90 uses its equivalent of the new ciphering key 88b on received or transmitted PDUs whose associated FNs along a channel 86a to 86d are sequentially on or after the corresponding FN activation times 106a to 106d for that channel 86a to 86d. The ciphering reconfiguration activation command 100 thus enables ciphering synchronization between the first station 80 and the remote station 90 for all channels 86a to 86d. Of course, four channels 86a to 86d have been indicated in the forgoing. It should be obvious, however, that fewer or greater numbers of channels are possible, with a corresponding decrease or increase in the number of entries within the activation times 104.
Unfortunately, the activation times 104 can lead to some ambiguity due to the cyclical nature of the PDU FNs. This ambiguity occurs because each of the channels 86a to 86d can run independently of each other. Suppose, for example, that the current FN for channel 86c for the remote station 90 is 100, with a corresponding activation time of 220 received within FN3 106c of the ciphering reconfiguration activation command 100. The remote station 90 can assume one of two possibilities: (a) the intended activation time FN3 106c of 220 is in the current FN cycle, in which case, after receiving 119 more PDUs along the channel 86c, the new ciphering key will be applied, or (b) the intended activation time FN3 106c of 220 was in the previous FN cycle, and so has elapsed. In this case, the remote station 90 should apply the new ciphering key immediately to channel 86c. The current protocol insists that the remote station always assume case (a). This, however, is not always correct. If case (b) were, in fact, the correct choice, the remote station 90 could potentially end up incorrectly decrypting 255 PDUs. In the worst case (depending on the configuration of the TTIs), this could lead to 2.5 seconds of noise.