1. Field of the Invention
This invention relates generally to communications systems, and, more particularly, to a method and apparatus for encrypting and decrypting data in a communications system.
2. Description of the Related Art
Modern day electronic products, such as computers and telecommunications devices, are generally faster and more efficient than their predecessors. Two important factors that have contributed to the improved performance of today""s electronic products is the efficiency and faster rate at which these products transmit and receive signals. However, given the customer demand for faster and more responsive products, designers are constantly seeking ways to achieve a higher bandwidth while controlling the costs.
The overall performance of applications, particularly real-time telecommunication applications, can be improved by increasing the bandwidth available for transmitting signals. One example of a real-time telecommunication application where an increased bandwidth is desirable is a Wireless Local Loop (WLL) network.
Wireless Local Loop is quickly emerging as the technology that promises to deliver telephone service in geographical areas where using conventional copper telephone lines is cost prohibitive, or in a case where a telephone line exists, radio access technologies such as WLL provide other companies an opportunity to provide competitive services. Installing the last quarter of a mile of the telephone wire to a subscriber station is usually one of the most costly portions of the traditional telephone network, primarily because of the expenses associated with labor and maintenance. The telephone companies, which are usually responsible for maintaining the telephone wire, are frequently plagued with the daunting task of repairing the damage to the telephone lines caused by inclement weather, falling trees, digging, and by the recurring problem of copper wire theft. Accordingly, to circumvent the problems that are typically associated with the xe2x80x9ctraditionalxe2x80x9d telephone network, system designers turned to WLL technology, which is proving to be a promising and viable alternative.
FIG. 1 illustrates a block diagram of a WLL network 100. The WLL network 100 includes a Wireless Subscriber Unit (WSU) 110 at a subscriber station 115 that communicates with a remote Basestation Transceiver System (BTS) 120. The data flow from the WSU 110 to the BTS 120 is referred to as an uplink connection, and the data flow from the BTS 120 to the WSU 110 is referred to as a downlink connection. The BTS 120 links the WSU 110 to a central office 130, thus allowing a user at the subscriber station 115 to communicate with other subscriber stations (not shown) through the central office 130. A connection 132 between the BTS 120 and the central office 130 may be made via a wire-line, fiber or microwave link, depending on the bandwidth, distance, and the terrain.
The heart of the WLL network 100 is the xe2x80x9cwirelessxe2x80x9d interface between the BTS 120 and the WSU 110, where the need for the copper loop is eliminated. The WSU 10, located in the home or office, provides a radio frequency (RF) interface to an existing phone 135 or modem 140, usually through an RJ-11 type plug (not shown). The connection between the subscriber station 115 and the central office 130 is typically as reliable and clear as the copper wire version.
The counterpart to the WSU 110 is the BTS 120, which is generally located in the field. As is common in most wireless systems, the BTS 120 serves as a control station for the WSU 110 by providing, over a designated pilot channel, synchronization and control information necessary to initiate and maintain two-way communication. In communication systems employing time division multiple access (TDMA), a process well known in the art, the WSU 110 selects the channel frequency and the specific time slot based upon the availability and quality of the channels in the coverage area.
Most wireless communication systems, including the WLL network 100, operate in accordance with industry defined standards. For example, two popular standards for the WLL network 100 are Personal Handyphone System (PHS) and Digital Enhanced Cordless Telecommunications (DECT). The PHS and DECT standards, as well as other WLL standards, define the format for transmitting and receiving data, error checking algorithm, retransmission scheme, and other such parameters that are relevant to wireless communications systems.
The DECT standard for the WLL network 100, for example, defines a 10-millisecond TDMA frame that comprises twenty-four time slots, where generally twelve slots are reserved for transmitting and twelve for receiving. DECT supports voice, analog data, and packet data communications. Voice and analog data communications are full duplex, whereas packet data communications are simplex in nature. Packet data communications can take advantage of directing all slots in one direction, uplink or downlink, with the exception of one slot for the reverse acknowledgement channel. Depending upon the bandwidth allocated by the system, an uplink or downlink channel can utilize between one and twenty-three slots for transferring packet data. When no data is waiting to be sent, the bandwidth is de-allocated and assigned to other users. Thus, in an uplink connection, the BTS 120 of the WLL network 100 can transmit data on up to twenty-three slots that are allocated for transmitting data per each frame to the WSU 110. Assuming all of the data is successfully transmitted over the twenty-three time slots, then new data may be transmitted on the twenty-three transmit time slots of the next frame. On the other hand, if not all of the data is successfully transmitted to the BTS 120 because of transmission errors, then that data is retransmitted over the twenty-three transmit time slots in accordance with the DECT retransmission scheme.
The retransmission scheme of a DECT WLL network 100 requires an acknowledgement to be generated by the peer station on a slot-by-slot basis for duplex bearers. Double simplex bearers"" acknowledgements are on a logical bearer number (LBN) basis contained in a MAC-MOD2-ACK message in a reverse bearer. The BTS 120 or the WSU 110 may be the peer station, depending on whether the connection is an uplink or downlink connection. That is, in an uplink connection, the BTS 120 is the peer station, and in a downlink connection, the WSU 110 is the peer station. A xe2x80x9cgoodxe2x80x9d acknowledgement, a request to advance, from the peer device indicates a good transmission and new data should be transmitted in the next frame. On the other hand, a xe2x80x9cbadxe2x80x9d acknowledgement, a request to retransmit, indicates a bad transmission, and thus requires retransmission of data that was not received correctly by the peer station.
In communications systems, particularly real-time in communications systems, it is desirable to have the ability to quickly and efficiently encrypt and decrypt data. Efficient means of encryption and decryption can generally enhance the overall performance of the communications systems. One communications system that employs encryption and decryption is the DECT WLL network 100.
In the WLL network 100, the exchange of data between the WSU 110 and the BTS 120 occurs at very high speeds, and generally involves encryption on the transmitting end and decryption on the receiving end. Data is typically encrypted using a unique cipher key, which is also then required for decryption to recover the original data. A variety of encryption algorithms may be employed in communications systems. For example, in the DECT WLL network 100, encryption of a serial data stream involves generating, based on the cipher key, a key stream sequence of a length same as that of the data stream and then performing an exclusive xe2x80x9cORxe2x80x9d of the data stream with the key stream. And, for decryption of a data stream encrypted in such a manner, the same key stream needs to be generated and exclusive ORed with it to recover the original data. The key stream is generally generated by a key stream generator (KSG) (not shown) in response to a given cipher key.
The WSU 110 of the DECT WLL network 100 encrypts data on a channel by channel basis, where each channel comprises a pair of slots of a DECT frame. The pair of slots are typically 12 slots apart (i.e., slot i and i+12). For a given connection, each channel has a unique cipher key that is assigned to the connection by the BTS 120. For each slot, at least 360 bits are encrypted. So, for a given channel (i.e., a pair of slots), a total of 720 bits are encrypted. Accordingly, to encrypt data for a given channel, the KSG generates a 720 bit random number (i.e., the key stream sequence) based on the cipher key designated for that channel. The first 360 bits of the 720 key stream sequence are utilized to encrypt the bits for slot i, a slot in the first half of the frame. The remaining 360 bits of the 720 key stream sequence are utilized to encrypt the bits for slot i+12, a complementary slot in the second half of the frame. The KSG is generally capable of generating the first 360 bits of the 720 key stream sequence for slot i within the allotted time. However, generating the second 360 bits of the 720 key stream sequence for slot i+12 may be problematic, as the first 360 bits of the 720 key stream sequence generally have to be generated before encryption of the bits for the slot i+12 may begin. Accordingly, the KSG may not be capable of generating the required key stream sequence for encryption within the allotted time before the data in the next slot is ready for encryption.
The present invention is directed to overcoming, or at least reducing the effects of, one or more of the problems set forth above.
In one aspect of the present invention, a method is provided for encrypting a stream of data transmitted within a frame. The method includes determining a first initialization state in a first preselected interval, and determining the first initialization state in a second preselected interval, wherein the second preselected interval is less than the first preselected interval. The method includes generating a key stream in response to determining the first initialization state in the second preselected interval, and encrypting at least one bit of the stream of data with at least one bit of the key stream.
In another aspect of the present invention, an apparatus is provided that includes a generator and first, second, third logic. The first logic is capable of determining a first initialization state in a first preselected interval. The second logic is capable of determining the first initialization state in a second preselected interval, wherein the second preselected interval is less than the first preselected interval. The generator is capable of generating a key stream in response to determining the first initialization state in the second preselected interval. The third logic is capable of encrypting at least one bit of the stream of data with at least one bit of the key stream.