Encrypted voice and data systems are well known. Many of these systems provide secure communication between two or more users by sharing one piece of information between the users, which permits only those users knowing it to properly decrypt the message. This piece of information is known as the encryption key variable, or key for short. Loading this key into the actual encryption device in the secure communication unit is a basic requirement that allows secure communication to occur. To retain security over a long period of time, the keys are changed periodically, typically weekly or monthly.
Encryption is known to be performed on an end-to-end basis within a communication system, i.e., encrypting a message at the originating communication unit (also known as a mobile station), passing it transparently (i.e., without decryption) through any number of channels and/or pieces of infrastructure to the end user's communication unit, which decrypts the message.
The Terrestrial Trunked Radio (TETRA) communication standard is presently utilized in Europe (hereinafter TETRA Standard), with potential for expansion elsewhere. The TETRA Standard calls for air interface, also known as air traffic or over-the-air, encryption. Air interface encryption protects information on the air interface between the infrastructure and the mobile subscriber. The TETRA standard calls for an authentication center, also known as a key management facility or key management center, to generate, distribute, and authenticate encryption keys and users. The TETRA standard does not, however, specify how to implement an authentication center, nor how to generate, distribute, and authenticate key material to system devices or mobile stations for information traversing through the infrastructure or SwMI (Switching and Management Infrastructure), as it is referred to in the TETRA Standard.
The TETRA standard fails to provide definition to minimize burden to call processing and bandwidth, provide encryption and authentication in a manner tolerant to equipment faults, support wide-area communications, and to store keys for all communication units without undue storage burden at local sites.
Accordingly, there is a need for a method and apparatus for providing a secure infrastructure for a communication system that utilizes air interface encryption and generates, distributes, and authenticates encryption keys and users without causing undue burden to call processing, bandwidth, security, and storage.