WO2002028138A1 - User data encryption in satellite networks using gprs/umts network architecture - Google Patents

User data encryption in satellite networks using gprs/umts network architecture Download PDF

Info

Publication number
WO2002028138A1
WO2002028138A1 PCT/NO2001/000389 NO0100389W WO0228138A1 WO 2002028138 A1 WO2002028138 A1 WO 2002028138A1 NO 0100389 W NO0100389 W NO 0100389W WO 0228138 A1 WO0228138 A1 WO 0228138A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
ciphering
gprs
user data
terminals
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/NO2001/000389
Other languages
French (fr)
Inventor
Jarle FJØRTOFT
Tormod Hegdahl
Håvard LØBERG
Tormod Wien
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Telefonaktiebolaget LM Ericsson AB
Original Assignee
Telefonaktiebolaget LM Ericsson AB
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Telefonaktiebolaget LM Ericsson AB filed Critical Telefonaktiebolaget LM Ericsson AB
Priority to AU2001292455A priority Critical patent/AU2001292455A1/en
Publication of WO2002028138A1 publication Critical patent/WO2002028138A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B7/00Radio transmission systems, i.e. using radiation field
    • H04B7/14Relay systems
    • H04B7/15Active relay systems
    • H04B7/185Space-based or airborne stations; Stations for satellite systems
    • H04B7/1853Satellite systems for providing telephony service to a mobile station, i.e. mobile satellite service
    • H04B7/18565Arrangements for preventing unauthorised access or for providing user protection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/033Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B7/00Radio transmission systems, i.e. using radiation field
    • H04B7/14Relay systems
    • H04B7/15Active relay systems
    • H04B7/185Space-based or airborne stations; Stations for satellite systems
    • H04B7/1853Satellite systems for providing telephony service to a mobile station, i.e. mobile satellite service
    • H04B7/18563Arrangements for interconnecting multiple systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/04Large scale networks; Deep hierarchical networks
    • H04W84/06Airborne or Satellite Networks

Definitions

  • the present invention relates to the field of user data confidentiality in satellite networks, particularly satellite networks using GPRS/UMTS network architecture, providing separation of ciphering methods for signalling and user data confidentiality.
  • signalling and user data confidentiality is achieved by exchanging ciphering information between communicating nodes, i.e. user terminals (UT) and SGSN during the attach sequence.
  • communicating nodes i.e. user terminals (UT) and SGSN during the attach sequence.
  • the ciphering solution offered today in a system implemented according the known recommended or standard GPRS/UMTS architecture is one where each terminal runs a separate session towards the network, and where user data exchanged between mobile stations is routed through the network from one mobile station (MS) to the other. Accordingly, each radio leg operates with its own and separate set of keys for the communication between MS and SGSN. These sets of keys are employed for ciphering of signalling information as well as user data, and keys for this purpose are distributed during the normal attach procedure.
  • GPRS/UMTS network architecture itself does not provide separate encryption of signalling and user data, or for distribution of a common set of encryption keys on a per session basis.
  • the scope of encryption in GPRS of today is not end-to-end; only terminal-to-SGSN, and vice versa.
  • end-to-end privacy is required, this leads to the need for additional encryption facilities.
  • Current end-to-end encryption facilities are generally addon options that require a further step of session set-up, which is particularly time consuming, cumbersome and demanding on the user, and which significantly adds complexity to the terminals and their use.
  • An object of the invention is to provide a solution in a telecommunication system with GPRS/UMTS network architecture, preferably a satellite system, for simple end-to-end secure "direct" terminal-to-terminal user data communication.
  • a further object of the present invention is to provide a solution in a telecommunication system with GPRS/UMTS network architecture, preferably a satellite system, for generating and distributing ciphering information for end-to-end secure "direct" terminal- to-terminal user data communication in a simpler way, reducing the overall system complexity and/or operating complexity.
  • GPRS/UMTS network architecture preferably a satellite system
  • a separate set of keys for user data encryption is provided by the GPRS network, and the encryption keys are distributed to the mobile stations during the context activation process.
  • a set of keys is generated per session, and is distributed to the involved parties on the secure signalling channels. The generation of keys is based on a standard GPRS/UMTS ciphering scheme.
  • the UT (user terminal) executes the known GPRS/UMTS attach procedures.
  • the authentication and user identity confidentiality is executed according to standard GPRS/UMTS security functions, and once the attach security procedures have been executed, a secure signalling channel will exist between the SGSN and UT.
  • the UT-to-UT session set-up is executed through two separate MS-SGSN PDP context activation processes, where one is mobile originated (MO) and the other is mobile terminated (MT).
  • the key for end-to-end user data encryption is distributed as part of the context activation process for each of the mobile stations. To facilitate the distribution of the keys, it is preferred that an additional data field is add to the "ActivatePDPContextAccept" message to convey the appropriate ciphering information (such as keys).
  • Fig. 1 illustrates schematically the scope of existing ciphering in known GPRS systems and solutions according to GPRS recommendations and standards.
  • Fig. 2 illustrates an example of part of a known GPRS system implementing the ciphering scope illustrated in fig. 1.
  • communicating GPRS terminals UT-A and UT-B employ different encryption keys, key 1 and key 2, respectively, for control and user data communication with the serving support node (SGSN).
  • the keys are assigned prior to exchange of control data and user data, and GPRS standard ciphering ensure secure information transfer between SGSN and terminals, respectively, via the base station subsystem (BSS).
  • BSS base station subsystem
  • Fig. 3 illustrates an example of a part of a known satellite telecommunication system with GPRS architecture.
  • the satellite operates as a transponder for conveying signals between SGSN and terminals, while the system employs the known ciphering solution illustrated by way of example in fig. 2, only capable of providing the scope of user data ciphering shown in fig. 1.
  • the use of different keys, or ciphering requires user data decryption and encryption at the SGSN level, and does not allow full end-to-end privacy for communication between user terminals.
  • Fig. 4 illustrates illustrates schematically the scope of ciphering of user data in a GPRS telecommunication system using a solution according to the present invention.
  • Fig. 5 illustrates an example of part of a satellite communication system with GPRS architecture employing a ciphering solution according to the present invention, giving an end-to-end ciphering scope as illustrated in fig. 4.
  • the satellite operates as a transceiver for conveying signals between SGSN and terminals, and as a processing and switching centre for user data communication between GPRS user terminals communicating through the same satellite.
  • Fig. 6 shows an example of a call set-up sequence in the exemplary system shown in fig.
  • Fig. 7 illustrates an example of a communication system with GPRS architecture and employing the invention for providing an end-to-end ciphering scope as illustrated in fig. 4 between GPRS terminals being served by different SGSN.
  • the invention provides an additional encryption layer, whereby the user data will be encrypted by the communicating GPRS terminals using a private key known only to a ciphering server (e.g. encryption key server) associated with the SGSN.
  • a ciphering server e.g. encryption key server
  • the ciphering server will operate as a trusted party providing the necessary ciphering information, such as the appropriate algorithm and/or encryption keys ("Key 3"), to the terminals, and may interact with a ciphering application in the GPRS terminals.
  • the terminals have received the required ciphering information, compatible ciphering layers implemented in the terminals performs the ciphering/deciphering functions ensuring secure end-to-end communication between the terminals.
  • End-to-end ciphering according to the invention is particularly useful in a satellite system with GPRS architecture employing a satellite serving as a BSS with on-board processing and switching for user data communicated "directly" between terminals. In the system shown in fig.
  • the method of conveying the ciphering information from the ciphering server to the terminals is illustrated in fig. 6 by way of example for the system shown in fig. 5.
  • the sequence for a UT-to-UT IP-call, presuming that user terminals in the network have fixed IP addresses, is as follows:
  • terminals are assumed to be in the "standby" mode.
  • UT-A initiates a call to UT-B by signalling its intention to set up a call to UT-B by means of an "ActivatePDPContextRequest" message to the SGSN.
  • the SGSN addresses UT-B with a "RequestPDPContextActivation" message.
  • UT-B responds to the SGSN with an "ActivatePDPContextRequest" message.
  • connection set-up between the user terminals is thus handled as two separate MS (in GPRS/UMTS terms) set-ups.
  • the SGSN using Session Manager 2 to handle "direct" UT- to-UT calls, will maintain an association between these two set-ups, identifying the set-up as a UT-to-UT call set-up.
  • the SGSN communicates with the RNC for the assignment of required radio resources and transfers information required to enable "direct" terminal-to-terminal user data communication.
  • the RNC communicates to the satellite the payload set-up information required to establish "direct" terminal-to-terminal communication.
  • the cipher or encryption key server After successful radio resource assignment and satellite payload set-up, the cipher or encryption key server (KeyGen) generates the cipher information to be used for the "direct" terminal-to-terminal user data communication.
  • the cipher information can be an algorithm, an algorithm identifier and/or an encryption key.
  • the SGSN in turn communicates the ciphering information ("Key 3") to the terminals in conjunction with the "ActivatePDPContextAccept" messages, by including the ciphering information as part of the "ActivatePDPContextAccept” message, which is conveyed to the terminals via the secure signalling channel established during the GPRS attach procedure. 8.
  • Terminals enter the GPRS Active state for terminal-to-terminal exchange of user data, encrypting/decrypting the user data by an encryption/decryption function in the terminals using the ciphering information ("Key 3").
  • signalling can be accomplished by the following:
  • the "Key” parameter is added to convey the ciphering information required for end-to-end ciphering (i.e. encryption).
  • the "Key” is the actual encryption key to be used for a particular session, and the algorithm is preselected and/or preprogrammed in the user terminals.
  • the invention allows secure "direct" terminal-to-terminal user data communication without the need for additional steps to authenticate users and to establish additional encrypted communication for exchange and/or distribution of ciphering information.
  • the invention could be extended to an embodiment as illustrated for a land mobile telecommunication system with GPRS architecture, and GPRS terminal- to-terminal secure user data communication for terminals being served by different SGSN.
  • the ciphering servers associated with their respective SGSN generate and communicate, in a secure manner, the information (such as keys) for distribution to user terminals identified in a terminal-to-terminal call set-up.
  • the "ActivatePDPContextAccept" message is adapted to accommodate the ciphering information ('.'key3") for the end-to-end ciphering.
  • the ciphering information provided by the ciphering or encryption key server associated with the SGSN of the MO call set-up, is included as part of the message contents, and distributed to the terminals over the secure signalling channels.
  • RAB Radio Access Bearer
  • RNC Radio Network Controller

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Astronomy & Astrophysics (AREA)
  • Aviation & Aerospace Engineering (AREA)
  • General Physics & Mathematics (AREA)
  • Radio Relay Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A satellite telecommunication system using GPRS/UMTS architecture and adapted to establish a 'direct' terminal-to-terminal user data path for terminals communicating through the same satellite, offers secure end-to-end communication by separate encryption of user data. A ciphering server associated with the SGSN of the terminals generates and provides ciphering information (algorithm, encryption keys). The ciphering information is carried, to the user terminals seeking to communicate, on the secure signalling channels that were established during the attach procedure, preferably embedded in the Activate PDP Context Accept message.

Description

User data encryption in satellite networks using GPRS/UMTS network architecture
Field of the invention.
The present invention relates to the field of user data confidentiality in satellite networks, particularly satellite networks using GPRS/UMTS network architecture, providing separation of ciphering methods for signalling and user data confidentiality.
The problem area.
Within GPRS/UMTS networks, signalling and user data confidentiality is achieved by exchanging ciphering information between communicating nodes, i.e. user terminals (UT) and SGSN during the attach sequence.
In satellite networks using GPRS/UMTS network architecture, and in particular the system with the features disclosed in Norwegian patent application no. 20004647 for providing "direct" terminal-to-terminal usr data communication between terminals communicating via the same satellite, this only applies to signalling. In the system disclosed in Norwegian patent application no. 20004647, user data communication is end- to-end, i.e. a "direct" communication channel exists between the communicating parties, and but methods for handling user data confidentiality are not obtainable.
The ciphering solution offered today in a system implemented according the known recommended or standard GPRS/UMTS architecture is one where each terminal runs a separate session towards the network, and where user data exchanged between mobile stations is routed through the network from one mobile station (MS) to the other. Accordingly, each radio leg operates with its own and separate set of keys for the communication between MS and SGSN. These sets of keys are employed for ciphering of signalling information as well as user data, and keys for this purpose are distributed during the normal attach procedure.
Known solutions and problems with these.
Today, GPRS/UMTS network architecture itself does not provide separate encryption of signalling and user data, or for distribution of a common set of encryption keys on a per session basis. Also, the scope of encryption in GPRS of today is not end-to-end; only terminal-to-SGSN, and vice versa. Hence, where end-to-end privacy is required, this leads to the need for additional encryption facilities. Current end-to-end encryption facilities are generally addon options that require a further step of session set-up, which is particularly time consuming, cumbersome and demanding on the user, and which significantly adds complexity to the terminals and their use.
The objects of the invention
An object of the invention is to provide a solution in a telecommunication system with GPRS/UMTS network architecture, preferably a satellite system, for simple end-to-end secure "direct" terminal-to-terminal user data communication.
A further object of the present invention is to provide a solution in a telecommunication system with GPRS/UMTS network architecture, preferably a satellite system, for generating and distributing ciphering information for end-to-end secure "direct" terminal- to-terminal user data communication in a simpler way, reducing the overall system complexity and/or operating complexity.
It is yet another object of the present invention to provide a solution in a telecommunication system with GPRS/UMTS network architecture, preferably a satellite system, for a faster and resource saving establishment of end-to-end secure "direct" terminal-to-terminal user data communication.
Brief disclosure of the invention
The above objects are met by the present invention providing a system and method according to the accompanying independent patent claims 1 and 5. Other advantageous features of the invention are recited in the accompanying dependent patent claims 2 - 4 and 6 - 8.
To provide user data confidentiality in the case of mobile-to-mobile communication by the same BSS (Base Station Subsystem), and in particular in the case where the mobile stations communicate by the same satellite BSS, a separate set of keys for user data encryption is provided by the GPRS network, and the encryption keys are distributed to the mobile stations during the context activation process. A set of keys is generated per session, and is distributed to the involved parties on the secure signalling channels. The generation of keys is based on a standard GPRS/UMTS ciphering scheme.
By the present invention, the following solution is proposed:
To be registered as an available terminal, the UT (user terminal) executes the known GPRS/UMTS attach procedures. The authentication and user identity confidentiality is executed according to standard GPRS/UMTS security functions, and once the attach security procedures have been executed, a secure signalling channel will exist between the SGSN and UT. The UT-to-UT session set-up is executed through two separate MS-SGSN PDP context activation processes, where one is mobile originated (MO) and the other is mobile terminated (MT). The key for end-to-end user data encryption is distributed as part of the context activation process for each of the mobile stations. To facilitate the distribution of the keys, it is preferred that an additional data field is add to the "ActivatePDPContextAccept" message to convey the appropriate ciphering information (such as keys).
Brief description of the drawings.
Fig. 1 illustrates schematically the scope of existing ciphering in known GPRS systems and solutions according to GPRS recommendations and standards.
Fig. 2 illustrates an example of part of a known GPRS system implementing the ciphering scope illustrated in fig. 1. In the example shown, communicating GPRS terminals UT-A and UT-B employ different encryption keys, key 1 and key 2, respectively, for control and user data communication with the serving support node (SGSN). The keys are assigned prior to exchange of control data and user data, and GPRS standard ciphering ensure secure information transfer between SGSN and terminals, respectively, via the base station subsystem (BSS).
Fig. 3 illustrates an example of a part of a known satellite telecommunication system with GPRS architecture. The satellite operates as a transponder for conveying signals between SGSN and terminals, while the system employs the known ciphering solution illustrated by way of example in fig. 2, only capable of providing the scope of user data ciphering shown in fig. 1. The use of different keys, or ciphering, requires user data decryption and encryption at the SGSN level, and does not allow full end-to-end privacy for communication between user terminals. Fig. 4 illustrates illustrates schematically the scope of ciphering of user data in a GPRS telecommunication system using a solution according to the present invention.
Fig. 5 illustrates an example of part of a satellite communication system with GPRS architecture employing a ciphering solution according to the present invention, giving an end-to-end ciphering scope as illustrated in fig. 4. In this example, the satellite operates as a transceiver for conveying signals between SGSN and terminals, and as a processing and switching centre for user data communication between GPRS user terminals communicating through the same satellite.
Fig. 6 shows an example of a call set-up sequence in the exemplary system shown in fig.
5.
Fig. 7 illustrates an example of a communication system with GPRS architecture and employing the invention for providing an end-to-end ciphering scope as illustrated in fig. 4 between GPRS terminals being served by different SGSN.
Detailed description of embodiments.
With reference to the accompanying drawings, and by way of example, the invention will now be described in more detail.
With reference to fig. 5, an example of a satellite telecommunication system is shown, where two communicating GPRS terminals, denoted UT-A and UT-B, respectively, are allowed to operate with end-to-end ciphering of user data communication. For user data to be communicated in a secure way, the invention provides an additional encryption layer, whereby the user data will be encrypted by the communicating GPRS terminals using a private key known only to a ciphering server (e.g. encryption key server) associated with the SGSN. Accordingly, in this example, the ciphering server (KeyGen) will operate as a trusted party providing the necessary ciphering information, such as the appropriate algorithm and/or encryption keys ("Key 3"), to the terminals, and may interact with a ciphering application in the GPRS terminals. When the terminals have received the required ciphering information, compatible ciphering layers implemented in the terminals performs the ciphering/deciphering functions ensuring secure end-to-end communication between the terminals. End-to-end ciphering according to the invention is particularly useful in a satellite system with GPRS architecture employing a satellite serving as a BSS with on-board processing and switching for user data communicated "directly" between terminals. In the system shown in fig. 5, only control information is communicated between the UT and SGSN using standard GPRS ciphering. User data, on the other hand, are not communicated through the SGSN, and, hence, user data are not ciphered according to standard GPRS ciphering. Instead, user data is ciphered on basis of the ciphering information provided by the ciphering or encryption key server, thus ensuring complete user data privacy for the terminal users.
The method of conveying the ciphering information from the ciphering server to the terminals is illustrated in fig. 6 by way of example for the system shown in fig. 5. The sequence for a UT-to-UT IP-call, presuming that user terminals in the network have fixed IP addresses, is as follows:
1. Initially, terminals are assumed to be in the "standby" mode.
2. UT-A initiates a call to UT-B by signalling its intention to set up a call to UT-B by means of an "ActivatePDPContextRequest" message to the SGSN. 3. The SGSN addresses UT-B with a "RequestPDPContextActivation" message.
4. UT-B responds to the SGSN with an "ActivatePDPContextRequest" message.
The connection set-up between the user terminals is thus handled as two separate MS (in GPRS/UMTS terms) set-ups. The SGSN, using Session Manager 2 to handle "direct" UT- to-UT calls, will maintain an association between these two set-ups, identifying the set-up as a UT-to-UT call set-up.
5. The SGSN communicates with the RNC for the assignment of required radio resources and transfers information required to enable "direct" terminal-to-terminal user data communication.
6. The RNC communicates to the satellite the payload set-up information required to establish "direct" terminal-to-terminal communication.
7. After successful radio resource assignment and satellite payload set-up, the cipher or encryption key server (KeyGen) generates the cipher information to be used for the "direct" terminal-to-terminal user data communication. The cipher information can be an algorithm, an algorithm identifier and/or an encryption key. The SGSN in turn communicates the ciphering information ("Key 3") to the terminals in conjunction with the "ActivatePDPContextAccept" messages, by including the ciphering information as part of the "ActivatePDPContextAccept" message, which is conveyed to the terminals via the secure signalling channel established during the GPRS attach procedure. 8. Terminals enter the GPRS Active state for terminal-to-terminal exchange of user data, encrypting/decrypting the user data by an encryption/decryption function in the terminals using the ciphering information ("Key 3"). In an implementation of the sequence example above, signalling can be accomplished by the following:
SIGNAL ActivatePDPContextRequest
( NSAPI,
Tl,
PDPType, PDPAddress, AccessPointName, QoSRequested, PDPConfigOptions
);
SIGNAL RequestPDPContextActivation (
Tl,
PDPType,
PDPAddress,
);
SIGNAL ActivatePDPContextAccept
( PDPType,
PDPAddress, Tl,
QoSNegotiated,
RadioPriority,
PDPConfigOptions,
Key );
In the " SIGNAL ActivatePDPContextAccept", the "Key" parameter is added to convey the ciphering information required for end-to-end ciphering (i.e. encryption). Preferably, to simplify the system, the "Key" is the actual encryption key to be used for a particular session, and the algorithm is preselected and/or preprogrammed in the user terminals.
Advantages.
By carrying the ciphering in the "ActivatePDPContextAccept" message which is communicated through the secure signalling channels established during the user terminal attach stage, the invention allows secure "direct" terminal-to-terminal user data communication without the need for additional steps to authenticate users and to establish additional encrypted communication for exchange and/or distribution of ciphering information.
The elimination of additional steps to authenticate users and to establish additional encrypted communication for exchange and/or distribution of ciphering information significantly reduces the time it takes to set up an end-to-end encrypted terminal-to- terminal call.
By including the ciphering information in the "ActivatePDPContextAccept" message, the modifications to the known GPRS system is kept at a minimum while security is maintained.
Broadening.
With reference to fig. 1, the invention could be extended to an embodiment as illustrated for a land mobile telecommunication system with GPRS architecture, and GPRS terminal- to-terminal secure user data communication for terminals being served by different SGSN. The ciphering servers associated with their respective SGSN, generate and communicate, in a secure manner, the information (such as keys) for distribution to user terminals identified in a terminal-to-terminal call set-up. As in the previously described examples, the "ActivatePDPContextAccept" message is adapted to accommodate the ciphering information ('.'key3") for the end-to-end ciphering. At the point in the call set-up sequence when the "ActivatePDPContextAccept" messages is to be conveyed to the terminals, the ciphering information, provided by the ciphering or encryption key server associated with the SGSN of the MO call set-up, is included as part of the message contents, and distributed to the terminals over the secure signalling channels. ABBREVIATION/TECHNICAL TERMS
GPRS General Packet Radio Service HLR Home Location Register IP Internet Protocol MO Mobile Originated
MS Mobile Station (= User Terminal)
MT Mobile Terminated
NCC Network Control Centre NSAPI Network Service Access Point Identifier
PDP Packet Data Protocol
QoSNegotiated Quality of Service profile negotiated
QoSRequested Quality of Service profile requested
RAB Radio Access Bearer RNC Radio Network Controller
RR Radio Resources
Satellite-PL Satellite Payload
SGSN Serving GPRS Support Node
SM Session Manager SM2 Session Manager 2
UMTS Universal Mobile Telecommunication System
UT User Terminal
VC Virtual Connection
"VPI VCI Virtual Path/Virtual Connection Identifiers

Claims

P a t e n t c l a i m s
1.
A satellite telecommunication system using GPRS/UMTS architecture and adapted to establish a "direct" terminal-to-terminal user data path for terminals communicating through the same satellite, the system offering secure end-to-end communication by separate encryption of user data, characterised in a ciphering server associated with the SGSN of the terminals, the ciphering server generating and/or providing ciphering information for end-to-end user data, and that the ciphering information is carried, to user terminals seeking to communicate, on the secure signalling channels that were established during the attach procedure.
2.
The satellite telecommunication system of claim 1, characterised in that the ciphering information, when conveyed to a terminal, is embedded in the Activate PDP Context Accept message.
3.
The satellite telecommunication system of claim lor2, characterised in that the ciphering information embedded in the Activate PDP Context Accept message is held in a separate data field.
4.
The satellite telecommunication system of any of the previous claims, characterised in that the ciphering information comprises a ciphering algorithm and/or a ciphering algorithm identifier and/or an encryption key.
5.
A method for allowing end-to-end user data encryption between GPRS user terminals in a satellite telecommunication system using GPRS/UMTS architecture and adapted to establish a "direct" terminal-to-terminal user data path for terminals communicating through the same satellite, comprising the steps of: establishing a secure signalling channel for each GPRS user terminal attached to the system through the GPRS terminal attach procedure, requesting a call set-up from a first GPRS user terminal to a second GPRS user terminal by exchange of GPRS PDP context activation messages between the terminals and the
SGSN, identifying the requested call set-up as a terminal-to-terminal call set-up, performing radio bearer allocation and satellite payload set-up to enable user data transfer between a user terminal uplink and a user terminal downlink side of the satellite, characteri sed in generating, by a ciphering server means associated with the SGSN, ciphering information for the terminal-to-terminal call set-up, embedding the ciphering information in a respective Activate PDP Context Accept . messages for each terminal of the requested terminal-to-terminal call set-up, and transferring from the SGSN to each user terminal, on the associated secure signalling channel, the respective Activate PDP Context Accept message with the embedded ciphering information, whereby user data is encrypted/decrypted in the user terminals by an encryption/decryption means using the ciphering information when the communicating user terminals upon entering a GPRS Active state.
6.
The method of claim 5, characterised in that the ciphering information, when conveyed to a terminal, is embedded in the Activate PDP Context Accept message.
7. The method of claim 5 or 6, characterised in that the ciphering information embedded in the Activate PDP Context Accept message is held in a separate data field.
8.
The method of claims 5, 6 or 7, characterised in that the ciphering information comprises a ciphering algorithm and/or a ciphering algorithm identifier and/or an encryption key.
PCT/NO2001/000389 2000-09-27 2001-09-24 User data encryption in satellite networks using gprs/umts network architecture Ceased WO2002028138A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2001292455A AU2001292455A1 (en) 2000-09-27 2001-09-24 User data encryption in satellite networks using gprs/umts network architecture

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
NO20004852 2000-09-27
NO20004852A NO313779B1 (en) 2000-09-27 2000-09-27 Encryption of user data in satellite networks with GPRS / UMTS architecture

Publications (1)

Publication Number Publication Date
WO2002028138A1 true WO2002028138A1 (en) 2002-04-04

Family

ID=19911622

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/NO2001/000389 Ceased WO2002028138A1 (en) 2000-09-27 2001-09-24 User data encryption in satellite networks using gprs/umts network architecture

Country Status (3)

Country Link
AU (1) AU2001292455A1 (en)
NO (1) NO313779B1 (en)
WO (1) WO2002028138A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2741465A1 (en) * 2012-12-04 2014-06-11 Orange Method and device for managing secure communications in dynamic network environments

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0884917A1 (en) * 1997-05-21 1998-12-16 Alcatel Method for permitting a encrypted direct communication between two terminals of a radio mobile network and corresponding circuit arrangements for the station and terminal
WO2001028266A1 (en) * 1999-10-12 2001-04-19 Taskin Sakarya Direct communication and localisation of mobile end equipment and emergency handling

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0884917A1 (en) * 1997-05-21 1998-12-16 Alcatel Method for permitting a encrypted direct communication between two terminals of a radio mobile network and corresponding circuit arrangements for the station and terminal
WO2001028266A1 (en) * 1999-10-12 2001-04-19 Taskin Sakarya Direct communication and localisation of mobile end equipment and emergency handling

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
"DIGITAL CELLULAR TELECOMMUNICATIONS SYSTEM (PHASE 2+) GENERAL PACKET RADIO SERVICE (GPRS) GPRS CIPHERING ALGORITHM REQUIREMENTS", TS 101 106 V6.0.1, XX, XX, 1 July 1998 (1998-07-01), XX, pages 05/06, XP002905401 *
"DIGITAL CELLULAR TELECOMMUNICATIONS SYSTEM (PHASE 2+) GENERAL PACKET RADIO SERVICE (GPRS) SERVICE DESCRIPTION; STAGE 2", ETSI EN 301 344 V7.3.1, XX, XX, 1 July 2000 (2000-07-01), XX, pages 41 - 44 + 60, XP002949459 *
"ETSI TS 133 102 V3.3.1", ETSI TS 133 102 V3.3.1, XX, XX, 1 January 2000 (2000-01-01), XX, pages 33 - 37, XP002949460 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2741465A1 (en) * 2012-12-04 2014-06-11 Orange Method and device for managing secure communications in dynamic network environments

Also Published As

Publication number Publication date
AU2001292455A1 (en) 2002-04-08
NO313779B1 (en) 2002-11-25
NO20004852D0 (en) 2000-09-27
NO20004852L (en) 2002-04-02

Similar Documents

Publication Publication Date Title
EP0824813B1 (en) Improving security of packet-mode transmission in a mobile communication system
EP2070291B1 (en) Systems and methods for key management for wireless communications systems
US5410602A (en) Method for key management of point-to-point communications
US6141533A (en) Method and apparatus for a mobile repeater
CN1115925C (en) Method for controlling connections to mobile station
KR101078615B1 (en) Encryption in a wireless telecommunications
US20030031322A1 (en) Method for conveying encryption information to parties in a multicast group
US7079656B1 (en) Method and communications system for ciphering information for a radio transmission and for authenticating subscribers
JP2006271010A (en) Method for cryptographic processing of data transmission and cellular radio system using the method
MX2007012852A (en) Session key management for public wireless lan supporting multiple virtual operators .
KR20070073343A (en) Method and apparatus for transmitting session setting protocol data of idle mode terminal in mobile communication IMS system
EP3094058B1 (en) Participation of an intermediary network device between a security gateway communication and a base station
US20020056001A1 (en) Communication security system
FI105385B (en) A method for setting connection encryption in a radio system
WO2006094087A2 (en) A wireless communication system and method
EP1303968A2 (en) System and method for secure mobile communication
JP2002152190A (en) Method for distributing cipher key through overlay data network
CN101166177B (en) A method and system for initialization signaling transmission at non access layer
WO2005006790A1 (en) Method for registering broadcast/multicast service in a high-rate packet data system
CN100388659C (en) Device, system and method for realizing encrypted communication between heterogeneous networks
WO2002028138A1 (en) User data encryption in satellite networks using gprs/umts network architecture
EP3454583B1 (en) Network connection method, and secure node determination method and device
KR101002829B1 (en) How to Protect Service Data in Multimedia Broadcasting Multicast Service System
Xenakis et al. A secure mobile VPN scheme for UMTS
WO2007075068A1 (en) Method for authentication between ue and network in wireless communication system

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PH PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP