Systems and methods for distributing and managing batch keys for wireless communication systems

FIELD: information technology.

SUBSTANCE: method of transmitting data valid in an access terminal comprises the following steps: maintaining a list of an active set of access nodes; obtaining a temporary single-address key for each access node in the active set; creating a batch key for the active set; encrypting the batch key using the temporary single-address key for any access node from the active set; and sending the encrypted batch key to the corresponding access node using the temporary single-address key for which it was encrypted.

EFFECT: high security.

61 cl, 20 dwg

 

The technical field

Various aspects relate to wireless communication systems. At least one aspect relates to a system and method for distributing and managing group keys for the protection of broadcast messages.

The level of technology

Wireless networks enable communication devices to transmit and/or receive information while on the move. These wireless networks can be connected with the possibility of communication with other public or private networks, to provide the ability to transmit information to the mobile terminal access to and from it. Such networks typically include multiple access nodes (e.g. base stations), which provide a line of wireless terminals access (for example, mobile communication devices, mobile phones, wireless user terminals). The access nodes may be stationary (e.g., placed on the ground) or mobile (e.g., installed on satellites and so on) and can be positioned to provide a wide coverage area, when the access terminal moves to a different service areas.

In the centralized wireless network systems of the prior art centralized network controller functions as in reviewsgo to authenticate the subscriber, establishing a connection and transmitting the communication from the first access node to the second access node. Network controller typically manages multiple access nodes that provide service to one or more access terminals. When between access nodes is transmitted to the service, the access terminal supports a unique security keys with respect to each access node with which it communicates. Therefore, it may be necessary additional essential signaling from the access terminal to ensure secure communication with each access node.

To provide greater flexibility, can be applied to decentralized or distributed network wireless communication system where a centralized network controller either excluded, or its role in the management of the relationship decreases. However, such decentralized architecture of wireless networks are susceptible to certain threats. For example, the access terminal may send a broadcast message, such as message of the radio interface to all access nodes in the active set of access nodes. However, an attacker can impersonate a broadcast message and send the access nodes fake message, but the access nodes are not able to verify the accuracy or authenticity of the sender of such shirokoveschatel the message, creating a security risk.

Moreover, with a reduced role or exception centralized network controller in the distribution network of the wireless communication system reliable transmission connection from one access node to another may create security risks.

In connection with the above-discussed deficiencies of the prior art the recipient of the broadcast message must be able to authenticate the broadcast message, and the supporting access node must be able to verify that the requesting node is currently a full member of the active set. Therefore, you need a way that provides the scheme of distribution managing group keys, where the group key shared between the access terminal and the access nodes in the active set for encryption/authentication of broadcast messages and transit messages between access nodes in the active set. In other words, you need a way that allows the access terminal to transmit one copy of the message, where only group members can decrypt and understand the message.

The INVENTION

One element provides a system and method for creation, distribution and management of group key between the access terminal (e.g., mobile terminal, the wireless user terminal and so on) and one or more access nodes (e.g., base stations and so on) in the active set associated with the access terminal. In particular, for terminal access method to securely deliver the group key to one or more access nodes. The group key by the access terminal can be formed and distributed to the access nodes in its active set. A new group key can be generated and distributed each time the access node is removed from the active set reliable access nodes associated with the access terminal.

Given the access terminal that contains the communication interface and the processor. The communication interface may be configured to communicate with at least one access node. The processor may be configured to (a) maintain the list of active set of access nodes, (b) obtaining a temporary unicast key for each access node in the active set, (c) forming a first group key to the active set, (d) encryption of the first group key using the first temporary unicast key for the first access node in the active set, and/or (e) sending the encrypted first group key to the first access node. The processor may additionally be configured with the opportunity to: (a) encryption of the first group key with polosukhin temporary unicast keys for other access nodes in the active set, and/or (b) send each of the encrypted first group of keys corresponding to the access node via a temporary unicast key which it was encrypted. Each of the temporary unicast keys can be paired temporary unicast key known to the access terminal and the corresponding access node. The processor may additionally be configured with the ability to send multicast messages, encrypted and/or signed by the first group key.

The processor may additionally be configured with the opportunity to: (a) scan for available access nodes via a communications interface, (b) adding one or more access nodes in the active set of access nodes, when they are identified, and/or (c) the establishment of a unique temporary unicast keys with each of the access nodes, when they are added to the active set.

The processor may additionally be configured with the opportunity to: (a) replace the first group of the second key group key when the access node is removed from the active set; and/or (b) the distribution of the encrypted version of the second group key to access nodes in the active set, where the encrypted version of the second group key is encrypted using the temporary unicast keys for each access node in the active set.

The processor on the additional can be configured with the opportunity to: (a) select the access node from the active set as the current serving access node for wireless communication services through a communications interface, where wireless connectivity to the access terminal and it goes through the serving access node, (b) determine whether another access node in the active set to provide the best wireless service than the current serving access node, and/or (c) switching communication services from the current serving access node to a new serving access node, if the new serving access node provides the best wireless services than the current serving access node.

Also provided a method, operating on the access terminal. A list of the currently active set of access nodes supported by the access terminal. The access terminal may receive a temporary unicast key for each access node in the active set and to form a first group key to the active set. The first group key may be encrypted using the first temporary unicast key for the first access node in the active set, and the encrypted first group key is sent by the access terminal to the first access node. The method may further comprise sending multicast messages encrypted/signed by the first group key.

The method may further comprise: (a) encrypting the first group key with other temporary unicast keys for other nodes on the stupa in the active set; and/or b) sending each of the encrypted first group of keys corresponding to the access node via a temporary unicast key which it was encrypted.

The method may further comprise: (a) scanning for available access nodes, (b) adding one or more access nodes in the active set of access nodes, when they are identified, and/or (c) the establishment of a unique temporary unicast keys with each of the access nodes, when they are added to the active set.

The method may further comprise: (a) replacement of the first group of the second key group key when the access node is removed from the active set, and/or (b) the distribution of the encrypted version of the second group key to access nodes in the active set, where the encrypted version of the second group key is encrypted using the temporary unicast keys for each access node in the active set.

The method may further comprise: (a) the selection of the access node from the active set as the current serving access node for wireless services, where the wireless link to the access terminal and it goes through the serving access node, (b) determining whether another access node in the active set to provide the best wireless service than the current serving node access is, and/or (c) service switching communication with the current serving access node to a new serving access node, if the new serving access node provides the best wireless services than the current serving access node.

The result is provided to the access terminal, comprising: (a) a means for maintaining a list of active set of access nodes, (b) means for obtaining a temporary unicast key for each access node in the active set, (C) means for forming a first group key to the active set, (d) means for encrypting the first group key using the first temporary unicast key for the first access node in the active set, and/or (e) a means for sending the encrypted first group key to the first access node.

The access terminal may further comprise: (a) means for encrypting the first group key with other temporary unicast keys for other access nodes in the active set, and/or (b) a means for sending each of the encrypted first group of keys corresponding to the access node via a temporary unicast key which it was encrypted.

The access terminal may further comprise (a) means for scanning for available access nodes, (b) means for adding one or is escolca access nodes in the active set of access nodes, when they are identified, and/or (c) a means for establishing a unique temporary unicast keys with each of the access nodes, when they are added to the active set.

The access terminal may further comprise: (a) means for replacing the first group of the second key group key when the access node is removed from the active set; and/or (b) a means for distributing the encrypted version of the second group key to access nodes in the active set, where the encrypted version of the second group key is encrypted using the temporary unicast keys for each access node in the active set.

The access terminal and/or the method operating on the access terminal may also be implemented in software and/or the processor or processing circuit.

Also provides access node containing a wireless interface and a processing circuit. The wireless interface may be adapted to communicate with at least one access terminal. The processing circuit may be configured with option (a) forming a temporary unicast key, (b) send a temporary unicast key to the access terminal for connection of the active set of access nodes for the access terminal, and/or (c) receive a group key associated with the active set of nodes is the access to the access terminal. The access node may further comprise a network communication interface for communication with other access nodes, where the forwarded broadcast message is sent on the network interface connection. The processing circuitry may optionally be configured with the ability to authenticate itself to the supporting access node using the group key.

The processing circuitry may optionally be configured with the opportunity to: (a) receive broadcast messages from the access terminal, which is encrypted group key, (b) decrypt the broadcast message using the group key, and/or (c) redirection broadcast message to other access nodes in the active set of access nodes for the access terminal.

The processing circuitry may optionally be configured with the opportunity to: (a) receive broadcast messages from the access terminal, which is signed by the group key; and/or (b) authentication broadcast message using the group key.

The processing circuitry may optionally be configured with the opportunity to: (a) organization of wireless service from the access terminal through the wireless interface to operate as a first serving access node for routing communications to the access terminal and the him, (b) receiving a request from the access terminal to the transmission service wireless service to a second service access node (c) termination of wireless services with the access terminal, and/or (d) tunnel is established, the data with the supporting access node for the access terminal via the network communication interface.

Also provided a method, operating on the access node. Temporary unicast key is generated and sent to the access terminal for connection of the active set of access nodes for the access terminal. Accepted the group key associated with the active set of access nodes for the access terminal.

From the access terminal can be received broadcast message, where the broadcast message is encrypted with the group key. Then the broadcast message can be decrypted using the group key. The broadcast message may be routed to other access nodes in the active set of access nodes for the access terminal.

In an alternative method, a broadcast message is received from the access terminal, where the broadcast message is signed by the group key. Then the broadcast message can be authenticated using the group key.

The method may further comprise (a) the organization is enhanced by the wireless communication with the access terminal via the wireless interface, to work as the first serving access node for routing communications to the access terminal and (b) receiving a request from the access terminal to the transmission service wireless service to a second service access node (c) termination of the services, wireless communication with the access terminal, and/or (d) the establishment of the tunnel data with the supporting access node for the access terminal via a network interface connection. The access node can authenticate itself to the supporting access node using the group key.

Provides the access node comprising: (a) means for forming a temporary unicast key (b) means for sending a temporary unicast key to the access terminal via the wireless interface to attach the active set of access nodes for the access terminal, (c) means for receiving a group key associated with the active set of access nodes for the access terminal, and/or (d) a means for organizing services wireless communication with the access terminal to operate as the first serving access node for routing communications to the access terminal and from him.

Moreover, the access node may further comprise: (a) means for receiving multicast messages from the access terminal, which is encrypted with the group key is m, (b) means for decrypting the multicast message using the group key, and/or (c) a means for forwarding the multicast message to other access nodes in the active set of access nodes for the access terminal.

The access node may further comprise: (a) means for receiving a request from the access terminal to the transmission service wireless service to a second service access node; and/or (b) a means for termination of wireless services with the access terminal.

The access node and/or the method of operating the access node can also be implemented in software and/or the processor or processing circuit.

BRIEF DESCRIPTION of DRAWINGS

Signs, the nature and advantages of these items may become apparent from the following detailed description, considered in conjunction with the drawings in which the same item numbers identify corresponding objects throughout the document.

Fig. 1 illustrates a wireless communications system, which can be implemented distribution and/or management of group keys for protecting multicast messages.

Fig. 2 illustrates an alternative configuration of the wireless communication system of Fig. 1.

Fig. 3 (containing Fig. 3A, 3B, 3C and 3D) - block-scheme of the algorithm, illustrating one in the EP system operations wireless communication with the distribution and management of group keys for protecting multicast messages.

Fig. 4 illustrates a diagram of the distribution of group keys that can be used to authenticate multicast message and checks that the requesting access node currently is a member of the active set.

Fig. 5 is a block diagram illustrating an access terminal, configured to perform the allocation and management of group keys for protecting multicast messages.

Fig. 6 is a block diagram of an algorithm illustrating a method of operating the access terminal to add the access node in the active set of access nodes.

Fig. 7 is a block diagram of an algorithm illustrating a method of operating the access terminal to remove the access node from the active set of access nodes and replace the group key.

Fig. 8 is a block diagram of an algorithm illustrating a method of operating the access terminal for transmission of multicast messages to the active set of access nodes.

Fig. 9 is a block diagram of an algorithm illustrating a method of operating the access terminal to transition from the first serving access node to a second or new serving access node.

Fig. 10 is a block diagram of an algorithm illustrating a method, operating on the access terminal to facilitate the secure distribution of multicast messages from the terminology is Ala access to one or more access nodes.

Fig. 11 is a block diagram illustrating an access node configured to facilitate distribution and/or management of group keys.

Fig. 12 is a block diagram of an algorithm illustrating a method of operating the access node to join the active set of access nodes associated with the access terminal.

Fig. 13 is a block diagram of an algorithm illustrating a method of operating the access node to replace the group key for the active set associated with the access terminal.

Fig. 14 is a block diagram of an algorithm illustrating a method of operating the access node to receive and decrypt the multicast messages from the access terminal.

Fig. 15 is a block diagram of an algorithm illustrating a method of operating in the current serving access point to facilitate the safe transfer of telecommunications services to the new service access node.

Fig. 16 is a block diagram of an algorithm illustrating a method operating in the supporting access node to facilitate safe redirection of communication other service access nodes for a particular access terminal.

Fig. 17 is a block diagram of an algorithm illustrating a method of operating the access node to facilitate the secure distribution of multicast messages from the access terminal to dnamail multiple access nodes.

DETAILED DESCRIPTION

In the following description provides specific details to ensure a comprehensive understanding of the embodiments. However, ordinary skilled in the art it will be clear that the options for implementation may be implemented without these specific details. For example, circuits may be shown in block diagrams in order not to complicate the understanding of embodiments with unnecessary detail. In other instances, well-known circuits, structures and techniques may be shown in detail in order not to impede the understanding of the embodiments.

Also note that the options for implementation may be described as a process that is depicted in the flowchart of algorithm, flow diagrams, structural diagrams or flowcharts. Although the block diagram of the algorithm may describe the operations as a sequential process, many operations can be executed in parallel or simultaneously. Moreover, the order of operations can be interchanged. The process stops when the end of its operations. A process may correspond to a method, function, procedure, standard, routine, subroutine, etc. When the process corresponds to a function, its completion corresponds to the function return to the calling function or the main function.

Also, is the eh information may represent one or more devices for storing data, including a persistent storage device (ROM), random access memory (RAM), storage media, magnetic disks, optical storage media, flash memory and/or other machine readable mediums for storing information. The term "machine-readable medium" includes, but without limitation, portable or fixed storage devices, optical storage devices, wireless channels and various other media, allowing for the storage, maintenance or moving commands (teams) and/or data.

In addition, options for implementation may be implemented using hardware, software), firmware, middleware, microcode, or any combination thereof. Being implemented in software, firmware, middleware or microcode, program code or code segments to perform the necessary tasks may be stored on a machine-readable medium such as storage medium or other storage device (s). The processor can perform the necessary tasks. The code segment may represent a procedure, a function, a subprogram, a program, a procedure, a standard subroutine, a module, a software package, class, or any combination of com is nd, data structures or operators of programs. The code segment can be associated with another code segment or a hardware circuit through the transmission and/or reception of information, data, arguments, parameters, or memory contents. Information, arguments, parameters, data, etc. can be sent, forwarded or transmitted through any suitable means, including shared memory, message transmission, relay transmission, network transmission, etc.

Various explanatory logical blocks, modules, circuits, elements and/or components described with reference to the examples disclosed in this document, may be implemented or performed with a generic processor, digital signal processor (DSP), a specialized integrated circuit (ASIC), programmable gate array (FPGA) or other programmable logic component, circuit, discrete components or transistor logic, discrete hardware components, or any combination thereof designed to perform the functions described in this document. Universal processor may be a microprocessor, but in an alternative embodiment, the processor may be any conventional processor, controller, microcontroller, or state machine. The processor may also be implemented as a combination of acyclically components, for example, the combination of a DSP and a microprocessor, a number of microprocessors, one or more microprocessors in conjunction with a DSP core, or any other such configuration.

The methods or algorithms described in relation to those disclosed in this document, the examples can be implemented directly in hardware, software module, executable by the processor, or combination of both, in the form of a processing module, software commands or other instructions and can be contained on a single device or distributed across multiple devices. A software module may reside in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, removable disk, a CD-ROM or any other form of storage medium known in the art. The storage medium may be connected to the processor so that the processor can read information from and write information on the information carrier. Alternatively, the storage medium may be integral with the processor.

In the wireless access network can be used to connect any number of terminals accessing a wide area network (WAN)such as the Internet or the public switched telephone network (PSTN). The access network is typically implemented using several number of main telephone is stationary access nodes, located on the geographic area. The geographical area is usually divided into cells. Each access node configured to provide access points to the WAN for access terminals in a cell. The term "access network" may refer to a set of access nodes (AN), which may communicate one or more access terminals (e.g., wired or wireless). Network access can move data packets between multiple access terminals (AT). Network access can additionally be connected with the possibility of additional networks outside the access network, for example, a corporate intranet or the Internet, and can move data packets between each access terminal and external networks.

Methods of transmission described in this document can also be used for various wireless communication systems, for example for a system of multiple access code division multiple access (CDMA)systems, multiple access with time division multiplexing (TDMA)systems, multiple access channel separation frequency (FDMA)systems, multiple access orthogonal frequency division multiplexing (OFDMA), FDMA system with single-carrier (SC-FDMA), and so on. The system uses OFDMA multiplexing orthogonal frequency division multiplexing (OFD), which is a modulation technique that divides the entire bandwidth of the system into multiple (K) orthogonal subcarriers. These subcarriers (SC) are also called tones, signal elements, and so forth. With each OFDM subcarriers can be independently modulated with data. System SC-FDMA can use interleaved FDMA (IFDMA) for transmission on subcarriers that are distributed across the bandwidth of the system, localized FDMA (LFDMA) for transmission to the block adjacent subcarriers or advanced FDMA (EFDMA) to transfer multiple blocks of adjacent subcarriers. In General, the modulation symbols are sent using OFDM in the frequency domain and using SC-FDMA in the time domain.

When used in this document, the access node may be a fixed station used for communicating with the access terminal, and may also be called, and may include some or all of the functionality of a base station, Node b or some other terminology. The access terminal may also be called, and may include some or all of the functionality of the user equipment (UE)of a wireless communication device, terminal, mobile terminal, mobile station, mobile phone or some other terminology. The terms "broadcast" and "broadcast" can use the be used interchangeably to refer to the transfer of one-to-many. Meanwhile, the term "unicast" can refer to the target transmission intended recipient, even if such transfer takes place through the intermediary of a relay.

One feature provides a system and method for creation, distribution and management of group key between the access terminal (e.g., mobile terminal, wireless user terminal and so on) and one or more access nodes (e.g., base stations, etc.) in the active set associated with the access terminal. In particular, for terminal access method to securely deliver the group key to one or more access nodes. The group key by the access terminal can be formed and distributed to the access nodes in its active set. A new group key can be generated and distributed each time the access node is removed from the active set reliable access nodes associated with the access terminal.

To distribute the group key to each access node, a unique temporary unicast key can be established between the access terminal and the access node in the active set. This may be done, for example, when the access node is added to the active set for the access terminal. The access terminal encrypts the new gr is POWAY key, using each of the unique temporary unicast keys associated with each of the access nodes in the active set. After encryption, the access terminal sends or individually send each individual encrypted message containing the new group key, the access node for which it is encrypted. Each access node decrypts the message using its unique temporary unicast key to obtain the new group key.

Subsequently, the access terminal can encrypt a new message using the group key and to transmit the message to one or more access nodes in its active set can decrypt the message using the previously common group key. Because the message is encrypted with the group key may be broadcast or mnogogranno be sent by the access terminal only once, you don't need multiple copies or versions of the same messages that are encrypted with different keys. A message encrypted with the group key can be broadcast or multicast message, which is intended to access nodes in the active set. By sending multicast messages are saved radioresource, because the message can be sent only once. In one example of such a multicast message may in locate the update state of the terminal access for all access nodes in the active set. This provides a more effective feedback from the access terminal to the access nodes than in the approach of the prior art, where the access terminal would communicate only with one of the access nodes at any given time. Consequently, this may allow the access nodes to work more independent.

In yet another sign of the group key can be used between the access nodes in the active set in order to facilitate authentication between the access nodes. This may allow the access nodes to authenticate each other before sending information or messages between them. For example, the first access node may be selected by the access terminal as the serving access node, at any given moment. The serving access node may request tunnel data with the second access node, which acts as the reference node through which other networks are sent for transmission of the access terminal. To deliver data to the access terminal, the reference node is first authenticates the serving access node using the group key (for example, it confirms that the requesting node is a member of the active set for the access terminal). If the requesting/service access node is successfully authenticated, then set unnel data between the reference node and the serving access node, through which can result in the transfer of information to access terminal and/or from him. Thus, the group key can be used to facilitate tunneling to forward communications to the access terminal between access nodes.

Fig. 1 illustrates a system 100 for wireless communication, which can be implemented distribution and/or management of group keys for protecting multicast messages. The wireless communication system 100 may include several hundred, for example cells 102, 104, 106 and 108. Each cell 102, 104, 106 and 108 may include a host 110, 112, 114 and 116 access (for example, one or more base stations), which provides coverage for multiple sectors in a cell. Nodes 110, 112, 114 and 116 access in each cell 102, 104, 106 and 108 can provide network connectivity to one or more access terminals. Each node 110, 112, 114 and 116 may include one or more antennas 120, which provide network coverage for mobile terminals (e.g., user terminal) in several sectors of the cell. For example, in a cell node 102 110 access includes a group of antennas 120, where each antenna provides network coverage of different sectors in a cell 102. Similarly, in cells 104, 106 and 108 nodes 112, 114 and 116 access may include groups of antennas, where each antenna is well coordinated network coverage of different sectors in the cell. When used in this document transmission from the access node to the access terminal may be called a direct line or descending line, and transmission from the access terminal to the access node may be called the reverse link or the ascending line.

In accordance with one characteristic of the one of the access nodes in the active set may operate or function as the reference node for the terminal 118 of access, i.e. interface (e.g., gateway), which is responsible for facilitating communication with other networks and redirect communication to the terminal 118 of access, either directly or through other access nodes. The reference node may provide a common interface point through which other networks can communicate with the terminal 118 of the access terminal 118 may move through different satam (for example, different areas of radio coverage), which can be served by different access nodes. Therefore, the reference node may perform some of the functions (for example, forwarding a communication session, routing data, etc)performed by the network controller in communication systems of the prior art.

In the example of Fig. 1 node 110 And access (AN-A) can serve as the reference node for traffic control or communications to/from the terminal 118 of the access. Traffic or connection to the terminal 118 access which passes through the reference node 110, which redirects traffic/communication current service access node. The serving access node is a node in the active set, which functions as a wireless gateway for terminal 118 access to other networks/from them. The serving access node delivers traffic or communication to/from the access terminal via the reference node 110. The serving access node may forward the encrypted multicast messages from the access terminal to each access node in the active set of the terminal 118 of the access. The serving access node can only forward the encrypted message without the prior decrypt the message. Any access node in the active set at any given time may be selected as the serving access node. In this example, node B 112 access (AN-B) may be the nearest to the terminal 118 of access at a particular time ti+1and is selected as the serving access node. When selected, the service node 112 access can then request the establishment of the tunnel 122 data with the reference node 110, so that it can deliver the data/communications terminal 118 access. The reference node 110 may verify that the access node requesting to operate as a serving access node currently is a member of the active set for the terminal 118 access is. Similarly, at time ti+2when the terminal 118 may move or be moved in a honeycomb 106, node C 114 access can be a service access node for the terminal 118 access by establishing a tunnel 124 data with the reference node 110. At a later time ti+3when the terminal 118 may move or be moved in a honeycomb 108, node D 116 access can be a service access node for the terminal 118 access by establishing a tunnel 126 reference data with node 110. Therefore, the reference node 110 And is the gateway through which the incoming communication to the terminal 118 of the access can be redirected to the current service access node and outbound connection from terminal 118 access can switch to other networks.

When the terminal 118 of the access moves or moves between different cells or sectors, the local access node may request to become the serving access node. Each node 110, 112, 114 and 116 may have a unique temporary unicast key (TUK) for Association with the terminal 118 of the access. TUK can be formed either by the access node and/or access terminal and is supported between the access node and the access terminal. For example, at time t0terminal 118a access may first secure communication with the host 110 And access (AN-A) using a secure temporary od is adressage key A (TUK_A), which is uniquely associated with the communication line between the terminal 118 of the access node 110 access. Key TUK_A may be negotiated between the terminal 118 and access node A 110 access, for example, when node a 110 access is first added to the active set. At a later time ti+1when the terminal 118b access moves to another sector or cell 104, wireless (e.g., the communication session can be transferred to the node B 112 access (AN-B). Terminal 118b access can protect communication with node B 112 access (AN-B), using a reliable temporary unicast key B (TUK_B)that is uniquely associated with the communication line between the terminal 118 access and node B 112 access. Similarly, at time ti+2when the terminal 118c access moves to the cell 106, the terminal 118c access can protect communication with node C 114 access (AN-C), using a reliable temporary unicast key of C (TUK_C)that is uniquely associated with the communication line between the terminal 118 access and node C 114 access. At a later time ti+3terminal 118d access can protect communication with node D 116 access (AN-D), using a reliable temporary unicast key D (TUK_D)that is uniquely associated with the communication line between the terminal 118 access and node D 116 access (AN-D).

To distribute the group key GK to access nodes in the active set, the terminal 118 access is and may use a unique TUK for each access node, to encrypt a message that contains the group key GK, which is then sent individually or sent to the access node associated with a particular TUK. That is, the access terminal sends or individually send each individual encrypted message containing the new group key, the access node for which it is encrypted. For example, the terminal 118 may use TUK_A for strong encryption and sending the group key GK node 110 And access. The terminal 118 may use TUK_B, TUK_C and TUK_D to encrypt and send the group key GK nodes 112 B, 114 C and D 116 access, respectively, either directly or through another access node. As a result, each access node receives the same group key GK, but may use different TUK to decrypt the group key GK.

Once distributed group key GK, terminal 118 access may then send, transmit and/or mnogogranno to send a message (for example, status information etc) to access nodes that are in the active set of access terminal (e.g., node A 110, B 112, 114 C and/or D 116 access). In some cases, the access node, which is very far from the terminal 118 access to receive a wireless broadcast can take it through a relay from another access node in actionable.

In some examples, the terminal 118 may communicate with two or more sectors of one or several hundred. This can be done in order to give the possibility to transfer the communication sessions between different sectors or cells, when the terminal 118 of the access moves or is moved, for the proper management of the bandwidth and/or other reasons. Therefore, when the terminal 118 of the access moves on different satam 102, 104, 106 and 108, it can communicate with the nodes 110, 112, 114 and 116 access.

In accordance with another characteristic of the group key GK can be used between the access nodes in the active set associated with the terminal 118 access to authenticate each other. For example, when the access terminal moves from one cell to another, its serving access node may change from the current serving access node to a new serving access node. To support the access node to start the redirection connection to a new access node, it may first authenticate it to verify that it belongs to the active set of the terminal 118 of the access. In one example, when the terminal 118c access passes to the honeycomb 106, he may want to communicate through the access node C as its serving access node. The control node 110 may send the flax request, to start redirecting communication terminal 118c access to the new service node 114 access. The reference node 110 may authenticate a new service node 114 access for inspection, for example, that it belongs to the active set for the access terminal. Such authentication may include verifying that the new service node 114 also knows the group key GK for the active set.

Fig. 2 illustrates an alternative configuration of a system 100 for wireless communication of Fig. 1. In this configuration, the connection for the access terminal is redirected to the new serving access node from the previous serving access node and not on a centralized supporting access node, as in Fig. 1. This example illustrates the redirection, in which the communication may be routed between multiple access nodes. When the terminal 118 of the access moves between different cells, it can change the serving access node. Instead of establishing a direct communication line between the reference node 110 and the current service access node (as illustrated in Fig. 1) the current serving access node capable of receiving through the previous serving access node. For example, at a particular time ti+1node B 112 may be service access node for the terminal 118b access iimet tunnel 222 data support node A 110 access. At time ti+2terminal 118c access can go to the honeycomb 106 and try to make the node C 114 access their service access node. Therefore, the node B 112 access tunnel is established data 224. Similarly, at time ti+3terminal 118c access can be moved in the honeycomb 108 and try to make the node D 116 access their service access node. Therefore, node C 114 access tunnel is established data 226. At each stage the previous serving access node may authenticate a new serving access node (for example, using the group key GK) before establishing a tunnel data.

In various examples, the system 100 wireless (from Fig. 1 and 2) can be implemented in 2G and 3G networks, among others, including, for example, a network of ultra-wideband mobile communications (UMB), universal mobile telecommunications system (UMTS)network, wideband CDMA.

Fig. 3 (containing Fig. 3A, 3B, 3C and 3D) - block-scheme of the algorithm, illustrating one example of the operation of wireless communication systems with distribution and management of group keys for protecting multicast messages. In this example, for clarity, use the terminal 118 of the access node a 110 access (AN-A), node B 112 access (AN-B), node C 114 access (AN-C) and node D 116 access (AN-D) of Fig. 1.

In accordance with the first sign of terminal access the PA can add a new access node in the active set of access nodes and securely distribute the group key to the new access node. First, the nodes 110, 112 and 114 access can be in the active set, and each access node may determine with the terminal 118 access a unique temporary unicast key (TUK), for example TUK_A, TUK_B and TUK_C 302, 304 and 306, respectively. Each member of the active set may have a first group key GK1. In one example, the terminal 118 access can add to the active set another access node, such as node D 116 access (AN-D). This may occur, for example, when the access terminal enters the wireless range of the new node D 116 access (AN-D). To add a new node to the access terminal 118 of access can be set (step 308) a unique temporary unicast key (TUK_D) with node D access (AN-D). Using a unique temporary unicast key TUK_D associated with node D access (AN-D), the terminal 118 of the access can be encrypted (step 310) the first group key GK1 in the message, and transmits the message (step 312) encrypted with the first group key GK1 node D access. Node D 116 access can then be decrypted (step 314) message using a unique temporary unicast key (TUK_D)to get the first group key GK1. The terminal 118 of access may then transmit (step 316) multicast messages, encrypted, or signed by the first group key GK1 that you can decrypt/verify (step 317) via access nodes in the asset is the first set using the first group key GK1. That is where a secure transmission of a message, a multicast message may be encrypted by the terminal 118 access using the first group key GK1 and decrypted (at reception) access nodes with the same group key GK1. Alternatively, where only authentication/validation (for example, non-confidential information), the terminal 118 access can sign a multicast message using the group key GK1, and you can verify host access nodes with the same group key GK1.

In some cases, the terminal 118 may be unable to communicate directly with one or more access nodes in its active set. For example, node a 110 access (AN-A) may be too far from terminal 118 access to the broadcast 316. In those cases, the terminal 118 may send a multicast message to node A 110 access indirectly via another access node, which may then forward the message to the intended recipient node A 110 access. Since the message is encrypted group key GK1, the message content is protected.

In accordance with the second characteristic, the access terminal may delete the access node from the active set of access nodes and safely change the group key. In one of the example terminal 118 of access can be removed from the active set of the access node, for example, node C 114 access (AN-C). To remove a node C 114 access (AN-C), the link between node C 114 access (AN-C) and the terminal 118 of the access may be terminated (step 318). The terminal 118 of the access can then delete the node C 114 access (AN-C) from the active set (step 320). However, in order to prevent decryption by the remote host C 114 access subsequent multicast messages (encrypted first group key GK1), is formed and distributed a new group key GK2 (step 324). Once the node C 114 access removed from the active set, the terminal 118 may generate a random number Rx (step 322), which it can use to generate a new group key GK2 (step 324). Once formed the new group key GK2, the terminal 118 of the access can then distribute the new group key GK2 all access nodes in the active set, in this case AN-A 110, AN-B 112 and AN-D 116.

To send the new group key GK2 to AN-B 112, the terminal 118 of the access can be encrypted (step 326), the new group key GK2 using a unique temporary unicast key TUK_B, and then transmit (step 328) the encrypted new group key GK2 site B access (AN-B). Encrypt the new group key GK2 before distribution prevents obtaining the group key GK2 possible interceptors. The access node AN-112 B may then be decrypted (step 330) Salimov the config group key GK2, using TUK_B, to obtain the new group key GK2, so he can decrypt subsequent broadcast multicast messages from terminal 118 access. The terminal 118 of access in a similar way can be encrypted (step 332), the new group key GK2 using a unique temporary unicast key TUK_D for node D 116 access, and may then transmit (step 334) encrypted group key GK2 node D access (AN-D). The access node AN-D 116 may then be decrypted (step 336) encrypted group key GK2 using TUK_D, to obtain the new group key GK2, so he can decrypt subsequent multicast messages transmitted by the terminal 118 of the access. The terminal 118 of the access can then be encrypted (step 338) group key GK2 using a unique temporary unicast key TUK_A and transmit (step 340) encrypted group key GK2 the access node A (AN-A). Node a 110 access (AN-A) may then decrypt the encrypted group key GK2 using TUK_A, to obtain the new group key GK2, so it can be decrypted (step 342) subsequent multicast message transmitted by the access terminal. Then communication can be reliably established between AN-A 110, AN-B 112 and AN-D 116 and terminal 118 access using the new group key GK2. This process can be repeated until such time as all access nodes in the active set for t is rminal 118 access not adopted the new group key GK2.

In accordance with the third feature, the access terminal may send a multicast message using the group key. In one example, the terminal 118 may transmit a multicast message to all members of the active set. In this example, it is assumed that the access node AN-112 B is currently serving the access terminal 118 access. The multicast message may be encrypted or subscribe using the new group key GK2 depending on the desired security or just a test. The terminal 118 may encrypt or sign in digital form (step 344) multicast message using the group key GK2 and to transmit a multicast message to the service access node (step 346), for example, the node B 112 access (AN-B) in this example. Where necessary secure transmission of a message, a multicast message may be encrypted by the terminal 118 access using the group key GK2 and decrypted (at reception) access nodes with the same group key GK2. Alternatively, where only authentication/validation (for example, non-confidential information), the terminal 118 access can sign a multicast message using the group key GK2, and you can check the host node and access with the same group key GK2.

After receiving the service access node AN-112 B can decrypt/verify/authenticate the message using the group key GK2 (step 348). Service access node (AN-B) can also redirect or relay multicast message to other access nodes (e.g., transit network/channel or a wireless network). For example, the serving access node (AN-B) may forward the encrypted/signed message to node D access (AN-D) (step 350) and the access node A (AN-A) (step 354), where the message is decrypted/verified (steps 352 and 356) using the group key GK2.

In accordance with the fourth feature, the access terminal may replace the current serving access node to the new service access node. In one example, where node B access (AN-B) is the current service access node and the access node A is the reference node for the access terminal 118 may continue to listen to the broadcast (for example, pings or beacons) from the local access nodes to determine whether to place the transfer or switch from the current serving access node to a new serving access node (step 358), for example, from a node B 112 access (AN-B) to node D 116 access (AN-D). That is, when the terminal 118 of the access moves or moves to another sector or cell, more with the local signal can be detected from another access node or in the active set at the present time, or not in the active set. In some examples, the terminal 118 may select a new serving access node from the active set. The decision whether to switch from the current serving access node to a new serving access node may be based on signal strength from each access node (for example, as a serving access node selects the access point with a stronger signal). If the terminal 118 of access makes the decision about switching or transmission service to a new serving access node may send a request (step 360). The process of transition to a new serving access node may be performed in various ways. For example, the terminal 118 may send a message, or the current service node 112 access (AN-B), or a reference node 110 access (AN-A), indicating a switch to a new service node 116 access (AN-D). Alternatively 118, the access terminal may send a message directly to the new service node 116 access (AN-D) control channel or indirectly through the current serving node 112 of AN access-B.

New service access node (AN-D 116) can sign/encrypt (step 366) query tunnel data (for example, using the group key GK2), which can be sent to the supporting access node (AN-A 110) (step 368). The reference node 110 to blunt (AN-A) may then authenticate the requesting message and/or the requesting access node (AN-D), using the group key GK2 (step 370). For example, the control node 110 access (AN-A) can verify that the requesting node 116 access (AN-D) is a legal member of the active set using the group key GK2 (known to the members of the active set). As soon as the message is authenticated, the reference node 110 (AN-A) may establish a tunnel data with the new service node D access (AN-D) (step 372). Direct data line can also be installed between the new service node 110 access (AN-D) and terminal 374 of access.

Secure switch serving access node from one access node to another can be repeated several times. In one example, this can occur in the middle of a communication session (e.g., the service channel communication session is transmitted from the first service access node to the second service access node). For example, in Fig. 1 terminal 118 may move from the current cell 104 in a new honeycomb 106 and seek to transfer the communication session from the current serving node 112 access (AN-B) to another access node. The terminal 118 may communicate with the new service access node using the group key, if the new access node is in the active set of the access terminal.

The advantage of providing group key to all members of the active nab the RA is the access terminal may send one copy of the message, the encrypted group key, and only members of the group or the active set can decipher and understand it. The reason is that each member of the active set may have a group key used for message encryption.

Fig. 4 illustrates a diagram of the distribution of group keys that can be used to authenticate multicast message and checks that the requesting access node currently is a member of the active set. In this scheme, the distribution of temporary unicast key TUK may be negotiated between the access terminal and at the access node when the access node AN is added to the active set. The access terminal at may establish, manage and/or distribute group keys for each access node in AN active set. The group key (GK) may be provided to the access node (AN) through an access terminal (at), when the access node joins the active set. During allocation from the access terminal at the access node AN the group key GK may be encrypted using a unique temporary unicast key (TUK) access node prior to transmission from the access terminal at the access node AN. Because each member of the active set has the same group key GK, take the s the access nodes can decrypt and/or authenticate the multicast message. In addition, since each access node decrypts the new group key using his TUK, the access nodes can easily be added or removed from the active set and still be allowed to authenticate multicast message and verify the requesting access node. For example, the first access node can verify that the second access node is a member of the active set for the access terminal, the first access node can receive the message from the second access node), encrypted/signed group key for the active set. If the received message can be decrypted/authenticated by the first access node, the sending node access is in the active set.

In the approach of the prior art mobile wireless communication system includes multiple access nodes that provide the service to the access terminal. When between access nodes is transmitted to the service, the access terminal supports a unique security key for each access node with which it communicates. However, this architecture creates a serious security threat, when the access terminal sends a broadcast or multicast messages. For example, where the access terminal need to safely send a multicast message, such as message is in the air all access nodes in the active set through the serving access node, an attacker can impersonate a multicast message, and send the access node fake message. In the architecture of the prior art, the access node is not able to authenticate the sender, creating a security risk.

In addition, the access node in the active set at any given time may be selected as the serving access node, and may request the establishment of a tunnel data with the reference node, so that he could deliver the data to the access terminal. However, in the architecture of the prior art, the requesting access node may not be a current member of the active set in the present time, therefore creating a possible security risk.

As used in Fig. 1-4 and described in this document, the temporary unicast keys (TUK) may be referred to as temporary keys, because they are specific to a couple of site access/access terminal, and/or they can be used only for a limited amount of time after transfer of a communication session. In some implementations, these temporary keys can also be used to extend the period of time up until the service session is not transferred to another access node or until you end the session.

Fig. 5 is a block diagram illustrating the terminal 502 access,configured to perform the allocation and management of group keys for protecting multicast messages. Various examples of the access terminal includes a wireless communication device, a mobile terminal and a mobile phone or cell phone. The terminal 502 may include a circuit 504 handle connected to the interface 506 for wireless communication with the access nodes, and a storage device 508 for storing a group key GK and unique temporary unicast keys TUK associated with the access nodes. Circuit 504 processing (e.g., processor, processing module, and so on) may include module 510 generator group key, configured to form one or more group keys that can be used to protect the communication session. Circuit 504 processing can be configured to listen to and add access nodes in the active set. Circuit 504 processing can manage group key GK, so that it is securely distributed to the access nodes in the active set using a unique temporary unicast key for each access node. Circuit 504 processing can also be configured with a replaceable group key GK new group key when the access node is removed from the active set. The group key GK can be used to encrypt multicast messages destined to the access nodes in the active set.

Fig. 7 is a block diagram of an algorithm illustrating a method of operating the access terminal to remove the access node from the active set of access nodes and replace the group key. First, the access terminal may determine that it is necessary to remove the access node in the active set (step 702). The link between the access node that you want to delete, and access terminal may be terminated (step 704). The access terminal may then remove the access node from the active set (step 706). As soon as the access node is deleted, the access terminal may generate a random number (Rx), which can be used to generate a new group key (step 708). Once formed the new group key, the access terminal may encrypt it using a temporary unicast key associated with the access node in the active set, and send the encrypted group key corresponding to the access node (step 710). Encrypt the new group key is repeated for each of the access nodes in the active set, and each encrypted group key is sent to the appropriate access node (step 712).

Fig. 8 is a block diagram of an algorithm illustrating a method of operating the access terminal for transmission of multicast messages to the active set of access nodes. First, the access terminal may Zasimova the/to sign multicast message using the group key, associated with the access terminal (step 802). That is, the group key can be distributed in advance to the access nodes in the active set. The access terminal may then transmit the encrypted/signed multicast message to the access nodes in the active set for the access terminal (step 804). In one example, this can be done by sending an encrypted/signed multicast message to the current serving access point for the access terminal. The current serving access node can then copy and forward the encrypted/signed multicast message to other access nodes in the active set.

Fig. 9 is a block diagram of an algorithm illustrating a method of operating the access terminal to transition from the first serving access node to a second or new serving access node. The access terminal can safely be arranged by the wireless communication through the first access node (step 902). The access terminal may then listen to the broadcast control signal from other local access nodes (step 904). That is, the access nodes may send periodic control signal or beacon to notify the local terminal of your presence. If not recognized by any other node (nodes) access, the access terminal continues to use the first node to blunt for wireless services. However, if identified by the second access node (step 906), then the access terminal may determine whether to replace or change an existing service of a wireless communication from the first access node to a second access node (step 908). This can be determined by comparing the level and/or quality of the control signal at the first access node with those of the second access node. That is, when the access terminal moves to another sector or cell, can be detected more powerful control signal from other access nodes (e.g., the second access node), resulting in the transfer of wireless service to a new serving access node. If the control signal from the first access node is stronger than other control signals, the access terminal may continue wireless communication services via the first access node (step 910). Otherwise, the second access node may be provided to secure group key, where the group key is known to one or more access nodes in the active set of access nodes (step 912). Then the access terminal may decide to start the transfer of wireless communication services (e.g., communication lines, an existing communication session, and so on) to the second access node, which may then become the new serving node access direct communication line (step 914). Terminal d is the stupa may then initiate wireless communication services via a second access node (step 916). Then multicast/broadcast message encrypted/signed group key can be sent via the second access node (step 918).

Fig. 10 is a block diagram of an algorithm illustrating a method, operating on the access terminal to facilitate the secure distribution of multicast messages from the access terminal to one or more access nodes. The access terminal may maintain a list of the currently active set of access nodes (step 1002), to obtain a temporary unicast key for each access node in the active set (step 1004) and to form a first group key to the active set (step 1006). The access terminal may then encrypt the first group key using the first temporary unicast key for the first access node in the active set (step 1008) and send the encrypted first group key to the first access node (step 1010). Similarly, the access terminal may encrypt the first group key by using other temporary unicast keys for other access nodes in the active set (step 1012) and send each of the encrypted first group of keys corresponding to the access node via a temporary unicast key which he is encrypted (step 1014). The access terminal may then send a multicast/broadcast message, Sasi the automatic/signed by the first group key (step 1016).

The access terminal also may replace the first group of the second key group key when the access node is removed from the active set (step 1018), and to distribute the encrypted version of the second group key to access nodes in the active set, where the encrypted version of the second group key encrypted with the temporary unicast keys for each access node in the active set (step 1020).

The access terminal may also choose the access node from the active set as the current serving access node for wireless communication services through a communications interface, where the wireless link to the access terminal and it goes through the serving access node (step 1022). It can also determine whether another access node in the active set to provide wireless communication services better than the current serving access node (step 1024), and can be switched communication services from the current serving access node to a new serving access node, if the new serving access node provides wireless communication services better than the current serving access node (step 1026).

Fig. 11 is a block diagram illustrating the node 1102 access, configured to facilitate distribution and/or management of group keys. The node 1102 may include a circuit 1104, quenching the weave connected to the interface 1106 wireless to implement one or more access terminals, the interface 1008 network connection for communication with other nodes access and storage device 1110 for storing a unique temporary unicast key (TUK) (associated with the access point) and a group of keys associated with access terminals). Circuit 1104 processing (e.g., processor, processing module, and so on) may include a module temporal key generator, configured to form one or more temporary unicast keys TUK that can be used to protect wireless communication line (for example, wireless services) with the access terminal. Circuit 1104 processing can also be configured with a wildcard key received from the access terminal to authenticate itself to another access node associated with the same access terminal. For example, during the process of formation of the service access node to the first access terminal node 1102 access, you can use group key GK1 for the first access node to authenticate itself to the supporting access node or the previous serving access node.

Fig. 12 is a block diagram of an algorithm illustrating a method of operating in at the Le access for connection to the active set of access nodes, associated with the access terminal. The access node may send a unique temporary unicast key to the access terminal (step 1202). The access node may receive from the terminal access an encrypted message that contains the group key (step 1204), and can decrypt the message using a unique temporary unicast key to obtain the group key (step 1206). Then you may be running a secure communication session with the access terminal (step 1208).

Fig. 13 is a block diagram of an algorithm illustrating a method of operating the access node to replace the group key for the active set associated with the access terminal. This method may be performed when the access node is removed from the active set. The access node may receive from the terminal access an encrypted message containing the new group key, where the message is encrypted temporary unicast key TUK, previously distributed by the access node to the access terminal (step 1302). The access node then decrypts the message using the unique temporary unicast key to obtain the new group key (step 1304). The access node can then replace the previous group key associated with the access terminal, the new group key (step 1306). If the access node is the serving access node, it can also make the WTO the second encrypted message, contains the new group key, and forward the encrypted message to the second access node (for example, via an internal communication interface), where the second message is encrypted second temporary unicast key associated with the second access node (step 1308).

Fig. 14 is a block diagram of an algorithm illustrating a method of operating the access node to receive and decrypt/authenticate multicast messages from the access terminal. The access node can receive from the access terminal to a multicast/broadcast message encrypted/signed group key, where the group key associated with the active set for the access terminal (step 1402). The access node can decrypt/authenticate multicast/broadcast message using the earlier version of the group key (step 1404). If the access node is the current service access node, it can also redirect encrypted/signed multicast/broadcast message to other access nodes in the active set (step 1406).

Fig. 15 is a block diagram of an algorithm illustrating a method of operating in the current serving access point to facilitate the safe transfer of telecommunications services to the new service access node. The current serving access node may take C the question from the access terminal to the transmission services it communication services (for example, lines of communication, communication, etc) to the new service access node (step 1502). The current serving access node may then forward the request to support the access node for the access terminal (step 1504). Then can be completed tunnel data between the current service access node and the reference node access. This method can illustrate the transfer from the Central reference node, as illustrated in Fig. 1.

In an alternative configuration (illustrated in Fig. 2) instead of the complete tunnel data with the supporting access node the current serving access node may simply set the tunnel data with the new service access node.

Fig. 16 is a block diagram of an algorithm illustrating a method operating in the supporting access node to facilitate safe redirection of communication other service access nodes for a particular access terminal. The supporting access node may receive a request for transmission service communication services from the first service access node to the second service access node (step 1602). The supporting access node can verify that the second serving access node belongs to the active set for the access terminal using the group key for the access terminal (step 1604). The group key may be known to the access nodes, which is Vlada members of the active set for the access terminal. For example, the supporting access node can use the group key to authenticate the second serving access node. If the second service access node is checked, then the supporting access node can establish a tunnel data with the second service access node, and then forwards the communication to the access terminal via the second service access node (step 1606). The supporting access node may also stop the tunnel data from the first service access node (step 1608).

Fig. 17 is a block diagram of an algorithm illustrating a method of operating the access node to facilitate the secure distribution of multicast messages from the access terminal to one or more access nodes. The access node can form a temporary unicast key (step 1702) and send a temporary unicast key to the access terminal via the wireless interface to attach the active set of access nodes for the access terminal (step 1704). In response, the access node may receive the group key associated with the active set of access nodes for the access terminal (step 1706). Subsequently, the access terminal may receive a multicast message from the access terminal, which is encrypted group key (step 1708), to decrypt the multicast message using the group key (step 1710) and/or in order to forward the multicast message to other access nodes in the active set of access nodes for the access terminal (step 1712).

The access node can also arrange services wireless communication with the access terminal via the wireless interface to operate as a first serving access node for routing communications to the access terminal and from it (step 1714). The access node can also set the tunnel data with the supporting access node for the access terminal via the network communication interface (step 1716) and to authenticate itself to the supporting access node using the group key (step 1718).

The access node may also receive a request from the access terminal to the transmission service wireless service to a second service access node (step 1720) and terminate the services of wireless communication with the access terminal (step 1722).

In one example, instead of receiving or agreeing new keys, when the access terminal moves to a new access node, the access terminal supports the active keyset. That is, the access terminal may simultaneously or in parallel to establish security associations (e.g., keys) with many access nodes within the sector, region or territory. The access node with which the access terminal supports simultaneous or parallel security associations (e.g., keys)are called the "active set of access nodes. Each time a new access node to assetsa in the active set of the access terminal, the access terminal may transmit the group key to the new access node.

One or more components, steps and/or functions illustrated in Fig. 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 and/or 17 may be interchanged and/or combined into a single component, step, or function or implemented in several components, steps or features. Additional elements, components, steps and/or functions can also be added without deviating from the invention. Device, devices and/or components illustrated in Fig. 1, 2, 4, 5 and/or 11 may be configured to perform one or more methods, features, or steps described in Fig. 3, 6, 7, 8, 9, 12, 13, 14, 15, 16 and/or 17. New algorithms described in this document can be efficiently implemented in software and/or embedded hardware.

Specialists in the art will further recognize that various explanatory logical blocks, modules, circuits, and steps of the algorithms described in relation to options for implementation disclosed in this document, may be implemented as electronic hardware, computer software, or combinations thereof. To clearly illustrate this interchangeability of hardware and software, various explanatory to mponent, blocks, modules, circuits, and steps described above, as a rule, on the basis of their functionality. Implemented such functionality as hardware or software depends upon the particular application and design constraints imposed on the entire system.

Various features of the invention described in this document can be implemented in different systems without deviating from the invention. For example, some implementations of the invention can be performed using a moving or stationary communication devices (e.g., access terminal) and a variety of mobile or fixed access nodes.

It should be noted that the above embodiments of are examples only and should not be construed as limiting the invention. Description of embodiments is intended to be explanatory and not to limit the scope of the claims. Essentially, these ideas can easily be applied to other types of devices, and specialists in the art will be apparent, many alternatives, modifications and variations.

1. The access terminal, comprising:
a communication interface for communication with at least one access node;
a processor coupled to the communication interface, the processor configured to
support the key list of the active set of access nodes;
obtaining a temporary unicast key for each access node in the active set;
the formation of the group key for the active set;
encrypting the group key using the temporary unicast key for any access node in the active set; and
sending the encrypted group key corresponding to the access node via a temporary unicast key which it was encrypted.

2. The access terminal of claim 1, wherein each of the temporary unicast key pair is temporary unicast key, known as the access terminal and the corresponding access node.

3. The access terminal of claim 1, wherein the processor is additionally configured to:
scan for available access nodes via the communication interface;
add one or more access nodes in the active set of access nodes, when they are identified; and
the installation of a unique temporary unicast keys with each of the access nodes, when they are added to the active set.

4. The access terminal of claim 1, wherein the processor is additionally configured to:
replacement of the group other key group key when the access node is deleted from the active set; and
distribution of encrypted versions of another group key to access nodes in its active is abore, where the encrypted version of another group key encrypted with the temporary unicast keys for each access node in the active set.

5. The access terminal of claim 1, wherein the processor is additionally configured to:
select the access node from the active set as the current serving access node for wireless communication services through a communications interface, where the wireless communication to and from the access terminal is routed through the serving access node.

6. The access terminal according to claim 5, in which the processor is additionally configured to:
determine whether another access node in the active set to provide the best wireless service than the current serving access node; and
switching communication services from the current serving access node to a new serving access node, if the new serving access node provides the best wireless services than the current serving access node.

7. The access terminal of claim 1, wherein the processor is additionally configured to:
sending a multicast message, the encrypted group key.

8. The access terminal of claim 1, wherein the processor is additionally configured to:
send multicast messages, signed the group key is m

9. The data transmission method, applicable to the access terminal, comprising stages, which are:
maintain a list of active set of access nodes;
get a temporary unicast key for each access node in the active set;
form a group key for the active set;
encrypting the group key using the temporary unicast key for any access node in the active set; and
send the encrypted group key corresponding to the access node via a temporary unicast key which it was encrypted.

10. The method according to claim 9, further comprising stages, which are:
scan for available access points;
add one or more access nodes in the active set of access nodes, when they are identified; and
establish a unique temporary unicast keys with each of the access nodes, when they are added to the active set.

11. The method according to claim 9, further comprising stages, which are:
replace the group other key group key when the access node is deleted from the active set; and
distribute the encrypted version of another group key to access nodes in its active set, where the encrypted version of another group key encrypted with the temporary unicast keys for each access node in the active set.

12. The method according to the .9, additionally contains the stage at which:
choose the access node from the active set as the current serving access node for wireless services, where wireless communication to and from the access terminal is routed through the serving access node.

13. The method according to item 12, further comprising stages, which are:
determine whether another access node in the active set to provide the best wireless service than the current serving access node; and
switch communication services from the current serving access node to a new serving access node, if the new serving access node provides the best wireless services than the current serving access node.

14. The method according to claim 9, further containing a stage, on which:
send a multicast message, the encrypted group key.

15. The method according to claim 9, further containing a stage, on which:
send a multicast message, signed by the group key.

16. The access terminal, comprising:
means for maintaining a list of active set of access nodes;
means for obtaining a temporary unicast key for each access node in the active set;
the means for forming a group key for the active set;
means for encrypting the group key using the temporary unicast key for any access node in the active set; and
means for sending the encrypted group key corresponding to the access node via a temporary unicast key which it was encrypted.

17. The access terminal according to clause 16, further comprising:
means for scanning for available access points;
means for adding one or more access nodes in the active set of access nodes, when they are identified; and
means for setting a unique temporary unicast keys with each of the access nodes, when they are added to the active set.

18. The access terminal according to clause 16, further comprising:
means for replacing a group of other key group key when the access node is deleted from the active set; and
means for distributing the encrypted versions of the other group key to access nodes in its active set, where the encrypted version of another group key encrypted with the temporary unicast keys for each access node in the active set.

19. The access terminal according to clause 16, further comprising:
means for sending a multicast message, the encrypted group key.

20. Machine-readable media containing commands to facilitate the secure distribution of multicast messages from the access terminal to one or more access nodes that PR is executed by a processor cause the processor
to maintain a list of the currently active set of access nodes;
to obtain a temporary unicast key for each access node in the active set;
to generate the group key for the active set;
encrypting the group key using the temporary unicast key for any access node in the active set; and
to send an encrypted group key corresponding to the access node via a temporary unicast key which it was encrypted.

21. Machine-readable medium according to claim 20, further containing commands that, when executed by the processor cause the processor
to scan for available access points;
to add one or more access nodes in the active set of access nodes, when they are identified; and
to set a unique temporary unicast keys with each of the access nodes, when they are added to the active set.

22. Machine-readable medium according to claim 20, further containing commands that, when executed by the processor cause the processor
replace the group key to the other group key when the access node is deleted from the active set; and
distribute the encrypted version of another group key to access nodes in its active set, where the encrypted version of another group key encrypted with the temporary unicast keys for each at the La access in the active set.

23. Machine-readable medium according to claim 20, further containing commands that, when executed by the processor cause the processor
to send a multicast message, the encrypted group key.

24. Machine-readable medium according to claim 20, further containing commands that, when executed by the processor cause the processor
to send a multicast message, signed by the group key.

25. Scheme to promote the safe distribution of multicast messages from the access terminal to one or more access nodes, and a circuit adapted to
support list of the active set of access nodes;
obtaining a temporary unicast key for each access node in the active set;
the formation of the group key for the active set;
encrypting the group key using the temporary unicast key for any access node in the active set; and
sending the encrypted group key corresponding to the access node via a temporary unicast key which it was encrypted.

26. The scheme A.25, where the scheme is adapted further to
replacement of the group other key group key when the access node is deleted from the active set; and
distribution of encrypted versions of another group key to access nodes in its active set is, where the encrypted version of another group key encrypted with the temporary unicast keys for each access node in the active set.

27. The scheme A.25, where the scheme is adapted further to
sending a multicast message, the encrypted group key.

28. The access node contains:
a wireless interface for communication with at least one access terminal; and
a processing circuit connected to the wireless interface, and a processing circuit configured to
forming a temporary unicast key;
sending the temporary unicast key to the access terminal for connection of the active set of access nodes for the access terminal; and
receive a group key associated with the active set of access nodes for the access terminal.

29. Site access p, in which the processing circuitry is additionally configured to:
receive broadcast messages from the access terminal, which is encrypted with the group key; and
decrypt the broadcast message using the group key.

30. The access node according to clause 29, in which the processing circuitry is additionally configured to:
redirection broadcast message to other access nodes in the active set of nodes access the UPA for the access terminal.

31. The access node according to item 30, optionally containing:
the network communication interface for communication with other access nodes, where the forwarded broadcast message is sent on the network interface connection.

32. Site access p, in which the processing circuitry is additionally configured to:
receive broadcast messages from the access terminal, which is signed by the group key; and
authentication broadcast message using the group key.

33. Site access p, in which the processing circuitry is additionally configured to:
installation services wireless communication with the access terminal via the wireless interface to operate as a first serving access node for routing communications to and from the access terminal.

34. Site access p, in which the processing circuitry is additionally configured to:
receiving a request from the access terminal to the transmission service wireless service to a second service access node; and
termination of wireless services with the access terminal.

35. Node access 34, in which the processing circuitry is additionally configured to:
installation of tunnel data with the supporting access node for the access terminal through the interface is a network connection.

36. Site access p, in which the processing circuitry is additionally configured to authenticate itself to the supporting access node using the group key.

37. The data transmission method acting within the access node containing phases in which:
create temporary unicast key;
send a temporary unicast key to the access terminal for connection of the active set of access nodes for the access terminal; and
take a group key associated with the active set of access nodes for the access terminal.

38. The method according to clause 37, further comprising stages, which are:
receive a broadcast message from the access terminal, which is encrypted with the group key; and
decode the broadcast message using the group key.

39. The method according to 38, optionally containing a stage, on which:
forward the broadcast message to other access nodes in the active set of access nodes for the access terminal.

40. The method according to clause 37, further comprising stages, which are:
receive a broadcast message from the access terminal, which is signed by the group key; and
authenticate the broadcast message using the group key.

41. The method according to p, optionally containing a stage, on which:
establish wireless communication services with the access terminal via the wireless interface, to work as the first serving access node for routing communications to and from the access terminal.

42. The method according to paragraph 41, further comprising stages, which are:
accept the request from the access terminal to the transmission service wireless service to a second service access node; and
stop services wireless communication with the access terminal.

43. The method according to paragraph 41, optionally containing a stage, on which:
set the tunnel data with the supporting access node for the access terminal via the network communication interface.

44. The method according to clause 37, additionally containing a stage, on which:
authenticate itself to the supporting access node using the group key.

45. The access node contains:
the means for forming a temporary unicast key;
means for sending a temporary unicast key to the access terminal via the wireless interface to attach the active set of access nodes for the access terminal; and
means for receiving a group key associated with the active set of access nodes for the access terminal.

46. The access node according to item 45, further comprising:
means for receiving multicast messages from the access terminal, which is encrypted with the group key; and
means for decrypting multicast messages is
using the group key.

47. The access node according to item 46, further comprising:
means for forwarding the multicast message to other access nodes in the active set of access nodes for the access terminal.

48. The access node according to item 45, further comprising:
tool to install wireless service from the access terminal to operate as the first serving access node for routing communications to and from the access terminal.

49. Site access p, optionally containing:
means for receiving a request from the access terminal to the transmission service wireless service to a second service access node; and
means for terminating the services of wireless communication with the access terminal.

50. The access node according to item 45, further comprising:
tool to install tunnel data with the supporting access node for the access terminal via the network communication interface; and
means for authenticating itself to the supporting access node using the group key.

51. Machine-readable media containing commands to facilitate the secure distribution of multicast messages from the access terminal to one or more access nodes, which when executed by a processor cause the processor
to form a temporary unicast key;
otpravlat the temporary unicast key to the access terminal via the wireless interface, to join the active set of access nodes for the access terminal; and
to receive the group key associated with the active set of access nodes for the access terminal.

52. Machine-readable medium according to 51, optionally containing commands that, when executed by the processor cause the processor
to receive a multicast message from the access terminal, which is encrypted with the group key; and
to decrypt the multicast message using the group key.

53. Machine-readable media according to paragraph 52, optionally containing commands that, when executed by the processor cause the processor
to forward the multicast message to other access nodes in the active set of access nodes for the access terminal.

54. Machine-readable medium according to 51, optionally containing commands that, when executed by the processor cause the processor
to establish wireless communication services with the access terminal via the wireless interface to operate as a first serving access node for routing communications to and from the access terminal.

55. Machine-readable medium according to 51, optionally containing commands that, when executed by the processor cause the processor
to accept the request from the access terminal to the transmission service wireless service to utoro is the service access node; and
to stop services wireless communication with the access terminal.

56. Machine-readable medium according to 51, optionally containing commands that, when executed by the processor cause the processor
to establish the tunnel data with the supporting access node for the access terminal via the network communication interface,
to authenticate itself to the supporting access node using the group key.

57. Scheme to promote the safe distribution of multicast messages from the access terminal to one or more access nodes, where the circuit is adapted to
forming a temporary unicast key;
sending the temporary unicast key to the access terminal via the wireless interface to attach the active set of access nodes for the access terminal; and
receive a group key associated with the active set of access nodes for the access terminal.

58. Scheme of 57, where the scheme is adapted further to
receive multicast messages from the access terminal, which is encrypted with the group key; and
decrypt the multicast message using the group key.

59. Scheme of 58, where the scheme is adapted further to
forwarding multicast messages to other access nodes in the active set of access nodes for the access terminal.

60. Scheme of 57, where the scheme is adapted further to
installation services wireless communication with the access terminal via the wireless interface to operate as a first serving access node for routing communications to and from the access terminal.

61. Scheme of 57, optionally containing commands that, when executed by the processor cause the processor
to establish the tunnel data with the supporting access node for the access terminal via the network communication interface,
to authenticate itself to the supporting access node using the group key.



 

Same patents:

FIELD: radio engineering, communication.

SUBSTANCE: multiple transmitting modules in a module in a room are in a switched manner connected with modules outside the room by means of the cross-connection function. Besides, each transmitting module has a function of bidirectional branching. Typically, each of the transmitting modules controls an IP-address of another transmitting module and detects an adjacent transmitting module on the basis of an IP-address.

EFFECT: simplified control with simultaneous reduction of related costs.

11 cl, 8 dwg

FIELD: radio engineering, communication.

SUBSTANCE: method of cryptographic key (120) generation is proposed for protection of communication between two objects (202, 204), besides, this method is performed by the first object (202, 302) as a part of a distributed safety operation initiated by the second object (202, 304), and includes stages, when: at least two parameters (106, 108) are provided (306), of which the first parameter (106) contains or is produced from a row of cryptographic keys (110, 112), calculated by the first object (202) when performing the safety operation, and the second parameter contains or its produced from a marker (116), having a different value at each initiation of the safety operation by the second object (204, 304) for the first object (202, 302); and a key production function is applied (308) to generate a cryptographic key (120) on the basis of the provided parameters (106, 108). Besides, the market (116) contains the excluding OR of the serial number <SQN> and anonymity key <AK>.

EFFECT: improved safety of communication.

20 cl, 10 dwg

FIELD: radio engineering, communication.

SUBSTANCE: method for processing with synchronisation includes: a destined element of a network receiving multi-component information packages of the Multiaddress Multimedia Broadcasting Service sent by an element of its upper level network, where data packages in information packages carry information on a time mark; for multi-component information packages, in which the time mark is before the current available interval of transfer time, the destined element of the network starts transferring data packages that belong to multicomponent information packages in turns from the time of start of the current available interval of transfer time. With the help of this invention, synchronisation between elements of the lower level network may continuously be supported, and at the same time the system efficiency may be stabilised.

EFFECT: improved accuracy of data synchronisation.

12 cl, 7 dwg

FIELD: radio engineering, communication.

SUBSTANCE: range of pass band may have protective intervals at both sides to reduce leakage into neighbouring ranges of the pass band. However, in case of relatively low capacity the risk of leakage reduces. Accordingly, protective pass bands may be used to open new channels, along which information may be sent. Therefore, large number of pass bands may be used when preserving protective aspects, such as low noise for neighbouring bands. Using a protective pass band for transfer of new channels facilitates reverse compatibility, since inherited devices usually do not monitor the protective pass band. These methods may also be used on base stations of high capacity by announcement of a protective interval, which is larger than necessary for inherited devices, and using an additionally created protective pass band for transfer of new channels.

EFFECT: increased throughput capacity and reduction of noise.

69 cl, 14 dwg

FIELD: radio engineering, communication.

SUBSTANCE: terminals are merged into a group, wherein all terminals in the group have the same identification code within a network, and connection to the network and establishment of a connection between a specific terminal and the control centre take place within a predetermined time slot, with subsequent termination of the connection and disconnection from the network, and connection to the network and establishment of a connection between the next terminal in that group and the control centre take place within the next time slot such that, once the predetermined time period expires, all terminals assigned in the group are or may be connected to the control centre at least once.

EFFECT: minimising the required usage of resources during communication between multiple terminals and at least one control centre over a network.

12 cl

FIELD: radio engineering, communication.

SUBSTANCE: invention particularly discloses a method of allocating resources to user terminals (UE1, UE2), operating in a first mode which can be established by all user terminals (UE1, UE2) or in an additional mode which can be established only by a part of the user terminals (UE2), wherein base stations (eNB) send messages for allocation of resources to the user terminals (UE1, UE2) which have the same format for the first mode and the additional mode, and the user terminals (UE1, UE2) interpret said messages for allocation of resources to the user terminals (UE1, UE2) differently depending on the mode in which they are operating, a base station, a user terminal and a communication network therefor.

EFFECT: cutting costs.

15 cl, 6 dwg

FIELD: radio engineering, communication.

SUBSTANCE: synchronisation scheduling method involves sending a plurality of data bursts of a specified service by an upper network element to specified network elements belonging to the upper network element, wherein data packets of the data bursts include time stamp information so that the specified network element sends the data bursts according to the time stamp information, wherein the network element sets an interval between the time stamps of neighbouring data bursts equal an integer multiple of the time division multiplexing (TDM) period of the specified services, and said length of the TDM period has a value which is the inverse of the integer multiple of periods of a system frame number period of a radio interface.

EFFECT: preventing loss of service data, reducing uneven allocation of resources.

10 cl, 9 dwg

FIELD: radio engineering, communication.

SUBSTANCE: method of handover of a mobile station in a wireless communication system with femtocells involves transmitting a control message including at least one among information of first femtocell base station detected through initial scanning and location information of the mobile station to a base station; receiving information of one or more second femtocell base stations to which the mobile station is accessible, wherein the second femtocell base stations are searched based on the control message from the base station; and performing a handover to one of said second femtocell base stations.

EFFECT: reduced delays during handover.

12 cl, 9 dwg

FIELD: radio engineering, communication.

SUBSTANCE: method of performing handover involves determining whether each of a plurality of target base stations is capable of providing a fast ranging opportunity to a mobile station served by the serving base station, and, for each of the plurality of target base stations which is capable of providing the fast ranging opportunity to the mobile station, determining an action time after which the target base station can send an uplink map to the mobile station, the uplink map indicating when the mobile station should send a fast ranging request. The method may also involve sending a handover message to the mobile station, the handover message indicating whether each of the plurality of target base stations is capable of providing the fast ranging opportunity to the mobile station and, for each of the plurality of target base stations which is capable of providing the fast ranging opportunity to the mobile station, indicating the action time after which the target base station can send the uplink map to the mobile station.

EFFECT: providing efficient handover.

22 cl, 17 dwg

FIELD: radio engineering, communication.

SUBSTANCE: during handover of a mobile communication device from a source node to a target node, received user data packets are buffered in the target node during handover prior to sending to the mobile device.

EFFECT: minimising loss of data during handover without complicating signalling.

20 cl, 13 dwg

FIELD: information technology.

SUBSTANCE: local access is granted through one or more nodes (for example, a local access point and/or a local gateway) in a wireless network in order to simplify access to one or more local services. In connection with local access, multiple IP points of presence, associated with different service levels, may be provided for the access point. For example, one point of presence can relate to a local service and the other point of presence can relate to a service in a backbone network. The IP point of presence can be identified for a radio interface packet in order to indicate the end point for the packet.

EFFECT: high efficiency.

29 cl, 27 dwg

FIELD: radio engineering, communication.

SUBSTANCE: method includes performing of system call of data transfer, reading of flow multimedia data from disc space and their recording to user data buffer at server receiving flow multimedia data of data request from user equipment; packing of flow multimedia data saved in user data buffer into transferred packs of real time protocol using flow multimedia data packs, in which title and load are separated.

EFFECT: reduction of processor loading, arising from data copying and system calls.

6 cl, 2 dwg

FIELD: radio engineering, communication.

SUBSTANCE: conditional access system has a host configured to receive an input data stream and deliver the input data stream to a conditional access module, the conditional access module being configured to process the input data stream and provide a corresponding output stream to the host, the host and the conditional access module being configured to contact each other in an authentication protocol upon detection of a code embedded in the output stream.

EFFECT: preventing unauthorised access to information.

12 cl, 3 dwg

FIELD: radio engineering, communication.

SUBSTANCE: initialisation and control of access for communication units includes assignment of identifiers to sets of units, at the same time identifiers may be used to control access to limited units of access, which provide certain services only to determined specified sets of units. In certain aspects initialisation of the unit may contain provision of a unique identifier for sets from one or more units, such as limited points of access and terminals of access, which are authorised to receive a service from limited points of access. Access control may be provided by means of an operation of a limited point of access and/or a network unit. In certain aspects initialisation of a unit contains provision of a list of preferable roaming for a unit. In certain aspects the unit may be initialised with the help of a list of preferable roaming using a beacon radio signal of self-initialisation.

EFFECT: optimised process of access control.

36 cl, 28 dwg

FIELD: radio engineering, communication.

SUBSTANCE: system of avionics is connected with surface infrastructure with the help of at least one carrier of communication provision. The method includes at least one stage to receive service data stored in a memory of surface infrastructure related to faults of at least one functional unit, via the specified at least one carrier of communication provision, and a stage of repair of the specified at least one functional unit on the basis of received service data, at the same time the system of avionics established communication with surface infrastructure in a synchronous mode of communication.

EFFECT: reduction of costs for service and improvement of access to appropriate information for realisation of operations of aircraft servicing.

8 cl, 7 dwg

FIELD: radio engineering, communication.

SUBSTANCE: methods and devices are provided to format headings for data packages within a communication frame for use in a system of wireless communication. Formatting of headings includes determination of a size of a wireless communication frame and formatting of useful loads and related headings within a communication frame according to a certain size. Such formatting includes placement of headings in the beginning of the frame in front of data packages corresponding to these headings, in order to optimise processing of headings in a receiver. Formatting may also include formatting of headings according to the first format within the frame, when the determined size of the frame is less than the pre-determined size, in order to optimise the size of headings, and formatting according to the second format within the frame, when the size of the data package is equal or more than the predetermined size.

EFFECT: optimised processing for frames having large data packages.

52 cl, 10 dwg

FIELD: radio engineering, communication.

SUBSTANCE: server in a centre of data processing and storage may be arranged as capable of providing either a list of hashes or requested data on the basis of the fact, whether a system of cashes supported with a host node is permitted or not. The cash supported by the host node at the customer's side may provide data to the customer on the basis of hashes. Hashes may be generated to provide a reference sum of data, which may be used to efficiently index data.

EFFECT: provision of improvement in respect to delay time and reduction of total traffic of a global computing network.

20 cl, 10 dwg

FIELD: physics.

SUBSTANCE: interference detector of moving underwater object has a generator, a radiating antenna device, a signal processing unit which includes first and second receiving channels, having corresponding receiving antenna devices, a corresponding matching device and a filter unit, as well as a subtractor and an adaptive filter, an amplitude detector, a recording device, an information display unit, wherein the signal processing unit additionally includes a frequency tuning channel, which includes a third receiving antenna device, a third matching device, a third filter unit and a unit for calculating and comparing the coherence function.

EFFECT: detecting a moving underwater object in shallow water based on the changing interference pattern in the investigated region.

5 cl, 1 dwg

FIELD: information technology.

SUBSTANCE: functioning instructions are added to user group subscription stored in the IP multimedia subsystem, instructing nodes in the IP multimedia subsystem to adapt their standard functioning for this specific group of users. The instructions in a subscription of a specific user group, provide a node of the IP multimedia subsystem which no longer needs to be specific for certain types of users, but has a standard way of operation, which is modified by instructions for dedicated operation for only that specific user group.

EFFECT: easy access to services of an IP multimedia subsystem, by users group which require alternative handling in relation to the standard handling of IP multimedia subsystem users.

15 cl

FIELD: information technology.

SUBSTANCE: system has a receiving-control device having a subsystem for expanding wireless zones with a module for expanding wireless zones to provide two-way radio communication for constant control of the communication channel of wireless sensors and the receiving-control device on an internal communication bus; the sensors are configured form a data packet of control-diagnostic messages consisting of a pseudorandom encryption byte, a unique sensor number and packet index number, the message itself, the signal level of the previous received response from the corresponding module for expanding wireless zones and noise level in the sensor zone, and fitted with a transceiver for transmitting the data packet to the corresponding module for expanding wireless zones of the receiving-control device.

EFFECT: high reliability of the system and cryptographic protection of data transmission channels in order to reduce the probability of a security and fire alarm system being bypassed by intruders, interfacing a central monitoring system with digital communication channels.

19 cl, 1 dwg, 12 tbl

FIELD: mobile communications.

SUBSTANCE: base station determines speed of direct data transfer of data in accordance to control data about data transfer speed received from base station, reads temporary maximal total size encoder packers from buffer, determines, if it is possible to transfer these temporary packets at this speed of data transfer forms a combination of logic packets from these temporary packets, if it possible to transfer these packets at current data transfer speed, and total size of temporary packets is greater or equal to certain threshold value, and transmits logic packets with physical level packet.

EFFECT: higher data transfer speed.

3 cl, 9 dwg

Up!