Method For Performing An Authentication Of Entities During Establishment Of Wireless Call Connection

  • Published: Nov 6, 2008
  • Earliest Priority: Apr 30 2007
  • Family: 5
  • Cited Works: 0
  • Cited by: 0
  • Cites: 4
  • Additional Info: Full text

Description

METHOD FOR PERFORMING AN AUTHENTICATION OF ENTITIES DURING ESTABLISHMENT OF WIRELESS CALL

CONNECTION

Technical Field

[1] The present invention relates to a method for establishing a connection between a base station and a terminal so as to transmit and receive data in the E-UMTS (Evolved Universal Mobile Telecommunications System) or LTE (Long-Term Evolution) system, and more particularly, to a method for determining, by each entity, whether to establish a connection by comparing an authentication input value transmitted from a counterpart entity with an authentication input range. Background Art

[2] Figure 1 shows an exemplary network structure of an Evolved Universal Mobile

Telecommunications System (E-UMTS) as a mobile communication system to which a related art and the present invention are applied. The E-UMTS system is a system that has evolved from the UMTS system, and its standardization work is currently being performed by the 3GPP standards organization. The E-UMTS system can also be referred to as a LTE (Long-Term Evolution) system.

[3] The E-UMTS network can roughly be divided into an E-UTRAN and a Core

Network (CN). The E-UTRAN generally comprises a terminal (i.e., User Equipment (UE)), a base station (i.e., eNode B), a serving gateway (S-GW) that is located at an end of the E-UMTS network and connects with one or more external networks, and a Mobility Management Entity (MME) that performs mobility management functions for a mobile terminal. One eNode B may have one or more cells.

[4] Figure 2 shows an exemplary architecture of a radio interface protocol between a terminal and a base station according to the 3GPP radio access network standard. The radio interface protocol is horizontally comprised of a physical layer, a data link layer, and a network layer, and vertically comprised of a user plane for transmitting user data and a control plane for transferring control signaling. The protocol layer may be divided into Ll (Layer 1), L2 (Layer 2), and L3 (Layer 3) based upon the lower three layers of the Open System Interconnection (OSI) standards model that is widely known in the field of communication systems.

[5] Hereinafter, particular layers of the radio protocol control plane of Fig. 2 and of the radio protocol user plane of Fig. 3 will be described below.

[6] The physical layer (Layer 1) uses a physical channel to provide an information transfer service to a higher layer. The physical layer is connected with a medium access control (MAC) layer located thereabove via a transport channel, and data is transferred between the physical layer and the MAC layer via the transport channel. Also, between respectively different physical layers, namely, between the respective physical layers of the transmitting side (transmitter) and the receiving side (receiver), data is transferred via a physical channel.

[7] The Medium Access Control (MAC) layer of Layer 2 provides services to a radio link control (RLC) layer (which is a higher layer) via a logical channel. The RLC layer of Layer 2 supports the transmission of data with reliability. It should be noted that if the RLC functions are implemented in and performed by the MAC layer, the RLC layer itself may not need to exist. The PDCP layer of Layer 2 performs a header compression function that reduces unnecessary control information such that data being transmitted by employing Internet Protocol (IP) packets, such as IPv4 or IPv6, can be efficiently sent over a radio interface that has a relatively small bandwidth.

[8] The Radio Resource Control (RRC) layer located at the lowermost portion of Layer 3 is only defined in the control plane, and handles the control of logical channels, transport channels, and physical channels with respect to the configuration, reconfiguration and release of radio bearers (RB). Here, the RB refers to a service that is provided by Layer 2 for data transfer between the mobile terminal and the UTRAN.

[9] Hereinafter, description of a method for receiving data by a terminal in the LTE system will be given. As shown in Fig. 4, the base station and the terminal generally transmit/receive data through a Physical Downlink Shared Channel (PDSCH) using a transport channel DL-SCH, with the exception of a specific control signal or a specific service data. Also, information on which terminal (or a plurality of terminals) should receive data of the PDSCH or information on how the terminals should receive the PDSCH data and perform decoding, is transmitted by being included in the physical layer PDCCH (Physical Downlink Control Channel).

[10] For instance, it is assumed that a certain PDCCH is under a CRC masking as an "A"

RNTI (Radio Network Temporary Identifier), and is being transmitted in a certain sub- frame by including information about data being transmitted in transfer format information "C" (e.g., a transport block size, modulation and coding information, etc.) through radio resources "B" (e.g., a frequency location). Under such condition, one or more terminals in a corresponding cell may monitor the PDCCH by using their own RNTI information. If there are one or two or more terminals having A RNTI at a corresponding point of time, the terminals shall receive the PDCCH, and also a PDSCH indicated by B and C through the received information on PDCCH.

[11] During this procedure, an RNTI is transmitted to inform that allocation information of radio resources transmitted through each PDCCH conforms to which terminals. The RNTI is divided into a dedicated RNTI and a common RNTI. The dedicated RNTI is used for data transmission/reception to a certain terminal. The common RNTI is used when data is transmitted or received to/from terminals to which the dedicated RNTI is not allocated since its information is not registered in the base station or when information commonly used by a plurality of terminals (e.g., system information) is transmitted. For instance, during the RACH procedure, RA-RNTI or T-C-RNTI is the common RNTI.

[12] In the related art, an RRC connection should be established to perform a call establishment between the terminal and the base station. During the RRC connection process, a security setup is required. However, the process for the security setup is not performed by a test method through a security setup-related message having more reliability, thereby causing a problem of inefficiently performing an authentication between entities in a radio (wireless) call connection process. Disclosure of Invention Technical Solution

[13] The present invention has been developed in order to solve the above described problems of the related art. As a result, the present invention provides a method for performing an authentication of entities during an establishment of a wireless call connection.

[14] To implement at least the above feature in whole or in parts, the present invention may provide a method of performing a security setup process in a mobile communications system, the method comprising: determining a candidate set for a security setup parameter; receiving a parameter related to a security setup; and determining whether or not the received parameter is matched with at least one of the determined candidate set, and a mobile terminal for performing a security setup process in a mobile communications system, the mobile terminal comprising: a radio protocol entity adapted to determine a candidate set for a security setup parameter, to receive a parameter related to a security setup, and to determine whether or not the received parameter is matched with at least one of the determined candidate set.

[15] Additional features of this disclosure will be set forth in part in the description which follows and in part will become apparent to those having ordinary skill in the art upon examination of the following or may be learned from practice of this disclosure. The objectives and other advantages of this disclosure may be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings. Brief Description of the Drawings

[16] Figure 1 shows an exemplary network structure of an Evolved Universal Mobile

Telecommunications System (E-UMTS) as a mobile communication system to which a related art and the present invention are applied;

[17] Figure 2 shows an exemplary control plane architecture of a radio interface protocol between a terminal and a UTRAN (UMTS Terrestrial Radio Access Network) according to the 3GPP radio access network standard;

[18] Figure 3 shows an exemplary user plane architecture of a radio interface protocol between a terminal and a UTRAN (UMTS Terrestrial Radio Access Network) according to the 3GPP radio access network standard;

[19] Figure 4 shows a related art method for allocating radio resources;

[20] Figure 5 shows an exemplary process for RRC connection setup and security setup;

[21] Figure 6 shows an exemplary structure of COUNT-I among information required for an integrity check;

[22] Figure 7 shows an exemplary method for performing an integrity check; and

[23] Figure 8 shows an exemplary method for performing an authentication between entities in a radio call establishment process according to the present invention. Mode for the Invention

[24] Hereinafter, description of structures and operations of the preferred embodiments according to the present invention will be given with reference to the accompanying drawings.

[25] One aspect of the present invention is the recognition by the present inventors regarding the problems and drawbacks of the related art described above and explained in more detail hereafter. Based upon such recognition, the features of the present invention have been developed.

[26] Although this disclosure is shown to be implemented in a mobile communication system, such as a UMTS developed under 3GPP specifications, this disclosure may also be applied to other communication systems operating in conformity with different standards and specifications.

[27] Figure 5 shows an exemplary RRC connection setup method so as to perform a call setup between the terminal and the base station (eNB). As shown in Fig. 5, an RRC connection setup process is a process which establishes an RRC connection serving as a path to exchange control information such that the terminal and the base station can manage a call setup. First, the terminal may transmit an RRC Connection Request message to the base station so as to transmit information including its identifier to the base station. The eNB may transmit an RRC Connection Setup message to the terminal so as to deliver information for a call setup and the RRC connection setup.

[28] Then, additionally, the terminal and the base station may perform a security setup, through which the terminal and the base station can build an environment for performing ciphering and integrity check. The base station may transmit a Security Setup message to the terminal, and then the terminal may transmit a Security Setup Complete message in response to the Security Setup message, thereby completing the security setup. The security setup message may be forwarded with the RRC connection setup message or may be transmitted at any time while a call is established. Here, for the security-related message, a HFN (Hyper Frame Number) initial setup value, etc. may be transmitted. Here, the transmitted HFN initial setup value may be used for the terminal or the base station to set a context of the ciphering or integrity check.

[29] In general, the terminal and the UTRAN (Node B, eNB) exchange a variety of messages. In most cases, a security check is subject to protect data included in those messages. Such security check may include the ciphering and integrity check. The ciphering is implemented in which a transmitting side and a receiving side are configured to add a certain MASK known only to both sides into a message, thereby preventing a third party who does not know the certain MASK from knowing a content of the message. In addition, unlike the ciphering, the integrity check may be used to verify that a content of a transmitted message is not changed during transmission or from an unauthorized party. That is, the integrity check is a process required to determine whether or not the content of the received message is changed during transmission by a third party. The integrity check may be performed over most of RRC messages and all control messages transmitted to an upper end of the RRC in the UMTS system. The ciphering may be only performed to general user data. Further, the integrity check may be performed in the RRC layer.

[30] Information needed to perform the integrity check is described as follows:

[31] - IK (Integrity Key): As an integrity key, it is generated through an authentication process by the upper end of the RRC and then is notified to the RRC. This value is not a value that is transmitted over a radio section. Rather, it is a value which is calculated and used by an upper end of a terminal RRC and an upper end of a network RRC, respectively, based on a specific input value.

[32] - COUNT-I: It is a value of a sequence number for an integrity check and has a structure as shown in Fig. 6. It comprises two areas - an upper area of 28 bits, called an "RRC HFN (Hyper Frame Number)", and a lower area of 4 bits, called an "RRC SN (Sequence Number)".

[33] - MESSAGE: It indicates a transmitted message itself.

[34] - DIRECTION (Direction Identifier, lbit): It is a direction identifier, and is set to 0 for an uplink and to 1 for a downlink.

[35] Figure 7 shows an exemplary view of an integrity check process. A transmitting side and a receiving side may perform operations shown in Fig. 7 using the above-described information as an input value, thereby generating MAC-I and XMAC-I values. Here, the MAC-I may be an integrity check authentication value generated by the transmitting side, and the XMAC-I may be an integrity check authentication value generated by the receiving side. If all input values are the same, the MAC-I value and the XMAC-I value generated by performing the operations shown in Fig. 7 would be the same. However, if a message is changed during transmission, input values called "MESSAGE" of the receiving and transmitting sides would be different from each other, thus to have the MAC-I and the XMAC-I values different from each other. Accordingly, the receiving side should compare the MAC-I value and the XMAC-I value with each other. If the two values are different, the receiving side should determine that the message is damaged, thus to discard the message.

[36] Here, the transmitting side may change some of the input values used in the processes shown in Fig. 7 at every time a new message needs to be transmitted. And, the transmitting side may change some of the input values so as to generate a new MAC-I at each time. This may be to prevent a third party from watching for an unguarded point of security by re-using the MAC-I value. For this, the transmitting side would increase the SN value (i.e., a lower 4-bit value of the COUNT-I) by 1 at each time the message is transmitted. Here, due to the 4-bit SN value, the SN value has a value from 0 to 15, and is sequentially increased by 1 from 0. If the SN value becomes 15, the next SN value would become 0 and then is increased by 1. In this manner, at every time the SN value returns back to 0 from 15, the HFN (i.e., an upper value of the COUNT-I) would be also increased by 1. Accordingly, this method would ultimately have the same effect as the COUNT-I increases by 1 each time, and as mentioned above, some of the input values in the calculation process of an integrity ciphering authentication value would be changed.

[37] If the receiving side checks an SN value of a received message and determines that the checked SN value indicates a finishing of one cycle, the receiving side increases its HFN value by 1. In this way, the receiving side may have the same COUNT-I of the transmitting side. This method would allow the transmitting and the receiving sides to have the same COUNT-I information even though the SN value only is transmitted. Besides, a breaking of security information by a third party, which may occur when all of the COUNT-I itself is transmitted, can be prevented.

[38] Accordingly, in order to allow the receiving side to accurately calculate the XMAC-I and to prevent the breading of security information, the transmitting side may transmit a message by adding the SN value (i.e., the lower value of the COUNT-I) thereto at each transmission. Also, it may transmit the message by adding the MAC-I value which will be used by the receiving side as a reference in the integrity check. Here, the receiving side may need to verify whether or not the thusly transmitted SN value is a correct value. For this, the receiving side may manage its own local variable SN by utilizing all the SN values that have been received so far. If the transmitted SN value and the local variable SN value of the receiving side are the same, the receiving side would immediately discard the message, considering that the third party may send the message by using the same security information or the same message would be transmitted twice.

[39] The receiving side may use the transmitted SN value to configure the COUNT-I, and may use the value and parameters set by the receiving side to calculate the XMAC-I through the processes shown in Fig. 7. Then, the receiving side may compare the MAC-I value and the XMAC-I value transmitted with the message, and then may determine whether or not the integrity check is successful. Here, if the received message is determined to pass the integrity check, the receiving side may store the SN value included in the message into the local variable SN, thus to use to check an SN value of the next message.

[40] As shown in the security setup process, when the terminal and the base station transmit the security setup-related message, it should be checked that only a trusted entity may receive the message, or the received security setup-related message has been received from a trusted entity only. If the received security setup message is received from a security attacker, an entity having received the message should delete the received security setup-related message.

[41] Figure 8 shows an exemplary method for performing an authentication between entities in a radio call setup process according to the present invention. As shown in Fig. 8, it is assumed that 6 is the highest among the HFN values used before the terminal and the base station exchange the security setup message, and a window size for security value candidates is 5. With such assumption, a candidate set for security setup input value would be from 7 to 11. Here, if the terminal and the base station apply the same value to both the HFN and the window size for security value candidates, the terminal and the base station would have the same candidate set for security setup input value. A case (a) in Fig. 8 shows that the base station has a valid candidate set for the security setup input, and case (b) shows that the base station does not have a valid candidate set for the security setup input. That is, in the case (a), the base station transmits a security setup message by including a security setup input value of "8." Then, having received the security setup message, the terminal regards the base station as a valid base station since the security setup input value is included in the candidate set for the security setup input value (7-11) calculated by the terminal itself, and sets a HFN in ciphering and integrity check by using the value. On the contrary, the case (b) shows that the base station and the terminal manage different candidate sets for security setup input values or that the base station is not a valid base station. In the case (b), the base station transmits a security setup message by setting the security setup input value to "13" to the terminal. Then, the terminal determines that the security setup message is from an invalid base station since the value is not included in the candidate set for security setup input value (7-11). Accordingly, the terminal may terminate a call or release the RRC connection being established. Then, the terminal determines that the base station is a barred base station, thereby performing no further connection attempt. Additionally, it may select another cell.

[42] Here, the above exemplary embodiment may also be applied in reverse. That is, when the terminal transmits an RRC connection setup request message, it may transmit a HFN setup value. This setup value can be set as a value between a HFN value used in a previous RRC connection by the terminal, and the HFN value added into the window size for security value candidates. The base station checks the validity of the received value so as to determine whether or not the RRC connection should be established with the terminal.

[43] Also, an offset value may be utilized for performing an authentication between entities in a radio call setup process. For example, it is assumed that 6 is the highest among the HFN values used before the terminal and the base station exchange the security setup message, a window size for security value candidates is 5, and the offset value is 2. With such assumption, a candidate set for security setup input value would be from 9 to 13.

[44] According to the present invention, when the terminal and the base station exchange a security setup value, a window may be used to get a valid range of a value, thereby providing a method for rapidly authenticating the terminal and the base station to each other in more efficient manner through a security setup-related message having more reliability.

[45] Further, the present invention may provide a method for efficiently authenticating an entity which transmits a security-related message in a process of exchanging the security-related message between a base station and a terminal. For this, there is provided a method for authenticating the entity by exchanging a security authentication setup value between the terminal and the network (eNB).

[46] That is, the present invention is to provide a method for authenticating a security- related message by a receiving side when the terminal or the base station transmits the security-related message. The base station and the terminal are configured to manage a candidate set for security setup input value, and to select a value from the candidate set. Then, the base station and the terminal are configured to set the selected value as a security setup input value, and to transmit the security-related message by including the set value therein. When a security-related message has been received, the base station and the terminal are configured to examine whether or not the security setup input value contained in the security -related message is included in a candidate set for security setup input value. During this process, as a result of the examination, if the received security setup input value is not included in the candidate set, a call may be dropped or an RRC connection and NAS connection may be released. Additionally, in this process, if the terminal receives the security-related message and the received security setup input value is not included in the candidate set, the terminal regards a corresponding base station as a barred base station, or if the terminal has moved to another cell, it starts a security setup, if necessary. During this process, if the base station receives the security-related message and the received security setup input value is not included in the candidate set, the base station regards a corresponding terminal as a barred terminal and denies further access by the terminal.

[47] During this process, the candidate set of the security setup input value may be expressed as a security setup reference value and a window size for security value candidates. The candidate set of the security setup input value is a set of the numbers between a security setup reference value and a window size for the security value candidates added to the security setup reference value. The security setup reference value may be excluded from the candidate set of the security setup input value. The security setup reference value may be a HFN (Hyper Frame Number) or the highest among HFN values used in radio bearers to which the security setup set between the terminal and the base station is applied. A eNB notifies the window size for security value candidates to the terminal. The eNB notifies the window size for security value candidates to the terminal in a call setup process and the eNB notifies the window size for security value candidates to the terminal via SI (system information). If a call is terminated or an RRC connection is released, the terminal stores HFN values being used. Then, if a call is setup again or an RRC connection is established, the terminal manages a candidate set for security setup input value by using the stored HFN value and the window size for security value candidates.

[48] It can be said that the present invention may provide a method of performing a security setup process in a mobile communications system, the method comprising: determining a candidate set for a security setup parameter; receiving a parameter related to a security setup; determining whether or not the received parameter is matched with at least one of the determined candidate set; and terminating at least one of a RRC connection, a NAS (non-access stratum) connection and a call connection between a terminal and a network, if the received parameter is not matched with the at least one of the candidate set, wherein the candidate set is determined by a security setup reference value and a security setting window size value, the candidate set is determined by adding the security setup reference value, the security setting window size value and/or an offset value, the security setup reference value is a HFN (hyper frame number) or the highest HFN among a plurality of HFN used in a radio bearer that is applied to the security setup process, the security setting window size value is received from a network during a call setup or through system information (SI).

[49] Also, the present invention may provide a mobile terminal for performing a security setup process in a mobile communications system, the mobile terminal comprising: a radio protocol entity adapted to determine a candidate set for a security setup parameter, to receive a parameter related to a security setup, and to determine whether or not the received parameter is matched with at least one of the determined candidate set.

[50] Although the present invention is described in the context of mobile communications, the present invention may also be used in any wireless communication systems using mobile devices, such as PDAs and laptop computers equipped with wireless communication capabilities (i.e. interface). Moreover, the use of certain terms to describe the present invention should not limit the scope of the present invention to a certain type of wireless communication system, the present invention is also applicable to other wireless communication systems using different air interfaces and/or physical layers, for example, TDMA, CDMA, FDMA, WCDMA, OFDM, EV-DO, Mobile Wi-Max, Wi-Bro, etc.

[51] The preferred embodiments may be implemented as a method, apparatus or article of manufacture using standard programming and/or engineering techniques to produce software, firmware, hardware, or any combination thereof. The term "article of manufacture" as used herein refers to code or logic implemented in hardware logic (e.g., an integrated circuit chip, Field Programmable Gate Array (FPGA), Application Specific Integrated Circuit (ASIC), etc.) or a computer readable medium (e.g., magnetic storage medium (e.g., hard disk drives, floppy disks, tape, etc.), optical storage (CD-ROMs, optical disks, etc.), volatile and non-volatile memory devices (e.g., EEPROMs, ROMs, PROMs, RAMs, DRAMs, SRAMs, firmware, programmable logic, etc). Code in the computer readable medium is accessed and executed by a processor. The code in which preferred embodiments are implemented may further be accessible through a transmission media or from a file server over a network. In such cases, the article of manufacture in which the code is implemented may comprise a transmission media, such as a network transmission line, wireless transmission media, signals propagating through space, radio waves, infrared signals, etc. Of course, those skilled in the art will recognize that many modifications may be made to this configuration without departing from the scope of the present invention, and that the article of manufacture may comprise any information bearing medium known in the art.

[52] This specification describes various illustrative embodiments of the present invention. The scope of the claims is intended to cover various modifications and equivalent arrangements of the illustrative embodiments disclosed in the specification. Therefore, the following claims should be accorded the reasonably broadest inter- pretation to cover modifications, equivalent structures, and features that are consistent with the spirit and scope of the invention disclosed herein.

Claims

[1] A method of performing a security setup process in a mobile communications system, the method comprising: determining a candidate set for a security setup parameter; receiving a parameter related to a security setup; and determining whether or not the received parameter is matched with at least one of the determined candidate set.

[2] The method of claim 1, further comprising: terminating at least one of a RRC connection, a NAS (non-access stratum) connection and a call connection between a terminal and a network, if the received parameter is not matched with the at least one of the candidate set.

[3] The method of claim 1, wherein the candidate set is determined by a security setup reference value and a security setting window size value.

[4] The method of claim 3, wherein the candidate set is determined by adding the security setup reference value and the security setting window size value.

[5] The method of claim 1, wherein the candidate set is determined by a security setup reference value, a security setting window size value and an offset value.

[6] The method of claim 4, wherein the security setup reference value is a HFN

(hyper frame number).

[7] The method of claim 6, wherein the security setup reference value is the highest

HFN among a plurality of HFN used in a radio bearer that is applied to the security setup process.

[8] The method of claim 4, wherein the security setting window size value is received from a network during a call setup.

[9] The method of claim 4, wherein the security setting window size value is received from a network through system information (SI).

[10] A mobile terminal for performing a security setup process in a mobile communications system, the mobile terminal comprising: a radio protocol entity adapted to determine a candidate set for a security setup parameter, to receive a parameter related to a security setup, and to determine whether or not the received parameter is matched with at least one of the determined candidate set.

Download Citation


Sign in to the Lens

Feedback