[go: up one dir, main page]

MXPA01008590A - Radio communication device and radio communication method - Google Patents

Radio communication device and radio communication method

Info

Publication number
MXPA01008590A
MXPA01008590A MXPA/A/2001/008590A MXPA01008590A MXPA01008590A MX PA01008590 A MXPA01008590 A MX PA01008590A MX PA01008590 A MXPA01008590 A MX PA01008590A MX PA01008590 A MXPA01008590 A MX PA01008590A
Authority
MX
Mexico
Prior art keywords
data
radio communication
unit
confidentiality
integrity
Prior art date
Application number
MXPA/A/2001/008590A
Other languages
Spanish (es)
Inventor
Uga Shinsuke
Matsuyama Hiroshi
Chikazawa Takeshi
Original Assignee
Mitsubishi Denki Kabushiki Kaisha
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Mitsubishi Denki Kabushiki Kaisha filed Critical Mitsubishi Denki Kabushiki Kaisha
Publication of MXPA01008590A publication Critical patent/MXPA01008590A/en

Links

Abstract

The present invention aims to provide a mobile station (MS) 100 which can perform confidentiality processing and integrity processing on data layer 2 or upper. A confidentiality/integrity processing unit 40 is provided among a terminal IF unit 10, a radio communication control unit 20, and a radio communication unit 30. The confidentiality/integrity processing unit 40 performs only the confidentiality processing on transparent data such as speech data transferred between the terminal IF unit 10 and the radio communication unit 30. The confidentiality/integrity processing unit 40 performs the confidentiality processing or/and the integrity processing on non-transparent data transferred to/from the radio communication control unit 20. The confidentiality/integrity unit 40 selectively performs the confidentiality processing or the integrity processing on the data of layer 2 or upper output from the radio communication unit 30 based on the data kind.

Description

RADIO COMMUNICATION DEVICE AND RADIO COMMUNICATION METHOD TECHNICAL FIELD The present invention relates to a radio communication apparatus and a method of radio communication for devices such as a cellular phone. In particular, the invention relates to a cellular phone that executes the processing of confidentiality and data integrity.
BACKGROUND TECHNIQUE Figure 24 shows a conventional cellular phone 500. A terminal IF (interface) unit 510, a radio communication control unit 520, and a radio communication unit 530 are provided to the conventional cellular telephone 500. The terminal interface unit 510 performs an interface with a user of the cellular telephone 500. The radio communication control unit 520 performs control of the complete cell phone communication, data conversion and data processing based on a protocol. The radio communication unit 530 modulates and demodulates data to allow radio communication. The radio communication unit 530 supports the physical layer (layer 1), which is the lowest layer of seven layers defined by OSI (Open Systems interconnection). A confidentiality processing unit 540 is provided to the radio communication unit 530. The confidentiality processing unit 540 encrypts and describes data of the physical layer that will be processed by the radio communication unit 530. Since the data sent / received by an antenna 541 is encrypted providing the confidentiality processing unit 540, the persons intervening the telephones are prevented from obtaining any significant information unless the encryption codes are violated. The conventional cellular phone 500 has the confidentiality processing unit 540 within the radio communication unit 530.
Accordingly, the data to be processed by the confidentiality processing unit 540 is stored in the physical layer (layer 1). In the physical layer, it is impossible to discriminate the data between the user data and the control data. The data sent / received by the cell phone includes several kinds of data, such as user data or signaling data, and it is required to perform the confidentiality processing of the data based on the data classes, or to ensure the integrity of the data depending on the significance of the data. As shown in the conventional architecture, since the confidentiality processing unit 540 is provided to layer 1, the data can not be subjected to confidentiality processing or integrity processing based on the class of data, because it is impossible to discriminate the data classes in layer 1. A preferred embodiment of the present invention is directed to obtaining a radio communication apparatus and a radio communication method that executes or performs confidentiality processing and data integrity processing based on the kind of data. In addition, another objective of the preferred embodiment of the present invention is to obtain the radio communication apparatus and the radio communication method that executes or performs data confidentiality processing and data integrity processing in an equal or higher layer. greater than layer 2 (data link layer) of the seven layers of the OSI. In addition, another objective of the preferred embodiment of the present invention is to obtain the radio communication apparatus and the radio communication method that selectively perform both or any of the data confidentiality processing and the data integrity processing based on the kind of data. In addition, another objective of the preferred embodiment of the present invention is to obtain the radio communication apparatus and the radio communication method that performs the confidentiality / data integrity processing for each channel in case the radio communication apparatus have multiple channels. further, another objective of the preferred embodiment of the present invention is to obtain the radio communication apparatus and the radio communication method that selectively performs any of the confidentiality or integrity processing on the data by discriminating between transparent and non-transparent data through a certain layer or a sub-layer.
BRIEF DESCRIPTION OF THE INVENTION A radio communication apparatus according to the invention includes: a terminal interface unit for entering data; a radio communication control unit, for inputting the data entered by the terminal interface unit, for processing the data based on a protocol, and producing the data; a confidentiality / integrity processing unit for entering a control signal and data of the radio communication control unit, performing at least one encryption of the data as confidentiality processing and the generation of a message authentication code to detect data manipulated as integrity processing on the data input, and sending the processed data to the radio communication control unit; and a radio communication unit for introducing, modulating, and sending the data sent from the radio communication control unit. The confidentiality / integrity processing unit inputs the control signal from the radio communication control unit, and selectively inputs the data from the terminal interface unit based on the entered control signal, and the confidentiality processing unit / integrity performs the confidentiality processing on the entered data and sends the data to which the confidentiality processing has been performed to the radio communication unit. The terminal interface unit produces transparent data and non-transparent data, and the radio communication control unit introduces the non-transparent data from the terminal interface unit, causes the confidentiality / integrity processing unit to process the data not transparent based on a protocol, and the radio communication control unit controls the transparent data to be transferred from the terminal interface unit to the confidentiality / integrity processing unit to perform the confidentiality processing. The confidentiality / integrity processing unit is connected to the radio communication control unit via a parallel interface. The confidentiality / integrity processing unit is connected to the terminal interface unit with a serial interface, and connected to the radio communication unit with a serial interface. The confidentiality / integrity processing unit also includes: a confidentiality processing unit that includes an encryption unit to encrypt the entered data; and an integrity processing unit having a message authentication code addition unit, for adding a message authentication code to the entered data.
The confidentiality / integrity processing unit includes multiple encryption units. The confidentiality / integrity processing unit includes multiple units of message authentication code addition. The confidentiality processing unit and the integrity processing unit form a module that inputs the control signal and data from the radio communication control unit, and the module executes at least one of the confidentiality processing and processing of integrity over the entered data, based on the control signal introduced. A radio communication apparatus according to the invention includes: a radio communication unit for receiving and demodulating the data; a radio communication control unit for entering data demodulated by the radio communication unit, processing the data based on a protocol, and producing the processed data; a confidentiality / integrity processing unit for entering a control signal and the data of the radio communication control unit, based on the entered control signal, performing at least one of the confidentiality processing by describing the data, and processing of integrity detecting manipulated data, and sending the processed data to the radio communication control unit; and a terminal interface unit for entering processed data from the radio communication control unit and sending the data. The confidentiality / integrity processing unit inputs the control signal from the radio communication control unit, and selectively inputs the data from the radio communication unit based on the input control signal; and The confidentiality / integrity processing unit performs the confidentiality processing on the entered data, and sends the processed data to the terminal interface unit. The radio communication unit produces transparent data and non-transparent data.
The radio communication control unit introduces the non-transparent data from the radio communication unit and causes the confidentiality / integrity processing unit to process the non-transparent data based on a protocol, and the radio communication control unit controls that transparent data is transferred from the radio communication unit to the confidentiality / integrity processing unit to perform confidentiality processing. The confidentiality / integrity processing unit is connected to the radio communication control unit with a parallel interface. The confidentiality / integrity processing unit is connected to the terminal interface with a serial interface, and connected to the radio communication unit with a serial interface. The confidentiality / integrity processing unit includes: a confidentiality processing unit that has a descriptor unit, to describe the data entered; and an integrity processing unit having an integrity verification unit, to verify an integrity of the data entered using a message authentication code added to the entered data. The confidentiality processing unit includes multiple units of description. The integrity processing unit includes multiple integrity verification units. The confidentiality processing unit and the integrity processing unit form a module that inputs the control signal and data from the radio communication control unit, and wherein the module, based on the input control signal, performs at least one of the processes of the confidentiality processing unit and the integrity processing unit on the entered data. A radio communication apparatus for wireless data communication according to the invention includes: a terminal interface unit for data entry / sending; a radio communication control unit for processing data based on a protocol; a radio communication unit for wireless data communication; a confidentiality / integrity processing unit, provided between the terminal interphase unit, the radio communication control unit, and the radio communication unit, which performs at least one of the confidentiality processing, to encrypt / describe data , and integrity processing to detect manipulated data about the data entered / sent to / from the radio communication control unit, encrypts the data from the terminal interface unit to the radio communication unit, and describes the data from the radio communication unit to the terminal interface unit. The confidentiality / integrity processing unit includes a confidentiality processing unit for performing a confidentiality processing on the entered data, and an integrity processing unit for performing an integrity processing on the entered data, separately. The confidentiality / integrity processing unit separately includes an encryption unit, for encrypting the data of the terminal interface unit to the radio communication unit, and a descriptor unit, for describing the data of the communication unit of the radio communication unit. radio to the terminal interface unit. The integrity processing unit separately includes a message authentication code addition unit, to add a message authentication code to the data entered to perform an integrity verification process, and an integrity verification unit, to verify an integrity of the data entered using the message authentication code added to the entered data. The communication device is a portable mobile telephone.
The confidentiality processing unit and the integrity processing unit employ the same encryption algorithm. The confidentiality processing unit and the integrity processing unit employ the same encryption algorithm. The confidentiality processing unit and the integrity processing unit employ the same encryption algorithm. The communication device is a cell phone. The radio communication device is a cell phone. The communication device is a cell phone. The radio communication apparatus is a radio station for sending / receiving data to / from a mobile station. The radio communication apparatus is a radio station for sending / receiving data to / from a mobile station. The radio communication apparatus is a radio station for sending / receiving data to / from a mobile station.
The radio station is either a base transceiver station and a radio network controller. The radio station is either a base transceiver station and a radio network controller. The radio station is either a base transceiver station and a radio network controller. A method of radio communication according to the invention includes: a terminal interface step for entering data; a radio communication control stage, for entering the data entered by the terminal interface stage, and for processing the data based on a protocol and sending the data; a confidentiality / integrity processing step, to input a control signal and data of the radio communication stage, perform at least one of encryption of the data as confidentiality processing, and the generation of a message authentication code, to detect manipulated data as integrity processing on the entered data, and to send the processed data to the radio communication control stage; and a radio communication stage, for inputting, modulating and sending the data produced from the radio communication control stage. A method of radio communication according to the invention includes: a radio communication stage, for receiving and demodulating data; a radio communication control stage, for inputting data demodulated by the radio communication stage, processing the data based on a protocol, and producing the processed data; a confidentiality / integrity processing step, for inputting a control signal and the data of the radio communication control stage, based on the entered control signal, performing at least one of the confidentiality processing to describe the data, and integrity processing to detect manipulated data, and send the processed data to the radio communication control stage; and a terminal interface stage, for inputting the processed data from the radio communication control stage, and sending the data. A method of radio communication for wireless data communication according to the invention includes: a terminal interface stage for data entry / sending; a radio communication control stage for processing data based on a protocol; a radio communication stage for wireless data communication; and a confidentiality / integrity processing step, provided between the terminal interface stage, the radio communication control stage, and the radio communication stage, and performing at least one of the confidentiality processing, to encrypt / describing data, and integrity processing to detect manipulated data about the data entered / sent from / to the radio communication control stage, encrypts the data from the terminal interface stage to the radio communication stage, and describes the data from the radio communication stage to the terminal interface stage.
BRIEF EXPLANATION OF THE DRAWINGS Figure 1 shows a configuration of a mobile communication system. Figure 2 shows a configuration of a radio network controller (RNC) 120. Figure 3 shows a configuration of a mobile station (MS) 100 according to the first embodiment. Figure 4 shows a configuration of a confidentiality / integrity processing unit 40 according to the first embodiment. Figure 5 shows a configuration of a confidentiality / integrity processing unit 40 according to the first embodiment. Figure 6 shows a configuration of a confidentiality / integrity processing unit 40 according to the first embodiment. Figure 7 shows a configuration of a confidentiality / integrity processing unit 40 according to the first embodiment.
Figure 8 shows a configuration of a confidentiality / integrity processing unit 40 according to the first embodiment. Figure 9 shows a configuration of a mobile station (MS) 100 according to the second embodiment. Figure 10 shows a configuration of a confidentiality / integrity processing unit 40 according to the second embodiment. Figure 11 shows a configuration of a confidentiality / integrity processing unit 40 according to the second embodiment. Figure 12 shows an example of encryption / decryption systems. Figure 13 shows a configuration of a confidentiality / integrity processing unit 40 according to the second embodiment. Figure 14 is an illustration shown in ARIB STD-T63 33.102.3G Security; Security Architecture, Section 6.3. Figure 15 is an illustration shown in ARIB STD-T63 33.102.3G Security; Security Architecture, Figure 16b.
Figure 16 is an illustration shown in ARIB STD-T63 33.102.3G Security; Security Architecture, Figure 16. Figure 17 shows a configuration of an encryption module 51 (or a descriptor module 71) employed within an encryption or encryption module 421. Figure 18 shows a form of installation of the confidentiality / integrity processing unit 40. Figure 19 shows a case in which the confidentiality / integrity processing unit 40 is implemented by software. Figure 20 shows a mechanism for calling the encryption program 47, by an application program executed in a radio communication control unit 20. Figure 21 shows a concrete example of data 92, 93 in case of non-transparent RLC mode. Figure 22 shows a concrete example of voice data as an example of transparent data 95, 96. Figure 23 shows a concrete example of unrestricted digital data as an example of transparent data 95, 96.
Figure 24 shows a conventional cell phone 500.
PREFERRED MODALITY FOR CARRYING OUT THE INVENTION Modality 1 Figure 1 shows a general configuration of a mobile communication system according to this modality. A mobile station (MS) is an example of the radio communication apparatus according to the invention. The mobile station (MS) 100 is, for example, a cellular phone. The mobile station (MS) 100 is connected to a base transceiver station (BTS) 110 by radio. The base transceiver station 110 (BTS) is connected to a radio network controller 120 (RNC). The radio network controller 120 (RNC) is connected to another radio network controller 120 (RNC). The radio network controller 120 (RNC) is also connected to a core network 130 (CN), and further connected to another radio network controller 120 (RNC) via the core network (CN) 130. One or both of the base transceiver station 110 (BTS) and the radio network controller 120 (RNC) can be referred to as a radio station.
Figure 2 shows a configuration of the same mobile communication system shown in Figure 1. In particular, the figure shows the internal configuration of the radio network controller 120 (RNC). A BTS IF unit 121 connects station 110 of the base transceiver (BTS). A handover control unit 122 controls handover in the event that the mobile station 100 (MS) moves between the base transceiver stations 110 (BTS). A signal control unit 123 for MS performs radio communication control and data integrity / confidentiality processing, while communicating with the mobile station (MS) 100. The following confidentiality / integrity processing of the mobile station (MS) 100 is performed corresponding to the confidentiality / integrity processing of the signal control unit 123 for MS. That is, the data encrypted by the mobile station (MS) 100 is described by the signal control unit 123 for MS. Conversely, the data encrypted in the signal control unit 123 for MS is described in the mobile station (MS) 100. An authentication code added by the mobile station (MS) 100 to ensure the integrity of the data is verified by the signal control unit 123 for MS. Conversely, the authentication code added by the signal control unit 123 for MS to ensure the integrity of the data is verified by the mobile station (MS) 100. the processing of data confidentiality or the integrity processing of the data. the data is executed in the second layer of the seven layers, that is, layer 2 (data link layer). A CN IF unit 124 interferes with the core network (CN) 130. An RNC IF unit 125 interfaces with another radio network controller 120 (RNC). A signal control unit 126 for CN performs control with a core network (CN) 130. a signal control unit 127 for RNC performs control with another radio network controller 120 (RNC). A control unit 128 controls the radio network controller 120 (RNC). A switch 129 switches the control signals and packet data based on the control efficiency of the control unit 128 between the radio station 110 (BTS), the radio network controller 120 (RNC) and the network 130 of core (CN). That is, the switch 129 switches not only the packet data, but also all kinds of data such as acoustic data, and in addition the switch 129 also switches the control signals. Figure 3 shows a configuration of the mobile station 100 (MS). The mobile station (MS) 100 includes a terminal IF unit 10, a radio communication control unit 20, a radio communication unit 30 and a confidentiality / integrity processing unit 40. A camera 1, a video 2, B / T (Blue tooth) 3, an LCD 4, a KEY 5, an LED 6, a USIM (Universal Subscriber Identity Module) 7, a RECEIVER 8, a MIC 9, and an HSJ (Headphones Joined to a Head) 0 are connected to the terminal IF unit 10. These devices from camera 1 to HSJ 0 perform interface processing with a user (a person) or a device that is to be connected, and the device inputs or sends information that can be recognized by the user (person) or the device which is going to be connected. The terminal IF unit 10 includes a module IF unit 11 for each module, a data format converter 12, a terminal IF control unit 13, and a unit 14 that encodes / decodes sounds. The module IF unit 11 for each module interfaces with each of the devices from camera 1 to HSJ 0. the data format converter 12 converts the data formats processed by the devices from camera 1 to the HSJ 0 to / from the data formats processed within the mobile station (MS) 100. The terminal IF control unit 13 controls the operation of the terminal IF unit 10. The sound coding / decoding unit 14 encodes electrical sound signals introduced by the MIC 9 to sound code. In addition, the sound coding / decoding unit 14 decodes the encoded signals to send the electrical sound signals to the RECEIVER 8. The radio communication control unit 20 controls the complete mobile station (MS). The radio communication control unit 20 is provided with a hardware circuit that includes a CPU, a ROM, a RAM, a wired microprogram, and the like, or software module. The radio communication control unit 20 processes data between the terminal IF unit 10 and the radio communication control unit 30. The radio communication control unit 20 converts data based on rules defined by the standard or protocol. In particular, the radio communication control unit 20 processes data from layer 2 or higher levels of layer, by functions such as packing or concatenation of data. The radio communication control unit 20 can discriminate the data class, because the radio communication control unit 20 processes the data from layer 2 or higher. Accordingly, the radio communication control unit 20 can judge whether certain data must undergo confidentiality processing or integrity processing based on the class of data. It is impossible to discriminate the class of data in layer 1, and therefore it is impossible to judge whether data processing should be subject to confidentiality or integrity processing. The radio communication control unit 30 is provided with a unit 310 that codes the channel, a unit 320 that modulates / demodulates the baseband, a radio unit 330, and an antenna 34. The unit 310 encoding the channel includes units that code and units that decode for respective channels. The unit encoding includes a unit 311 that encodes error detection, a unit 312 that encodes error correction, and a physical format converter 313. In addition, the decoding unit includes a physical format converter 314, a 315 unit that decodes the error correction, and an error detection unit 316. The baseband modulation / demodulation unit 320 (MODEM) modulates and demodulates the band. The baseband modulation / demodulation unit 320 (MODEM) includes a baseband modulator 321, and a baseband demodulator 322. The radio unit 330 converts the baseband signals to the transmission spectrum, or reverses the conversion. The radio unit 330 includes an upconverter 331 and a downconverter 332. The confidentiality / integrity processing unit 40 is connected to the radio communication unit 20. The confidentiality / integrity processing unit 40 receives data from the radio communication control unit 20, and performs the confidentiality processing of the data. In addition, the confidentiality / integrity processing unit 40 will ensure the integrity of the data. The confidentiality / integrity processing unit 40 inputs a control signal 91 from the radio communication control unit 20 for data confidentiality / integrity processing. In addition, the confidentiality / integrity processing unit 40 inputs data 92 from an arbitrary layer of layers 2 or higher levels such as processing data of confidentiality processing and / or data 92 of an arbitrary layer of layer 2 or higher levels. as the integrity processing processing data from the radio communication control unit 20. The confidentiality / integrity processing unit 40 performs confidentiality processing and / or data integrity processing 92 based on the control signal 91 input to send to the radio communication control unit 20. The control signal 91 includes parameters such as a key, an initial value, selection between the confidentiality processing and the integrity processing.
Figure 4 shows a configuration of the confidentiality / integrity processing unit 40. The confidentiality / integrity processing unit 40 includes an IF unit 410 and a module 411. the module 411 performs confidentiality processing and integrity processing within the same circuit, or using the same algorithm. The selection between the confidentiality processing and the integrity processing is determined by the control signal 91. Here, confidentiality processing means encrypting or decrypting the data. In addition, integrity processing means detecting data manipulation by adding authentication codes to the data, or by reproducing and comparing the authentication codes. Confidentiality processing and integrity processing can be performed by the same circuit or algorithm, or by a similar circuit or a similar module. Accordingly, as shown in Figure 4, confidentiality processing and integrity processing can be performed by a single module 411. In the case of Figure 4, it is possible to reduce the hardware resource and the software resource. In the following, a "module" refers to those implemented either by hardware or software only, or by combining both tools. Here we will explain the specific examples of confidentiality processing and integrity processing used for the cell phone. Figure 14 is a figure shown in ARIB STD-T63 33.102.3G Security; Security Architecture, Section 6.3. Figure 15 is a figure shown in ARIB STD-T63 33.102.3G Security; Security Architecture, Figure 16b. Figure 16 is a figure shown in ARIB STD-T63 33.102.3G Security; Security Architecture, Figure 16. Figure 14 shows an encryption method on the radio line. The signs shown in Figure 14 signify the following: CK: encryption key (encryption key) F8: function for data confidentiality processing IK: integrity key (message authentication key) F9: function for data integrity processing data Cell phone carriers implement authentication using functions from fl to f5. The 128-bit encryption keys called CK and IK generated through this authentication process are transferred to the function for data confidentiality processing (f8) and the function for data integrity processing (f9). Figure 15 shows an encryption method on the radio line. The signs shown in Figure 15 signify the following: f8: function for data confidentiality processing CK encryption key (encryption key) MESSAGE: clear text data that a sender or sender wishes to send to a receiver such as data from the user and signal information before encryption COUNT-C: numerical value data showing the cumulative number of transmission / reception, increased by 1 in each session. BEARER: bit to identify logical channel DIRECTION: bit to discriminate the address of transmission of encrypted text LENGTH: bit length of MESSAGE or data of encrypted text. As shown in Figure 15, the encryption / decryption of the data is performed based on a random number sequence generated by function f8 for data confidentiality processing. Figure 16 shows a method for generating the message authentication code. The signs shown in Figure 16 signify the following: f9: function for data integrity processing IK: integrity key (message authentication key) COUNT-I: numeric value data showing the cumulative transmission / reception number, increased by 1 in each session MESSAGE: clear text data that a sender wishes to send to a receiver such as user data and signal information before encryption DIRECTION: bit to discriminate the transmission address FRESH: random number generated for each user MAC-I: message authentication code for integrity (message authentication code computed by the sender) XMAC-I: expected message authentication code for integrity (message authentication code computed by the receiver). As shown in Figure 16, the integrity of the data can be verified by comparing two message authentication codes on the receiver side. In the following, the operation will be explained. To perform encrypted communication between the terminal and the network within the radio network, an authentication process is required, in which one partner confirms to the other that it is an appropriate partner, or both partners mutually confirm that the other is appropriate before to send / receive data between the two partners. As shown in Figure 14, during a series of authentication processes, both the terminal and the network use five functions, called functions fl to f5. In parallel with the authentication process, the function generates a 128-bit encryption key (CK) and a message authentication key (integrity key, IK) in both the terminal and the network. The two keys can be shared exclusively by the terminal and the network, which have been mutually authenticated, and the two keys are used within the two functions f8 and f9 described below. The two keys vary for each communication session, and in addition, there are no patterns between generated keys. Then, the keys are discarded when the communication is finished. The mechanism (protocol) required for this authentication process is standardized. However, since the functions of fl a f5 are not standardized, operators decide these functions independently. The security of the data after authentication processing is maintained by the data integrity and confidentiality processing techniques. The first, data confidentiality technique is applied to encrypt user data and signal information that includes sounds transferred over the radio network, and to prevent telephone intervention. To implement this data confidentiality processing, a function called data confidentiality function (hereinafter referred to as f8) is employed. In the case of communication data that has suffered confidentiality processing as shown in Figure 15, the sender uses the encryption key (CK) generated in the authentication process. In addition, a random number sequence is generated by entering a bit length (LENGTH) of the target data for encryption / decryption, an up / down link (DIRECTION), a counter (COUNT-C), a logical channel identifier (BEARER) ) to f8. Here, the uplink / downlink means those distinctive bits indicating the direction of transmission of the encrypted text data between a terminal and a base station. In addition, the counter is data that shows the number of accumulated times of sending / receiving data. At each sending / receiving of data, a fixed value is added to the counter. The counter is used to prevent an attack that tries to send the encrypted text data that has been previously sent. Still further, the logical channel identifier means a bit to identify a logical channel that performs encryption. The encrypted text data is generated by XORing the random sequence of numbers generated above, and the data / signal information to be encrypted and sent to the receiver. The parameters except CK are sent from the sender to the receiver without encryption. It is not necessary to send CK because the same parameter is generated on the receiver side in the authentication process. Even if the different parameters of CK are obtained by the third party, the security of the original message can be maintained, since the random sequence of numbers required to describe the encrypted text data can not be generated as long as CK remains secret. On the receiver side, the random sequence of numbers is generated using the received parameters and CK, which has already been obtained, the random sequence of numbers is XORed with the data of the received cipher text to describe the original message. This method is a variation of the OFB mode (output feedback), which is one of the modes used by the block cipher defined by ISO / IEC10116. In the OFB mode, even if the noise generated in the transmission path is mixed in the encrypted text data, the decoding processing can prevent the noise part from increasing. For this reason, this mode is frequently adopted for radio voice communication. The second technique for maintaining data security is the data integrity technique, which detects the manipulation in the signal information by adding a message authentication code (message authentication code) to the signal information in the radio communication line. This is also called message authentication technique. To implement this data integrity technique, a function for data integrity (hereinafter referred to as f9) is used. The same encryption algorithm that F8 is used in the core part of f9. First, in authentication, the message authentication key (IK) is derived from function f4 to generate the message authentication key, and the message authentication key is transferred to f9. As shown in Figure 16, a message authentication code (MAC-I or XMAC-I) is generated by entering the data (MESSAGE), the uplink / decendent (DIRECTION), the counter (COUNT-C), the random number (FRESH) generated for each user, as well as the authentication key of the message. These parameters are also sent to the receiver using a data format area that is not encrypted by the sender. Even if the parameters are obtained by the third party, the confidentiality of the data can be maintained as long as the message authentication key (IK) is kept secret, which is the same as the case of data confidentiality. The sender sends the data by adding this message authentication code (MAC-I) added to the receiver. The receiver, similarly, computes the message authentication code (XMAC-I) using f9. It can be confirmed that there is no manipulation by comparing MAC-I and XMAC-I to find them identical.
Here, the following shows some examples of the subsequent process in case of handling detection. (1) Request the retransmission of the data, and verify whether the received message authentication code is appropriate or not. (2) Disconnect the connection in case of consecutive detection of tampering. According to the 3GPP specification (for more information, go to http: // www .3gpp .org / About_3GPP / 3gpp.htm), the encryption / decryption module has the function of encrypting the unencrypted text data entered ( data to be encrypted) in encrypted text data (encrypted data) and send encrypted text data, and the function of decrypting encrypted text data into clear text data and sending the text data without encryption. Assuming that the mode complies with the 3GPP specification, the COUNT / BEARER / DIRECTION / CK / LENGTH above corresponds to the control signal 91 shown in Figure 3 as concrete examples. Further, as for the concrete examples of data 92 and 93 shown in Figure 3, for example "MACSDU" or "RLCPDU (datapart)" corresponds as shown in Figure 21. Here, "RLCPDU (datapart)" is a part of RLCPDU, of which the upper 1 Oct or 2 Oct (1 bit or 2 bits) are deleted (the "DATA TO ENCRYPT" part SHOWN IN Figure 21). "MACSDU" or "RLCPDU (datapart)" is an example of MESSAGE shown in Figure 15. Still still, MACSDU denotes Data Unit of Media Access Control Service. RLCPDU denotes Data Unit of Radio Link Control Protocol. Each message within the message flow is structured from RLCPDU in layer 3 after deleting the RLC header. Although RLCPDU has the part of 1-Oct or 2-Oct that is not subject to confidentiality processing, the entire RLCPDU is introduced to the confidentiality / integrity processing unit 40 and the opt unit does not perform confidentiality / integrity processing on the part of 1-Oct or 2-Oct. This is to reduce the load of the radio communication control unit 20, where the load is generated by moving 1-Oct or 2-Oct to eliminate the excluded part of 1 Oct or 2 Oct of the entire data unit (RLCPDU ).
Figure 5 shows another example of the confidentiality / integrity processing unit 40. As shown in Figure 5, a confidentiality processing unit 420 and an integrity processing unit 430 are provided separately. Within the confidentiality processing unit 420, an encrypted / decrypted unit 421 is provided. Within the integrity processing unit 430, a message authentication code / integrity verification code addition unit 431 is provided. The encrypted / decrypted unit 421 shows a case in which encryption and decryption are performed using an identical module. The message authentication code / integrity verification code addition unit 431 shows a case in which the addition of the message authentication code and the integrity check are performed using an identical module. A case shown in Figure 5 is a configuration in which the encryption and the decryption are performed by the same function, or the addition of the message authentication code and integrity verification are performed by the same function.
Compared with Figure 6, it is possible to reduce the hardware resource and the software resource within the case of Figure 5. Figure 6 shows another example of the confidentiality / integrity processing unit 40. As shown in Figure 6, within the confidentiality processing unit 420, an encryption unit 422 and a descriptor unit 423 are provided separately. In addition, within the integrity processing unit 430, a unit 432 for adding the message authentication code and an integrity verification unit 433 are provided separately. A case shown in Figure 6 is a configuration in which encryption and decryption are performed by different functions, or the addition of message authentication code and integrity verification are performed by different functions. It is possible to perform the encryption, the decryption, the addition of the message authentication code, the integrity verification, and in addition the processing of data confidentiality or integrity processing can be performed simultaneously in parallel on data sent / received . Accordingly, speed processing can be performed. Figure 7 shows a case in which multiple units 422 of encryption and multiple units 423 of described in the confidentiality processing unit 420 are provided. In addition, as shown in the Figure, multiple units 432 of message authentication code addition and multiple integrity verification units 433 are provided in the integrity processing unit 430. While the mobile station (MS) 100 is operating, there may be a case in which data in multiple channels must be processed at the same time. For example, when two kinds of data such as sound data and facsimile data are transferred simultaneously, data from at least two channels must be processed simultaneously. In such a case, the sound data can be encrypted by the encryption unit 1, and the facsimile data can be encrypted by the encryption unit 2. In addition, in the case of the described, data in multiple channels can be described simultaneously. It is not necessary to have the same number (n in the case of Figure 7) of the encryption units 422, the descriptive units 423, the message authentication code addition units 432 and the integrity verification units 433. The number of each of the units can be determined according to the number of channels that will be processed simultaneously by the mobile station (MS) 100. Otherwise, the units above do not correspond to each channel, but when a certain channel needs to process a large amount of data at a high speed, it is possible to have two encryption units process the large amount of data assigned to the channel. That is, the number of each of the units such as the encryption unit 422, the descriptor unit 423, the message authentication code addition unit 432, and the integrity verification unit 433 can be determined from according to the number of channels that are going to be processed simultaneously and / or the amount of data. In addition, the maximum number of units 422 encryption and the maximum number of units 423 of described may be different. In addition, the maximum number of the message authentication code addition units 432 and the maximum number of the integrity verification units 433 may be different. Figure 8 shows the case in which the confidentiality processing unit 420 is provided with multiple encryption / decrypted units 421. In addition, as shown in the Figure, the integrity processing unit 430 is provided with multiple units 431 for adding the message authentication code / integrity verification. In Figure 8, the encrypted / decrypted unit 421 and the message authentication / integrity verification code addition unit 431 shown in Figure 5 are respectively made multiple. In the case of Figure 8, when encryption and decryption are performed using the same function, multiple encrypted / decrypted 421 units corresponding to multiple channels are provided. Similarly, when the addition of the message authentication code and the integrity check are performed using the same function, multiple message authentication / integrity verification code addition units 431 corresponding to multiple channels are provided. Compared with the case shown in Figure 7, the configuration in Figure 8 can reduce the hardware resource and the software resource. In the cases shown in Figures 4 through 8, the confidentiality / integrity processing unit 40 includes both, the confidentiality processing unit 420 and the integrity processing unit 430. However, the confidentiality / integrity processing unit 40 may include any of the confidentiality processing unit 420 and the integrity processing unit 430. When the confidentiality / integrity processing unit 40 includes any of the confidentiality processing unit 420 and the integrity processing unit 430, the process of the other may be performed by the radio communication control unit 20. Modality 2. Figure 9 shows another configuration of the mobile station (MS) 100. Different from the configuration d Figure 3, in Figure 9, the data is entered / produced between the terminal IF unit 10 and the unit 40. of confidentiality / integrity processing. And in addition, the data is also entered / produced between the radio communication unit 30 and the confidentiality / integrity processing unit 40. In Figure 9, the non-transparent data 97 is non-transparent data such as packet data. In addition, transparent data 95, 96 is transparent data such as sound data, unrestricted digital data. Transparent data means that the data is not changed throughout the introduction to production in any layer or sub-layer of the OSI reference layers. Whereas, the non-transparent data means that the data requires some processing of data, such as conversion of the data format through the introduction to production in some layers or sub-layers of the OSI reference layers. For example, in a sub-layer of RLC (Radio Link Control) layer 2, when the SDU (Service Data Unit) and the PDU (Protocol Data Unit) of the data are different, the data They are non-transparent data. When the SDU and the PDU of the data in the MAC sub-layer (Media Access Control) of layer 2 are the same, the data is data is transparent data. In the case shown in Figure 9, the transparent data is, for example, sound data that can be transferred to the terminal IF unit 10, without any processing on the layer 1 data introduced / produced by the unit 30. of radio communication. On the other hand, the non-transparent data are, for example, packet data which requires some processing on the layer 1 data produced from the radio communication unit 30. As mentioned above, the concrete examples of transparent data 95 and 96 in Figure 9 are unrestricted digital data and sound data, each divided by the transparent block unit defined between layer 1 and layer 2. This data Transparent divided by unit of transport block equals MACPDU (and MACSDU), and therefore each of the data of the transport block unit corresponds to the confidentiality processing unit. As the data classes such as sound data are user data that remain transparent in the RLC sub-layers, implementing MT I / F (Mobile Terminal) - TA (Terminal Adapter) defined by ARIB (Figures 22, 23 ) As the serial interface for this transport model, it becomes possible to perform confidentiality processing on the serial formats of MATA I / F without any conversion. In addition, a specific example of the non-transparent data 97 is, as described above, packet or data data for signaling, however, each of the data is divided into units (Transport Block) defined between layers 1 and 2 The confidentiality / integrity processing unit 40 shown in Figure 9 performs confidentiality processing and integrity processing selectively on the non-transparent data input / output from / to the radio communication control unit 20, and at the same time. time, the confidentiality / integrity processing unit 40 always performs, for example, the processing of confidentiality on the transparent data introduced / produced between the IF unit 10 and the radio communication unit 30. The confidentiality / integrity processing unit 40 does not perform the integrity processing on the transparent data. If the transparent data includes data that does not require confidentiality processing, the radio communication control unit 20 makes the transparent data that does not require confidentiality processing not to be entered into the confidentiality / integrity processing unit 40, but introduced to the radio communication control unit 20. Or it is possible to make the transparent data that does not require confidentiality processing to be entered into the confidentiality / integrity processing unit 40, but does not perform the confidentiality processing on the transparent data using the control signal of the control unit 20 of radio communication. Figure 10 shows a configuration of the confidentiality / integrity processing unit 40. Different from the configuration shown in Figure 5, Figure 10 again includes a confidentiality processing unit 460. The confidentiality processing unit 460 includes an encryption unit 462 and a decryption unit 463. The encryption unit 462 inserts the transparent data 95 from the terminal IF unit 10, encrypts the data entered for sending to the unit 30 of radio communication as the transparent data 96. On the other hand, the descriptor unit 463 enters the transparent data 96 from the radio communication unit 30, describes the entered data for sending them to the terminal IF unit 10 as the transparent data 95. These processes of the confidentiality processing unit 460 are performed based on the control signal 99 of the IF unit 410. The control signal 99 is derived from the control signal 91. Accordingly, the confidentiality processing unit 460 performs the confidentiality processing based on the control signal issued from the radio communication control unit 20. In Figure 10, data 92 is entered / produced using the parallel interface via bus. On the other hand, the transparent data 95 and 96 are input / output to / from the confidentiality processing unit 460 via the serial interface. As explained above, Figure 10 shows a case in which two input / production interface systems, that is, the parallel interface and the serial interface are provided in the confidentiality / integrity processing unit 40. Figure 11 shows a configuration in which the confidentiality processing unit 460 is added to the confidentiality / integrity processing unit 40 shown in Figure 7. It is effective to have the configuration shown in Figure 11 when the encryption unit or the descriptor unit generates key streams to be XORED with the serial data as shown in Figure 12. As shown in Figure 11, the transparent data 95 and 96 are input / output to / from the processing unit 460. confidentiality through the serial interface, and in addition, the serial data that is introduced / produced through the serial interface includes multiplexed data of multiple channels. For example, when data from channel 2 is entered as serial data after the data from channel 1 is input, the encryption unit 1 corresponding to channel 1 generates a stream of keys to send to a multiplexer 481, unit 2 of encryption corresponding to channel 2 generates another stream of keys to be sent to multiplexer 481, and multiplexer 481 multiplexes these key streams in the same format as the data system of data 95. The multiplexed key stream and the data stream of the data entered is XORED by the XOR 483 circuit. The confidentiality processing unit 460 performs the operations above based on the control signal 99, i.e., the control signal 91 supplied from the radio communication control unit 20. Using the configuration of Figure 11, the delay of the serial data is caused only by the operation of the XOR circuit 483, which allows high-speed processing. Figure 13 shows another configuration in which the confidentiality processing unit 420 and the confidentiality processing unit 460 of Figure 10 are combined in a confidentiality processing unit 470. The confidentiality processing unit 470 processes both the data 92 entered / produced through the parallel interface and the data 95, 96 entered / produced through the serial interface. The confidentiality processing unit 420 and the confidentiality processing unit 460 are joined in the confidentiality processing unit 470, so that the hardware resource can be reduced. The confidentiality processing unit 470 switches the process for the transparent data and the process for the non-transparent data based on the control signal 99, that is, the control signal 99 sent from the radio communication control unit 20. The confidentiality / integrity processing unit 40 above can be configured by the hardware. For example, the configuration can be implemented by usual FPGA or LSI. In addition, the confidentiality / integrity processing unit 40 can be implemented by the software program. In the case where the confidentiality / integrity processing unit 40 is implemented by the software program, the CPU of the radio communication control unit 20 executes the software program. In addition, the confidentiality / integrity processing unit 40 can be implemented by a combination of hardware and software. For example, the confidentiality / integrity processing unit 40 can be implemented by a DSP (Digital Signal Processor) and a micro program or a fixed instruction program executed by the DSP. Hereafter, a specific example will be explained with reference to Figures 17 through Fig. 20. Figure 17 shows a configuration of the encryption module 51 (or descriptor module 71) used for the encrypted / decrypted unit 421. The encryption module 51 includes a key scheduler 511 and a data scrambling unit 512. Key scheduler 511 introduces a K key and generates n extended keys ExtKl to ExtKn. The data scrambling unit 512 generates a random number using a function F and an XOR circuit. Function F introduces the extended key and performs the transformation of nonlinear data. In the encryption module 51, various block encryption algorithms may be employed such as: (1) DES (Data Encryption Standard); (2) MISTY, which is the block encryption algorithm described in International Publication No. 097/9705 (US Series No. 08/83640); (3) KASUMI, which is the 64-bit block encryption technique based on the MISTY block encryption algorithm above and was determined to be used as International standard encryption for next-generation cell phones (IMT2000); and (4) Camellia, which is the block encryption algorithm described in Japanese Patent Application No. 2000-64614 (filed March 9, 2000). In addition, these block encryption algorithms such as DES, MISTY, KASUMI and Camellia can be employed in the described module 71. Figure 18 shows the implementation form of the confidentiality / integrity processing unit 40. Figure 18 shows a case in which the confidentiality / integrity processing unit 40 is implemented within FPGA, IC or LSI. That is, the confidentiality / integrity processing unit 40 can be implemented by the hardware. In addition, the confidentiality / integrity processing unit 40 may also be implemented by a printed circuit board, which is not shown in the Figure.
Figure 19 shows a case in which the confidentiality / integrity processing unit 40 is implemented by the software. The confidentiality / integrity processing unit 40 can be implemented by an encryption program 47. The encryption program 47 is stored in a ROM (Read Only Memory) 42 (a storage example). The encryption program 47 can be stored in a RAM (Random Access Memory) or other storage such as a floppy disk or a fixed disk. In addition, the encryption program 47 can be downloaded from a computer with a server. The encryption program 47 is operated as a subroutine. Encryption program 47 is called for execution of subroutine from an application program 46 stored in RAM 45 as a subroutine call. Otherwise, the encryption program 47 can be activated by generating an interrupt received in an interrupt control unit 43. A memory 55 may be a part of the RAM 45. The application program 46 and the encryption program 47 are programs executed by the CPU 41.
Figure 20 shows the mechanism for calling the encryption program 47 by the application program 46 which is operated in the radio communication control unit 20. The application program 46 calls the encryption program 47 using parameters of a K key, an initial value IV, M data of unencrypted text, and C data of ciphertext. The encryption program 47 introduces the key K, the initial value IV, and the data M of unencrypted text, and returns the data C of encrypted text. If the encryption program 47 and the describing program are the same, the encryption program 47 is called using parameters of the key K, the initial value IV, and the data M of unencrypted text. In addition, the encryption program 47 can be implemented by a digital signal processor and a program read and executed by a digital signal processor, which is not shown in the Figure. That is, the encryption program 47 can be implemented by combination of hardware and software. The above explanation referring to Figures 18, 19 and 20 applies to encryption, however, the description can be implemented in the same way. The encryption system or the described system can be installed to an electronic device. The system can be installed in all kinds of electronic devices, for example, a personal computer, facsimile machine, a cell phone, a video camera, a digital camera, or a TV camera. In particular, the characteristic of the modality can be realized effectively when the data of multiple channels are encrypted / described. 0 the implementation of the modality can be effective in the case where the data is received randomly from multiple users and described, or data from multiple users are generated randomly and respectively encrypted in real time. That is to say, the encryption / description of the drop mode can be extremely effective when the number of devices for encryption / description is small compared to the number of data classes that are to be encrypted / described. For example, the encryption / decryption of the above mode is highly effective when applied to a server computer that many client computers have to support or a base station or line control unit that has to collect and distribute data from / to many cell phones. In the example above, the radio communication control unit 20 and the confidentiality / integrity processing unit 40 are connected to the interface in parallel through the bus, however, the serial interface can be used to connect the unit 20 radio communication control and the confidentiality / integrity processing unit 40. In addition, in the explanation above, the terminal IF unit 10 and the confidentiality / integrity processing unit 40, the 30 and the confidentiality / integrity processing unit 40 are connected to the serial interface, however, the interface Parallel can be used to process at a higher speed instead of a serial interface. In the case of Figures 9 and 10, the confidentiality processing unit 460 is provided within the confidentiality / integrity processing unit 40, however, the confidentiality processing unit 460 can be provided independently of the confidentiality processing unit 460. confidentiality / integrity processing, and the confidentiality processing unit 460 may be placed between the terminal IF unit 10 and the radio communication unit 30. Industrial Applicability As mentioned above, this implementation mode allows the processing of confidentiality / integrity in layer 2 or higher layers so that confidentiality processing is not performed in layer 1, thus making it possible to determine the need for processing of confidentiality / integrity based on data types. For example, only confidentiality processing on transparent data is performed, and both confidentiality processing and integrity processing are performed on non-transparent data. Otherwise, it becomes possible to select whether or not to perform confidentiality processing and integrity processing in the case of processing non-transparent data.
In addition, according to the above modality, multiple confidentiality processing units and multiple integrity processing units are provided within the confidentiality / integrity processing unit according to the number of channels, or the amount of data, allowing the high speed processing by simultaneous parallel processing.

Claims (38)

  1. CLAIMS 1. A radio communication apparatus, comprising: a terminal interface unit for entering data; a radio communication control unit, for inputting the data entered by the terminal interface unit, for processing the data based on a protocol, and producing the data; a confidentiality / integrity processing unit for entering a control signal and data of the radio communication control unit, performing at least one encryption of the data as confidentiality processing and the generation of a message authentication code to detect data manipulated as integrity processing on the data input, and sending the processed data to the radio communication control unit; and a radio communication unit for introducing, modulating, and sending the data sent from the radio communication control unit.
  2. 2. The radio communication apparatus according to claim 1, wherein the confidentiality / integrity processing unit inputs the control signal from the radio communication control unit, and selectively inputs the data from the terminal interface unit. based on the control signal entered, and where the confidentiality / integrity processing unit performs the confidentiality processing on the entered data, and sends the data to which the confidentiality processing has been performed to the communication unit of radio.
  3. 3. The radio communication apparatus according to claim 2, wherein the terminal interface unit produces transparent data and non-transparent data, and wherein the radio communication control unit enters the non-transparent data from the interface unit. of terminal, causes the confidentiality / integrity processing unit to process the non-transparent data based on a protocol, and wherein the radio communication control unit controls the transparent data to be transferred from the terminal interface unit to the confidentiality / integrity processing unit to perform confidentiality processing.
  4. 4. The radio communication apparatus according to claim 1, wherein the confidentiality / integrity processing unit is connected to the radio communication control unit via a parallel interface.
  5. 5. The radio communication apparatus according to claim 1, wherein the confidentiality / integrity processing unit is connected to the terminal interface unit with a serial interface, and connected to the radio communication control unit with a serial interface.
  6. 6. The radio communication apparatus according to claim 1, wherein the confidentiality / integrity processing unit further includes: a confidentiality processing unit including an encryption unit for encrypting the entered data; and an integrity processing unit having a message authentication code addition unit, for adding a message authentication code to the entered data.
  7. 7. The radio communication apparatus according to claim 6, wherein the confidentiality / integrity processing unit includes multiple encryption units.
  8. 8. The radio communication apparatus according to claim 6, wherein the confidentiality / integrity processing unit includes multiple units of adding the message authentication code.
  9. 9. The radio communication apparatus according to claim 6, wherein the confidentiality processing unit and the integrity processing unit form a module that inputs the control signal and the data from the radio communication control unit, and the module executes at least one of the confidentiality processing and the integrity processing on the entered data, based on the control signal introduced.
  10. 10. A radio communication apparatus, comprising: a radio communication unit for receiving and demodulating the data; a radio communication control unit for entering data demodulated by the radio communication unit, processing the data based on a protocol, and producing the processed data; a confidentiality / integrity processing unit for entering a control signal and the data of the radio communication control unit, based on the entered control signal, performing at least one of the confidentiality processing by describing the data, and processing of integrity detecting manipulated data, and sending the processed data to the radio communication control unit; and a terminal interface unit for entering processed data from the radio communication control unit and sending the data.
  11. 11. The radio communication apparatus according to claim 10, wherein the confidentiality / integrity processing unit inputs the control signal from the radio communication control unit, and selectively inputs the data from the radio communication unit. based on the control signal introduced; and wherein the confidentiality / integrity processing unit performs the confidentiality processing on the entered data, and sends the processed data to the terminal interface unit.
  12. 12. The radio communication apparatus according to claim 11, wherein the radio communication unit produces transparent data and non-transparent data, wherein the radio communication control unit inputs the non-transparent data from the communication unit of the radio communication unit. radio and makes the confidentiality / integrity processing unit process the non-transparent data based on a protocol, and wherein the radio communication control unit controls that the transparent data is transferred from the radio communication unit to the unit of confidentiality / integrity processing to perform confidentiality processing.
  13. 13. The radio communication apparatus according to claim 10, wherein the confidentiality / integrity processing unit is connected to the radio communication control unit with a parallel interface.
  14. 14. The radio communication apparatus according to claim 11, wherein the confidentiality / integrity processing unit is connected to the terminal interface unit with a serial interface, and connected to the radio communication control unit with a serial interface.
  15. 15. The radio communication apparatus according to claim 11, wherein the confidentiality / integrity processing unit includes: a confidentiality processing unit having a descriptor unit, for describing the entered data; and an integrity processing unit having an integrity verification unit, to verify an integrity of the data entered using a message authentication code added to the entered data.
  16. 16. The radio communication apparatus according to claim 15, wherein the confidentiality processing unit includes multiple descriptor units.
  17. 17. The radio communication apparatus according to claim 15, wherein the integrity processing unit includes multiple integrity verification units.
  18. 18. The radio communication apparatus according to claim 15, wherein the confidentiality processing unit and the integrity processing unit form a module that inputs the control signal and the data from the radio communication control unit, and wherein the module, based on the introduced control signal, performs at least one of the processes of the confidentiality processing unit and the integrity processing unit on the entered data.
  19. 19. A radio communication apparatus for wireless data communication comprising: a terminal interface unit for data entry / sending; a radio communication control unit for processing data based on a protocol; a radio communication unit for wireless data communication; and a confidentiality / integrity processing unit, provided between the terminal interphase unit, the radio communication control unit, and the radio communication unit, which performs at least one of the confidentiality processing, to encrypt / describe data, and integrity processing to detect data manipulated on the data entered / sent to / from the radio communication control unit, encrypts the data from the terminal interface unit to the radio communication unit, and describes the data from the radio communication unit to the terminal interface unit.
  20. 20. The radio communication apparatus according to claim 19, wherein the confidentiality / integrity processing unit includes a confidentiality processing unit for performing a confidentiality processing on the entered data, and an integrity processing unit for performing an integrity processing on the entered data, separately.
  21. 21. The radio communication apparatus according to claim 19, wherein the confidentiality / integrity processing unit separately includes an encryption unit, for encrypting the data of the terminal interface unit to the radio communication unit, and a descriptor unit, for describing the data of the radio communication unit to the terminal interface unit.
  22. 22. The radio communication apparatus according to claim 19, wherein the integrity processing unit separately includes a message authentication code addition unit, for adding a message authentication code to the data entered to perform a process of integrity verification, and an integrity verification unit, to verify an integrity of the data entered using the message authentication code added to the entered data.
  23. 23. The radio communication apparatus according to claim 19, wherein the communication apparatus is a portable mobile telephone.
  24. 24. The radio communication apparatus according to claim 6, wherein the confidentiality processing unit and the integrity processing unit employ the same encryption algorithm.
  25. 25. The radio communication apparatus according to claim 15, wherein the confidentiality processing unit and the integrity processing unit employ the same encryption algorithm.
  26. 26. The radio communication apparatus according to claim 20, wherein the confidentiality processing unit and the integrity processing unit employ the same encryption algorithm.
  27. 27. The radio communication apparatus according to claim 1, wherein the communication apparatus is a cellular telephone.
  28. 28. The radio communication apparatus according to claim 10, wherein the radio communication apparatus is a cellular telephone.
  29. 29. The radio communication apparatus according to claim 19, wherein the communication apparatus is a cellular telephone.
  30. 30. The radio communication apparatus according to claim 1, wherein the radio communication apparatus is a radio station for sending / receiving data to / from a mobile station.
  31. 31. The radio communication apparatus according to claim 10, wherein the radio communication apparatus is a radio station for sending / receiving data to / from a mobile station.
  32. 32. The radio communication apparatus according to claim 19, wherein the radio communication apparatus is a radio station for sending / receiving data to / from a mobile station.
  33. 33. The radio communication apparatus according to claim 30, wherein the radio station is any of a base transceiver station and a radio network controller.
  34. 34. The radio communication apparatus according to claim 31, wherein the radio station is any of a base transceiver station and a radio network controller.
  35. 35. The radio communication apparatus according to claim 32, wherein the radio station is any of a base transceiver station and a radio network controller.
  36. 36. A method of radio communication comprising: a terminal interface stage for entering data; a radio communication control stage, for entering the data entered by the terminal interface stage, and for processing the data based on a protocol and sending the data; a confidentiality / integrity processing step, to input a control signal and data of the radio communication stage, perform at least one of encryption of the data as confidentiality processing, and the generation of a message authentication code, to detect manipulated data as integrity processing on the entered data, and to send the processed data to the radio communication control stage; and a radio communication stage, for inputting, modulating and sending the data produced from the radio communication control stage.
  37. 37. A method of radio communication comprising: a radio communication stage, for receiving and demodulating data; a radio communication control stage, for inputting data demodulated by the radio communication stage, processing the data based on a protocol, and producing the processed data; a confidentiality / integrity processing step, for inputting a control signal and the data of the radio communication control stage, based on the entered control signal, performing at least one of the confidentiality processing to describe the data, and integrity processing to detect manipulated data, and send the processed data to the radio communication control stage; and a terminal interface stage, for inputting the processed data from the radio communication control stage, and sending the data.
  38. 38. A method of radio communication for wireless data communication comprising: a terminal interface stage for data entry / sending; a radio communication control stage for processing data based on a protocol; a radio communication stage for wireless data communication; and a confidentiality / integrity processing step, provided between the terminal interface stage, the radio communication control stage, and the radio communication stage, and performing at least one of the confidentiality processing, to encrypt / describing data, and integrity processing to detect manipulated data about the data entered / sent from / to the radio communication control stage, encrypts the data from the terminal interface stage to the radio communication stage, and describes the data from the radio communication stage to the terminal interface stage.
MXPA/A/2001/008590A 1999-12-27 2001-08-24 Radio communication device and radio communication method MXPA01008590A (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
JP11/370657 1999-12-27

Publications (1)

Publication Number Publication Date
MXPA01008590A true MXPA01008590A (en) 2002-05-09

Family

ID=

Similar Documents

Publication Publication Date Title
JP4464046B2 (en) ENCRYPTION DEVICE, DECRYPTION DEVICE, AND RADIO COMMUNICATION DEVICE
EP1156694B1 (en) Radio communication device
US9801072B2 (en) Non-access stratum architecture and protocol enhancements for long term evolution mobile units
AU750597B2 (en) Method of ciphering data transmission and a cellular radio system employing the method
WO2012024903A1 (en) Method for encrypting voice calls in mobile communication network, and system, terminal, and network side thereof
EP2377288B1 (en) Method and apparatus for transmitting and receiving secure and non-secure data
EP1406423B1 (en) Network structure for encrypting of mobile communication system terminal and the method of realizing it
JP2002341761A (en) Method and device for security of communication information in cdma radio communication system
WO2000024139A1 (en) Encryption support in a hybrid gsm/cdma network
EP1428403B1 (en) Communications methods, systems and terminals
MXPA01008590A (en) Radio communication device and radio communication method
KR100594022B1 (en) Data encryption method and decryption method in radio link control layer of wireless network system
AU2005201858B2 (en) Authentication apparatus
EP1926275A1 (en) Method for data communication between user end devices
KR100408516B1 (en) Terminal for secure communication in CDMA system and methods for transmitting information using encryption and receiving information using decryption
KR100634495B1 (en) Wireless communication transceiver with information protection function and method
JPWO2001049058A1 (en) Wireless communication device and wireless communication method
TWI287767B (en) Encryption device and method, decryption device and method, integrity authentication code generation device and method, integrity authentication code auxiliary device, integrity recognition device, and wireless communication device
CN118200920A (en) A 5G Enhanced Security Architecture
KR20060103289A (en) Integrity authenticator device
KR20050081891A (en) Wireless communication terminal having information secure function and method therefor