Session key generation and distribution with multiple security associations per protocol instance

摘要

A single instance of a session key generation protocol is executed in a manner that generates a plurality of security associations between user equipment and a first network element of a communication system. In one aspect, a first one of the security associations is utilized to secure data sent between the user equipment and the first network element in an ongoing communication. In conjunction with a handoff of the ongoing communication from the first network element to a second network element of the communication system, another one of the security associations is selected, and the other selected security association is utilized to secure data sent between the user equipment and the second network element in the ongoing communication. The security associations may comprise respective sets of session keys derived from a single pairwise master key.

主权项

1. A method comprising the steps of:
executing, in user equipment of a communication system, at least a portion of a single instance of a key generation protocol, said portion of the single instance of the key generation protocol comprising:
separating a first key into two or more sub-keys; andutilizing a first one of the sub-keys to generate two or more pairwise keys; selecting a first one of the pairwise keys to derive a first set of session keys for securing data in an ongoing communication with a first network element of the communication system; and in a handoff of the ongoing communication from the first network element to a second network element of the communication system, selecting a second one of the pairwise keys to derive a second set of session keys for securing data in the ongoing communication with the second network element.