Method and apparatus for storing and distributing encryption keys

摘要

A home location register stores key material related to mobile stations associated with the home location register. A first visited location register associated with a first site in a first zone stores key material related to a first mobile station of the mobile stations associated with the home location register. When the first mobile station roams to a second site in a second zone associated with a second visited location register, the key material related to the first mobile station is encrypted with an interkey, yielding encrypted key material, wherein the interkey is used only by infrastructure system devices other than a mobile station for encrypting at least the key material for transport between at least the first and second zones. The encrypted key material is forwarded to the second visited location register.

主权项

1. A method comprising the steps of:
storing, at a home location register, key material related to mobile stations associated with the home location register, wherein the home location register is included in a single communication system which further comprises multiple zones each having a set of infrastructure devices, and the communication system further comprising an interkey for encrypting information that is transported between infrastructure devices of different zones of the same communication system and an intrakey for encrypting information that is transported between infrastructure devices within the same zone; storing, at a first visited location register associated with a first site in a first zone of the multiple zones of the communication system, key material related to a first mobile station of the mobile stations associated with the home location register; when the first mobile station roams to a second site in a second zone of the multiple zones of the communication system, associated with a second visited location register, encrypting the key material related to the first mobile station with the interkey, yielding encrypted key material, wherein the interkey is used only by infrastructure system devices other than a mobile station for encrypting at least the key material for transport between at least the first and second zones; and forwarding the encrypted key material to the second visited location register; receiving, from the first mobile station at the first site, an encrypted message;
attempting to decrypt the encrypted message;when the attempt to decrypt has at least partially failed, requesting, from an infrastructure system device other than a mobile station, an encryption key associated with the first mobile station that is included in the key material;receiving the encryption key;decrypting the encrypted message with the received encryption key; further comprising the step of combining a Common Cipher Key (CCK) with a Group Cipher Key (GCK), yielding a Modified Group Cipher Key (MGCK) as the encryption key.