WO1999040742A1 - Data transmission method with encryption performed in an internal card unit (tru) - Google Patents
Data transmission method with encryption performed in an internal card unit (tru) Download PDFInfo
- Publication number
- WO1999040742A1 WO1999040742A1 PCT/FI1999/000079 FI9900079W WO9940742A1 WO 1999040742 A1 WO1999040742 A1 WO 1999040742A1 FI 9900079 W FI9900079 W FI 9900079W WO 9940742 A1 WO9940742 A1 WO 9940742A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- base transceiver
- transmission
- encryption
- network
- data
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W88/00—Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
- H04W88/08—Access point devices
Definitions
- TRU internal card unit
- the invention relates generally to data transmission taking place in a mobile network, more specifically to data transmission implemented in the fixed part of a mobile network.
- the fixed part means that part of the mobile network which extends in the uplink direction of the transmission link from the base transceiver stations, especially connections between the base station controller and a base transceiver station or between two successive- sive base transceiver stations.
- the network is called a fixed network in this context, it should be noted that this fixed network or its part can be implemented e.g. with the aid of radio links.
- Figure 1 shows the structure of the known GSM mobile communications system (Global System for Mobile Communications), using abbreviations known from the context of the GSM system.
- GSM Global System for Mobile Communications
- the system comprises several open interfaces.
- the transactions relating to crossing of interfaces have been defined in the stan- dards, in which context the operations to be carried out between the interfaces have also been largely defined.
- the network subsystem (NSS) of the GSM system comprises a mobile services switching center (MSC) through whose system interface the mobile network is connected to other networks, such as a public switched telephone network (PSTN), an integrated services digital net- work (ISDN), other mobile networks (Public Land Mobile Networks PLMN), and packet switched public data networks (PSPDN) and circuit switched public data networks (CSPDN).
- PSTN public switched telephone network
- ISDN integrated services digital net- work
- PSPDN Public Land Mobile Networks PLMN
- PSPDN packet switched public data networks
- CSPDN circuit switched public data networks
- the network subsystem is connected across the A interface to a base station subsystem (BSS) comprising base station controllers (BSC), each controlling the base transceiver stations (BTS) connected to them through a transmission network.
- BSC base station controllers
- BTS base station controllers
- the interface between the base station controller and the base stations connected thereto is the Abis interface.
- the base stations on the other hand, are in radio communication
- the GSM network is adapted to other networks by means of the in- terworking function (IWF) of the mobile services switching center.
- the mobile services switching center is connected to the base station controllers with PCM trunk lines crossing the A interface.
- the tasks of the mobile services switching center include call control, control of the base station system, handling of charging and statistical data, and signalling in the direction of the A interface and the system interface.
- the tasks of the base station controller include, inter alia, the selection of the radio channel between the controller and a mobile station MS. For selecting the channel, the base station controller must have information on the radio channels and the interference levels on the idle channels.
- the base station controller performs mapping from the radio channel onto the PCM time slot of the link between the base station and the base station controller (i.e., onto a channel of the link).
- the base station controller BSC includes trunk interfaces, by which it is connected on the one hand to the mobile services switching center over the A interface and on the other hand to the base transceiver stations over the Abis interface.
- the transcoder and rate adaptation unit TRAU forms part of the base station system and may be incorporated into the base station controller or the mobile services switching center.
- the transcoders convert speech from a digital format to another, for example convert the 64 kbit/s PCM signals arriving from the mobile services switching center across the A inter- face into 13 kbit/s coded speech signals to be conveyed to the base station, and vice versa.
- Data rate adaptation is performed between the speed 64 kbit/s and the speed 3.6, 6, or 12 kbit/s. In a data application, the data does not pass through the transcoder.
- the base station controller configures, allocates and controls the downlink circuits. It also controls the switching circuits of the base station via a PCM signalling link, thus enabling effective utilization of PCM time slots.
- a branching unit at a base station which is controlled by the base station controller, connects the transmitter/receivers to PCM links. Said branching unit transfers the content of a PCM time slot to the transmitter (or forwards it to the other base stations if the base stations are chained) and adds the content of the receive time slot to the PCM time slot in the reverse transmission direction.
- the base station controller establishes and releases the connections for the mobile station.
- the base stations are fully under the control of the base station controller.
- the base stations mainly comprise transmitter/receivers providing a radio interface towards the mobile station.
- Four full-rate traffic channels arriving via the radio interface can be multiplexed into one 64 kbit/s PCM channel between the base station controller and the base station, and hence the speed of one speech/data channel over this link is 16 kbit/s.
- one 64 kbit/s PCM link may transfer four speech/data connections.
- Figure 1 also shows the transfer rates used in the GSM system.
- the mobile station MS transmits speech data across the radio interface on the ra- dio channel for example at the standard rate 13 kbit/s.
- the base station receives the data of the traffic channel and switches it to the 64 kbit/s time slot of the PCM link.
- Three other traffic channels of the same carrier are also located in the same time slot (i.e., channel), and hence the transfer rate per connection is 16 kbit/s, as stated previously.
- the transcoder/rate adaptation unit TRAU converts the encoded digital information to the rate 64 kbit/s, and at this rate the data is transferred to the mobile services switching center.
- transcoder/rate adaptation unit is incorporated into the mobile services switching center, maximum advantage is gained from compressed speech in data transmission.
- base transceiver stations are chained in the manner shown by Figure 2, one after the other in such a way that each base transceiver station will take from the transmission network the traffic of the time slots allocated for its own (card) units and will switch the remaining time slots to the next base transceiver station.
- the first base transceiver station after the base station controller branches the traffic arriving from the base station controller into three different chains, and in each chain each base transceiver station will then re- ceive the data of those time slots, which are intended for its own units and will switch the data of other time slots forward in the chain.
- TRU is used to indicate these transmission units carrying out the branching.
- DMR additional unit
- the base station controller is connected through a separate cross-connection de- vice XD to a first base transceiver station, wherein the arriving traffic is branched to three separate base transceiver station chains.
- the traffic In that part of the network which is in the uplink transmission direction from the base transceiver stations, the traffic, however, usually goes un- encrypted from one network element to another. In the network part between base station controllers and base transceiver stations in particular it is hereby relatively easy to follow the traffic in the network, either the whole data flow or one or more individual time slots, e.g. a network management channel.
- encrypting of the data to be transmitted is performed when required also in the network part between base transceiver stations and base station controllers. This is carried out in such a way that to one or more legs where encryption of data is desired such devices are added which at the transmission end perform encryption of the data to be transmitted to the link and at the re- ception end perform decryption before the data is received.
- the devices are located outside the transmission equipment (e.g. the base transceiver station) proper.
- a drawback of such a solution is that it is difficult to process the encrypted data flow, if e.g. it is transmitted from one system to another (e.g. if PCM signals are transmitted to a SDH (Synchronous Digital Hierarchy) system, between network parts owned by two separate operators or even just between two such pieces of transmission equipment, which have different transmission capacities.
- SDH Serial Digital Hierarchy
- the data must in fact always first be decrypted, in order to reveal the standard signal format for processing.
- the idea of the invention is to perform data encryption in a card unit within the base transceiver station before framing of the data flow to be trans- mitted to the transmission network and, correspondingly, to perform decryption only after the frame structure of the received data has been disassembled and the payload data has been separated from the frame information.
- encryption can be performed without breaking against the requirements or provisions needed by the external interface of the network element, and preserving the standard signal format, whereby the signal can also be processed outside the base transceiver station in as simple a way as when processing an unencrypted signal.
- the network management channel is summed into the data stream to be transmitted before the encryption, so it is encrypted along with the other data.
- the network operator can read or change the set- tings of network elements or their units in the network. In this way it is possible to prevent any paralysis of parts of the network or any momentary taking over of the network or its part for use by another operator.
- Figure 1 illustrates the structure of a GSM mobile network
- Figure 2 shows base transceiver stations chained one after the other;
- Figure 3 illustrates the typical architecture of a base transceiver station;
- Figure 4 illustrates a solution in accordance with the invention at a transmission unit of a base transceiver station.
- the architecture of a base transceiver station is typically such as shown in Figure 3, that is, such that on the backplane BP or mother board of the base transceiver station those internal buses INB of the equipment are im- plemented, to which the card units of the base transceiver station are connected (card units are also called plug-in units).
- the card units of the base transceiver station are typically transmission units and base transceiver station units.
- the transmission unit attends to the traffic between the transmission network and the base transceiver station and an external interface of the base transceiver station is formed therein for the transmission network.
- the base transceiver station unit for its part contains the base transceiver station's radio parts, which are connected to an antenna.
- the figure shows two base transceiver station units and they are marked with the reference marks BSU1 and BSU2.
- the number of transmission card units is also two and they are marked with the reference marks TRU1 and TRU2.
- the number of transmission card units may vary and they may be equipped with access interfaces of many types.
- the transmission card units may also provide e.g. HDSL or ISDN interfaces. Such interfaces are formed in the example shown in the figure through the front connectors (FC1 and FC2) of the transmission card units .
- Figure 4 illustrates the solution according to the invention in a base transceiver station of a cellular network. Since the encryption method according to the invention is implemented explicitly on the transmission card unit of the base transceiver station, the figure shows only one transmission card unit TRU of these card units of the base transceiver station. It is assumed in the example that a 2048 kbit/s PCM line is connected to the interface of the transmission card unit. Thus the interface towards the transmission network is in compliance with the recommendations of CCITT's (nowadays ITU-T) G.700 series.
- the transmission card unit there is first in the reception direction an interface block IB, where synchronization takes place with the incoming signal and where the line-coded signal (e.g. three-level HDB3 coding used on PCM lines) is changed into binary data.
- the line-coded signal e.g. three-level HDB3 coding used on PCM lines
- the same actions are performed in the opposite order, that is, the signal to be transmitted is adapted physically to the transmission path.
- the data stream is switched in the reception direction to a framing block FB, where the frame structure of the signal to be received is disassembled.
- the useful data is separated from the frame information.
- a frame structure to be transmitted is formed in the framing block for the interface from the bit stream to be transmitted (those bits are added to the data flow, which belong solely to the frame structure, e.g. the frame alignment bits).
- the bit string to be received is then decrypted in the encryption/decryption block EB.
- encryption of the bit string to be transmitted is correspondingly performed in this block.
- the encryption may be performed by any method known as such, which provides a data security level which is sufficient for the environment in question.
- the bit flow is switched to the network management block NMB, where the network management data contained in the bit flow is separated from the bit flow for the microcontroller MC of the card unit.
- the network management bits are summed under control by the microcontroller into the bit flow to be transmitted. (In practice, almost every card unit has its own controller, which controls the functions of the card unit.)
- cross connection is performed in the cross-connection block XB, which is connected to the cross-connection bus XBUS (which is a part of the bus system INB on the backplane of the base transceiver station) between the units.
- the cross-connection unit some time slots are connected to the radio unit of the own base transceiver station while some are connected to such interfaces, which are connected through the transmission path to other base transceiver stations.
- One or more such inter- face may also be in the same transmission card unit, because one transmission card unit may have more than one interface.
- the cross-connection block is used to connect the contents of the base transceiver station's reception time slots or the contents of time slots received from other base transceiver stations to the correct time slots of the PCM signal to be transmitted from the desired interface.
- the encryption and decryption are carried out in a manner known as such, it will not be described in greater detail in this connection.
- the encryption and decryption are performed within the transmission card unit of the base trans-caliver station between the cross connection performed by the card unit and the de-framing/framing.
- the place is that where the bit flow received from the transmission network is processed unearned and that place which is located in the reception direction before the data is connected forward to the other units, preferably before bits are sepa- rated from the data even for use by the same transmission card unit.
- the preferable place is that where all information has already been summed into the bit flow to be transmitted, but where the bit flow is still in the form of unframed binary data.
- Figure 4 shows functional blocks contained in the transmission card unit TRU.
- the manner in which these blocks are located in physical circuits may vary in many ways. E.g. it is possible in practice to perform in the same circuit the implementation of the physical interface and the framing/de-framing.
- the blocks described above may be located in one customer circuit (application-specific integrated circuit), e.g. in such a way that the circuit includes all other blocks except the interface or the interface and the framing block.
- the functional blocks described above can be integrated within one or more circuits.
- one circuit may have certain functions for more than one transmission connection, e.g. there may be several interfaces in one line circuit. However, there are specific functional blocks for each interface.
- the encryption is preferably carried out on every leg of the network part between the base station controller and the base transceiver stations, so encryption may be performed not only in the base transceiver stations of Figure 1 but also in the base station controller BSC and/or in the cross-connection device XD. But when moving from the base station controller towards the mobile services switching center, the capacities of transmission connections usually become so high that an optical fiber is used as transmission medium in most cases. Hereby the same benefit can not be derived from encryption, since it is anyway difficult to eavesdrop an optical fiber. Decryption is always performed in the following network element containing the cross-connection of the same operator, so that multiple encryp- 9
- Encryption may be carried out using a fixed encryption key, or the encryption key may be changed when desired. If it is desired to change the encryption keys constantly, this must be taken into account when the network capacity is determined. In other words, of the transmission capacity a part must be reserved for the transmission of encryption keys and/or synchroniza- tion information of the encryption.
- the network management may inform the base transceiver stations both about encryption keys and about the moment of their change or only about the moment of change, if the new encryption key is already known to the base transceiver station.
- the base transceiver stations Since the traffic must run constantly and since it is not desirable that at the moment of encryption key change a non-encrypted mode exists for a moment, the base transceiver stations must be mutually synchronized so that they will change the encryption key at the right moment.
- this synchronization information one bit of the frame is sufficient, which bit may be conveyed e.g. in time slot TSO, if the signal is a 2048 kbit/s signal in accordance with ITU-T's G.703/G.704 rec- ommendations (in every second frame there is a frame alignment character in the TSO time slot, but in every second bits 4-8 are free for national use, whereby they may be used for transmission of synchronization information).
- bits may also be reserved from some other time slot, but hereby the necessary capacity must be taken from the ca- pacity reserved for the payload.
- New encryption keys may be conveyed e.g. on the network management channel (e.g. time slot TS16 of a 2048 kbit/s signal).
- the base transceiver station may also have an encryption key database, wherein all encryption keys available to the base transceiver station are stored beforehand, e.g. when the network element is installed. Hereby no more than the above- mentioned synchronization information is sent from the network management system to inform when the encryption key is exchanged.
- the base transceiver stations may also count frames and change the encryption key e.g. always after a certain number of frames. 10
- One base transceiver station may use several different encryption keys at the same time, since several transmission connections may start out from one base transceiver station.
- a data flow can be transmitted e.g. in leased links in a very simple manner without the owner of the links being able to find out the content of the data flow. Seen from outside the data flow appears to be a normal transmission connection and it meets the provisions of the standard. Thus it is possible to handle the data flow, e.g. transmit it between the own equipment and the lessor's equipment without having to take any additional steps due to encryption.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Description
Claims
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP99902569A EP1053650A1 (en) | 1998-02-04 | 1999-02-03 | Data transmission method with encryption performed in an internal card unit (tru) |
AU22813/99A AU2281399A (en) | 1998-02-04 | 1999-02-03 | Data transmission method with encryption performed in an internal card unit (tru) |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FI980254A FI106514B (en) | 1998-02-04 | 1998-02-04 | Data transmission in cellular networks |
FI980254 | 1998-02-04 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO1999040742A1 true WO1999040742A1 (en) | 1999-08-12 |
Family
ID=8550707
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/FI1999/000079 WO1999040742A1 (en) | 1998-02-04 | 1999-02-03 | Data transmission method with encryption performed in an internal card unit (tru) |
Country Status (4)
Country | Link |
---|---|
EP (1) | EP1053650A1 (en) |
AU (1) | AU2281399A (en) |
FI (1) | FI106514B (en) |
WO (1) | WO1999040742A1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1161054A1 (en) * | 2000-05-30 | 2001-12-05 | Alcatel | Transmission process with signal processing between two distinct transmission/reception interfaces |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0093525A1 (en) * | 1982-04-30 | 1983-11-09 | British Telecommunications | Broadcasting encrypted signals |
US4771458A (en) * | 1987-03-12 | 1988-09-13 | Zenith Electronics Corporation | Secure data packet transmission system and method |
US5077794A (en) * | 1989-11-16 | 1991-12-31 | Verilink Corporation | Dual framing bit sequence alignment apparatus and method |
-
1998
- 1998-02-04 FI FI980254A patent/FI106514B/en active
-
1999
- 1999-02-03 WO PCT/FI1999/000079 patent/WO1999040742A1/en not_active Application Discontinuation
- 1999-02-03 AU AU22813/99A patent/AU2281399A/en not_active Abandoned
- 1999-02-03 EP EP99902569A patent/EP1053650A1/en not_active Withdrawn
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0093525A1 (en) * | 1982-04-30 | 1983-11-09 | British Telecommunications | Broadcasting encrypted signals |
US4771458A (en) * | 1987-03-12 | 1988-09-13 | Zenith Electronics Corporation | Secure data packet transmission system and method |
US5077794A (en) * | 1989-11-16 | 1991-12-31 | Verilink Corporation | Dual framing bit sequence alignment apparatus and method |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1161054A1 (en) * | 2000-05-30 | 2001-12-05 | Alcatel | Transmission process with signal processing between two distinct transmission/reception interfaces |
FR2809905A1 (en) * | 2000-05-30 | 2001-12-07 | Cit Alcatel | TRANSFER METHOD WITH SIGNAL PROCESSING BETWEEN TWO DISTINCT TRANSMIT / RECEPTION INTERFACES |
US7280556B2 (en) | 2000-05-30 | 2007-10-09 | Alcatel | Method of transferring signals between two separate send/receive interfaces, the method including processing of the signals |
Also Published As
Publication number | Publication date |
---|---|
AU2281399A (en) | 1999-08-23 |
FI106514B (en) | 2001-02-15 |
EP1053650A1 (en) | 2000-11-22 |
FI980254A (en) | 1999-08-05 |
FI980254A0 (en) | 1998-02-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
AU752200B2 (en) | Methods and apparatus for improved base station transceivers | |
KR100431638B1 (en) | Method of ciphering data transmission and a cellular radio system employing the method | |
KR100816897B1 (en) | Method of ciphering data transmission in a radio system | |
AU745814C (en) | Data transmission method in GPRS | |
US20080232252A1 (en) | Method of transmitting service information, and radio system | |
FI100571B (en) | Procedure and arrangement for asynchronous data transfer | |
FI97595C (en) | Mobile telephone system and a base station in a mobile telephone system | |
EP1333595B1 (en) | Method for transmitting signals from a plurality of base stations to a mobile statoin | |
WO1999040742A1 (en) | Data transmission method with encryption performed in an internal card unit (tru) | |
US20020044544A1 (en) | Method of transferring signals between two separate send/receive interfaces, the method including processing of the signals | |
US8489097B2 (en) | Method for transmitting signals from a plurality of base stations to a mobile station | |
CA2341621C (en) | Transmission of gsm circuit-switched data over a cdma link | |
KR100345683B1 (en) | apparatus and method for matching radio port and radio port controller in coireless local loop system | |
MXPA01002091A (en) | Transmission of gsm circuit-switched data over a cdma link | |
KR19980077726A (en) | Switching device (MCS) and base station (CELL SITES) of wireless communication system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG US UZ VN YU ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GH GM KE LS MW SD SZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
WWE | Wipo information: entry into national phase |
Ref document number: 1999902569 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: KR |
|
WWP | Wipo information: published in national office |
Ref document number: 1999902569 Country of ref document: EP |
|
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
NENP | Non-entry into the national phase |
Ref country code: CA |
|
WWW | Wipo information: withdrawn in national office |
Ref document number: 1999902569 Country of ref document: EP |