PROCESSOR, METHOD AND TERMINAL FOR USE IN COMMUNICATIONS

FIELD OF THE INVENTION

The present invention relates to a processor, a method and a terminal for use in communications, particularly for sending encrypted information from a first location to a second location, e.g. by wireless communication.

BACKGROUND OF THE INVENTION

Wireless communication systems typically provide for radio communication links to be arranged within the system between a plurality of user terminals. Such user terminals may be mobile and may therefore be known as ^λ mobile stations', ^λ MSs' . At least one user terminal, e.g. used in conjunction with mobile stations, may be a fixed terminal, e.g. a control terminal. Such a system typically includes a system infrastructure which generally includes a network of various fixed installations such as base stations, ^λ BSs' , which are in direct radio communication with user terminals. Each of the BSs operating in the system may have one or more transceivers which may for example serve user terminals in a given local region or area, known as a ^λ cell' or ^λ site', by radio communication. Such a system is known as a cellular system. The user terminals which are in direct communication with a particular BS are said to be served by the BS, and all radio communications to and from each user terminal within the system are made via its serving BS. Cells of neighbouring BSs in a cellular system are often overlapping. MSs may also be able to communicate directly using a direct mode communication protocol.

Mobile communication systems usually operate according to an industry standard protocol. For example, TETRA systems operate according to TETRA standards defined by the European Telecommunication Standards Institute (ETSI) . TETRA systems are mainly used by professional user organisations such as the police and the fire services. In a number of known mobile communication systems, transmissions to and from mobile terminals are controlled in a synchronised time slot sequence in accordance with the industry standards. For example, in TETRA systems the synchronised sequence is formed of traffic time slots having a duration of 14.167 ms . Four such time slots represent four physical channels in a TDMA (time division multiple access) protocol and form one time frame of duration 56.67 ms in an 18 frame multiframe timing structure. Terminals in mobile communication systems such as TETRA systems send user communicated speech and data, herein referred to collectively as ^λ traffic information' , in designated traffic time slots of a traffic channel. For example, speech information may be processed in a transmitting terminal into a signal comprising speech frames using a speech processor, e.g. incorporating an ACELP (Algebraic Code Excited Linear Prediction) speech coder. Each speech frame comprises a data sequence, e.g. of binary digits, which represents a short portion of the speech signal to be transmitted. One speech frame in a TETRA system is typically transmitted in half a traffic time slot (known as a ^λ half slot' or ^λ sub-slot') at the air interface and therefore two speech frames are typically transmitted in each traffic time slot.

Many communication systems, including many TETRA systems, employ a procedure to encrypt sensitive

communicated traffic information especially where the information is sent via insecure channels, e.g. by wireless communication over-the-air . For example, in some mobile communication systems, wireless communications can be end- to-end encrypted. This means that encryption of traffic information can only be applied by a transmitting terminal of the sender (source) of the information and removed by a receiving terminal of the recipient (destination) of the information. Encryption is usually achieved by producing a random or pseudo-random data sequence of binary digits and using a combining procedure to combine the random or pseudo-random data sequence with a secret user key applied by the user. The combination generates another data sequence, known as a keystream, incorporating the user key. The keystream, or a portion of it, is then used to encrypt the user traffic information to be transmitted in encrypted form. This is done in an encryption processor by using a known combination procedure, such as an XOR (exclusive OR) combination procedure, to combine the unencrypted information with the keystream, e.g. on a frame-by-frame basis. The secret key used at the transmitting terminal is known at the receiving terminal, and the receiving terminal is sent the random or pseudo-random number used at the transmitting terminal, or is sent information to enable the receiving terminal to calculate that number. The receiving terminal is thereby able to re-construct the keystream applied at the transmitting terminal. The receiving terminal combines the reconstructed keystream with the encrypted traffic information signal it receives in a manner such that the keystream included in the encrypted signal is cancelled allowing the original traffic information to be extracted in unencrypted form.

The end-to-end encryption process therefore typically includes (i) operation of an encryption algorithm in a processor of a transmitting terminal to encrypt the information to be transmitted; and (ii) operation of a related decryption algorithm in a receiving terminal to decrypt the received encrypted information. The encryption process and has to be synchronised between the transmitting terminal and the receiving terminal. The transmitting terminal must send to the receiving terminal information concerning the state of the encryption algorithm being run in the transmitting terminal to allow the receiving terminal to synchronise its decryption algorithm with the received signal. Synchronisation information is thus sent from the transmitting terminal to the receiving terminal. In the prior art, different methods are employed to send synchronisation information. In a first known method, synchronisation information is embedded in the stream of traffic information (e.g. speech) . In each consecutive encrypted frame of traffic information, a portion of the traffic information replaced by embedded synchronisation information. Synchronisation information portions from several frames have to be collected before a complete set of synchronisation information is available to allow the receiving terminal to begin decryption. The complete set of synchronisation information is known in the art as a

^synchronisation vector'. Thus, a disadvantage of this first known method is that queuing of received traffic information frames has to occur until all of the traffic information frames containing the several (e.g. five) portions of embedded synchronisation information making up the synchronisation vector have been received.

In a second known method, an initial full traffic information frame is replaced by synchronisation information in a full synchronisation frame. This contains all of the information needed to provide the synchronisation vector. This is followed by a sequence of full traffic information frames containing no synchronisation information. Thus, no queuing of received traffic information frames needs to take place because the receiving terminal can begin without delay decryption of the first full traffic information frame received directly after the full synchronisation frame. However, the second known method has the disadvantage that if the initial synchronisation frame is missed by the receiving terminal, e.g. because the receiving terminal has made a late entry into the process of receiving the communication, the receiving terminal is unable to decrypt any of the received traffic information.

SUMMARY OF THE PRESENT INVENTION

According to the present invention in a first aspect there is provided a processor as defined in claim 1 of the accompanying claims.

According to the present invention in a second aspect there is provided a method as defined in claim 10 of the accompanying claims.

According to the present invention in a third aspect there is provided a communication terminal as defined in claim 15 of the accompanying claims. Further features of the present invention are as defined in the other accompanying claims and are disclosed in embodiments of the invention to be described.

Embodiments of the present invention will now be described by way of example with reference to the accompanying drawings, in which:

BRIEF DESCRIPTION OF THE ACCOMPANYING DRAWINGS

FIG. 1 is a schematic diagram of an illustrative wireless communication system which may be adapted for operation in accordance with an embodiment of the present invention.

FIG. 2 is a block schematic diagram of an illustrative layout of a mobile station of the system of FIG. 1.

FIG. 3 is a block schematic diagram of part of the layout of FIG. 2 showing an illustrative processor of the layout in more detail.

FIG. 4 is a frame sequence in a signal produced in accordance with an embodiment of the present invention.

DETAILED DESCRIPTION OF EMBODIMENTS OF THE INVENTION

In accordance with an embodiment of the invention to be described, a processor for encrypting a signal to be communicated from a first location to a second location, or for decrypting a signal which has been communicated from a first location to a second location, is operable to send or receive a signal which comprises a sequence of frames including an initial full synchronisation frame followed by consecutive mixed frames each of which includes a partial frame of encrypted traffic information together with a partial frame of synchronisation information. In accordance with embodiments of the invention in other aspects, a

method of operation in the processor and a communication terminal will also be described.

FIG. 1 shows a communication system 100 which may be adapted in accordance with an embodiment of the invention. It will be apparent to those skilled in the art that the system 100 and the components which are to be described as operating therein may take a number of forms well known to those skilled in the art. Thus, the layout of the system 100, and of its operational components to be described, should be regarded as illustrative rather than limiting. The system 100 of FIG. 1 will be described as an illustrative mobile communication system such as a system capable of operating in accordance with the TETRA 2 (TETRA Enhanced Data Service) standard being defined by the ETSI (European Telecommunications Standards Institute) .

The system 100 shown in FIG. 1 includes a BS (base station) 101 operably connected to a system infrastructure 103. The BS 101 has radio links with a plurality of user terminals, particularly terminals in a service cell or site defined by the position of the BS 101. The user terminals may include MSs (mobile stations) and may include at least one fixed terminal (not shown), e.g. used by a dispatcher or other operator sending and receiving operational control messages. Three of many possible MSs are shown, namely MSs 105, 107 and 109 having radio links 111, 113 and 115 respectively with the BS 101. The BS 101 thereby serves MSs including the MSs 105, 107 and 109 with radio communications to and from other terminals, including (i) MSs either served by the BS 101; (ii) MSs served by other BSs (not shown) of the system 100 operably linked to the BS 101; and (iii) other terminals including MSs in other systems (not shown) operably linked to the system 100.

Communication via the BS 101 is referred to herein as ^λ trunked mode' communication.

The system infrastructure 103 includes known subsystems (not shown) required for operation of the system 100. Such sub-systems may include for example sub-systems providing authentication, routing, MS registration and location, system management and other operational functions within the system 100. The system infrastructure 103 may include also other BSs (not shown) providing cells serving other MSs.

The MSs 105, 107 and 109 are also able to communicate directly with each other via direct radio links. Thus, the MSs 105 and 107 have a direct radio link 117, the MSs 105 and 109 have a direct radio link 119, and the MSs 107 and 109 have a direct radio link 121. Wireless communication directly between MSs is referred to herein as ^λ direct mode' communication .

FIG. 2 shows an illustrative layout 200 of operational components in each MS of the system 100, including the MSs 105, 107 and 109. A controller 201 controls functional operations of the MS. A processor 202 operably connected to the controller 201 processes information sent to and from the MS. The controller 201 and the processor 202 are operably connected to a timer 205 which provides operational synchronisation and timing and to a memory 206 which stores data and programs needed in operation by the controller 201 and the processor 202.

The processor 202, which may for example comprise a digital processor, is operably connected to an RF transceiver 203 which transmits and receives RF signals including signals carrying traffic information sent to and

from the MS. The signals are delivered over-the-air to and from an antenna 217 connected to the RF transceiver 203.

When the RF transceiver 203 via the antenna 217 receives an RF signal including information representing communicated speech, the processor 202 extracts the speech information and delivers via an output connection 217 a signal including the extracted speech information to an audio output 210. This comprises a transducer such as a speaker which converts the signal to audio form to reconstruct the communicated speech for a user of the MS having the layout 200. The MS having the layout 200 also includes an audio input 211 which comprises a transducer such as a microphone which converts speech of the user into the form of an electrical signal. The electrical signal is delivered via an input connection 219 to the processor 202 which processes the signal into a form suitable for inclusion in an RF signal for transmission by the transceiver 203 via the antenna 217.

When the RF transceiver 203 receives via the antenna 217 a signal representing communicated (non-speech) data, e.g. alphanumeric characters representing words or numerals or picture or video information, the processor 202 extracts information relating to the communicated data and delivers a signal including the extracted data via an output connection 221 to a data output 212. The data output 212 may for example comprise an external data processing terminal (not shown), e.g. a personal computer.

A data input 213 provides an input signal from a user including data to be communicated. The data input 213 may for example comprise a data source, e.g. a personal computer (not shown) . The signal provided by the data input 213 is delivered via an input connection 223 to the

processor 202 which processes information included in the signal into a form suitable for inclusion in an RF signal to be transmitted by the RF transceiver 203 via the antenna 217. The MS having the layout 200 includes a user interface 214, e.g. a keypad and control buttons, which allows a user to enter instructions and data into the MS. The user interface 214 is operably connected to the controller 201 to receive signals representing instructions entered by a user at the user interface 214. The user interface 214 is also operably connected to the processor 202 to enable a signal representing data entered by the user at the user interface 214 to be delivered to the processor 202. The processor 202 processes data included in the signal into a form suitable for inclusion in an RF signal to be transmitted by the RF transceiver 203 via the antenna 217.

The MS having the layout 200 includes an electro- optical display 209 operable to display information to a user in a known manner. The display 209 is driven by a display driver 207 under control of the controller 201.

The MS includes a battery 216 which provides a source of electrical energy for all active components of the MS.

FIG. 3 shows part of the layout 200 with the processor 202 shown in more detail. The processor 202 includes a speech processor 305 which processes a received speech signal extracted from an RF signal received by the RF transceiver 203 into a form suitable for delivery to the output connection 217 and also processes an input speech signal received from the input connection 219 into a form suitable for transmission (after further processing) , wherein the speech signal is in the form of digital data blocks, known in the art as speech frames, of a selected

size, e.g. as described earlier. The speech processor 305 may for example operate at baseband frequency and may include a speech coder/decoder and an automatic gain controller. The processor 202 also includes a data processor 307 which carries out processing of a received data signal extracted from an RF signal received by the RF transceiver 203 into a form suitable for delivery to the output connection 221 and of input data signals from the input connection 223 into a form for outward transmission (after further processing) . The data processor 307 may put the data in such signals into the form of data blocks or frames of a selected size, e.g. as described earlier. The data processor 307 may also operate at baseband frequency. The processor 202 includes an encryption/ decryption processor 301. The encryption/ decryption processor 301 encrypts speech signals for transmission received from the speech processor 305 and encrypts data signals for transmission received from the data processor 307. The encryption processor delivers the encrypted speech and data signals it produces to the RF transceiver 203 for outward transmission in the form of RF signals. The outward transmission may be to another terminal, e.g. another MS, of the system 100, either via BS 101 or by direct mode communication. The encryption/decryption processor 301 also decrypts incoming encrypted speech signals received from the RF transceiver 203 for delivery to the speech processor 305 and decrypts encrypted data signals received from the RF transceiver 203 for delivery to the data processor 305. The encryption/ decryption processor 301 operates an encryption procedure in a transmission mode whereby a clear (unencrypted) speech signal received from the speech processor 305 and a clear data signal received from the

data processor 307, each in the form of frames of digital numbers, is combined with a digital number stream referred to earlier as a keystream (also known as a cipher key) produced by a keystream generator 303. The keystream generator 303 is seeded by a secret key obtained from the memory 206. The secret key is a static digital number previously provided to the user of the MS and stored in the memory 206, e.g. via the user interface 214. The secret key is combined in the keystream generator 303 with a random number or pseudo-random number to produce the keystream. The secret key is also stored in the memory of other terminals, e.g. other MSs, which are to receive an encrypted signal produced by the encryption /decryption processor 301 of a transmitting MS to enable such receiving terminals to decrypt received encrypted signals in a processor similar to the encryption /decryption processor 301 of the transmitting MS. These receiving terminals are also able to calculate or are notified of the random or pseudo-random number used by the encryption/ decryption processor 301 of the transmitting MS and are thereby able to reconstruct the keystream used by the encryption/decryption processor 301 of the transmitting MS. The encryption/decryption processor 301 of the transmitting MS also provides synchronisation information for delivery in transmitted RF signals together with the encrypted traffic information, i.e. speech or data. The synchronisation information allows a terminal such as another MS receiving the encrypted signal to synchronise its decryption procedure to that of the encryption procedure applied in the encryption/decryption processor 301.

The frames of the encrypted signal comprising traffic information are sent in RF form by the RF transceiver 203 in traffic slots, e.g. containing two encrypted frames per slot, of a traffic channel of the communication system 100. The encryption/ decryption processor 301 operates a procedure in a reception mode whereby an encrypted traffic information signal received from the RF transceiver 303 is converted into a clear signal for delivery to the speech processor 305 or the data processor 307 as appropriate. The encrypted received signal is combined with a keystream which is produced by the keystream generator 303 to cancel the keystream encrypting the received traffic information to provide decryption. The keystream generator 303 is again seeded by a key obtained from the memory 206 which is combined with a random or pseudo random number which has been received from a transmitting terminal or has been obtained by calculation using information received from a transmitting terminal. The encryption/ decryption processor 301 also extracts synchronisation information from the received signal so that combination of the received signal and the keystream can be synchronised to the same combination used in the terminal, e.g. MS, that encrypted the transmitted signal.

FIG. 4 shows a sequence in accordance with an embodiment of the invention of received frames in the encryption/ decryption processor 301 obtained from a received encrypted signal delivered from the RF transceiver 203. The received frames begin with a full synchronisation frame FS 401 followed by mixed frames 402. Each of the mixed frames 402 comprises a partial traffic frame portion PT and a partial synchronisation frame portion PS. Thus, the first mixed frame 402 following the full

synchronisation frame FS 401 thus comprises a first partial traffic information frame portion PTl as well as a first partial synchronisation frame portion PSl. Similarly, the second mixed frame 402 following the first mixed frame 402 comprises a second partial traffic information frame portion PT2 as well as a second partial synchronisation frame portion PS2, and so on.

The full synchronisation frame FS 401 provides synchronisation information required by the encryption/ decryption processor 301 in order to begin decryption of the first partial traffic information frame portion PTl. The mixed frames 402 repeat the synchronisation information but the repeated synchronisation information is distributed over a plurality of mixed frames 402. Thus, if the encryption/ decryption processor 301 did not receive the synchronisation information sent in the initial full synchronisation frame FS 401 it requires receipt of a plurality of partial frame portions PS of synchronisation information to form a complete synchronisation vector before it can begin decryption of traffic information TI . For example, the encryption/ decryption processor 301 may require receipt of synchronisation information from five consecutive partial frame portions PS to have the full synchronisation information. Thus, each of the five mixed frames 402 following the full synchronisation frame FS 401 containing partial synchronisation frame portions PSl to PS5 are required for the full synchronisation information. When all of the mixed frames 402 containing partial synchronisation portions PSl to PS5 have been received, the next partial frame portion PT6 of traffic information can be decrypted. This is indicated by an arrow 403. Similarly, when all of the mixed frames 402 containing partial

synchronisation frame portions PS6 to PSlO have been received, the next partial frame portion PTIl of traffic information can be decrypted. This is indicated by an arrow 404. It should be noted that the order within the respective mixed frames 402 of partial frame portions PS6 and PT6 is shown reversed relative to the order of the partial frame portions PS5 and PT5, and the order of partial frame portions PSIl and PTIl is shown reversed relative to the order of the partial frame portions PSlO and PTlO. This is for illustration purposes only. The order of the partial frame portions PS and PT within each frame 402 may be the same for all mixed frames 402 or all mixed frames 402 in a group of mixed frames 402. Alternatively, or additionally, the order may vary in a regular or random pattern known to the encryption/ decryption processor 301. Similarly, the relative sizes of the partial frame portions PT and the partial frame portions PS in individual mixed frames 402 is known to the encryption/ decryption processor 301 and may be selected to suit system design criteria. Of course, if the size of the partial synchronisation frame portion PS is increased to increase the amount of synchronisation information carried in each frame 402, the size of the partial traffic information frame portion PT has to be decreased and vice versa.

Where the encryption/ decryption processor 301 is in a transmitting terminal operating to produce an encrypted signal for delivery in RF form by the RF transceiver 203, the encryption/ decryption processor 301 compiles a signal having the new sequence of frames which has been described with reference to FIG. 4. Thus the encryption/ decryption processor 301 produces the initial full synchronisation FS

frame 401 followed by a consecutive sequence of the mixed frames 402 each including a partial frame portion PT of traffic information as well as a partial frame portion PS of synchronisation information. The sequence of frames shown in FIG. 4 is a new sequence in accordance with an embodiment of the invention. It is known in the prior art to use in some encryption systems a first known sequence of frames which begins with a full synchronisation frame followed by full traffic information frames containing no further synchronisation information. It is also known in the prior art to use in some other encryption systems a second known sequence of frames each containing traffic information together with embedded partial synchronisation information but with no initial full synchronisation information. Each of the first and second known sequences has the advantages and disadvantages described in the Background section earlier. However, the new sequence which has been described with reference to FIG. 4 has the advantage of initially receiving a full set of synchronisation information needed to begin decryption without delay whilst providing also a possibility of late entry by a receiving terminal into the receiving and decryption procedure, even where the initial synchronisation frame has been missed. Such a possibility is not available in the prior art with the first known frame sequence.

FIG. 4 shows all of the frames which follow the full synchronisation FS frame 401 in the frame sequence 400 to be mixed frames 402. However, in a modified form of the frame sequence 400, frames which are complete traffic information frames may be included interspersed between mixed frames. This speeds the delivery of traffic

information. Of course, if the encryption /decryption processor 301 misses the initial full synchronisation FS frame 401, it is likely that collection of the required synchronisation information from partial frame portions having the synchronisation information will take longer than for the frame sequence 400 in which no full traffic information frames are included.