Abstract: A plurality of infrastructure system devices other than a mobile station is divided into a plurality of pools. An intrakey is utilized to encrypt messages passed between infrastructure system devices in the same pool, and an interkey is utilized to encrypt messages passed between infrastructure system devices of different pools.

Abstract: A plurality of encryption keys is generated, and each encryption key is associated with one geographical area of a plurality of geographical areas. Each encryption key is forwarded to one or more base stations in the geographical area associated with the encryption key. At least one of the plurality of geographical areas that is adjacent to a first geographical area is determined, yielding one or more adjacent geographical areas, and an encryption key for at least one of the one or more adjacent geographical areas is forwarded to at least one base station covering the first geographical area.

Abstract: A first infrastructure system device other than a mobile station generates key material and forwards the key material to a second infrastructure system device other than a mobile station. A determination is made as to whether a mobile station for which the key material is directed is active on the system, and if so the key material is forwarded to a base station where the mobile station is active. The base station forwards the key material to the mobile station.

Abstract: A first infrastructure system device other than a mobile station generates an encryption key and encrypts the encryption key with a first intrakey associated with a first zone that includes a second infrastructure system device other than a mobile station, yielding a first encrypted encryption key. The first intrakey is used only by infrastructure system devices other than a mobile station for encrypting at least the encryption key prior to transport within the first zone. The first infrastructure system device forwards the first encrypted encryption key to the second infrastructure system device.

Abstract: A home location register stores key material related to mobile stations associated with the home location register. A first visited location register associated with a first site in a first zone stores key material related to a first mobile station of the mobile stations associated with the home location register. When the first mobile station roams to a second site in a second zone associated with a second visited location register, the key material related to the first mobile station is encrypted with an interkey, yielding encrypted key material, wherein the interkey is used only by infrastructure system devices other than a mobile station for encrypting at least the key material for transport between at least the first and second zones. The encrypted key material is forwarded to the second visited location register.

Abstract: A method includes receiving an authentication request from a mobile station (401) and determining whether to forward the request to an authentication agent. When it is determined to forward the request, the request is forwarded to the authentication agent (107). A random number and a random seed are received from the authentication agent (107). The random number and the random seed are forwarded to the mobile station (401). A response to the random number and the random seed from the mobile station (401) is received and forwarded to the authentication agent (107). The authentication agent (107) compares the response with an expected response. When the authentication agent (107) authenticates the mobile station (401), a derived cipher key is received from the authentication agent (107).

Abstract: A method includes receiving an authentication request from a mobile station (401) and determining whether to forward the request to an authentication agent. When it is determined to forward the request, the request is forwarded to the authentication agent (107). A random number and a random seed are received from the authentication agent (107). The random number and the random seed are forwarded to the mobile station (401). A response to the random number and the random seed from the mobile station (401) is received and forwarded to the authentication agent (107). The authentication agent (107) compares the response with an expected response. When the authentication agent (107) authenticates the mobile station (401), a derived cipher key is received from the authentication agent (107).

Abstract: A communication system comprises a first plurality of remote stations (107, 109, 111) belonging to a first call group (119) having an associated first encryption key and a first encryption mode. A second plurality of remote stations (113, 115) belongs to a second call group (121) having an associated second encryption key and a second encryption mode. A group controller (117) forms a third call group (123) which comprises the first and the second call groups (119, 123) and which has an associated third encryption key. When communicating on the third, combined call group, the first plurality of remote stations (107, 109, 111) use the third encryption key and the first encryption mode whereas the second plurality of remote stations (113, 115) use the third encryption key and the second encryption mode.