Abstract: Disclosed is a traffic encryption key (TEK) management method for automatically generating a TEK for a multicast or broadcast service by a base station to periodically update a TEK used by a subscriber station. The base station transmits the first Key Update Command message for updating a group key encryption key (GKEK) for encrypting the TEK and the second Key Update Command message for updating the TEK to the subscriber station to update the TEK. The base station establishes an M & B TEK Grace Time which is different from a TEK Grace Time established by the subscriber station, transmits the first message including a new GKEK to the subscriber station through a primary management connection before the M & B TEK Grace Time, and transmits the second message including a new TEK encrypted with the new GKEK thereto through a broadcast connection after the M & B TEK Grace Time.

Abstract: Disclosed are a method for requesting, generating and distributing a service-specific traffic encryption key in a wireless portable Internet system, an apparatus for the same, and a protocol configuration method for the same. In the present invention, a subscriber station sends a Key Request message for requesting a service-specific traffic encryption key to the base station using a PKM-REQ MAC message, and a base station analyzes the Key Request message to generate the requested service-specific traffic encryption key. Subsequently, the base station sends a Key Reply message, including the generated service-specific traffic encryption key, to the subscriber station using a PKM-RSP MAC message. If the base station fails to generate the key, the base station sends a Key Reject message, including a reason for the failure, to the subscriber station.

Abstract: Disclosed are a subscriber station authentication method, a protocol configuration method, and a device thereof in a wireless portable Internet system. In the subscriber station authentication method, an authentication mode between a subscriber station (10) and a base station (20) is negotiated, and the authentication mode is negotiated by the base station (20) according to the authentication mode negotiation. The authentication modes include an authentication mode based on the IEEE 802.16 privacy standard protocol and an authentication mode based on the standardized authentication protocol of the upper layer. Authentication is performed by the base station (10) in the case of the authentication mode based on the IEEE 802.16 privacy standard protocol, and the authentication is performed through message transmission using a diameter protocol between a base station (10) and an authentication server (40) in the case of the authentication mode based on the standardized authentication protocol of the upper layer.