Abstract: Provided is an initial access method for a broadband wireless access system. The initial access method is used between a portable subscriber station (PSS) and a radio access station (RAS) in the broadband wireless access system and includes an authentication operation and a default transport connection setting operation. In the initial access method, default information, which is required to register the PSS and to set default transport connection, is stored in an authentication authorization accounting (AAA) server, the default information is then transmitted to the RAS connected to the PSS in the authentication operation by the AAA server, and when the PSS is registered and the default transport connection is set, a message composed of parameters, which are required to register the PSS containing the default information and to set the default transport connection, is then transmitted to the PSS by the RAS. Accordingly, a simplified initial access procedure is achieved.

Abstract: The present invention relates to a radio resource reallocation method based on the circuit mode. In order to efficiently use the radio resource in the packet-based data transmission system, a circuit mode radio resource is reallocated based on a rearrangement information element and a rearrangement counter information element by using the circuit mode. Accordingly, an unused region of the discontinuous radio resource that can be generated by resource de-allocation and resource change can be eliminated, and a resource allocation mismatch that can be generated by a MAP receiving error can be solved.

Abstract: When an event associated with a mobile station occurs, a relay station requests a base station to allocate a dedicated control channel required for transmitting control information on the mobile station to the base station. Next, when the control information on the mobile station is generated, the relay station transmits the control information to the base station through the dedicated control channel. Accordingly, since the base station allocates the dedicated control channel to the relay station in advance before the control information is generated in the relay station, the relay station can transmit the control information to the base station with a minimum of time delay.

Abstract: The present invention relates to a method of generating an authorization key for a wireless communication system. In the wireless communication system, when an authorization key is generated after authentication between a subscriber station and base station is successfully performed, the authorization key is generated using a value indicating the number of generation times of the authorization key. Subsequently, the subscriber station and the base station confirm through a predetermined procedure whether or not they share the same authorization key and the same number of generation times of the authorization key. According to such a method of generating an authorization key, an authentication function for messages to be transmitted and received between the subscriber station and the base station can be efficiently supported. Further, replay attacks by malignant users can be powerfully protected against.

Abstract: An authentication method and authorization key generation method in a wireless portable Internet system is provided. In a wireless portable Internet system, the base station and the subscriber station share an authorization key when an authentication process is performed according to a predetermined authentication method negotiated therebetween. Particularly, the subscriber station and the base station perform an additional authentication process including an authorization key-related parameter and a security-related parameter and exchanges a security algorithm and SA (Security Association) information. In addition, an authorization key is derived from one or more basic key obtained through various authentication processes as an input key of an authorization key generation algorithm. Therefore, reliability of a security related parameter received from the receiving node can be enhanced and an authorization key having a hierarchical and secure structure can be provided.

Abstract: The present invention relates to a method for allocating an authorization key identifier in a wireless portable Internet system. In a privacy key management version 2 (PKMv2) of the wireless portable Internet system, a base station generates PAK identifier, PMK identifier, and authorization key identifier for distinguishing a primary authorization key (PAK) shared by the base station and the subscriber station in an RSA-based authorization, a pairwise master key (PMK) shared by the base station and the subscriber station in an EAP-based authorization, and authorization keys generated by the PAK and the PMK. The base station transmits PAK identifier, PMK identifier, and authorization key identifier to the subscriber station and shares them with the subscriber station. Therefore, the base station and the subscriber station may easily distinguish more than 2 authorization-related keys.

Abstract: The present invention relates to encryption and decryption apparatuses in a wireless portable Internet system, and a method thereof. In the wireless portable Internet system, a subscriber station and a base station share an encryption during key distribution, and a message is encrypted with the encryption key and transmitted. In this case, a first initial vector is generated for encryption based on information shared by the subscriber station and the base station in a wireless channel, and the message is encrypted with the first initial vector and the encryption key and is then transmitted. In addition, a second initial vector for decryption is generated based on information shared by the subscriber station and the base station in the wireless channel, and the encrypted message is decrypted with the second initial vector and the encryption key. Herein, the first initial vector corresponds to the second initial vector.

Abstract: Disclosed is a traffic encryption key (TEK) management method for automatically generating a TEK for a multicast or broadcast service by a base station to periodically update a TEK used by a subscriber station. The base station transmits the first Key Update Command message for updating a group key encryption key (GKEK) for encrypting the TEK and the second Key Update Command message for updating the TEK to the subscriber station to update the TEK. The base station establishes an M & B TEK Grace Time which is different from a TEK Grace Time established by the subscriber station, transmits the first message including a new GKEK to the subscriber station through a primary management connection before the M & B TEK Grace Time, and transmits the second message including a new TEK encrypted with the new GKEK thereto through a broadcast connection after the M & B TEK Grace Time.

Abstract: Disclosed is a handover method in a wireless portable Internet system. When a mobile subscriber station is in a drop state, a ranging request message including an identifier of a previous base station and a string generated by encoding the ranging request message using an authentication key of the previous base station is sent to a target base station. The target base station requests the previous base station to execute handover of the mobile subscriber station using the identifier of the previous base station included in the ranging request message. The previous base station carries out message authentication using the encoded string received from the target base station, and when the authentication is successful, transmits information about the mobile subscriber station that is required for handover to the target base station. Accordingly, a ceaseless service session can be provided even in the drop state.

Abstract: Disclosed is a method for constituting a layered cell, which is for constituting a cell in an OFDMA (Orthogonal Frequency Division Multiple Access) mobile communication system. The method includes: (a) dividing L carriers having orthogonality into M sub-channels; (b) dividing the carriers into N groups each having the M sub-channels; (c) grouping the N groups by an arbitrary integer into K classes; and (d) constituting a plurality of layered cells corresponding to the K classes. According to the present invention, the conception of the independent classes is introduced for a plurality of carriers to facilitate the use of the carriers to a system requiring an independent wireless area, allowing design of sectors and cells at a single frequency.

Abstract: The present invention relates to a method for searching and releasing an abnormal subscriber station in a wireless portable Internet system, and an apparatus using the same. The apparatus searches for an abnormal group including abnormal subscriber stations based on a ranging code provided in a periodic ranging process, and searches for an abnormal subscriber station by transmitting a connection maintenance message to subscriber stations included in the abnormal group so as to check an operation status of the respective subscriber stations. In addition, the apparatus releases a connection of an abnormal subscriber station. Therefore, waste of radio resources allocated to the abnormal subscriber station can be prevented, thereby achieving efficient resource management. Further, a secondary search process is performed only for subscriber stations included in an abnormal group, thereby preventing a system load from occurring when searching for an abnormal subscriber station.

Abstract: Disclosed is a handover method in a next-generation mobile communication system. When a terminal is in the idle state, an IP is reallocated according to a process of mobile IPs to perform a location registration process, and when the terminal is in the active state, it operates according to a procedure of a mobile communication network. Therefore, the terminal operates in two modes to support mobility on the IP-based networks, and it performs a handover procedure by configuring a layer below the MAC to a new AS without allocating the IP at the handover state when it is in the active state to thus minimize handover delay time.

Abstract: Disclosed is a handover method in a next-generation mobile communication system. When a terminal is in the idle state, an IP is reallocated according to a process of mobile IPs to perform a location registration process, and when the terminal is in the active state, it operates according to a procedure of a mobile communication network. Therefore, the terminal operates in two modes to support mobility on the IP-based networks, and it performs a handover procedure by configuring a layer below the MAC to a new AS without allocating the IP at the handover state when it is in the active state to thus minimize handover delay time.