COMMUNICATION SYSTEM AND GATEWAY APPARATUS
First Claim
Patent Images
1. A communication system comprising:
- a first access network including plural first base stations that inter-convert a first wireless signal from a wireless terminal into a wired signal and transfer the wired signal, and a first access router that accommodates the first base stations;
a second access network including plural second base stations that inter-convert a second wireless signal of a communication format different from that of the first wireless signal from the wireless terminal into a wired signal and transfer the wired signal, and a second access router that accommodates the second base stations, the second access network adopting a communication format different from that of the first access network;
a wireless terminal that can access both the first access network and the second access network, which are heterogeneous access networks; and
a gateway apparatus that accommodates both the first access router of the first access network and the second access router of the second access network, accommodates at least one of the first base stations and at least one of the second base stations, and inter-converts, when the wireless terminal moves between the first access network and the second access network, a handover procedure in the first access network and a handover procedure in the second access network and relays the handover procedures,whereinwhen the wireless terminal is connected to only the first access network and performs communication with a communication destination apparatus through the first base stations, the first access router, and the core network, the core network and the wireless terminal share an encryption key MSK according to user authentication and the wireless terminal stores first communication context information and an ID of the gateway apparatus,when the wireless terminal moves to the second access network side and determines handover to the second access network, the wireless terminal transmits a connection request for the handover including an ID of the wireless terminal,a data path between the first access router and the gate way apparatus is set by an encryption key AK_GW for protecting communication between the core network and the first access router, the encryption key AK_GW being generated by the first access router on the basis of the MSK received from the core network,data paths between the gateway apparatus and the second base stations are set by an encryption key MSK_eBS or K_eNB*+ for protecting communication between the gateway apparatus and the second base stations, the encryption key MSK_eBS or K_eNB*+ being generated by the gateway apparatus on the basis of the AK_GW transmitted from the first access router,the wireless terminal and the second base stations perform wireless data link setting on a protected communication path using an encryption key TSK_eBS or an encryption key for wireless protection for protecting communication between the wireless terminal and the second base stations, the encryption key TSK_eBS or the encryption key for wireless protection being generated by the second base stations on the basis of the MSK_eBS or the K_eNB*+ received from the gateway apparatus, and the TSK_eBS or the encryption key for wireless protection generated by the wireless terminal on the basis of the MSK or authentication information subjected to key exchange with the second base stations,the wireless terminal performs communication with the communication destination apparatus through the core network, the first access router, the gateway apparatus, and the second base stations, andthereafter, the wireless terminal performs user authentication with the second access network and executes the handover to the second access network.
2 Assignments
0 Petitions
Accused Products
Abstract
A relay gateway apparatus HO-GW is provided between heterogeneous access networks (a WiMAX access network and a UMB access network). The HO-GW performs conversion of a movement control signal (an Inter-AGW handover control signal) and relay of communication data. When the relay is performed, user data from a CN reaches a wireless terminal MN through an HA of a core network, an access router ASN-GW, the HO-GW, and a base station eBS.
-
Citations
19 Claims
-
1. A communication system comprising:
-
a first access network including plural first base stations that inter-convert a first wireless signal from a wireless terminal into a wired signal and transfer the wired signal, and a first access router that accommodates the first base stations; a second access network including plural second base stations that inter-convert a second wireless signal of a communication format different from that of the first wireless signal from the wireless terminal into a wired signal and transfer the wired signal, and a second access router that accommodates the second base stations, the second access network adopting a communication format different from that of the first access network; a wireless terminal that can access both the first access network and the second access network, which are heterogeneous access networks; and a gateway apparatus that accommodates both the first access router of the first access network and the second access router of the second access network, accommodates at least one of the first base stations and at least one of the second base stations, and inter-converts, when the wireless terminal moves between the first access network and the second access network, a handover procedure in the first access network and a handover procedure in the second access network and relays the handover procedures, wherein when the wireless terminal is connected to only the first access network and performs communication with a communication destination apparatus through the first base stations, the first access router, and the core network, the core network and the wireless terminal share an encryption key MSK according to user authentication and the wireless terminal stores first communication context information and an ID of the gateway apparatus, when the wireless terminal moves to the second access network side and determines handover to the second access network, the wireless terminal transmits a connection request for the handover including an ID of the wireless terminal, a data path between the first access router and the gate way apparatus is set by an encryption key AK_GW for protecting communication between the core network and the first access router, the encryption key AK_GW being generated by the first access router on the basis of the MSK received from the core network, data paths between the gateway apparatus and the second base stations are set by an encryption key MSK_eBS or K_eNB*+ for protecting communication between the gateway apparatus and the second base stations, the encryption key MSK_eBS or K_eNB*+ being generated by the gateway apparatus on the basis of the AK_GW transmitted from the first access router, the wireless terminal and the second base stations perform wireless data link setting on a protected communication path using an encryption key TSK_eBS or an encryption key for wireless protection for protecting communication between the wireless terminal and the second base stations, the encryption key TSK_eBS or the encryption key for wireless protection being generated by the second base stations on the basis of the MSK_eBS or the K_eNB*+ received from the gateway apparatus, and the TSK_eBS or the encryption key for wireless protection generated by the wireless terminal on the basis of the MSK or authentication information subjected to key exchange with the second base stations, the wireless terminal performs communication with the communication destination apparatus through the core network, the first access router, the gateway apparatus, and the second base stations, and thereafter, the wireless terminal performs user authentication with the second access network and executes the handover to the second access network. - View Dependent Claims (2, 3, 9, 10, 13, 15, 16, 19)
the gateway apparatus reads out the first and second context tables and performs conversion of the first context information and the second context information.
-
-
10. A communication system according to claim 1, wherein
the first access network establishes an application session of a first codec between the wireless terminal and the communication destination apparatus, the second access network establishes an application session of a second codec, which is different from the first codec, between the wireless terminal and the communication destination apparatus, and the gateway apparatus sets information on the first codec and the second codec in association with an access network type. -
13. A communication system according to claim 1, wherein
when the wireless terminal makes connection to the first access network, user authentication is performed and the core network and the wireless terminal share the encryption key MSK, when the wireless terminal is connected to only the first access network and performs communication with the communication destination apparatus through the first base stations, the first access router, and the core network, where the wireless terminal moves to the second access network side and determines handover to the second access network, the wireless terminal transmits a connection request for the handover including a moving destination information and the ID of the wireless terminal to the first base stations, the first access router receives the MSK from the core network, generates, using a first algorithm set beforehand and on the basis of the MSK, the encryption key AK_GW for protecting communication between the core network and the first access router, and transmits the encryption key AK_GW to the gateway apparatus, and a data path between the first access router and the gateway apparatus is set, the gateway apparatus generates, using a second algorithm set beforehand and on the basis of the AK_GW, an encryption key K_eNB* for protecting communication between the gateway apparatus and the second access router, the gateway apparatus acquires first communication context information of the wireless terminal through the first base stations and the first access router, converts the first communication context information into second communication context information, and notifies the second access router of the second communication context information including the K_eNB*, and data paths between the gateway apparatus and the second access router are set, the second access router generates, using a third algorithm set beforehand and on the basis of the K_eNB*, an encryption key K_eNB*+ for protecting communication between the gateway apparatus and the second access router, and sends the K_eNB*+ to the second base station, the second base station generates, using a fourth algorithm set beforehand on the basis of the K_eNB*+, an encryption key for wireless protection for protecting communication between the wireless terminal and the second base station, the wireless terminal generates the encryption key for wireless protection using the first to fourth algorithms set beforehand and on the basis of the MSK or the authentication information subjected to key exchange with the second base stations, and the wireless terminal and the second base stations perform wireless data link setting on the protected communication path, the wireless terminal performs communication with the communication destination apparatus through the core network, the first access router, the gateway apparatus, and the second base stations, and thereafter, the wireless terminal performs user authentication with the second access network and executes the handover to the second access network. -
15. A communication system according to claim 1, wherein
the first access network is a WiMAX access network, the second access network is a UMB access network, and the MSK, the AK_GW, the MSK_eBS, and the TSK_eBS are used as encryption keys. -
16. A communication system according to claim 1, wherein
the first access network is a WiMAX access network, the second access network is a LTE access network, and the MSK, the AK_GW, the K_eBS *+, and the encryption key for wireless protection are used as encryption keys. -
19. A communication system according to claim 1, wherein
the first access network is a WLAN access network, and the second access network is a LTE access network.
-
4. A communication system comprising:
-
a first access network including plural first base stations that inter-convert a first wireless signal from a wireless terminal into a wired signal and transfer the wired signal, and a first access router that accommodates the first base stations; a second access network including plural second base stations that inter-convert a second wireless signal of a communication format different from that of the first wireless signal from the wireless terminal into a wired signal and transfer the wired signal, and a second access router that accommodates the second base stations, the second access network adopting a communication format different from that of the first access network; a wireless terminal that can access both the first access network and the second access network, which are heterogeneous access networks; and a gateway apparatus that accommodates both the first access router of the first access network and the second access router of the second access network, accommodates at least one of the first base stations and at least one of the second base stations, and inter-converts, when the wireless terminal moves between the first access network and the second access network, a handover procedure in the first access network and a handover procedure in the second access network and relays the handover procedures, wherein when the wireless terminal is connected to the second access network and performs data communication with a communication destination apparatus through the second base stations, the second access network, and the core network, the wireless terminal and the core network share an encryption key MSK_SRNC or K_ASME according to user authentication and, when the wireless terminal moves to the first access network side and determines handover to the first access network, the wireless terminal transmits a connection request for the handover including an ID of the wireless terminal, a data path between the second access router and the gateway apparatus is set by an encryption key MSK_GW or K_eNB* for protecting communication between the second access router and the gateway apparatus, the encryption key MSK_GW or K_eNB* being generated by the second access router on the basis of the MSK_SRNC or the K_ASME received from the core network, data paths between the gateway apparatus and the first base stations are set by an encryption key AK_BS for protecting communication between the gateway apparatus and the first base stations, the encryption key AK_BS being generated by the gateway apparatus on the basis of the MSK_GW or the K_eNB* received from the second access router, the wireless terminal and the first base stations perform wireless data link setting on a protected communication path using an encryption key TEK_BS for protecting communication between the wireless terminal and the first base stations, the encryption key TEK_BS being generated by the first base stations on the basis of the AK_BS received from the gateway apparatus, and the TEK_BS generated by the wireless terminal on the basis of the MSK_SRNC or the K_ASME or authentication information subjected to key exchange with the first base stations, the wireless terminal performs communication with the communication destination apparatus through the first base stations, the gateway apparatus, the second access router, and the core network, and thereafter, the wireless terminal performs user authentication with the first access network and executes the handover to the first access network. - View Dependent Claims (5, 6, 14, 17, 18)
-
-
7. A gateway apparatus comprising:
-
the gateway apparatus that is connected to a first access network including plural first base stations that inter-convert a first wireless signal from a wireless terminal into a wired signal and transfer the wired signal, and a first access router that accommodates the first base stations; the gateway apparatus that is connected to a second access network including plural second base stations that inter-convert a second wireless signal of a communication format different from that of the first wireless signal from the wireless terminal into a wired signal and transfer the wired signal, and a second access router that accommodates the second base stations, the second access network adopting a communication format different from that of the first access network; the gateway apparatus that accommodates both the first access router of the first access network and the second access router of the second access network, accommodates at least one of the first base stations and at least one of the second base stations; the gateway apparatus that inter-converts, when a wireless terminal, the wireless terminal that can access both the first access network and the second access network, which are heterogeneous access networks, moves between the first access network and the second access network, a handover procedure in the first access network and a handover procedure in the second access network and relays the handover procedures, wherein when the wireless terminal moves from the first access network to the second access network side and determines handover to the second access network, the gateway apparatus receives an encryption key AK_GW for protecting communication between the core network and the first access router, the encryption key AK_GW being generated on the basis of an encryption key MSK shared by the core network and the wireless terminal according to user authentication, the MSK received from the core network, and sets a data path between the first access router and the gate way apparatus by the AK_GW, the gateway apparatus sends an encryption key MSK_eBS or K_eNB*+ for protecting communication between the gateway apparatus and the second base stations, the encryption key MSK_eBS or K_eNB*+ being generated by the gateway apparatus on the basis of the AK_GW transmitted from the first access router to the second base station, and sets data paths between the gateway apparatus and the second base stations by the MSK_eBS or the K_eNB*+, the wireless terminal and the second base stations perform wireless data link setting on a protected communication path using an encryption key TSK_eBS or an encryption key for wireless protection for protecting communication between the wireless terminal and the second base stations, the encryption key TSK_eBS or the encryption key for wireless protection being generated by the second base stations on the basis of the MSK_eBS or the K_eNB*+received from the gateway apparatus, and the TSK_eBS or the encryption key for wireless protection generated by the wireless terminal on the basis of the MSK or authentication information subjected to key exchange with the second base stations, the wireless terminal performs communication with the communication destination apparatus through the core network, the first access router, the gateway apparatus, and the second base stations, and thereafter, the wireless terminal performs user authentication with the second access network and executes the handover to the second access network.
-
-
8. A gateway apparatus comprising:
-
the gateway apparatus that is connected to a first access network including plural first base stations that inter-convert a first wireless signal from a wireless terminal into a wired signal and transfer the wired signal, and a first access router that accommodates the first base stations; the gateway apparatus that is connected to a second access network including plural second base stations that inter-convert a second wireless signal of a communication format different from that of the first wireless signal from the wireless terminal into a wired signal and transfer the wired signal, and a second access router that accommodates the second base stations, the second access network adopting a communication format different from that of the first access network; the gateway apparatus that accommodates both the first access router of the first access network and the second access router of the second access network, accommodates at least one of the first base stations and at least one of the second base stations; the gateway apparatus that inter-converts, when a wireless terminal, the wireless terminal that can access both the first access network and the second access network, which are heterogeneous access networks, moves between the first access network and the second access network, a handover procedure in the first access network and a handover procedure in the second access network and relays the handover procedures, wherein when the wireless terminal moves to the first access network side and determines handover to the first access network, the gateway apparatus receives an encryption key MSK_GW or K_eNB* for protecting communication between the second access router and the gateway apparatus, the encryption key MSK_GW or K_eNB* being generated on the basis of an encryption key MSK_SRNC or K_ASME shared by the core network, the wireless terminal and the core network according to user authentication, the MSK_SRNC or the K_ASME received from the core network, and sets a data path between the second access router and the gateway apparatus is set by the MSK_GW or the K_eNB*, the gateway apparatus sends an encryption key AK_BS for protecting communication between the gateway apparatus and the first base stations, the encryption key AK_BS being generated by the gateway apparatus on the basis of the MSK_GW or the K_eNB* received from the second access router, to the first base station, and sets data paths between the gateway apparatus and the first base stations by the AK_BS, the wireless terminal and the first base stations perform wireless data link setting on a protected communication path using an encryption key TEK_BS for protecting communication between the wireless terminal and the first base stations, the encryption key TEK_BS being generated by the first base stations on the basis of the AK_BS received from the gateway apparatus, and the TEK_BS generated by the wireless terminal on the basis of the MSK_SRNC or the K_ASME or authentication information subjected to key exchange with the first base stations, the wireless terminal performs communication with the communication destination apparatus through the first base stations, the gateway apparatus, the second access router, and the core network, and thereafter, the wireless terminal performs user authentication with the first access network and executes the handover to the first access network.
-
-
11. (canceled)
-
12. (canceled)
Specification