COMMUNICATION SYSTEM AND GATEWAY APPARATUS

US 20090109925A1
Filed: 10/23/2008
Published: 04/30/2009
Est. Priority Date: 10/26/2007
Status: Active Grant

First Claim

Patent Images

1. A communication system comprising:

a first access network including plural first base stations that inter-convert a first wireless signal from a wireless terminal into a wired signal and transfer the wired signal, and a first access router that accommodates the first base stations;

a second access network including plural second base stations that inter-convert a second wireless signal of a communication format different from that of the first wireless signal from the wireless terminal into a wired signal and transfer the wired signal, and a second access router that accommodates the second base stations, the second access network adopting a communication format different from that of the first access network;

a wireless terminal that can access both the first access network and the second access network, which are heterogeneous access networks; and

a gateway apparatus that accommodates both the first access router of the first access network and the second access router of the second access network, accommodates at least one of the first base stations and at least one of the second base stations, and inter-converts, when the wireless terminal moves between the first access network and the second access network, a handover procedure in the first access network and a handover procedure in the second access network and relays the handover procedures,whereinwhen the wireless terminal is connected to only the first access network and performs communication with a communication destination apparatus through the first base stations, the first access router, and the core network, the core network and the wireless terminal share an encryption key MSK according to user authentication and the wireless terminal stores first communication context information and an ID of the gateway apparatus,when the wireless terminal moves to the second access network side and determines handover to the second access network, the wireless terminal transmits a connection request for the handover including an ID of the wireless terminal,a data path between the first access router and the gate way apparatus is set by an encryption key AK_GW for protecting communication between the core network and the first access router, the encryption key AK_GW being generated by the first access router on the basis of the MSK received from the core network,data paths between the gateway apparatus and the second base stations are set by an encryption key MSK_eBS or K_eNB*+ for protecting communication between the gateway apparatus and the second base stations, the encryption key MSK_eBS or K_eNB*+ being generated by the gateway apparatus on the basis of the AK_GW transmitted from the first access router,the wireless terminal and the second base stations perform wireless data link setting on a protected communication path using an encryption key TSK_eBS or an encryption key for wireless protection for protecting communication between the wireless terminal and the second base stations, the encryption key TSK_eBS or the encryption key for wireless protection being generated by the second base stations on the basis of the MSK_eBS or the K_eNB*+ received from the gateway apparatus, and the TSK_eBS or the encryption key for wireless protection generated by the wireless terminal on the basis of the MSK or authentication information subjected to key exchange with the second base stations,the wireless terminal performs communication with the communication destination apparatus through the core network, the first access router, the gateway apparatus, and the second base stations, andthereafter, the wireless terminal performs user authentication with the second access network and executes the handover to the second access network.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A relay gateway apparatus HO-GW is provided between heterogeneous access networks (a WiMAX access network and a UMB access network). The HO-GW performs conversion of a movement control signal (an Inter-AGW handover control signal) and relay of communication data. When the relay is performed, user data from a CN reaches a wireless terminal MN through an HA of a core network, an access router ASN-GW, the HO-GW, and a base station eBS.

Citations

19 Claims

1. A communication system comprising:
- a first access network including plural first base stations that inter-convert a first wireless signal from a wireless terminal into a wired signal and transfer the wired signal, and a first access router that accommodates the first base stations;
  
  a second access network including plural second base stations that inter-convert a second wireless signal of a communication format different from that of the first wireless signal from the wireless terminal into a wired signal and transfer the wired signal, and a second access router that accommodates the second base stations, the second access network adopting a communication format different from that of the first access network;
  
  a wireless terminal that can access both the first access network and the second access network, which are heterogeneous access networks; and
  
  a gateway apparatus that accommodates both the first access router of the first access network and the second access router of the second access network, accommodates at least one of the first base stations and at least one of the second base stations, and inter-converts, when the wireless terminal moves between the first access network and the second access network, a handover procedure in the first access network and a handover procedure in the second access network and relays the handover procedures,whereinwhen the wireless terminal is connected to only the first access network and performs communication with a communication destination apparatus through the first base stations, the first access router, and the core network, the core network and the wireless terminal share an encryption key MSK according to user authentication and the wireless terminal stores first communication context information and an ID of the gateway apparatus,when the wireless terminal moves to the second access network side and determines handover to the second access network, the wireless terminal transmits a connection request for the handover including an ID of the wireless terminal,a data path between the first access router and the gate way apparatus is set by an encryption key AK_GW for protecting communication between the core network and the first access router, the encryption key AK_GW being generated by the first access router on the basis of the MSK received from the core network,data paths between the gateway apparatus and the second base stations are set by an encryption key MSK_eBS or K_eNB*+ for protecting communication between the gateway apparatus and the second base stations, the encryption key MSK_eBS or K_eNB*+ being generated by the gateway apparatus on the basis of the AK_GW transmitted from the first access router,the wireless terminal and the second base stations perform wireless data link setting on a protected communication path using an encryption key TSK_eBS or an encryption key for wireless protection for protecting communication between the wireless terminal and the second base stations, the encryption key TSK_eBS or the encryption key for wireless protection being generated by the second base stations on the basis of the MSK_eBS or the K_eNB*+ received from the gateway apparatus, and the TSK_eBS or the encryption key for wireless protection generated by the wireless terminal on the basis of the MSK or authentication information subjected to key exchange with the second base stations,the wireless terminal performs communication with the communication destination apparatus through the core network, the first access router, the gateway apparatus, and the second base stations, andthereafter, the wireless terminal performs user authentication with the second access network and executes the handover to the second access network.
- View Dependent Claims (2, 3, 9, 10, 13, 15, 16, 19)
- - 2. A communication system according to claim 1, whereinwhen the wireless terminal makes connection to the first access network, user authentication is performed and the core network and the wireless terminal share the encryption key MSK,when the wireless terminal is connected to only the first access network and performs communication with the communication destination apparatus through the first base stations, the first access router, and the core network, the wireless terminal stores first communication context information and the ID of the gateway apparatus,when the wireless terminal moves to the second access network side and determines handover to the second access network, the wireless terminal transmits a connection request for the handover including the ID of the wireless terminal and the ID of the gateway apparatus to any one of the second base stations,the first access router receives the MSK from the core network, generates, using a first algorithm set beforehand and on the basis of the MSK, the encryption key AK_GW for protecting communication between the core network and the first access router, and transmits the encryption key AK_GW to the gateway apparatus, and a data path between the first access router and the gateway apparatus is set,the gateway apparatus generates, using second and third algorithms set beforehand and on the basis of the AK_GW, an encryption key TSK_GW for protecting communication between the gateway apparatus and the wireless terminal and an encryption key MSK_eBS for protecting communication between the gateway apparatus and the second base stations, respectively,the gateway apparatus acquires first communication context information of the wireless terminal through the first base stations and the first access router, converts the first communication context information into second communication context information, and notifies the second base stations of the second communication context information including the TSK_GW and the MSK_eBS, and data paths between the gateway apparatus and the second base stations are set,the second base stations generate, using a fourth algorithm set beforehand and on the basis of the MSK_eBS included in the second communication context information, an encryption key TSK_eBS for protecting communication between the wireless terminal and the second base stations,the wireless terminal generates, using the first and second algorithms set beforehand same as those for the first access router and the gateway apparatus and on the basis of the MSK, the TSK_GW for protecting communication between the gateway apparatus and the wireless terminal,the wireless terminal generates the TSK_eBS using the first, third, and fourth algorithms set beforehand and on the basis of the MSK or the authentication information subjected to key exchange with the second base stations, and the wireless terminal and the second base stations perform wireless data link setting on the protected communication path,the wireless terminal performs communication with the communication destination apparatus through the core network, the first access router, the gateway apparatus, and the second base stations, andthereafter, the wireless terminal performs user authentication with the second access network and executes the handover to the second access network.
  - 3. A communication system according to claim 1, whereinthe second base stations notify the wireless terminal of an ID of the second access router,the wireless terminal requests the second access router, the ID of which is notified, to make connection,user authentication is performed for the second access network and an encryption key MSK_SRNC is shared between the wireless terminal and the wireless core network,the core network notifies the second access router of the MSK_SRNC,the second access router generates, on the basis of the MSK_SRNC, an encryption key TSK_SRNC for protecting communication between the wireless terminal and the second access router,the wireless terminal generates the TSK_SRNC on the basis of the MSK_SRNC and using an algorithm same as that used by the second access router,the wireless terminal and the second access router perform setting of a wireless data link layer on the protected communication path, andthe wireless terminal executes the handover to the second access network by performing communication with the communication destination apparatus through the second base stations, the second access router, and the core network.
  - 9. A communication system according to claim 1, whereinthe gateway apparatus includes:
    - a first context table for storing the first context information, the first context table including a wireless terminal ID, connection destination information, QoS information, an encryption key, data path information, and a pointer to second context information, anda second context table for storing the second context information, the second context table including a wireless terminal ID, connection destination information, QoS information, an encryption key, data path information, and a pointer to the first context information, and
10. A communication system according to claim 1, whereinthe first access network establishes an application session of a first codec between the wireless terminal and the communication destination apparatus,the second access network establishes an application session of a second codec, which is different from the first codec, between the wireless terminal and the communication destination apparatus, andthe gateway apparatus sets information on the first codec and the second codec in association with an access network type.
13. A communication system according to claim 1, whereinwhen the wireless terminal makes connection to the first access network, user authentication is performed and the core network and the wireless terminal share the encryption key MSK,when the wireless terminal is connected to only the first access network and performs communication with the communication destination apparatus through the first base stations, the first access router, and the core network, where the wireless terminal moves to the second access network side and determines handover to the second access network, the wireless terminal transmits a connection request for the handover including a moving destination information and the ID of the wireless terminal to the first base stations,the first access router receives the MSK from the core network, generates, using a first algorithm set beforehand and on the basis of the MSK, the encryption key AK_GW for protecting communication between the core network and the first access router, and transmits the encryption key AK_GW to the gateway apparatus, and a data path between the first access router and the gateway apparatus is set,the gateway apparatus generates, using a second algorithm set beforehand and on the basis of the AK_GW, an encryption key K_eNB* for protecting communication between the gateway apparatus and the second access router,the gateway apparatus acquires first communication context information of the wireless terminal through the first base stations and the first access router, converts the first communication context information into second communication context information, and notifies the second access router of the second communication context information including the K_eNB*, and data paths between the gateway apparatus and the second access router are set,the second access router generates, using a third algorithm set beforehand and on the basis of the K_eNB*, an encryption key K_eNB*+ for protecting communication between the gateway apparatus and the second access router, and sends the K_eNB*+ to the second base station,the second base station generates, using a fourth algorithm set beforehand on the basis of the K_eNB*+, an encryption key for wireless protection for protecting communication between the wireless terminal and the second base station,the wireless terminal generates the encryption key for wireless protection using the first to fourth algorithms set beforehand and on the basis of the MSK or the authentication information subjected to key exchange with the second base stations, and the wireless terminal and the second base stations perform wireless data link setting on the protected communication path,the wireless terminal performs communication with the communication destination apparatus through the core network, the first access router, the gateway apparatus, and the second base stations, andthereafter, the wireless terminal performs user authentication with the second access network and executes the handover to the second access network.
15. A communication system according to claim 1, whereinthe first access network is a WiMAX access network,the second access network is a UMB access network, andthe MSK, the AK_GW, the MSK_eBS, and the TSK_eBS are used as encryption keys.
16. A communication system according to claim 1, whereinthe first access network is a WiMAX access network,the second access network is a LTE access network, andthe MSK, the AK_GW, the K_eBS *+, and the encryption key for wireless protection are used as encryption keys.
19. A communication system according to claim 1, whereinthe first access network is a WLAN access network, andthe second access network is a LTE access network.

4. A communication system comprising:
- a first access network including plural first base stations that inter-convert a first wireless signal from a wireless terminal into a wired signal and transfer the wired signal, and a first access router that accommodates the first base stations;
  
  a second access network including plural second base stations that inter-convert a second wireless signal of a communication format different from that of the first wireless signal from the wireless terminal into a wired signal and transfer the wired signal, and a second access router that accommodates the second base stations, the second access network adopting a communication format different from that of the first access network;
  
  a wireless terminal that can access both the first access network and the second access network, which are heterogeneous access networks; and
  
  a gateway apparatus that accommodates both the first access router of the first access network and the second access router of the second access network, accommodates at least one of the first base stations and at least one of the second base stations, and inter-converts, when the wireless terminal moves between the first access network and the second access network, a handover procedure in the first access network and a handover procedure in the second access network and relays the handover procedures,whereinwhen the wireless terminal is connected to the second access network and performs data communication with a communication destination apparatus through the second base stations, the second access network, and the core network, the wireless terminal and the core network share an encryption key MSK_SRNC or K_ASME according to user authentication and, when the wireless terminal moves to the first access network side and determines handover to the first access network, the wireless terminal transmits a connection request for the handover including an ID of the wireless terminal,a data path between the second access router and the gateway apparatus is set by an encryption key MSK_GW or K_eNB* for protecting communication between the second access router and the gateway apparatus, the encryption key MSK_GW or K_eNB* being generated by the second access router on the basis of the MSK_SRNC or the K_ASME received from the core network,data paths between the gateway apparatus and the first base stations are set by an encryption key AK_BS for protecting communication between the gateway apparatus and the first base stations, the encryption key AK_BS being generated by the gateway apparatus on the basis of the MSK_GW or the K_eNB* received from the second access router,the wireless terminal and the first base stations perform wireless data link setting on a protected communication path using an encryption key TEK_BS for protecting communication between the wireless terminal and the first base stations, the encryption key TEK_BS being generated by the first base stations on the basis of the AK_BS received from the gateway apparatus, and the TEK_BS generated by the wireless terminal on the basis of the MSK_SRNC or the K_ASME or authentication information subjected to key exchange with the first base stations,the wireless terminal performs communication with the communication destination apparatus through the first base stations, the gateway apparatus, the second access router, and the core network, andthereafter, the wireless terminal performs user authentication with the first access network and executes the handover to the first access network.
- View Dependent Claims (5, 6, 14, 17, 18)
- - 5. A communication system according to claim 4, whereinwhen the wireless terminal makes connection to the second access network, user authentication is performed and the wireless terminal and the core network share the encryption key MSK_SRNC,when the wireless terminal is connected to the second access network and performs data communication with the communication destination apparatus through the second base stations, the second access network, and the core network, the wireless terminal determines handover to the first access network and transmits a connection request for the handover including an ID of the gateway terminal and the ID of the wireless terminal to the first base station,the second access router generates, using a fifth algorithm set beforehand and on the basis of the MSK_SRNC, the encryption key MSK_GW for protecting communication between the second access router and the gateway apparatus and notifies the gateway apparatus of the encryption key MSK_GW, and a data path between the second access router and the gateway apparatus is set,the gateway apparatus generates, using a sixth algorithm shared with the wireless terminal beforehand and on the basis of the MSK_GW, the encryption key AK_BS for protecting communication between the gateway apparatus and the first base stations and notifies the first base stations of the encryption key AK_BS, and data paths between the gateway apparatus and the first base stations are set,the first base stations generate, using a seventh algorithm set beforehand and on the basis of the AK_BS, the encryption key TEK_BS for protecting communication between the wireless terminal and the first base stations,the wireless terminal generates the TEK_BS using the fifth, sixth, and seventh algorithms set beforehand same as those used by the second access router, the gateway apparatus, and the first base stations and on the basis of the MSK_SRNC or authentication information subjected to key exchange with the first base stations, and the wireless terminal and the first base stations perform wireless data link setting on the protected communication path,the wireless terminal performs communication with the communication destination apparatus through the first base stations, the gateway apparatus, the second access router, and the core network, andthereafter, the wireless terminal performs user authentication with the first access network and executes the handover to the first access network.
  - 6. A communication system according to claim 4, whereinthe wireless terminal performs user authentication in the first access network and, as a result of the user authentication, the MSK is shared between the wireless terminal and the core network,the core network notifies the first access router of the MSK, andthe wireless terminal executes the handover to the first access network by performing data communication with the communication destination apparatus through the first base stations, the first access router, and the core network.
  - 14. A communication system according to claim 4, whereinwhen the wireless terminal makes connection to the second access network, user authentication is performed and the wireless terminal and the core network share the encryption key K_ASME,when the wireless terminal is connected to the second access network and performs data communication with the communication destination apparatus through the second base stations, the second access network, and the core network, the wireless terminal determines handover to the first access network and transmits a connection request for the handover including a moving destination information and the ID of the wireless terminal to the second base station,the second access router generates, using a fifth algorithm set beforehand and on the basis of the K_ASME, the encryption key K_eNB* for protecting communication between the second access router and the gateway apparatus and notifies the gateway apparatus of the encryption key K_eNB*, and a data path between the second access router and the gateway apparatus is set,the gateway apparatus generates, using a sixth algorithm shared with the wireless terminal beforehand and on the basis of the K_eNB*, the encryption key AK_BS for protecting communication between the gateway apparatus and the first base stations and notifies the first base stations of the encryption key AK_BS, and data paths between the gateway apparatus and the first base stations are set,the first base stations generate, using a seventh algorithm set beforehand and on the basis of the AK_BS, the encryption key TEK_BS for protecting communication between the wireless terminal and the first base stations,the wireless terminal generates the TEK_BS using the fifth, sixth, and seventh algorithms set beforehand same as those used by the second access router, the gateway apparatus, and the first base stations and on the basis of the K_ASME or authentication information subjected to key exchange with the first base stations, and the wireless terminal and the first base stations perform wireless data link setting on the protected communication path,the wireless terminal performs communication with the communication destination apparatus through the first base stations, the gateway apparatus, the second access router, and the core network, andthereafter, the wireless terminal performs user authentication with the first access network and executes the handover to the first access network.
  - 17. A communication system according to claim 4, whereinthe first access network is a WiMAX access network,the second access network is a UMB access network, andthe MSK_SRNC, the MSK_GW, the AK_BS, and the TEK_BS are used as encryption keys.
  - 18. A communication system according to claim 4, whereinthe first access network is a WiMAX access network,the second access network is a LTE access network, andthe K_ASME, the K_eNB*, the AK_BS, and the TEK_BS are used as encryption keys.

7. A gateway apparatus comprising:
- the gateway apparatus that is connected to a first access network including plural first base stations that inter-convert a first wireless signal from a wireless terminal into a wired signal and transfer the wired signal, and a first access router that accommodates the first base stations;
  
  the gateway apparatus that is connected to a second access network including plural second base stations that inter-convert a second wireless signal of a communication format different from that of the first wireless signal from the wireless terminal into a wired signal and transfer the wired signal, and a second access router that accommodates the second base stations, the second access network adopting a communication format different from that of the first access network;
  
  the gateway apparatus that accommodates both the first access router of the first access network and the second access router of the second access network, accommodates at least one of the first base stations and at least one of the second base stations;
  
  the gateway apparatus that inter-converts, when a wireless terminal, the wireless terminal that can access both the first access network and the second access network, which are heterogeneous access networks, moves between the first access network and the second access network, a handover procedure in the first access network and a handover procedure in the second access network and relays the handover procedures,whereinwhen the wireless terminal moves from the first access network to the second access network side and determines handover to the second access network,the gateway apparatus receives an encryption key AK_GW for protecting communication between the core network and the first access router, the encryption key AK_GW being generated on the basis of an encryption key MSK shared by the core network and the wireless terminal according to user authentication, the MSK received from the core network, and sets a data path between the first access router and the gate way apparatus by the AK_GW,the gateway apparatus sends an encryption key MSK_eBS or K_eNB*+ for protecting communication between the gateway apparatus and the second base stations, the encryption key MSK_eBS or K_eNB*+ being generated by the gateway apparatus on the basis of the AK_GW transmitted from the first access router to the second base station, and sets data paths between the gateway apparatus and the second base stations by the MSK_eBS or the K_eNB*+,the wireless terminal and the second base stations perform wireless data link setting on a protected communication path using an encryption key TSK_eBS or an encryption key for wireless protection for protecting communication between the wireless terminal and the second base stations, the encryption key TSK_eBS or the encryption key for wireless protection being generated by the second base stations on the basis of the MSK_eBS or the K_eNB*+received from the gateway apparatus, and the TSK_eBS or the encryption key for wireless protection generated by the wireless terminal on the basis of the MSK or authentication information subjected to key exchange with the second base stations,the wireless terminal performs communication with the communication destination apparatus through the core network, the first access router, the gateway apparatus, and the second base stations, andthereafter, the wireless terminal performs user authentication with the second access network and executes the handover to the second access network.

8. A gateway apparatus comprising:
- the gateway apparatus that is connected to a first access network including plural first base stations that inter-convert a first wireless signal from a wireless terminal into a wired signal and transfer the wired signal, and a first access router that accommodates the first base stations;
  
  the gateway apparatus that is connected to a second access network including plural second base stations that inter-convert a second wireless signal of a communication format different from that of the first wireless signal from the wireless terminal into a wired signal and transfer the wired signal, and a second access router that accommodates the second base stations, the second access network adopting a communication format different from that of the first access network;
  
  the gateway apparatus that accommodates both the first access router of the first access network and the second access router of the second access network, accommodates at least one of the first base stations and at least one of the second base stations;
  
  the gateway apparatus that inter-converts, when a wireless terminal, the wireless terminal that can access both the first access network and the second access network, which are heterogeneous access networks, moves between the first access network and the second access network, a handover procedure in the first access network and a handover procedure in the second access network and relays the handover procedures,whereinwhen the wireless terminal moves to the first access network side and determines handover to the first access network,the gateway apparatus receives an encryption key MSK_GW or K_eNB* for protecting communication between the second access router and the gateway apparatus, the encryption key MSK_GW or K_eNB* being generated on the basis of an encryption key MSK_SRNC or K_ASME shared by the core network, the wireless terminal and the core network according to user authentication, the MSK_SRNC or the K_ASME received from the core network, and sets a data path between the second access router and the gateway apparatus is set by the MSK_GW or the K_eNB*,the gateway apparatus sends an encryption key AK_BS for protecting communication between the gateway apparatus and the first base stations, the encryption key AK_BS being generated by the gateway apparatus on the basis of the MSK_GW or the K_eNB* received from the second access router, to the first base station, and sets data paths between the gateway apparatus and the first base stations by the AK_BS,the wireless terminal and the first base stations perform wireless data link setting on a protected communication path using an encryption key TEK_BS for protecting communication between the wireless terminal and the first base stations, the encryption key TEK_BS being generated by the first base stations on the basis of the AK_BS received from the gateway apparatus, and the TEK_BS generated by the wireless terminal on the basis of the MSK_SRNC or the K_ASME or authentication information subjected to key exchange with the first base stations,the wireless terminal performs communication with the communication destination apparatus through the first base stations, the gateway apparatus, the second access router, and the core network, andthereafter, the wireless terminal performs user authentication with the first access network and executes the handover to the first access network.

11. (canceled)

12. (canceled)

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hitachi, Ltd.
Original Assignee
Hitachi, Ltd.
Inventors
Watanabe, Koji, Yano, Masashi, Takahashi, Yosuke, Nakamura, Hitomi, Nakahara, Naruhito

Granted Patent

US 8,134,972 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/331
CPC Class Codes

H04L 2463/061   applying further key deriva...

H04L 63/0428   wherein the data content is...

H04L 63/062   for key distribution, e.g. ...

H04L 63/08   for authentication of entit...

H04W 12/041   Key generation or derivation

H04W 12/0431   Key distribution or pre-dis...

H04W 12/0433   Key management protocols

H04W 36/0033   with transfer of context in...

H04W 88/182   Network node acting on beha...

COMMUNICATION SYSTEM AND GATEWAY APPARATUS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

COMMUNICATION SYSTEM AND GATEWAY APPARATUS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links