S&F Ref: 971583D1 AUSTRALIA PATENTS ACT 1990 COMPLETE SPECIFICATION FOR A STANDARD PATENT Name and Address NTT DoCoMo, Inc., of 11-1, Nagatacho 2-chome, of Applicant: Chiyoda-ku, Tokyo, 1006150, Japan Actual Inventor(s): Alf Zugenmaier Wuri Andarmawanti Hapsari Mikio Iwamura Address for Service: Spruson & Ferguson St Martins Tower Level 35 31 Market Street Sydney NSW 2000 (CCN 3710000177) Invention Title: Mobile communication method and mobile station The following statement is a full description of this invention, including the best method of performing it known to me/us: 5845c(5634706_1) -1 MOBILE COMMUNICATION METHOD AND MOBILE STATION The present application is related to Japanese Patent Application No. 2008-162617 2008 and Australian Patent s Application No. 2009261130, entitled "Mobile Communication Method and Mobile Station", the entire contents of each of which are hereby incorporated by reference as if fully set forth herewith. 10 Technical Field [0001] The present invention relates to a mobile communication method for communicating between a mobile station and a radio base station using a certain key. 15 Background Art [0002] A conventional mobile communication system of the LTE (Long Term Evolution) scheme specified by the 3GPP is configured to communicate between a mobile station UE and a radio base station eNB, by using a certain key. 20 [0003] The certain key includes, for example, a key KRRC-Ciph used for "Ciphering" in an RRC protocol, which is a C-plane protocol between the mobile station UE and the radio base station eNB (Access Stratum, AS), a key KRc_Ip used for "Integrity Protection" in the RRC protocol, and a key Kupciph 25 used for "Ciphering" in a U-plane protocol between the mobile station UE and the radio base station eNB (Access Stratum, AS) and the like. These certain keys are generated using a first key KeNB [0004] Using the same key as any of the certain keys 30 and the first key KeNB for a long time is not preferable, because it makes the system' s security vulnerable. For this reason, a procedure for updating such a certain key or a first key KeNB during handover is devised by the 3GPP. [0005] 5 Here, operations of a handover target radio base station (Target eNB) acquiring a first key KeNB** used for generating a certain key in the handover procedure of the mobile station UE are described referring to Fig. 12. [0006] 10 As shown in Fig. 12, first, a handover source radio base station (Source eNB) generates an intermediate key KeNB* based on a stored first key KeNB, a parameter "Next Hop", a parameter "Handover Type" representing the parameter type and a parameter "Target PCI" representing the identification information of a 15 handover target cell. [0007] Secondly, the handover source radio base station (Source eNB) transmits the generated intermediate key KeNB* to the handover target radio base station (Target eNB). 20 [0008] Thirdly, the handover target radio base station (Target eNB) generates, based on the the received intermediate key KeNB* and "C-RNTI (Cell Radio Network Temporay ID) " allocated by the handover target cell, a first key KeNB** used for generating a 25 certain key in the handover target radio station (Target eNB) [00091 2 However, as described above, in the handover procedure of the conventional mobile communication system, there is a problem that both handover source radio base station (Source eNB) and handover target radio base station (Target eNB) have 5 to use a plurality of parameters and functions to generate a first key KeNB** used in the handover target radio station (Target eNB). [0010] In particular, there is a problem that the handover source 10 radio base station (Source eNB) and the handover target radio base station (Target eNB) have to use KeNB conversion functions (Key Derivation Function, KDF) dif f erent in parameters f or each of the stations, and the mobile station UE also has be provided with the KDFs, whereby the procedure is complicated. 15 [0011] Furthermore, it is cumbersome that KeNS needs to be updated according to PCI (Physical Cell ID) of the handover target radio base station. [0012] 20 Furthermore, there is a restriction in flexibly changing the allocation of C-RNTI, since KeNB needs to be updated according to C-RNTI. [0013] 25 Thus, a need exists to provide a mobile communication method with which a first key used in a handover target radio base station (Target eNB) can be generated through a simplified procedure. 3 Summary [0014] A first aspect of the present invention is summarized as a mobile communication method in which a mobile station performs a handover from a handover source radio base station to a handover target radio base station, the mobile communication method including the steps of: (A) acquiring, at the handover target radio base station, from the switching center, a first key for generating a certain key used in a communication between the handover target radio base station and the mobile station; and (B) generating, at the mobile station, a first key for generating the certain key used in a communication between the handover target radio base station and the mobile station, based on an incremented parameter which is included in a handover command signal and without using a first key for generating a certain key used in a communication between the handover source radio base station and the mobile station, wherein the incremented parameter is obtained by incrementing a parameter which is used upon creating the first key for generating the certain key used in the communication between the handover source radio base station and the mobile station, when receiving the handover command signal from the handover source radio base station. [0022] A third aspect of the present invention is summarized as a mobile station which performs a handover from a handover source radio base station to a handover target radio base stationby an interface via a switching center, wherein the mobile station is configured to generate a first key for generating a certain key used in a communication between the handover target radio base station and the mobile station, based on an incremented parameter which is included in a handover command signal and 6030068_1 4 without using a first key for generating a certain key used in a communication between the handover source radio base station and the mobile station, wherein the incremented parameter is obtained by incrementing a parameter which is used upon creating the first key for generating the certain key used in a communication between the handover source radio base station and the mobile station, when receiving the handover command signal from the handover source radio base station. EFFECT OF THE INVENTION [0028] As described above, according to the present invention, it is possible to provide a mobile communication method with which a first key used in a handover target radio base station (Target eNB) can be generated through a simplified procedure. Brief Description of the Drawings [0029] [Fig. 1] Fig. 1 is an overall configurational view of a mobile communication system according to a first embodiment of the present invention. [Fig. 2] Fig. 2 is a diagram showing an example of a hierarchical structure and a calculation procedure of a key used in the mobile communication system according to the first embodiment of the present invention. [Fig. 3] Fig. 3 is a sequence diagram showing an initial establishment procedure in the mobile communication system according to the first embodiment of the present invention. [Fig. 4] Fig. 4 is a sequence diagram showing an X2 handover procedure in the mobile communication system according to the 6030068_1 5 first embodiment of the present invention. [Fig. 5] Fig. 5 is a sequence diagram showing an Si handover procedure in the mobile communication system according to the first embodiment of the present invention. [Fig. 6] Fig. 4 is a sequence diagram showing an Intra-eNB handover procedure in the mobile communication system according to the first embodiment of the present invention. [Fig. 7] Fig. 7 is a sequence diagram showing an S1 handover procedure in a mobile communication system according to a second embodiment of the present invention. [Fig. 8] Fig. 8 is a diagram showing an exemplary hierarchical structure and calculation procedure of keys used in a mobile communication system according to a third embodiment of the p resent invention. [Fig. 9] Fig. 9 is a sequence diagram showing an X2 handover procedure in the mobile communication system according to the third embodiment of the present invention. [Fig. 10] Fig. 10 is a sequence diagram showing an S1 handover procedure in the mobile communication system according to the third embodiment of the present invention. [Fig. 11] Fig. 11 is a sequence diagram showing an Intra-eNB handover procedure in the mobile communication system according to the third embodiment of the present invention. [Fig. 12] Fig. 12 is a diagram showing an exemplary calculation procedure of keys used in a mobile communication system according to a conventional technique. [[The next page is page 10]] 6030068_1 6 between the handover target radio base station and the mobile station. [0023] In the third aspect, the key updating unit can be 5 configured to update, based on a parameter included in the handover command signal, the first key for generating the certain key used in the communication between the handover source radio base station and the mobile station, to the first key for generating the certain key used in the communication 10 between the handover target radio base and the mobile station. [0024] In the third aspect, the key updating unit can be configured to generate, when the parameter included in the handover command signal is incremented, the first key for 15 generating the certain key used in the communication between the handover target radio base station and the mobile station, based on the parameter; and the key updating unit can be configured to generate, when the parameter included in the handover command signal is not incremented, the first key for 20 generating the certain key used in the communication between the handover target radio base station and the mobile station, based on the first key for generating the certain key used in the communication between the handover source radio base station and the mobile station. 25 [00251 In the third aspect, the key updating unit can be configured to update, when a parameter included in the handover command signal is incremented, a second key for calculating the first key for generating the certain key used in the 7 communication between the handover target radio base station and the mobile station, based on the parameter, and to generate the first key for generating certain keys used in the communication between the handover target radio base station 5 and the mobile station, based on the updated second key. [0026] In the third aspect, the parameter can be KI. [0027] In the third aspect, the key updating unit can be 10 configured to store the received parameter. EFFECT OF THE INVENTION [0028] As described above, according to the present invention, 15 it is possible to provide a mobile communication method with which a first key used in a handover target radio base station (Target eNB) can be generated through a simplified procedure. Brief Description of the Drawings 20 [0029] [Fig. 1] Fig. 1 is an overall configurational view of a mobile communication system according to a first embodiment of the present invention. [Fig. 2] Fig. 2 is a diagram showing an example of a 25 hierarchical structure anda calculationprocedure of a key used in the mobile communication system according to the first embodiment of the present invention. [Fig. 3] Fig. 3 is a sequence diagram showing an initial establishment procedure in the mobile communication system 8 according to the first embodiment of the present invention. [Fig. 4] Fig. 4 is a sequence diagram showing an X2 handover procedure in the mobile communication system according to the first embodiment of the present invention. 5 [Fig. 51 Fig. 5 is a sequence diagram showing an Sl handover procedure in the mobile communication system according to the first embodiment of the present invention. [Fig. 6] Fig. 4 is a sequence diagram showing an Intra-eNB handover procedure in the mobile communication system according 10 to the first embodiment of the present invention. [Fig. 7] Fig. 7 is a sequence diagram showing an S1 handover procedure in a mobile communication system according to a second embodiment of the present invention. [Fig. 8] Fig. 8 is a diagram showing an exemplary 15 hierarchical structure and calculation procedure of keys used in a mobile communication system according to a third embodiment of the present invention. [Fig. 9] Fig. 9 is a sequence diagram showing an X2 handover procedure in the mobile communication system according to the 20 second embodiment of the present invention. [Fig. 10] Fig. 10 is a sequence diagram showing an Sl handover procedure in the mobile communication system according to the third embodiment of the present invention. [Fig. 11] Fig. 11 is a sequence diagram showing an Intra-eNB 25 handover procedure in the mobile communication system according to the first embodiment of the present invention. [Fig. 12] Fig. 12 is a diagram showing an exemplary calculation procedure of keys used in a mobile communication system according to a conventional technique. 9 Best Modes for Carrying Out the Invention [0030] (Mobile Communication System According to First Embodiment of 5 the Present Invention) A mobile communication system according to a first embodiment of the present invention is described referring to Fig. 1 to Fig. 6. [0031] 10 The mobile communication system according to this embodiment is a mobile communication system to which the LTE scheme is applied, and includes apluralityof switching centers MME#1, MME#2, ... and a plurality of radio base stations eNB#11, eNB#12, eNB#21, eNB#22,. 15 [0032] For example, a mobile station UE is configured to communicate, in the cell #111 under the control of the radio base station eNB#11, with the radio base station eNB#11 using a certain key described above. 20 [0033] Furthermore, in the handover procedure of the mobile station UE, the handover target radio base station (for example, the radio base station eNB#12) is configured to acquire first keys KeNB [n+1 , KeNB [n+21 and the like for generating certain keys 25 used in a communication with the mobile station UE, without using an intermediate key KeNB* generated by the handover source radio base station (for example, the radio base station eNB#11) [00341 Fig. 2 shows an example of the hierarchical structure and 10 the calculation procedure of a key used in the mobile communication system according to this embodiment (that is, a key used to calculate the certain key). [0035] 5 As shown in Fig. 2, a key KRRCIp used for "Integrity Protection" in the RRC protocol, a key KRRC_Ciph used for "Ciphering" in the RRC protocol, and a key KupCiph used for "Ciphering" in the U-plane of AS are generated using a first key KeNB n] 10 [0036] The first key KeNB [n] is calculated by using a master key KASME from the formulas given below. [0037] KeNB [0] =KDFo (KASME, NAS SN) 15 KeNB[n+l] =KDFi (KASME, KeNB [n]) , (n20 ) Here, the master key KASME is known only to the mobile station UE and the switching center MME, but must not be known to the radio base station eNB. [0038] 20 Furthermore, the NAS SN is a sequence number (SN) of a NAS protocol which is the C-plane protocol between the mobile station UE and the switching center MME (Non Access Stratum, NAS). [0039] 25 Hereafter, operations of the mobile communication system according to this embodiment are described referring to Fig. 3 to Fig. 6. [0040] First, an initial establishment procedure in the mobile 11 communication system according to this embodiment is described referring to Fig. 3. (00411 As shown in Fig. 3, before starting the initial 5 establishment procedure, the mobile station UE holds KASME (in step S101) , the radio base station eNB holds no keys used for generating certain keys (in step S102) , and the switching center MME holds KASME (in step S103) [0042] 10 In step S104, the mobile station UE transmits "RRC Connection Request (RRC connection request signal) " to the radio base station eNB, and in step S105, the radio base station eNB transmits "RRC Connection Setup (RRC connection setup signal)" to the mobile station UE. 15 [0043] In step S106, the mobile station UE transmits "RRC Connection Setup Complete (RRC connection setup complete signal)" to the radio base station eNB and "NAS Service Request (NAS service request signal) " including "NAS SN (sequence 20 number of NAS)". [0044] In step S107, the radio base station eNB transmits "S1 Initial UE Message" and "NAS Service Request (NAS service request signal) " including "NAS SN" to the switching center MME 25 [0045] In step S108, the switching center MME calculates KeNB 0] and KeNB[11 from the formulas given below. [00461 KeNB [0] =KDF 0 (KASME, NAS SN) 12 KeNB [1] =KDFI (KASME, KeNB [0] In step S109, the switching center MME transmits "Si Initial UE Context Setup (initial UE context setup signal)" including KeNB [01 , KeNB [1] and "NAS SN" to the radio Base station 5 eNB. Furthermore, "Ki (=0) " may or may not be included in this message. [0047] In step S110, the radio base station eNB transmits "RRC Security Mode Command (RRC security mode command signal)" 10 including "NAS SN" to the mobile station UE. [0048] In step 5111, the mobile station UE calculates KeNB (0I from the formula given below. [0049] 15 KeNB[O=KDFO (KASME, NAS SN) Furthermore, the mobile station UE calculates KRRCIP, KRRC_Ciph and Kup_Ciph based on KeNB [0] , and uses them in subsequent AS communications. [0050] 20 In this stage, the mobile station UE holds KeNB0] , and "KI (=0) " (in step Sll4) , the radio base station eNB holds KeNB 0, KeNB[1 and "KI (=0) " (in step S113) , and the switching center MME holds KASME, KeNB[1 and "KI (=0)" (in step S112) [0051] 25 If "KI (=0) " is not included in the "S1 Initial UE Context Setup (initial UE context setup signal) " in step S109, the radio base station eNB may initialize "KI (=0) " automatically by receiving the above message. [0052] 13 Furthermore, the radio base stat ion eNB calculates KRRC_IP KRRcciph and Kup-ciph based on KeNB[01 , and uses them in subsequent AS communications. [0053] 5 In step S115, the radio base station eNB transmits "RRC Connection Reconfiguration (RRC connection reconfiguration signal)" to the mobile station UE. [00541 In steps S116 and S117, the mobile stationUE respectively 10 transmits "RRC Security Mode Command Complete (RRC security mode command complete signal)" and "RRC Connection Reconfiguration Complete (RRC connection reconfiguration complete signal)" to the radio base station eNB. [0055] 15 In step S118, the radio base station eNB transmits "S1 Initial UE Context Setup Complete (initial UE context setup complete signal)" to the switching center MME. [0056] Through the above procedure, all keys necessary for 20 protection of AS communication (integrity protection and ciphering) are prepared at the mobile station UE, the radio base station eNB and the switching center MME. [0057] Secondly, an X2 handover procedure (handover procedure 25 between different radio base stations) in the mobile communication system according to this embodiment is described referring to Fig. 4. [0058] As shown in Fig. 4, before starting the X2 handover I a procedure, the mobile station UE holds KeN2 [n] and "KI (=n) " (in step S1001) , the handover source radio base station (Source eNB) holds KeNB[n] , KeNB[n+1] and "KI (=n)" (in step S1002), and the switching center MME holds KASME, KeNB [n+1] and "KI (=n)" (in step 5 S1003) [0059] In step S1004, if predetermined conditions are satisfied, the mobile station UE transmits "RRC Measurement Report (measurement report signal) " to the handover source radio base 10 station (Source eNB). [0060] In step S1005, the handover source radio base station (Source eNB) transmits "X2 HO Preparation (handover preparation signal)" including KeNB[n+l] and "KI (=n+l)" to the handover 15 target radio base station (Target eNB). [0061] In step S1006, the handover target radio base station (Target eNB) stores the received KeNB[n+l] and "KI (=n+1) ", and in step S1007, transmits "X2 HO Preparation Ack (handover 20 preparation acknowledge signal) " to the handover source radio base station (Source eNB). [0062] Furthermore, the radio base station eNB calculates KRRC_IP, KRRC_ciph and Kup_ciph based on KeNB[n+1] and uses them in subsequent 25 AS communications. [0063] In step S1008, the handover source radio base station (Source eNB) transmits "RRC HO Command (handover command signal)" to the mobile station UE. 15 [0064] In step S1009, the mobile station UE calculates KeNB [n+11 from the formula givenbelow, and in step S1010, stores KeNB[n+lI and "KI (=n+1)". 5 [0065] KeNB[n+l]=KDFi (KASME, KeNB [n]) Furthermore, the mobile station UE calculates KRRCIP, KRRcciph and Kup Ciph based on KeNB [n+1] and uses them in subsequent AS communications. 10 (0066] In step S1011, the mobile station UE transmits "RRC HO Complete (handover complete signal)" to the handover target radio base station (Target eNB). [0067] 15 In step S1012, the handover target radio base station (Target eNB) transmits "S1 Path Switch (path switch signal)" including "KI (=n+l)" to the switching center MME. [0068] In step S1013, the switching center MME calculates 20 KeNB [n+2] from the formula given below, and in step S1014, stores KeNB [n+ 2 1 and "KI (=n+1)". [0069] KeNB [n+21 =KDF 1 (KASME, KeNB [n+1] In step S1015, the switching center MME transmits "S1 25 Patch Switch Ack (path switch acknowledge signal) " including KeNB[n+2] and "KI (=n+1)" to the handover target radio base station (Target eNB). [0070] In step S1016, the handover target radio base station 16 (Target eNB) stores KeNB [l+] , KeNB[n+2] and "KI (=n+l)". [0071] Through the above procedure, KeNB and certain keys are updated in the X2 handover. 5 [0072] Thirdly, an S1 handover procedure (handover procedure between different switching centers) in the mobile communication system according to this embodiment is described referring to Fig. 5. 10 [0073] As shown in Fig. 5, before starting the S1 handover procedure, the mobile station UE holds KeNS [n] and "KI (=n)" (in step S20 01) , the handover source radio base station (Source eNB) holds KeNB[n] , KeNB[n+1] and "KI (=n) " (in step S2002), and the 15 switching center MME holds KASME, KeNB [n+11 and "KI (=n)" (in step S2003). [0074] In step S2004, if predetermined conditions are satisfied, the mobile station UE transmits "RRC Measurement Report 20 (measurement report signal) " to the handover source radio base station (Source eNB). [0075] In step S2005, the handover source radio base station (Source eNB) transmits "S1 HO Required (handover request 25 receipt signal)" including KeNB(n+l1 and "KI (=n+1)" to the handover source switching center (source MME). [0076] In step S2006, the handover source switching center (Source MME) transmits "Relocation Request (relocation request 17 signal)" including KASME, KeNB[n+1] and "KI (=n+1)" to the handover target switching center (Target MME). [0077] In step S2007, the handover target switching center 5 (Target MME) calculates KeNB[n+2) from the formula given below, and in step S2008, stores KeNB[n+2] and "KI (=n+1)". [0078] KeNBf[n+2]=KDFl (KASME, KeNB[n+l]) In step S2009, the handover target switching center 10 (Target MME) transmits "S1 HO Request (handover request signal) " including KeNB [n+l] , KeNB [n+2] and "KI (=n+l) " to the handover target radio base station (Target eNB). [0079] In step S2010, the handover target radio base station 15 (Target eNB) transmits "S1 HO Request Ack (handover request acknowledge signal) " to the handover target switching center (Target MME). [0080] In step S2011, the handover target switching center 20 (Target MME) transmits "Relocation Request Ack (relocation request acknowledge signal) " including "KI (=n+l) " to the handover source switching center (Source MME). [0081] In step S2012, the handover source switching center 25 (Source MME) transmits "S1 HO Required Ack (handover request receipt acknowledge signal) " including "KI (=n+l) " to the handover source radio base station (Source eNB). [0082] In step S2013, the handover source radio base station 18 (Source eNB) transmits "RRC HO Command (handover command signal)" to the mobile station UE. [0083] In step S2014, the mobile station UE calculates KeNB [n+11 5 from the following formula, and in step S2015, stores KeNB [n+i and "KI (=n+1)". [00841 KeNB [n+1] =KDF 1 (KASME, KeNB [n] Furthermore, the mobile station UE calculates KRRC_IP, 10 KRRCCiph and KUP_Ciph on the basis of KeNB[n+i1 and uses them in subsequent AS communications. [0085] At this stage, the handover target radio base station (Target eNB) holds KeNB [n+1] , KeNB [n+2] and "KI (=n+l) " (in step 15 S2016) . The radio base station eNB calculates KRRCIp, KRRC_Ciph and Kup_Ciph based on KeNB [n+1] , and uses them in subsequent AS communications. [00861 In step S2017, the mobile station UE transmits "RRC HO 20 Complete (handover complete signal)" to the handover target radio base station (Target eNB). [0087] In step S2018, the handover target radio base station (Target eNB) transmits "S1 HO Complete (handover complete 25 signal) " to the handover target switching center (Target MME) [0088] In step S2019, the handover target switching center (Target MME) transmits "Relocation Complete (relocation complete signal) " to the handover source switching center 19 (Source MME), and in step S2020, the handover source switching center (Source MME) transmits "Relocation Complete Ack (relocation complete acknowledge signal)" to the handover target switching center (Target MME) [00891 Through the above procedure, KeNB and certain keys are updated in the Sl handover. [00901 Operations of the mobile station DE in the Sl handover procedure are same as operations in the X2 handover procedure shown in Fig. 3. Based on the same processing, the mobile station DE is capable of performing both X2 and Sl handover procedures. That is, the mobile station DE is capable of performing a handover regardless of whether the handover type is "X2 handover" or "Sl handover". r0091] Fourthly, an Intra-eNB handover procedure (inter-radio base station handover procedure) in the mobile communication system according to this embodiment is described referring to Fig. 6. [00921 As shown in Fig. 6, before starting the Intra-eNB handover procedure, the mobile station DE holds KeNB[n] and "KI (=n) " (in step S4001) , the radio base station (Source eNB) holds KeNB n] KeNB[n+l] and "KI (=n) " (in step S4002), and the switching center M4ME holds KASME, KeNB[n+l] and "KI (=n) " (in step S4003) [0093] In step S4004, if predetermined conditions are satisfied, the mobile station UE transmits "RRC Measurement Report 6030068_1 20 (measurement report signal)" to the radio base station (Source eNB) . [0094] In step S4005, the radio base station (Source eNB) 5 transmits "RRC HO Command (handover command signal)" to the mobile station UE. [0095] In step S4006, the mobile station UE calculates KeNB[n+11 from the formula given below, and in step S4007, stores KeNB [n+ 10 and "KI (=n+l)". [0096] KeNB [n+l] =KDFI (KASME, KeNB [n] Furthermore, the mobile station UE calculates KRRCIP, KRRCCiph and Kup_Ciph based on KeNB [n+11 and uses them in subsequent 15 AS communications. [0097] At this stage, the radio base station (Source eNB) holds KeNB[n+l] and "KI (=n+1) " (in step S4008). The radio base station eNB calculates KRRCIP, KRRCCiph and KUp_Ciph based on 20 KNB[n+l] and uses them in subsequent AS communications. [0098] In step S4009, the mobile station UE transmits "RRC HO Complete (handover complete signal) " to the radio base station (Source eNB). 25 [0099] In step S4010, the radio base station (Source eNB) transmits "Si Path Switch (path switch signal) " including "KI (=n+1)" to the switching center MME. [01001 21 In step 84011, the switching center MME calculates KeNB[n+2] from the formula given below, and in step 84012, stores KASME, KeNB[n+2] and "KI (=n+l) [0101] KeNB [n+2] = KDFi (KASME , KeNB [n+1] In step 84013, the switching center MME transmits "Sl Path SwitchAck (path switch acknowledge signal) " including KeNB[n+ 2 ] and "KI (=n+l)" to the radio base station (Source eNB). [0102] In step S4014, the radio base station (Source eNB) stores KQNB[n+1] , KeNB[n+2] and "KI (=n+l) ". At this stage, the mobile station UE holds KeNB[n+l]" and "KI (=n+1) " (in step S4015). [0103] Through the above procedure, KeNB and certain keys are updated in the Intra-NB handover. [0104] Operations of the mobile station UE in the Intra-eNB handover procedure are same as operations in the X2 handover procedure shown in Fig. 3 and in the Sl handover procedure shown in Fig. 4. Based on the same processing, the mobile station UE is capable of performing all of X2, S1 and Intra-eNB handover procedures. That is, the mobile station UE is capable of performing a handover with regardless of whether the handover type is "X2 handover"., "Sl handover" or "Intra-eNB handover" [0105] (Advantageous Effects of Mobile Communication 8ystem According to First Embodiment of the Present Invention) In the mobile communication system according to the first embodiment of the present invention, KeNB [n+l] and the like used 6026648 22 in the handover target radio base station (Target eNB) can be generated through a simplified procedure. [0106] Furthermore, in the mobile communication system 5 according to the first embodiment of the present invention, there is no need to change operations of the mobile station UE in a handover procedure regardless of the handover type (X2 handover, Si handover or Intra-eNB handover). [0107] 10 (Mobile Communication System According to Second Embodiment of the Present Invention) Referring to Fig. 7, a mobile communication system according to a second embodiment of the present invention is described by focusing on differences from the above described 15 mobile communication system according to the first embodiment of the present invention. [0108] Specifically, the S1 handover procedure (handover procedure between different switching centers) in the mobile 20 communication system according to this embodiment is described referring to Fig. 7. [0109] As shown in Fig. 7, operations in step S3001 to step S3006 are same as operations in step S2001 to step S2006 shown in Fig. 25 5. [0110] In step S3007, the handover target switching center (Target MME) calculates KesB (n+3] from the formulas given below, and in step S3008, stores KeNB[n+3] and "KI (=n+2)".
[0111] KeNBf[n+2]=KDFI (KASME, KeNB (n+1 ) KeNB [n+3]=KDFi (KASME, KeNB [n+2 ) In step S3009, the handover target switching center 5 (Target MME) transmits "Si HO Request (handover request signal)" including KeNB [n+ 2 ] , KeNB [n+ 3 J and "KI (=n+2) " to the handover target radio base station (Target eNB). [0112] In step S3010, the handover target radio base station 10 (Target eNB) transmits "S1 HO Request Ack (handover request acknowledge signal)" to the handover target switching center (Target MME). [0113] In step S3011, the handover target switching center 15 (Target MME) transmits "Relocation Request Ack (relocation request acknowledge signal)" including "KI (=n+2)" to the handover source switching center (Source MME). [0114] In step S3012, the handover source switching center 20 (Source MME) transmits "Si HO Required Ack (handover request receipt acknowledge signal)" including "KI (=n+2)" to the handover source radio base station (Source eNB). [0115] In step S3013, the handover source radio base station 25 (Source eNB) transmits "RRC HO Command (handover command signal)" to the mobile station UE. This message may include information indicating "KI (=n+2)". [0116] In step S3014, the mobile station UE calculates KeNB [n+2] ') A from the formulas given below, and in step S3015, stores KeNB[n+2] and "KI (=n+2)". [0117] KeNB [n+1] =KDF 1 (KASME, KeNB [nl) 5 KeNB[n+2)=KDF1 (KASME, KeNB[n+1] Furthermore, the mobile station UE calculates KRRCIP, KRRC_Ciph and KUpCiph based on KeNB [n+2) and uses them in subsequent AS communications. [0118] 10 At this stage, the handover target radio base station (Target eNB) holds KeNB[n+2 , KeNB[n+3] and "KI (=n+l)" (in step S3016) . The radio base station eNB calculates KRRCIP, KRRC_Ciph and Kupciph based on KeNB [n+2) and uses them in subsequent AS communications. 15 [0119] Hereafter, operations in step S3017 to step S3020 are same as operations in step S2017 to step S2020 shown in Fig. 5. [0120] Through the above procedure, certain keys and KeNB used 20 in the AS communication in the handover target radio base station (Target eNB) becomes unidentifiable to the handover source radio base station (Source eNB) , whereby system's security is improved. [0121] 25 (Mobile Communication System According to Third Embodiment of the Present Invention) Referring to Fig. 8 to Fig. 11, a mobile communication system according to a third embodiment of the present invention is described by focusing on differences from the above described 25 mobile communication system according to the first embodiment of the present invention. [0122] Fig. 8 shows an example of the hierarchical structure and 5 the calculation procedure of a key used in the mobile communication system according to this embodiment (that is, a key used to calculate the certain key). [0123] As shown in Fig. 8, a key KRRCIp used for "Integrity 10 Protection" in the RRC protocol, a key KRRC_Ciph used for "Ciphering" in the RRC protocol, and a key Kup_Ciph used for "Ciphering" in the U-plane of AS are generated using KeNB [n] Em] [0124] KeNB [n] [m] is calculated by using KeNB [n] from the formulas 15 given below. [0125] KeNB En] [0] =KeNB [n] KeNB [n] [m+1] =KDF 2 (KeNB En] [in ) (m 0) Furthermore, KeNB [n] is calculated f rom the formulas given 20 below using KASME. [0126] KeNB [0]= KDFo (KASME, NAS SN) KeNB [n+1 = KDFi (KASME, KeNB [n] ) , (n 0 ) Hereafter, operations of the mobile communication system 25 according to this embodiment are described referring to Fig. 9 to Fig. 11. [0127] Firstly, an X2 handover procedure (handover procedure between different radio base stations) in the mobile communication system according to this embodiment is described referring to Fig. 9. [0128] As shown in Fig. 9, before starting the X2 handover 5 procedure, the mobile station UE holds KeNB (n] , KeNB[n] [m] , "KI (=n) " and "RC (=m) " (in step S6001) , the handover source radio base station (Source eNB) holds KeNB [n] , KeNB (n+1] , KeNIifl][m] "KI (=n) " and "RC (=m) " (in step S6002) , and the switching center MME holds KASME, KeNB[n+1] and "KI (=n)" (in step S6003). 10 [0129] In step S6004, if predetermined conditions are satisfied, the mobile station UE transmits "RRC Measurement Report (measurement report signal) " to the handover source radio base station (Source eNB). 15 [0130] In step S6005, the handover source radio base station (Source eNB) transmits "X2 HO Preparation (handover preparation signal)" including KeNB[n+1] and "KI (=n+l)" to the handover target radio base station (Target eNB). 20 [0131] In steps S6006 and S6007, the handover target radio base station (Target eNB) stores KeNB[n+1] , KeNBt[n+1] [0] , "KI (=n+1)" and "RC (=0)". Here, it is assumed that KeNB [n+1 [0PKe[NBn1 [0132] 25 In step S6008, the handover target radio base station (Target eNB) transmits "X2 HO preparation Ack (handover preparation acknowledge signal) " to the handover source radio base station (Source eNB). [0133] 27 In step S6009, the handover source radio base station (Source eNB) transmits "RRC HO Command (handover command signal)" including "KI (=n+l) " and "RC (=0)" to the mobile station UE. [0134] In step. S6010, the mobile station DE calculates KeNB[n+l] and KeNB[n+l] [0] from the formulas given below, and in step S6011, stores KeNB[n+l] , KeNB[n+l][0], "KI (=n+l)" and "RC (=0)" [0135] KeNB[n + 1] = KDF1 ( KASME, KeNB[ n KeNB[n+l] [0] =KeNB [n+1] Furthermore, the mobile station UE calculates KRRC_IP, KRRC-Ciph and Kup_ciph based on KeNB[n+l] [0] and uses them in subsequent AS communications. [0136] Hereafter, operations in step S6012 to step S6017 are same as operations in step S1011 to step S1016 shown in Fig. 4 [0137] Secondly, an Sl handover procedure (handover procedure between different switching centers) in the mobile communication system according to this embodiment is described referring to Fig. 10. [0138] As shown in Fig. 10, before starting the Sl handover procedure, the mobile station UE holds KeNB[n], KeNB[n][m], "KI (=n)" and "RC (=m)" (in step S7001), the handover source radio base station (Source eNB) holds KeNB[n], KeNB[n+l], KeNB[n][m], "KI (=n)" and "RC (=m)" (in step S7 0 02), and the switching center MME holds KASME, KeNB[n+l] and "KI (=n) " (in step S7003) 6030068_1 28 [0139] Hereafter, operations in step S7004 to step S7012 are same as operations in step S2004 to step S2012 shown in Fig. 4. [0140] 5 In step S7013, the handover source radio base station (Source eNB) transmits "RRC HO Command (handover command signal)" including "KI (=n+1)" and "RC (=0)" to the mobile station UE. [0141] 10 Here, in step S7014, the handover target radio base station (Target eNB) calculates KeNBtn+1] [0] from the formula given below and stores it. [0142] KeNB In+1) [o) =KeNB (n+1] 15 At this stage, it is assumed that the handover target radio base station (Target eNB) stores KeNB[n+1] , KeNB [n2 ], KeNB[n+1] (0) , "KI (=n+1)", and "RC (=0) " (in step S7015) . The radio base station eNB calculates KRRCIp, KRRC_Ciph and KuPCiph based on KeNB[n+1] [0] and uses them in subsequent AS communications. 20 [0143] In step S7016, the mobile station UE calculates KeNB[n+11 and KeNB [n+l] [0] from the formulas given below, and in step S7017, stores KeNB [n+l] , KeNB [n+l] [0], "KI (=n+l) " and "RC (=0)" [01441 25 KeNB [n+1] =KDF 1 (KASME, KeNB [n) KeNB [n+1] [ 0 ] =KeNB [n+1] Furthermore, the mobile station UE calculates KRRC_IP, KRRC cih and Kupciph based on KeNBJ [n+1] [0] and uses them to subsequent AS communications. 29 [0145] Hereafter, operations in stepS7018 to step S7021 are same as operations in step S2017 to step S2020 shown in Fig. 5. [0146] 5 Thirdly, an Intra-eNB handover procedure (inter-radio base station handover procedure) in the mobile communication system according to this embodiment is described referring to Fig. 11. [0147] 10 As shown in Fig. 11, before starting the Intra-eNB handover procedure, the mobile station UE holds KeNB[n] , KeNB[n] in , "KI (=n) " and "RC (=m) " (in step 35001) , the radio base station (Source eNB) holds KeNB[n] , KeNB[n+l] , KeNB n] [] "KI (=n) " and "RC (=m) " (in step S5002) , and the switching center 15 MME holds KAsmE, KeNB[n+l] and "KI (=n)" (in step S5003). [0148] Instep S5004, if predetermined conditions are satisfied, the mobile station UE transmits "RRC Measurement Report (measurement report signal)" to the radio base station (Source 20 eNB). [0149] In step 35005, the radio base station (Source eNB) transmits "RRC HO Command (handover command signal) " including "KI (=n)" and "RC (=m+l)" to the mobile station UE. 25 [0150] In step S5006, the radio base station (Source eNB) calculates KeNB[n] [ml] from the formula given below, and in step 35007, stores KeNB~n], KeNB[n+ll , KeNB[n][m+l], "KI (=n+1)" and "RC (=m+1)". 30 [0151] KeNB [n] [m+l] =KDF 2 (KeNB [n] [m] ) Furthermore, the radio base station eNB calculates KRRC.9, KRRC_Ciph and KupCiph based on KeNB[n] [m+1] and uses them to 5 subsequent AS communications. [0152] At the same time, in step S5008, the mobile station UE calculates KeNB [n] [m+l] f rom the f ormula given below, and in step S5009, stores KeNB [n] , KeNB [n] [m+1] , "KI (=n+1) " and "RC (=m+1)". 10 [0153] KeNB [n] [m+1] =KDF 2 (KeNB (n] [in Furthermore, the mobile station UE calculates KRRCIP, KRRC_Ciph and Kup_ciph based on KeNB [n] [m+1) and uses them in subsequent AS communications. 15 [0154] In step S5010, if predetermined conditions are satisfied, the mobile station UE transmits "RRC HO Complete (handover complete signal)" to the radio base station (Source eNB). [0155] 20 According to this embodiment, "Path Switch" in the Intra-eNB handover procedure can be omitted. [0156] As shown in Fig. 9 to Fig. 11, by introducing KeNB updating in the radio base station using the parameter "RC", KeNB can be 25 updated while omitting an inquiry to the switching center MME. [0157] Meanwhile, in the procedures shown in Fig. 9 to Fig. 11, the parameter "RC" may be omitted from "RRC HO Command (handover command signal)". 31 [0158] When the parameter "RC" is omitted from "RRC HO Command (handover command signal) ", necessity of incremehting "RC" can be determined by determining whether the parameter "KI" has been 5 incremented or not. [0159] If the "KI" has been incremented, "RC" may be reset to "0", whereas if the "KI" has not been incremented, "RC" may be incremented. 10 [0160) Alternatively, if the parameter "RC" is omitted from "RRC HO Command (handover command signal)", the mobile station UE may, on a trial basis, maintain the present value of "RC", increment "RC" or reset "RC" to "0" and then check "Integrity" 15 with respect to a message received for each of the cases to autonomously determine which one of the cases is correct. [01611 Note that operation of the above described switching center MME, the radio base station eNB and the mobile station 20 UE may be implemented by means of hardware, a software module executed by a processor, or a combination of both. [0162] The software module may be provided in any type of storage medium such as an RAM (Random Access Memory) , a flash memory, 25 a ROM (Read Only Memory) , an EPROM (Erasable Programmable ROM) , an EEPROM (Electronically Erasable and Programmable ROM), a register, a hard disk, a removable disk, or a CD-ROM. [0163] The storage medium is connected to the processor so that 32 the processor can read and write information from and to the storage medium. Also, the storage medium may be integrated into the processor. Also, the storage medium and the processor may be provided in an ASIC. The ASIC may be provided in the 5 switching center MME, the radio base station eNB and the mobile station UE. Also, the storage medium and the processor may be provided in the switching center MME, the radio base station eNB and the mobile station UE as a discrete component. [0164] 10 Hereinabove, the present invention has been described in detail using the above embodiment; however, it is apparent to those skilled in the art that the present invention is not limited to the embodiment described herein. Modifications and variations of the present invention can be made without 15 departing from the spirit and scope of the present invention defined by the description of the scope of claims. Thus, what is described herein is for illustrative purpose, and has no intention whatsoever to limit the present invention. 33